Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Witam - proszę o analizę logów z FRST

maikeru95 19 Paź 2018 19:58 186 12
  • #2 19 Paź 2018 20:41
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    Task: {6D527C41-7947-4FC6-B6A0-6960759362AE} - System32\Tasks\{8EA3B53C-C206-45FE-9A2E-0402738CA454} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\jre-8u171-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {999D67AC-C310-4473-93A9-B2DE81C0D55E} - System32\Tasks\zkqtSUqvflBJtZIfTnB2 => rundll32 "C:\Program Files (x86)\YaNQOzjyhjQoC\wcyGYZL.dll",#1
    Task: {A0A7B5AD-F914-41F7-A9CB-E25AD0EB5F9D} - System32\Tasks\{28FE62E0-8EBD-4935-A886-5C722C95885E} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
    Task: {A0EC9AB6-CCDC-4ECC-BA8A-75F7540C8E1F} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\nEaeCX.dll",#1
    Task: {B472BB1F-09BD-4F0A-84D1-DDF125626833} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\PnZEpaheMCOXz.dll",#1
    Task: {B883A62A-98F3-457F-BC4C-122810FD6C19} - System32\Tasks\LgUiZWCNTEYJs2 => C:\Windows\system32\wscript.exe "C:\ProgramData\CvclQZOtucyvVSVB\mNreQii.wsf"
    Task: {CED0A09B-5ACE-47CA-BA7B-D351F508EF9C} - System32\Tasks\qZkEPNCGHOoYARSao2 => rundll32 "C:\Program Files (x86)\NOOfCcUskYMcdeyIflR\IYjSgCq.dll",#1
    Task: {E30ED0C2-0EC3-4292-93CA-FD2E79B64A72} - System32\Tasks\{6B039D4D-F025-4FA0-9A49-EF02B0A438FF} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
    Task: {EA3B04A0-3EB7-4564-B464-E4F3B066F02C} - System32\Tasks\{272182F6-9039-4A0F-8139-E18288BA61F4} => C:\Windows\system32\pcalua.exe -a "F:\mirrors egde\Mirror's Edge\Support\Mirror's Edge_code.exe" -d "F:\mirrors egde\Mirror's Edge\Support"
    Hosts:
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {57c65640-5747-11e7-a669-806e6f6e6963} - E:\Setup.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {7e9af298-cab2-11e7-a721-1cb72c23d331} - H:\Startme.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {a7988317-f834-11e6-a24a-dc85def2c93c} - E:\AutoRun.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {aedf7860-ce0d-11e6-843d-dc85def2c93c} - E:\Startme.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {eac79812-cca2-11e7-a721-1cb72c23d331} - H:\HiSuiteDownLoader.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank




    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...2eExDxQ_z5Yiz9GhU4pClO0adSkaDVjKJFBA,,&q={searchTerms}
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: YoutubeAdBlock -> {4380B7D5-B068-48A8-9012-70B2490292FB} -> C:\Program Files (x86)\vTGTErrEdIE\tyD47Yk6.dll [2018-10-10] ()
    FF ProfilePath: [core]
    defaultProfile=default
    [nie znaleziono] <==== UWAGA
    FF Extension: (Telemetry coverage) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\g5lmv5ct.default-1534706321390\features\{548d21f4-f680-47c5-b046-79aa106437ba}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Przestarzałe]
    FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=D211PL1274G0&p={searchTerms}
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 Mobile Broadband HL Service; "C:\ProgramData\MobileBrServ\mbbservice.exe" -service [X]
    U3 ajfzey21; C:\Windows\System32\Drivers\ajfzey21.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 asj0prti; C:\Windows\System32\Drivers\asj0prti.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S1 nfstat; \SystemRoot\System32\drivers\nfstat.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-08-07 19:06 - 2018-08-09 17:52 - 000352855 _____ C:\Users\Michael\AppData\Local\UnoPhase.bin
    2018-08-07 19:05 - 2018-10-10 23:37 - 007787008 _____ C:\Users\Michael\AppData\Local\agent.dat
    2018-08-07 19:05 - 2018-10-10 23:37 - 000126464 _____ C:\Users\Michael\AppData\Local\noah.dat
    2018-08-07 19:05 - 2018-10-10 23:37 - 000070896 _____ C:\Users\Michael\AppData\Local\Config.xml
    2018-08-07 19:05 - 2018-10-10 23:37 - 000005568 _____ C:\Users\Michael\AppData\Local\md.xml
    2018-08-07 19:05 - 2018-08-07 19:05 - 002018118 _____ C:\Users\Michael\AppData\Local\Unarantax.tst
    2018-08-07 19:04 - 2018-10-10 23:35 - 001413120 _____ C:\Users\Michael\AppData\Local\sham.db
    2018-10-10 23:35 - 2018-10-10 23:35 - 000140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
    2018-10-10 23:37 - 2018-10-10 23:37 - 002018725 _____ () C:\Users\Michael\AppData\Local\Istotouch.tst
    2018-10-10 23:37 - 2018-10-10 23:37 - 000278509 _____ () C:\Users\Michael\AppData\Local\Lightqvocom.bin
    2018-08-07 19:05 - 2018-10-10 23:37 - 000005568 _____ () C:\Users\Michael\AppData\Local\md.xml
    2018-08-10 16:39 - 2018-08-13 16:42 - 000007630 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
    2018-08-07 19:04 - 2018-10-10 23:35 - 001413120 _____ () C:\Users\Michael\AppData\Local\sham.db
    2018-08-07 19:06 - 2018-08-09 17:52 - 000352855 _____ () C:\Users\Michael\AppData\Local\UnoPhase.bin
    2018-10-10 23:38 - 2018-10-10 23:38 - 001895383 _____ () C:\Users\Michael\AppData\Local\Zoolam.bin
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 19 Paź 2018 21:14
    maikeru95
    Poziom 4  

    Skrypt zadziałał następująco:
    Zalety:
    Na razie nie pokazują się reklamy
    Zużycie procesora zmniejszyło się o kilkadziesiąt procent
    Wady:
    Załączone okienko ze zdjęcia dalej pokazuje się podczas startu systemu
    Komputer włącza się dłużej
    Jakiś pomysł jak można pozbyć się tych wad?

    0
  • #4 20 Paź 2018 04:04
    Kolobos
    Spec od komputerów

    Wystarczy sprawdzic POPRAWNIE logi...

