Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi OTL - Samootwierające się zakładki

Sevi 07 Maj 2017 20:53 456 6
  • #1 07 Maj 2017 20:53
    Sevi
    Poziom 10  

    Witam dziś od pewnego momentu (Po zainstalowaniu gry) zacząłem mieć dziwne zjawiska na komputerze między innymi wyłączający się komputer, zakładki z grami lub stronami pornograficznymi czy pojawiające się przy włączaniu komputera programy cmd

    Zostawiam logi z OTL może ktoś coś z nich zrozumie :V

    0 6
  • #2 07 Maj 2017 20:54
    Kolobos
    Spec od komputerów

    Wymagane sa inne logi, co widac we wszystkich watkach w tym dziale.

    0
  • Pomocny post
    #4 08 Maj 2017 07:28
    krzychupar
    Poziom 40  

    Odinstaluj:
    Norton Security
    Online Application

    Otwórz notatnik systemowy i wklej:
    Task: {04237AFB-01D0-4889-A959-93CEE0C957BF} - System32\Tasks\{2A72B79D-B79B-0967-3DFD-BAF65F2AC836} => Regsvr32.exe /s /n /i:"/rt" "C:\ProgramData\69fed72a\5c65e766.dll" <==== UWAGA
    Task: {063CF88A-19B1-469A-8B24-E69803C80B92} - System32\Tasks\RunAtStartup => C:\Users\Natsu\AppData\Roaming\Event Monitor\em.exe <==== UWAGA
    Task: {30DF8682-08DC-47AD-A633-C7CEB6037485} - System32\Tasks\{3A199C60-0D47-4524-B50E-7650196EBDF4} => pcalua.exe -a "D:\Games\Middle-Earth - Shadow of Mordor\_Redist\vcredist_x64_2010_sp1_x64.exe" -d "D:\Games\Middle-Earth - Shadow of Mordor\_Redist"
    Task: {8C3AF71A-C539-4E71-95EA-6A7ED0014CD2} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-05-07] (t ) <==== UWAGA
    Task: {8D78B7DF-8A44-465C-9A5F-B6F3915CA44D} - System32\Tasks\SMW_UpdateTask_Time_3330383435353437322d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {905054E8-3225-45DE-AC75-DB8E161953A8} - System32\Tasks\Opera scheduled Autoupdate 1476385334 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
    Task: {994E900E-3962-4A18-941F-88903D92CF6C} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA
    Task: {D931B8B4-D9EF-4CE5-BAD9-B9DB4B543F55} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\WSCStub.exe [2017-03-17] (Symantec Corporation)
    Task: {E88828D8-D442-4121-A2D3-DE38FC480008} - System32\Tasks\{728BFFE1-C520-484A-5FA0-DB4BB82E3437} => C:\ProgramData\{A3F436E5-145F-814E-6E56-CDA1B3F9D1FC}\234A65B2-94E1-D219-908A-F9CFFAE08B62.exe [2017-05-07] () <==== UWAGA
    Task: {F8D80BF9-7486-4D0F-B425-CDBB9C06A510} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Natsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\Users\Natsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,




