Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logów

Danny_DeVito 09 Lip 2016 17:53 435 4
  • Pomocny post
    #2 09 Lip 2016 18:18
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {4A27284C-FF37-4D29-A513-CDA4B7A8AA9A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5364ADA0-8A9D-4BCF-8D4A-46CA0A6D74E6} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {5A032525-37F6-46EE-98C7-71D4D1F521FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {62E448F2-675C-4F16-AABE-282F034D2087} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {685D001F-C76E-48A8-9EBD-C4A47963EB7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {81EA6DA2-3FB3-4557-AD99-5644351860F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {835314BF-845D-431A-A335-9B35494B74A8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {83B2389D-AEE8-4406-A06A-B5396569E4B0} - System32\Tasks\Opera scheduled Autoupdate 1408013708 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software)
    Task: {92340C8A-6947-4F77-98A1-81CBF6FE576E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {9E9BCD9A-6059-45AA-B992-80084D07DBA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {C54F4842-F9E1-4474-B15F-1F3D5E6F901A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D06932F1-C282-4E86-BFEC-9AF7671826EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [247344 2016-07-06] ()
    AppInit_DLLs: C:\ProgramData\Quotenamron\Air-Lax.dll => C:\ProgramData\Quotenamron\Air-Lax.dll [363008 2016-05-27] ()
    AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Latlab.dll => C:\ProgramData\Quotenamron\Latlab.dll [257536 2016-05-27] ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...ciYOh4Q9IcFwRgmD94JgJVNKzImDO6SIcn5IbNzF_c8Q,,




    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2877456157-3899179404-1530298978-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2877456157-3899179404-1530298978-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.biz/?fext=true&pub...publisher=extensiondefaultap&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> SafeFinder
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    R2 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [941568 2016-05-27] () [File not signed]
    U3 idsvc; no ImagePath
    2016-07-08 13:08 - 2016-05-27 10:33 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
    2016-07-08 13:08 - 2016-05-27 10:33 - 00000000 ____D C:\ProgramData\Quotenamron
    2016-07-08 09:13 - 2016-03-07 09:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-05-27 10:33 - 2016-05-27 10:33 - 6859776 _____ () C:\Users\Marmol\AppData\Roaming\agent.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0065616 _____ () C:\Users\Marmol\AppData\Roaming\Config.xml
    2016-05-27 10:32 - 2016-05-27 10:33 - 0014448 _____ () C:\Users\Marmol\AppData\Roaming\InstallationConfiguration.xml
    2016-05-27 10:32 - 2016-05-27 10:32 - 0128512 _____ () C:\Users\Marmol\AppData\Roaming\Installer.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0018432 _____ () C:\Users\Marmol\AppData\Roaming\Main.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0005568 _____ () C:\Users\Marmol\AppData\Roaming\md.xml
    2016-05-27 10:33 - 2016-05-27 10:33 - 0126464 _____ () C:\Users\Marmol\AppData\Roaming\noah.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 2279413 _____ () C:\Users\Marmol\AppData\Roaming\Over-Is.bin
    2016-05-27 10:33 - 2016-05-27 10:32 - 0941568 _____ () C:\Users\Marmol\AppData\Roaming\SolZap.exe
    2016-05-27 10:33 - 2016-05-27 10:33 - 1756123 _____ () C:\Users\Marmol\AppData\Roaming\SolZap.tst
    2016-05-27 10:33 - 2016-05-27 10:33 - 0032038 _____ () C:\Users\Marmol\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #3 09 Lip 2016 18:24
    krzychupar
    Poziom 40  

    Odinstaluj:
    SafeFinder (HKLM-x32\...\{A91124C4-C18D-4573-A223-85C3B309CE3E}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