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {1D6E6D97-2CB6-42BE-B567-DA7FB7F95F82} - System32\Tasks\{4D7856F6-7AE0-43DD-9860-AC18F86DDEC0} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {32399F04-6F8C-4FDB-B84F-49F3B7F5FEBC} - System32\Tasks\{E9078F0A-CDE0-4E0D-A4C4-380A39D03722} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {418F0C80-F374-486C-81A2-1B203ECF3232} - System32\Tasks\{FE243706-7035-43FE-AD3A-032150705F85} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {44744E02-3CC8-4F56-BB1E-BA25C3915187} - System32\Tasks\{5C070391-1231-490A-B6DF-A18528E9C87B} => F:\polanie\Polanie II\PolanieII.exe
    Task: {4719E18C-AAC5-4266-8183-90206D957830} - System32\Tasks\{4D7CCEFA-2156-42BE-8B31-C5CF9FD08D62} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\Downloads\TWEE_Upgrade.exe -d C:\Users\Michael\Downloads
    Task: {5109A00B-AE5A-472D-A98B-D471BDA286E3} - System32\Tasks\{143775F8-A9B5-43D5-BB87-D8BCE1EC0B42} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {5EF0D1D5-52C2-4CC0-B088-C1396842829F} - System32\Tasks\{B75EBF91-824C-4E1C-AF94-FC7D5E0BAE58} => F:\polanie\Polanie II\PolanieII.exe
    Task: {6D527C41-7947-4FC6-B6A0-6960759362AE} - System32\Tasks\{8EA3B53C-C206-45FE-9A2E-0402738CA454} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\jre-8u171-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {78E1E6D7-BC45-4547-AC09-F3421B2BDCBB} - System32\Tasks\{E61B148B-FEC6-4AF5-AD5B-A5C7FD11E769} => F:\polanie\Polanie II\PolanieII.exe
    Task: {81BA527E-9163-49BA-AC08-55405D4475D0} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Users\Michael\AppData\Roaming\Microsoft\Windows\gcvbrgbe\irrdheae.exe
    Task: {898A8EE2-13CD-4AEC-8EDB-F0E3EF70A34F} - System32\Tasks\{DEEB4202-F343-4379-80AC-43CDDE1BD474} => F:\polanie\Polanie II\PolanieII.exe
    Task: {999D67AC-C310-4473-93A9-B2DE81C0D55E} - System32\Tasks\zkqtSUqvflBJtZIfTnB2 => rundll32 "C:\Program Files (x86)\YaNQOzjyhjQoC\wcyGYZL.dll",#1
    Task: {A0A7B5AD-F914-41F7-A9CB-E25AD0EB5F9D} - System32\Tasks\{28FE62E0-8EBD-4935-A886-5C722C95885E} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
    Task: {A0EC9AB6-CCDC-4ECC-BA8A-75F7540C8E1F} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\nEaeCX.dll",#1
    Task: {B472BB1F-09BD-4F0A-84D1-DDF125626833} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\PnZEpaheMCOXz.dll",#1
    Task: {B883A62A-98F3-457F-BC4C-122810FD6C19} - System32\Tasks\LgUiZWCNTEYJs2 => C:\Windows\system32\wscript.exe "C:\ProgramData\CvclQZOtucyvVSVB\mNreQii.wsf"
    Task: {CBFB69B3-2512-4B0D-81B5-BECC616014F8} - System32\Tasks\{81EEC552-A14E-497F-9114-51879F92F557} => F:\polanie\Polanie II\PolanieII.exe
    Task: {CED0A09B-5ACE-47CA-BA7B-D351F508EF9C} - System32\Tasks\qZkEPNCGHOoYARSao2 => rundll32 "C:\Program Files (x86)\NOOfCcUskYMcdeyIflR\IYjSgCq.dll",#1
    Task: {D5E4D82A-A72C-448B-B3F7-55D9BBBFAFFB} - System32\Tasks\{9177C251-384D-45F8-881A-91B6DE7C147D} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {E08F1F36-2228-482A-847C-1D25D87DE22B} - System32\Tasks\{48C3B5D0-87EA-426B-BCE7-5E569F8221B6} => F:\Program Files (x86)\Reality Pump\Polanie II\PolanieII.exe [2003-08-28] (Reality Pump)
    Task: {E30ED0C2-0EC3-4292-93CA-FD2E79B64A72} - System32\Tasks\{6B039D4D-F025-4FA0-9A49-EF02B0A438FF} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
    Task: {EA3B04A0-3EB7-4564-B464-E4F3B066F02C} - System32\Tasks\{272182F6-9039-4A0F-8139-E18288BA61F4} => C:\Windows\system32\pcalua.exe -a "F:\mirrors egde\Mirror's Edge\Support\Mirror's Edge_code.exe" -d "F:\mirrors egde\Mirror's Edge\Support"
    Task: {F1534FD6-D8E0-44AF-96D3-1599A0C20AF1} - System32\Tasks\{2A687DF3-3309-4768-998F-3F50D0437817} => F:\polanie\Polanie II\PolanieII.exe
    Hosts:
    (CloudBees, Inc.) C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
    () C:\ProgramData\Microsoft\Windows\EventSvc\work0.exe
    () C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe
    (CloudBees, Inc.) C:\Users\Michael\AppData\Local\NtvHost\syssvc.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {57c65640-5747-11e7-a669-806e6f6e6963} - E:\Setup.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {7e9af298-cab2-11e7-a721-1cb72c23d331} - H:\Startme.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {a7988317-f834-11e6-a24a-dc85def2c93c} - E:\AutoRun.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {aedf7860-ce0d-11e6-843d-dc85def2c93c} - E:\Startme.exe
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\...\MountPoints2: {eac79812-cca2-11e7-a721-1cb72c23d331} - H:\HiSuiteDownLoader.exe
    Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gcvbrgbe.lnk [2018-10-10]
    ShortcutTarget: gcvbrgbe.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-772401847-1724876722-2416464338-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: YoutubeAdBlock -> {4380B7D5-B068-48A8-9012-70B2490292FB} -> C:\Program Files (x86)\vTGTErrEdIE\tyD47Yk6.dll [2018-10-10] ()
    BHO-x32: YoutubeAdBlock -> {4380B7D5-B068-48A8-9012-70B2490292FB} -> C:\Program Files (x86)\vTGTErrEdIE\kqh6KABq.dll [2018-10-10] ()
    FF NewTab: Mozilla\Firefox\Profiles\g5lmv5ct.default-1534706321390 -> file:///C:/ProgramData/Voyasollams/ff.NT
    C:\Program Files\Mozilla Firefox\browser\features\{741F2352-6AF8-42AB-A5AA-30E364AB933D}.xpi
    FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{741F2352-6AF8-42AB-A5AA-30E364AB933D}.xpi [2018-10-10] [Brak podpisu cyfrowego]
    CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=D211PL1274G0&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> McAfee
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjigjjillnilojhbaojacalmfjboejk
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjigjjillnilojhbaojacalmfjboejk
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ejjigjjillnilojhbaojacalmfjboej
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-10] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg
    R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 SysSvc; C:\Users\Michael\AppData\Local\NtvHost\syssvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego]
    U3 ajfzey21; C:\Windows\System32\Drivers\ajfzey21.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 asj0prti; C:\Windows\System32\Drivers\asj0prti.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S1 nfstat; \SystemRoot\System32\drivers\nfstat.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-10-11 11:18 - 2018-10-11 11:19 - 000000000 ____D C:\Users\Michael\AppData\Roaming\njyv1qv1z0v
    2018-10-10 23:40 - 2018-10-11 19:39 - 000000000 ____D C:\Program Files (x86)\YaNQOzjyhjQoC
    2018-10-10 23:40 - 2018-10-11 10:58 - 000000000 ____D C:\Program Files (x86)\NOOfCcUskYMcdeyIflR
    2018-10-10 23:40 - 2018-10-11 10:50 - 000000000 ____D C:\Program Files (x86)\pObWEjsjndqU2
    2018-10-10 23:40 - 2018-10-10 23:40 - 000003058 _____ C:\Windows\System32\Tasks\GItHvXoKUgtwAW
    2018-10-10 23:40 - 2018-10-10 23:40 - 000002890 _____ C:\Windows\System32\Tasks\LgUiZWCNTEYJs2
    2018-10-10 23:40 - 2018-10-10 23:40 - 000002872 _____ C:\Windows\System32\Tasks\qZkEPNCGHOoYARSao2
    2018-10-10 23:40 - 2018-10-10 23:40 - 000002860 _____ C:\Windows\System32\Tasks\zkqtSUqvflBJtZIfTnB2
    2018-10-10 23:39 - 2018-10-19 19:16 - 000000000 ____D C:\Program Files (x86)\DdJDUMRiVWUn
    2018-10-10 23:39 - 2018-10-10 23:39 - 000002850 _____ C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2
    2018-10-10 23:39 - 2018-10-10 23:39 - 000000000 ____D C:\Program Files (x86)\vTGTErrEdIE
    2018-10-10 23:38 - 2018-10-10 23:38 - 001895383 _____ C:\Users\Michael\AppData\Local\Zoolam.bin
    2018-10-10 23:37 - 2018-10-11 19:39 - 000000000 ____D C:\Program Files (x86)\deoRkBcMU
    2018-10-10 23:37 - 2018-10-10 23:37 - 002018725 _____ C:\Users\Michael\AppData\Local\Istotouch.tst
    2018-10-10 23:37 - 2018-10-10 23:37 - 000278509 _____ C:\Users\Michael\AppData\Local\Lightqvocom.bin
    2018-10-10 23:37 - 2018-10-10 23:37 - 000000634 __RSH C:\ProgramData\ntuser.pol