    ShortcutWithArgument: C:\Users\Natsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\Users\Natsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\Users\Natsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1au,85c52975-1868-4c5b-a034-db52c0f5e9c7,,
    Hosts:
    (OldTimer Tools) C:\Users\Natsu\Downloads\OTL.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [BestZiper] => "C:\Program Files (x86)\BestZiper\BestZiper.exe" <===== UWAGA
    HKU\S-1-5-21-344028317-2732658470-3309093598-1000\...\MountPoints2: {0dab58a2-2ab1-11e7-9448-d8cb8ac8dde6} - F:\LGAutoRun.exe
    HKU\S-1-5-21-344028317-2732658470-3309093598-1000\...\MountPoints2: {25dc7da2-9617-11e6-84e2-d8cb8ac8dde6} - G:\setup.exe
    HKU\S-1-5-21-344028317-2732658470-3309093598-1000\...\MountPoints2: {b9c6f7d5-0728-11e7-94f6-d8cb8ac8dde6} - I:\setup.exe
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
    Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{4B4A2BC6-8777-474F-A33E-AFEAA170E337}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{E7FC336A-E48A-4E75-A980-BA4EA4990689}: [DhcpNameServer] 7.254.254.254
    HKU\S-1-5-21-344028317-2732658470-3309093598-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...sRGb0dqks_qWqtzVI7vyM1NmvRxFf0TOnCvQ,,&q={searchTerms}
    HKU\S-1-5-21-344028317-2732658470-3309093598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...S7HeTOdqUcINaMHf5XRsm-Ud7EwcwIuno1sHj99Bwgg,,,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...sRGb0dqks_qWqtzVI7vyM1NmvRxFf0TOnCvQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-344028317-2732658470-3309093598-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...sRGb0dqks_qWqtzVI7vyM1NmvRxFf0TOnCvQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-344028317-2732658470-3309093598-1000 -> {517EE6F0-FE2E-4C79-B670-F0A8CC6D255E} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H57zbcnbl1AU,85c52975-1868-4c5b-a034-db52c0f5e9c7,
    SearchScopes: HKU\S-1-5-21-344028317-2732658470-3309093598-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...sRGb0dqks_qWqtzVI7vyM1NmvRxFf0TOnCvQ,,&q={searchTerms}
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.0.50\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.0.50\coFFAddon [2017-03-31]
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=H57zbcn...b-a034-db52c0f5e9c7,&vp=ch&prd=set_ch
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=H57zbcnbl1AU,85c52975-1868-4c5b-a034-db52c0f5e9c7,&vp=ch&prd=set_ch"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=H57zbcnbl1AU,85c52975-1868-4c5b-a034-db52c0f5e9c7,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-25]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-25]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [X]
    S2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X] <==== UWAGA
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\EX64.SYS [X]
    S3 SMUpdd; \??\C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-05-07 20:59 - 2017-05-07 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Natsu\Downloads\OTL (2).exe
    2017-05-07 20:59 - 2017-05-07 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Natsu\Downloads\OTL (1).exe
    2017-05-07 20:58 - 2017-05-07 20:58 - 00602112 _____ (OldTimer Tools) C:\Users\Natsu\Downloads\OTL.exe
    2017-05-07 20:43 - 2017-05-07 20:43 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-05-07 20:40 - 2017-05-07 20:40 - 00082552 _____ C:\Users\Natsu\Desktop\extras.txt
    2017-05-07 20:39 - 2017-05-07 20:39 - 00176072 _____ C:\Users\Natsu\Desktop\OTL.txt
    2017-05-07 19:52 - 2017-05-07 19:53 - 00000000 ____D C:\ProgramData\f3a95ea5-41f1-0
    2017-05-07 19:52 - 2017-05-07 19:53 - 00000000 ____D C:\ProgramData\f3a95ea5-3a93-1
    2017-05-07 19:26 - 2017-05-07 19:26 - 00000000 ____D C:\ProgramData\f6bafd3c-1475-0
    2017-05-07 19:24 - 2017-05-07 19:24 - 00000000 ____D C:\ProgramData\{A3F436E5-145F-814E-6E56-CDA1B3F9D1FC}
    2017-05-07 19:22 - 2017-05-07 19:22 - 00000000 ____D C:\ProgramData\Microleaves
    2017-05-07 19:21 - 2017-05-07 19:24 - 00000000 ____D C:\ProgramData\{4AC7CC45-FD6C-7BEE-61F3-54E26453C54A}
    2017-05-07 19:21 - 2017-05-07 19:21 - 00015610 _____ C:\Windows\SysWOW64\findit.xml
    2017-05-07 19:50 - 2017-05-07 19:50 - 00000000 ___HD C:\$AV_ASW
    2017-05-07 19:21 - 2017-05-07 19:21 - 00003740 _____ C:\Windows\System32\Tasks\{2A72B79D-B79B-0967-3DFD-BAF65F2AC836}
    2017-05-07 19:21 - 2017-05-07 19:21 - 00000000 ____D C:\ProgramData\Voyasollams
    2017-05-07 19:20 - 2017-05-07 19:58 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2017-05-07 19:20 - 2017-05-07 19:35 - 00000000 ____D C:\ProgramData\Voyasollam
    2017-05-07 19:20 - 2017-05-07 19:21 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-05-07 19:20 - 2017-05-07 19:21 - 00000000 ____D C:\ProgramData\{A1CEB042-1665-07E9-ADEF-23695FED28F4}
    2017-05-07 19:20 - 2017-05-07 19:21 - 00000000 ____D C:\ProgramData\{8F615291-38CA-E53A-5850-71A54F5EC8F3}
    2017-05-07 19:20 - 2017-05-07 19:20 - 07290368 _____ C:\Users\Natsu\AppData\Local\agent.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 01895383 _____ C:\Users\Natsu\AppData\Local\Sublight.bin
    2017-05-07 19:20 - 2017-05-07 19:20 - 01894851 _____ C:\Users\Natsu\AppData\Local\Lamtough.tst
    2017-05-07 19:20 - 2017-05-07 19:20 - 00126464 _____ C:\Users\Natsu\AppData\Local\noah.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 00070800 _____ C:\Users\Natsu\AppData\Local\Config.xml
    2017-05-07 19:20 - 2017-05-07 19:20 - 00018432 _____ C:\Users\Natsu\AppData\Local\Main.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 00005568 _____ C:\Users\Natsu\AppData\Local\md.xml
    2017-05-07 19:20 - 2017-05-07 19:20 - 00004252 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3330383435353437322d3437415a556c2a3223346c41
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\SearchModule