    Otwórz notatnik i wklej:
    CloseProcess:
    Task: {3B8488A9-EE41-4ABD-88F0-C6EA931E559B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {4A27284C-FF37-4D29-A513-CDA4B7A8AA9A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5364ADA0-8A9D-4BCF-8D4A-46CA0A6D74E6} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {5A032525-37F6-46EE-98C7-71D4D1F521FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {62E448F2-675C-4F16-AABE-282F034D2087} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {685D001F-C76E-48A8-9EBD-C4A47963EB7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {81EA6DA2-3FB3-4557-AD99-5644351860F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {835314BF-845D-431A-A335-9B35494B74A8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {92340C8A-6947-4F77-98A1-81CBF6FE576E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {9E9BCD9A-6059-45AA-B992-80084D07DBA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {AA433F85-FB11-4CA3-8596-63CC649E33F2} - System32\Tasks\{05922405-05A7-4EEA-86BC-1001D2692658} => pcalua.exe -a E:\download\Far.Cry.4.2014.Gold.Edition.P2P\Far.Cry.4.2014.Gold.Edition.P2P\GDFInstall.exe -d E:\download\Far.Cry.4.2014.Gold.Edition.P2P\Far.Cry.4.2014.Gold.Edition.P2P
    Task: {C54F4842-F9E1-4474-B15F-1F3D5E6F901A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D06932F1-C282-4E86-BFEC-9AF7671826EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    2016-05-27 10:33 - 2016-05-27 10:32 - 00941568 _____ () C:\ProgramData\Quotenamron\Quotenamron.exe
    () C:\ProgramData\Quotenamron\Quotenamron.exe
    AppInit_DLLs: C:\ProgramData\Quotenamron\Air-Lax.dll => C:\ProgramData\Quotenamron\Air-Lax.dll [363008 2016-05-27] ()
    AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Latlab.dll => C:\ProgramData\Quotenamron\Latlab.dll [257536 2016-05-27] ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...ciYOh4Q9IcFwRgmD94JgJVNKzImDO6SIcn5IbNzF_c8Q,,
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    HKU\S-1-5-21-2877456157-3899179404-1530298978-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2877456157-3899179404-1530298978-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2877456157-3899179404-1530298978-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...s6QxdQC2WYBuVm5v44aE0aULrBL8Cnt6RE32Y,&q={searchTerms}
    CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.biz/?fext=true&pub...publisher=extensiondefaultap&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> SafeFinder
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marmol\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll => No File
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    R2 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [941568 2016-05-27] () [File not signed]
    U3 idsvc; no ImagePath
    2016-07-08 13:08 - 2016-05-27 10:33 - 00000000 ____D C:\ProgramData\Quotenamron
    2016-05-27 10:33 - 2016-05-27 10:33 - 6859776 _____ () C:\Users\Marmol\AppData\Roaming\agent.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0065616 _____ () C:\Users\Marmol\AppData\Roaming\Config.xml
    2016-05-27 10:32 - 2016-05-27 10:33 - 0014448 _____ () C:\Users\Marmol\AppData\Roaming\InstallationConfiguration.xml
    2016-05-27 10:32 - 2016-05-27 10:32 - 0128512 _____ () C:\Users\Marmol\AppData\Roaming\Installer.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0018432 _____ () C:\Users\Marmol\AppData\Roaming\Main.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 0005568 _____ () C:\Users\Marmol\AppData\Roaming\md.xml
    2016-05-27 10:33 - 2016-05-27 10:33 - 0126464 _____ () C:\Users\Marmol\AppData\Roaming\noah.dat
    2016-05-27 10:33 - 2016-05-27 10:33 - 2279413 _____ () C:\Users\Marmol\AppData\Roaming\Over-Is.bin
    2016-05-27 10:33 - 2016-05-27 10:32 - 0941568 _____ () C:\Users\Marmol\AppData\Roaming\SolZap.exe
    2016-05-27 10:33 - 2016-05-27 10:33 - 1756123 _____ () C:\Users\Marmol\AppData\Roaming\SolZap.tst
    2016-05-27 10:33 - 2016-05-27 10:33 - 0032038 _____ () C:\Users\Marmol\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 09 Lip 2016 18:29
    Danny_DeVito
    Poziom 2  

    Fix zrobiony, dziękuje i pozdrawiam. :)

    0