    2018-10-10 23:37 - 2018-10-10 23:35 - 002296832 _____ (TODO: <Company name>) C:\Users\Michael\AppData\Local\Istotouch.exe
    2018-10-10 23:35 - 2018-10-19 19:30 - 000000000 ____D C:\Program Files\AKQAYFZDP0
    2018-10-10 23:35 - 2018-10-10 23:35 - 000140800 _____ C:\Users\Michael\AppData\Local\installer.dat
    2018-10-10 23:35 - 2018-10-10 23:35 - 000000000 ____D C:\Users\Michael\AppData\Roaming\fivxqm3qrin
    2018-10-10 23:34 - 2018-10-11 19:38 - 000000000 ____D C:\Program Files (x86)\MR
    2018-10-10 23:34 - 2018-10-10 23:34 - 000003474 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 2796787680
    2018-08-09 16:47 - 2018-08-09 17:38 - 000000000 ____D C:\Program Files (x86)\LDRIRJvSptwQC
    2018-08-09 16:46 - 2018-08-16 19:56 - 000000000 ____D C:\Program Files (x86)\zDUkwTwaYIE
    2018-08-09 16:45 - 2018-08-09 17:46 - 000000000 ____D C:\Program Files (x86)\VHbWajSWU
    2018-08-07 19:09 - 2018-08-16 19:56 - 000000000 ____D C:\Users\Michael\AppData\Roaming\MediaCache
    2018-08-07 19:09 - 2018-08-09 18:05 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Sound Volume Control
    2018-08-07 19:09 - 2018-08-09 18:03 - 000000000 ____D C:\Users\Michael\AppData\Roaming\1337
    2018-08-07 19:08 - 2018-08-09 17:48 - 000000000 ____D C:\ProgramData\Blogger
    2018-08-07 19:07 - 2018-08-07 19:07 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2018-08-07 19:06 - 2018-08-09 17:52 - 000352855 _____ C:\Users\Michael\AppData\Local\UnoPhase.bin
    2018-08-07 19:05 - 2018-10-10 23:37 - 007787008 _____ C:\Users\Michael\AppData\Local\agent.dat
    2018-08-07 19:05 - 2018-10-10 23:37 - 000126464 _____ C:\Users\Michael\AppData\Local\noah.dat
    2018-08-07 19:05 - 2018-10-10 23:37 - 000070896 _____ C:\Users\Michael\AppData\Local\Config.xml
    2018-08-07 19:05 - 2018-10-10 23:37 - 000005568 _____ C:\Users\Michael\AppData\Local\md.xml
    2018-08-07 19:05 - 2018-08-07 19:05 - 002018118 _____ C:\Users\Michael\AppData\Local\Unarantax.tst
    2018-08-07 19:04 - 2018-10-10 23:35 - 001413120 _____ C:\Users\Michael\AppData\Local\sham.db
    2018-08-07 19:03 - 2018-10-19 19:37 - 000000000 ____D C:\Users\Michael\AppData\Local\GoogleChromeUserData
    2018-08-07 19:02 - 2018-10-19 19:37 - 000000000 ____D C:\Users\Michael\AppData\Local\NtvHost
    2018-08-07 19:02 - 2018-10-19 19:26 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-08-07 19:02 - 2018-10-11 20:32 - 000000000 ____D C:\Users\Michael\AppData\Local\GoogleChromeApplication
    2018-08-07 19:01 - 2018-08-07 19:01 - 000000000 ____D C:\Program Files (x86)\Companyp
    2018-08-07 19:05 - 2018-10-10 23:37 - 007787008 _____ () C:\Users\Michael\AppData\Local\agent.dat
    2018-08-07 19:05 - 2018-10-10 23:37 - 000070896 _____ () C:\Users\Michael\AppData\Local\Config.xml
    2018-10-10 23:35 - 2018-10-10 23:35 - 000140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
    2018-10-10 23:37 - 2018-10-10 23:35 - 002296832 _____ (TODO: <Company name>) C:\Users\Michael\AppData\Local\Istotouch.exe
    2018-10-10 23:37 - 2018-10-10 23:37 - 002018725 _____ () C:\Users\Michael\AppData\Local\Istotouch.tst
    2018-10-10 23:37 - 2018-10-10 23:37 - 000278509 _____ () C:\Users\Michael\AppData\Local\Lightqvocom.bin
    2018-08-07 19:05 - 2018-10-10 23:37 - 000005568 _____ () C:\Users\Michael\AppData\Local\md.xml
    2018-08-07 19:05 - 2018-10-10 23:37 - 000126464 _____ () C:\Users\Michael\AppData\Local\noah.dat
    2018-08-10 16:39 - 2018-08-13 16:42 - 000007630 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
    2018-08-07 19:04 - 2018-10-10 23:35 - 001413120 _____ () C:\Users\Michael\AppData\Local\sham.db
    2018-08-07 19:05 - 2018-08-07 19:05 - 002018118 _____ () C:\Users\Michael\AppData\Local\Unarantax.tst
    2018-08-07 19:06 - 2018-08-09 17:52 - 000352855 _____ () C:\Users\Michael\AppData\Local\UnoPhase.bin
    2018-10-10 23:38 - 2018-10-10 23:38 - 001895383 _____ () C:\Users\Michael\AppData\Local\Zoolam.bin