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\f6bafd3c-20a7-0
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\69fed72a
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\{5f82126a-712c-1}
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\{1cdf0c7d-412c-0}
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\{17e7795a-512c-0}
    2017-05-07 19:20 - 2017-05-07 19:20 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-05-07 19:20 - 2017-05-07 19:18 - 01634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Local\Lamtough.exe
    2017-05-07 19:19 - 2017-05-07 19:50 - 00000000 ____D C:\ProgramData\PrefsSecure
    2017-05-07 19:19 - 2017-05-07 19:44 - 00003004 _____ C:\Windows\System32\Tasks\RunAtStartup
    2017-05-07 19:19 - 2017-05-07 19:21 - 00000000 ____D C:\ProgramData\f3a95ea5-3f63-0
    2017-05-07 19:19 - 2017-05-07 19:20 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\vnlgp
    2017-05-07 19:19 - 2017-05-07 19:20 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\gplyra
    2017-05-07 19:19 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\f3a95ea5-5bd7-0
    2017-05-07 19:19 - 2017-05-07 19:20 - 00000000 ____D C:\ProgramData\f3a95ea5-3de1-1
    2017-05-07 19:19 - 2017-05-07 19:19 - 03893811 _____ C:\Users\Natsu\AppData\Roaming\vlngp1.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 03331694 _____ C:\Users\Natsu\AppData\Roaming\435946.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 00734208 _____ C:\Users\Natsu\AppData\Roaming\121551.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 00734208 _____ C:\Users\Natsu\AppData\Roaming\10302.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 00320000 _____ (t ) C:\ProgramData\smp2.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 00278509 _____ C:\Users\Natsu\AppData\Local\Goldtax.bin
    2017-05-07 19:19 - 2017-05-07 19:19 - 00004162 _____ C:\Windows\System32\Tasks\SMW_P
    2017-05-07 19:19 - 2017-05-07 19:19 - 00000000 ____H C:\Windows\system32\BITA7D6.tmp
    2017-05-07 19:19 - 2017-05-07 19:19 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\Microleaves
    2017-05-07 19:19 - 2017-05-07 19:19 - 00000000 ____D C:\Users\Natsu\AppData\Local\AdvinstAnalytics
    2017-05-07 19:18 - 2017-05-07 19:49 - 00000000 ____D C:\Program Files (x86)\pccleanplus
    2017-05-07 19:18 - 2017-05-07 19:33 - 00000000 ____D C:\Program Files (x86)\BestZiper
    2017-05-07 19:18 - 2017-05-07 19:19 - 00016176 _____ C:\Users\Natsu\AppData\Local\InstallationConfiguration.xml
    2017-05-07 19:18 - 2017-05-07 19:18 - 01634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Roaming\linker.exe
    2017-05-07 19:18 - 2017-05-07 19:18 - 01634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Roaming\3466.exe
    2017-05-07 19:18 - 2017-05-07 19:18 - 00140800 _____ C:\Users\Natsu\AppData\Local\installer.dat
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\700761
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\421779
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Users\Natsu\AppData\Roaming\222958
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Program Files\R458GDXC8A
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Program Files\F5O5EAX399
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Program Files\67J6221BB8
    2017-05-07 19:18 - 2017-05-07 19:18 - 00000000 ____D C:\Program Files\3XTZSJ0U61
    2017-05-07 20:40 - 2017-03-05 04:10 - 00002726 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
    2017-04-19 22:28 - 2016-10-13 21:21 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-05-07 19:19 - 2017-05-07 19:19 - 0734208 _____ () C:\Users\Natsu\AppData\Roaming\10302.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 0734208 _____ () C:\Users\Natsu\AppData\Roaming\121551.exe
    2017-05-07 19:18 - 2017-05-07 19:18 - 1634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Roaming\3466.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 3331694 _____ () C:\Users\Natsu\AppData\Roaming\435946.exe
    2017-05-07 19:18 - 2017-05-07 19:18 - 1634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Roaming\linker.exe
    2017-05-07 19:19 - 2017-05-07 19:19 - 3893811 _____ () C:\Users\Natsu\AppData\Roaming\vlngp1.exe
    2017-05-07 19:18 - 2017-05-07 19:18 - 0015360 _____ (Farik) C:\Users\Natsu\AppData\Roaming\__HaveFun.exe
    2017-05-07 19:20 - 2017-05-07 19:20 - 7290368 _____ () C:\Users\Natsu\AppData\Local\agent.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 0070800 _____ () C:\Users\Natsu\AppData\Local\Config.xml
    2017-05-07 19:19 - 2017-05-07 19:19 - 0278509 _____ () C:\Users\Natsu\AppData\Local\Goldtax.bin
    2017-05-07 19:18 - 2017-05-07 19:19 - 0016176 _____ () C:\Users\Natsu\AppData\Local\InstallationConfiguration.xml
    2017-05-07 19:18 - 2017-05-07 19:18 - 0140800 _____ () C:\Users\Natsu\AppData\Local\installer.dat
    2017-05-07 19:20 - 2017-05-07 19:18 - 1634816 _____ (TODO: <Company name>) C:\Users\Natsu\AppData\Local\Lamtough.exe
    2017-05-07 19:20 - 2017-05-07 19:20 - 1894851 _____ () C:\Users\Natsu\AppData\Local\Lamtough.tst
    2017-05-07 19:20 - 2017-05-07 19:20 - 0018432 _____ () C:\Users\Natsu\AppData\Local\Main.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 0005568 _____ () C:\Users\Natsu\AppData\Local\md.xml
    2017-05-07 19:20 - 2017-05-07 19:20 - 0126464 _____ () C:\Users\Natsu\AppData\Local\noah.dat
    2017-05-07 19:20 - 2017-05-07 19:20 - 1895383 _____ () C:\Users\Natsu\AppData\Local\Sublight.bin
    2017-05-07 19:21 - 2017-05-07 19:21 - 0032038 _____ () C:\Users\Natsu\AppData\Local\uninstall_temp.ico
    2016-10-13 21:22 - 2016-10-13 21:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-05-07 19:19 - 2017-05-07 19:19 - 0320000 _____ (t ) C:\ProgramData\smp2.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść nowe logi z FRST.

