Utorrent i problem z Win32.Application.OpenCandy


(Petervs) #1

Prosze o sprawdzenie logów.

 

Nie moge uruchomić utorrenta i wyskakuje błąd jak w temacie. 

 

Logi :

http://wklej.to/hdMj6

 

http://wklej.to/RaRhO

 

 

 

 


(Acorus) #2

Brak loga Addition.txt


(Petervs) #3

Acorus

 

prosze log do addition.txt: http://wklej.to/ilnzD

 

Z góry dziekuje.


(Acorus) #4

Odinstaluj Adobe Reader 8.3.1.Otwórz notatnik systemowy i wklej:

Task: {1D44B59E-1D59-4A1C-8F8F-FAE902502E44} - System32\Tasks\{CCB7166E-8B10-43DE-A344-A3381A3E2287} = Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {92E7B6CE-B043-4A01-9500-FEAC9E9BA770} - System32\Tasks\{FD1CE2AE-B573-447D-8098-1EACDEDE58E9} = Chrome.exe http://ui.skype.com/ui/0/5.10.0.115/en/abandoninstall?page=tsMain
Task: {D96B1D3D-AE72-4DD2-B93E-C0304D50E71A} - System32\Tasks\{BC96A46F-D8F9-44FF-A48C-B29AA3FC6855} = Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/pl/go/help.faq.installer?LastError=1618
HKLM\...\Run: [RtHDVCpl] = C:\Windows\RAVCpl64.exe [5641728 2008-01-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [QPService] = C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2007-12-20] (CyberLink Corp.)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
HKU\S-1-5-21-2403903409-1008024966-985570049-1000\...\Run: [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe [239104 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2403903409-1008024966-985570049-1000\...\Run: [Google Update] = C:\Users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-2403903409-1008024966-985570049-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
HKU\S-1-5-21-2403903409-1008024966-985570049-1003\...\Run: [Google Update] = C:\Users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-2403903409-1008024966-985570049-1003\...\Run: [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe [239104 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2403903409-1008024966-985570049-1003\...\RunOnce: [Shockwave Updater] = C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1100465.exe [447928 2008-08-06] (Adobe Systems, Inc.)
HKU\S-1-5-21-2403903409-1008024966-985570049-1003\...\MountPoints2: {272bfe22-2fe7-11dd-b938-001e682ab9ad} - G:\Setup.exe
HKU\S-1-5-21-2403903409-1008024966-985570049-1003\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) ==== ATTENTION
BootExecute: autocheck autochk *
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-2403903409-1008024966-985570049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2403903409-1008024966-985570049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1a=rckt_ir_14_30_chcd=2XzuyEtN2Y1L1QzutDtDtC0EyCzztB0A0Bzy0A0D0B0EyDyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtD0C0D0CyByBtGzztCyD0BtGzyyEtBtDtGtA0EyD0DtGtDyB0E0D0E0DyEyD0EtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0F0Fzz0D0Bzy0EtG0A0CtBtAtGyE0E0B0AtGyC0BtAyDtGtAyEzz0Ezz0ByB0CzyyDtAzy2Qcr=1242409489ir=
URLSearchHook: HKU\S-1-5-21-2403903409-1008024966-985570049-1003 - (No Name) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4q={searchTerms}a=rckt_ir_14_30_chcd=2XzuyEtN2Y1L1QzutDtDtC0EyCzztB0A0Bzy0A0D0B0EyDyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtD0C0D0CyByBtGzztCyD0BtGzyyEtBtDtGtA0EyD0DtGtDyB0E0D0E0DyEyD0EtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0F0Fzz0D0Bzy0EtG0A0CtBtAtGyE0E0B0AtGyC0BtAyDtGtAyEzz0Ezz0ByB0CzyyDtAzy2Qcr=1242409489ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2403903409-1008024966-985570049-1000 - {3AC1C7D8-9AE3-4DF0-B76E-4813D10320C6} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=714647p={searchTerms}
SearchScopes: HKU\S-1-5-21-2403903409-1008024966-985570049-1000 - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4q={searchTerms}a=rckt_ir_14_30_chcd=2XzuyEtN2Y1L1QzutDtDtC0EyCzztB0A0Bzy0A0D0B0EyDyCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0FtD0C0D0CyByBtGzztCyD0BtGzyyEtBtDtGtA0EyD0DtGtDyB0E0D0E0DyEyD0EtDyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0F0Fzz0D0Bzy0EtG0A0CtBtAtGyE0E0B0AtGyC0BtAyDtGtAyEzz0Ezz0ByB0CzyyDtAzy2Qcr=1242409489ir=
SearchScopes: HKU\S-1-5-21-2403903409-1008024966-985570049-1003 - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}srch=dsp
SearchScopes: HKU\S-1-5-21-2403903409-1008024966-985570049-1003 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2530240
Toolbar: HKU\S-1-5-21-2403903409-1008024966-985570049-1003 - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
S2 BBDemon; No ImagePath
S1 Beep; No ImagePath
S1 GLogin; No ImagePath
U3 a4ak2ivk; No ImagePath
S3 catchme; \\C:\ComboFix\catchme.sys [X]
U1 eabfiltr; No ImagePath
C:\Users\Piotr\plec.vbs
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Petervs) #5

Dziekuje i pozdrawiam!


(Acorus) #6

Skasuj folder C:\FRST

Zainstaluj http://ninite.com/foxit/