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 22 Paź 2018 10:52
    Kolobos
    Spec od komputerów

    Nie widze zeby Fixlist w ogole zostal wykonany, zamiesc Fixlog z wykonania podanego Fixlist.

    0
  • #7 22 Paź 2018 19:34
    maikeru95
    Poziom 4  

    Poprzedni fixlist wrzuciłem do tego samego folderu co FRST i wcisnąłem "NAPRAW''. Te fixlogi które wrzuciłem wyżej są wykonane po zaaplikowaniu poprzedniego fixlista. Jak teraz zrobię fixlog to w sumie nic to nie zmieni, tylko dojdą nowe pliki.

    0
  • #8 22 Paź 2018 19:47
    Kolobos
    Spec od komputerów

    Fixlog.txt to plik, ktory sie tworzy po wykonaniu Fixlist.txt i masz go zamiescic w zalaczniku.

    0
  • #10 22 Paź 2018 23:31
    Kolobos
    Spec od komputerów

    Teraz wykonales, wczesniej nie.

    Kolejny Fixlist.txt dla FRST:
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ejjigjjillnilojhbaojacalmfjboejk
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ejjigjjillnilojhbaojacalmfjboejk [2018-08-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    U3 acij7kbe; C:\Windows\System32\Drivers\acij7kbe.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 az81w0hv; C:\Windows\System32\Drivers\az81w0hv.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • Pomocny post
    #12 23 Paź 2018 10:43
    Kolobos
    Spec od komputerów

    Fixlog jest juz zbedny.

    0
  • #13 24 Paź 2018 00:07
    maikeru95
    Poziom 4  

    Dziękuję za szybką pomoc :) laptop działa dużo sprawniej, okienko już nie wyskakuję i zażegnałem kłopot z długim startem systemu :) Jeszcze raz dziękuję i pozdrawiam

    0