    0
  • #6 09 Maj 2017 01:59
    razor73
    Poziom 3  

    Spawdz czy nie został zainstalowany jakiś niechciany program PANEL STEROWANIA
    Odinstaluj dodatkowe funkcje w przeglądarce wraz z wtyczkami oraz wybierz wyszukiwarkę i stronę startową

    0
  • #7 09 Maj 2017 08:07
    Kolobos
    Spec od komputerów

    Wykonaj nowy Fixlist.txt dla FRST:
    Task: {0C71A6A8-496C-4706-B292-A8BE4296303A} - \Opera scheduled Autoupdate 1476385334 -> Brak pliku <==== UWAGA
    Task: {91D16247-9EB2-42A5-A85C-FED3793A2663} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Youtube To MP3) - C:\Users\Natsu\AppData\Roaming\Opera Software\Opera Stable\Extensions\iabbccejglemdcneghjfnknohcojmhdh [2016-11-25]
    OPR Extension: (Youtube to Mp3 Online Converter) - C:\Users\Natsu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ilddjalpmjaomhdgpbkaalhmeemipmeh [2016-11-25]
    2017-05-07 22:06 - 2017-05-07 22:23 - 00000000 ____D C:\AdwCleaner


    @razor73 wszystko widac w logach z FRST.

    0