Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o analizę logów FRST

andore 06 Sie 2015 19:45 612 6
  • CControls
  • Pomocny post
    #2 06 Sie 2015 19:57
    Acorus 20
    Spec od komputerów

    Odinstaluj Sale Clipper. Otwórz notatnik systemowy i wklej:

    Cytat:
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2555031829-1915374467-2933209100-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1...m=cor&uid=ST9500420AS_5VJBVWP1XXXX5VJBVWP1&q={searchTerms}
    HKU\S-1-5-21-2555031829-1915374467-2933209100-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1...m=cor&uid=ST9500420AS_5VJBVWP1XXXX5VJBVWP1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2555031829-1915374467-2933209100-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2555031829-1915374467-2933209100-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&u...WP1XXXX5VJBVWP1&ts=1438083970&type=default&q={searchTerms}
    BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll No File
    BHO-x32: Sale Clipper -> {b18906df-1dfa-4d50-8a1f-7d076a8c87b7} -> C:\Program Files (x86)\Sale Clipper\Extensions\b18906df-1dfa-4d50-8a1f-7d076a8c87b7.dll [2015-07-28] ()




    Toolbar: HKU\S-1-5-21-2555031829-1915374467-2933209100-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-is__alt__ddc_dsssyctab_bd_com
    FF DefaultSearchEngine: Yahoo Search!
    FF SelectedSearchEngine: Yahoo Search!
    FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bfr-is__alt__ddc_dsssyc_bd_com
    FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc...ddc_bd&type=bl-bfr-is__alt__ddc_dss_bd_com&p={searchTerms}
    FF Extension: Session Manager - C:\Users\aszymanska.CORE1\AppData\Roaming\Mozilla\Firefox\Profiles\yi6ujejt.default-1438337405891\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-07-31]
    FF Extension: Sale Clipper - C:\Users\aszymanska.CORE1\AppData\Roaming\Mozilla\Firefox\Profiles\yi6ujejt.default-1438337405891\Extensions\{45bde14d-dde4-417e-a26d-b08da043f4ae}.xpi [2015-08-05]
    S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
    2015-07-28 13:55 - 2015-07-28 13:55 - 00000000 ____D C:\Users\aszymanska.CORE1\SupTab
    2015-07-28 13:46 - 2015-07-28 13:46 - 00000000 ____D C:\ProgramData\IHProtectUpDate
    2015-07-28 13:45 - 2015-07-28 13:46 - 00000000 ____D C:\ProgramData\SWinManProS
    2015-07-28 13:44 - 2015-07-28 13:44 - 00000000 ____D C:\Program Files (x86)\Sale Clipper
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    1
  • CControls
  • Pomocny post
    #4 07 Sie 2015 14:55
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.
    Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    1
  • #5 09 Sie 2015 10:31
    andore
    Poziom 5  

    Done. Dawać na koniec jeszcze jakieś logi? Wygląda na to, że sytuacja opanowana.

    0
  • #6 09 Sie 2015 10:56
    Kolobos
    Spec od komputerów

    Nie, to wszystko.

    0
  • #7 09 Sie 2015 10:57
    Acorus 20
    Spec od komputerów

    To wszystko.
    Prośba o analizę logów FRST

    0