Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Problem RunDLL - nengine.dll
25 Maj 2015, 21:44
Mam problem z plikiem nengine.dll. Z tego co czytam to sytuacja powtarzająca się u wielu użytkowników, tzn. przy starcie systemu pojawia się komunikat, że nie można odnaleźć tego pliku:
Wystąpił problem podczas uruchamiania pliku:
C:\Users\SYLWETKA\AppData\Roaming\newnext.me\nengine.dll
Proszę o pomoc w pozbyciu się komunikatu.
FRST
http://www.wklej.eu/index.php?id=7a94965821
http://www.wklej.eu/index.php?id=728a2c3a10
http://www.wklej.eu/index.php?id=49bbd1631f
Wystąpił problem podczas uruchamiania pliku:
C:\Users\SYLWETKA\AppData\Roaming\newnext.me\nengine.dll
Proszę o pomoc w pozbyciu się komunikatu.
FRST
http://www.wklej.eu/index.php?id=7a94965821
http://www.wklej.eu/index.php?id=728a2c3a10
http://www.wklej.eu/index.php?id=49bbd1631f
Re: Problem RunDLL - nengine.dll
26 Maj 2015, 16:59
Wklej do notatnika:
Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Fix. Powstanie plik fixlog.txt, który podajesz na forum.
Następnie podaj nowe logi z FRST.
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [PCSpeedUp] => C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk
C:\Program Files\Przyspiesz Komputer
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\SYLWETKA\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\SYLWETKA\AppData\Roaming\newnext.me
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [Galileo] => C:\Users\SYLWETKA\AppData\Local\Galileo\galileo.exe silent
C:\Users\SYLWETKA\AppData\Local\Galileo
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
SearchScopes: HKU\S-1-5-21-427495664-1228535167-2667528164-1000{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=1291db3c00000000000000215c35368f
SearchScopes: HKU\S-1-5-21-427495664-1228535167-2667528164-1000
Toolbar: HKU\S-1-5-21-427495664-1228535167-2667528164-1000
FF Plugin HKU\S-1-5-21-427495664-1228535167-2667528164-1000: @facebook.com/FBPlugin,version=1.0.3
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit16.crx [Not Found]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz132; \??\C:\Users\SYLWETKA\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Tosrfcom; No ImagePath
EmptyTemp:
Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Fix. Powstanie plik fixlog.txt, który podajesz na forum.
Następnie podaj nowe logi z FRST.
Re: Problem RunDLL - nengine.dll
27 Maj 2015, 19:13
- Kod:
Fix result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by SYLWETKA at 2015-05-27 18:55:28 Run:1
Running from C:\Users\SYLWETKA\Downloads
Loaded Profiles: SYLWETKA (Available Profiles: SYLWETKA & Gość)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [PCSpeedUp] => C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk
C:\Program Files\Przyspiesz Komputer
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\SYLWETKA\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\SYLWETKA\AppData\Roaming\newnext.me
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\...\Run: [Galileo] => C:\Users\SYLWETKA\AppData\Local\Galileo\galileo.exe silent
C:\Users\SYLWETKA\AppData\Local\Galileo
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1427745784&from=cor&uid=TOSHIBAXTHNS128GE8BMDC_01J86000347860003478&q={searchTerms}
SearchScopes: HKU\S-1-5-21-427495664-1228535167-2667528164-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=1291db3c00000000000000215c35368f
SearchScopes: HKU\S-1-5-21-427495664-1228535167-2667528164-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={0340F761-4CE8-4F0F-9B59-3CD75CB8A70C}&mid=9acfd3ec621147d3aa85d155380a6c42-77dcc6af5f90f044ae090a013f7922484652fa67&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-10 14:15:45&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-427495664-1228535167-2667528164-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin HKU\S-1-5-21-427495664-1228535167-2667528164-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\SYLWETKA\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit16.crx [Not Found]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz132; \??\C:\Users\SYLWETKA\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Tosrfcom; No ImagePath
EmptyTemp:
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba Registration => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value Removed successfully.
"C:\Program Files\Mobogenie" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value Removed successfully.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp => value Removed successfully.
"C:\Program Files\Przyspiesz Komputer" => File/Folder not found.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => value Removed successfully.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess => value Removed successfully.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value Removed successfully.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value Removed successfully.
"C:\Users\SYLWETKA\AppData\Roaming\newnext.me" => File/Folder not found.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Galileo => value Removed successfully.
"C:\Users\SYLWETKA\AppData\Local\Galileo" => File/Folder not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-427495664-1228535167-2667528164-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key Removed successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
"HKU\S-1-5-21-427495664-1228535167-2667528164-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key Removed successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key Removed successfully.
HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKU\S-1-5-21-427495664-1228535167-2667528164-1000\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => key Removed successfully.
C:\Users\SYLWETKA\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk" => key Removed successfully.
blbdrive => Service Removed successfully.
cpuz132 => Service Removed successfully.
PCASp50 => Service Removed successfully.
pccsmcfd => Service Removed successfully.
Tosrfcom => Service Removed successfully.
EmptyTemp: => Removed 206.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 18:55:41 ====
http://www.wklej.eu/index.php?id=f7f480c541
http://www.wklej.eu/index.php?id=9deafeb3da
http://www.wklej.eu/index.php?id=0886e31b5c
Re: Problem RunDLL - nengine.dll
28 Maj 2015, 19:35
Wklej do notatnika:
Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Fix
Przeczyść dysk oraz rejestr CCleaner (zakładka Cleaner i Rejestr)
BHO: No Name
DeleteQuarantine:
Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Fix
Przeczyść dysk oraz rejestr CCleaner (zakładka Cleaner i Rejestr)
Re: Problem RunDLL - nengine.dll
01 Cze 2015, 19:28
Dziękuję za pomoc, wszystko działa i nic nie wyskakuje 
Re: Problem RunDLL - nengine.dll
01 Cze 2015, 19:34
Fix result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by SYLWETKA at 2015-06-01 19:33:35 Run:2
Running from C:\Users\SYLWETKA\Downloads
Loaded Profiles: SYLWETKA (Available Profiles: SYLWETKA & Gość)
Boot Mode: Normal
==============================================
fixlist content:
*****************
BHO: No Name {95B7759C-8C7F-4BF1-B163-73684A933233} No File
DeleteQuarantine:
*****************
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key Removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"C:\FRST\Quarantine" => Removed successfully..
==== End of Fixlog 19:33:35 ====
Ran by SYLWETKA at 2015-06-01 19:33:35 Run:2
Running from C:\Users\SYLWETKA\Downloads
Loaded Profiles: SYLWETKA (Available Profiles: SYLWETKA & Gość)
Boot Mode: Normal
==============================================
fixlist content:
*****************
BHO: No Name
{95B7759C-8C7F-4BF1-B163-73684A933233} No File DeleteQuarantine:
*****************
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key Removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"C:\FRST\Quarantine" => Removed successfully..
==== End of Fixlog 19:33:35 ====
Re: Problem RunDLL - nengine.dll
01 Cze 2015, 21:04
W takim razie to tyle.