Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

windows7 - Proszę o analizę logów FRSt.

roland2570 05 Sty 2016 18:35 576 3
  • #2 05 Sty 2016 19:04
    Kolobos
    Spec od komputerów

    Odinstaluj:
    istartpageing
    LiveUpdateWPP
    Outrageous Deal
    PriceFountain
    SpyHunter
    Update for PriceFountain
    Web Protector Plus
    AVG PC TuneUp

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {22A5750C-7F8B-4164-A4FB-32B4ADE842A9} - System32\Tasks\{41678817-930A-4AAF-9833-E43D0A6D2CCD} => pcalua.exe -a C:\Users\Roland\APPDATA\LOCAL\TEMP\wz7003\John_Deere_Drive_keygen_by_CORE.exe -d C:\Users\Roland\Downloads
    Task: {35B360AB-1ACF-45C4-A00F-5C61770E6612} - System32\Tasks\{323DE3B9-BBF1-4A9A-8E36-33ACBB3F99EF} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.59.102/pl/abandoninstall?page=tsBing
    Task: {46476892-7F95-4AA5-B535-B32429C5A385} - System32\Tasks\RolandHillierGenealogicallyV2 => Rundll32.exe GormandizersHarpsichords.dll,main 7 1 <==== UWAGA
    Task: {64B10587-8936-49F4-9DC0-B399FE06EFE1} - System32\Tasks\{D37C39D4-0F82-4B04-BD3A-F177A2D4132E} => pcalua.exe -a "D:\Driver\Install 32\MSP_Install.exe" -d "D:\Driver\Install 32"
    Task: {B5484C52-3AAB-4C79-B191-1926ED07C263} - System32\Tasks\{EA786630-733D-4103-9F09-66F85875CF0C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {E7B16CDE-081C-4CC7-ACC0-836212FA4BE3} - System32\Tasks\Opera scheduled Autoupdate 1423237885 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {F4CD574F-D022-4A07-8B7E-E2E1EAF27A66} - \avaxvyyvyd -> Brak pliku <==== UWAGA
    IE trusted site: HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\mks.com.pl -> hxxps://www.mks.com.pl
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: E - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {076b8a0a-4529-11e2-b3ca-001e101f9843} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {076b8a21-4529-11e2-b3ca-001e101f9843} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {5a3680a6-beb0-11e4-9188-dc0ea114b2f4} - E:\Startme.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {7ac0cbec-4528-11e2-83fd-9439e5627105} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {7ac0cbf9-4528-11e2-83fd-9439e5627105} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {9293a0f1-836f-11e3-8384-dc0ea114b2f4} - E:\Startme.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {92fa5253-5904-11e2-83f2-9439e5627105} - E:\AutoRun.exe




    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {92fa5266-5904-11e2-83f2-9439e5627105} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {aff19c1b-7ff8-11e2-83c1-dc0ea114b2f4} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {bd700c2d-6f05-11e3-a652-9439e5627105} - E:\AutoRun.exe
    HKU\S-1-5-21-482224062-3415614074-1546368430-1001\...\MountPoints2: {c5b09483-522b-11e3-83dd-9439e5627105} - E:\LGAutoRun.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    URLSearchHook: HKLM-x32 - (Brak nazwy) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Brak nazwy -> {4ab5b611-c019-4b7e-bf98-7ac373487f63} -> Brak pliku
    BHO-x32: Brak nazwy -> {4e2d2bf0-159f-4257-acf0-b1f29b376fa0} -> Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - Brak pliku
    DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Brak pliku
    FF Extension: FirefixTab - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\53ybabf0.default-1425493316454\Extensions\1451678801_xpi [2016-01-01] [Brak podpisu cyfrowego]
    CHR Extension: (Brak nazwy) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    2016-01-01 21:06 - 2016-01-01 21:08 - 00000000 ____D C:\Users\Roland\AppData\Roaming\WarThunder
    2016-01-01 21:06 - 2016-01-01 21:07 - 00000000 ____D C:\Users\Roland\AppData\Local\HillierGenealogically
    2016-01-01 21:06 - 2016-01-01 21:06 - 00003474 _____ C:\Windows\System32\Tasks\RolandHillierGenealogicallyV2
    2016-01-01 21:05 - 2016-01-01 21:06 - 00985776 _____ (Program Web ) C:\Users\Roland\Downloads\Free YouTube Downloader 4.exe
    2016-01-03 12:25 - 2013-09-13 20:12 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #3 05 Sty 2016 19:06
    Acorus 20
    Spec od komputerów

    Odinstaluj Adobe Download Assistant, Outrageous Deal, PriceFountain, SpyHunter, Update for PriceFountain, Web Protector Plus (uninstall only). Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {35B360AB-1ACF-45C4-A00F-5C61770E6612} - System32\Tasks\{323DE3B9-BBF1-4A9A-8E36-33ACBB3F99EF} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.59.102/pl/abandoninstall?page=tsBing
    Task: {46476892-7F95-4AA5-B535-B32429C5A385} - System32\Tasks\RolandHillierGenealogicallyV2 => Rundll32.exe GormandizersHarpsichords.dll,main 7 1 <==== UWAGA
    Task: {B5484C52-3AAB-4C79-B191-1926ED07C263} - System32\Tasks\{EA786630-733D-4103-9F09-66F85875CF0C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {F4CD574F-D022-4A07-8B7E-E2E1EAF27A66} - \avaxvyyvyd -> Brak pliku <==== UWAGA
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    URLSearchHook: HKLM-x32 - (Brak nazwy) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Brak nazwy -> {4ab5b611-c019-4b7e-bf98-7ac373487f63} -> Brak pliku
    BHO-x32: Brak nazwy -> {4e2d2bf0-159f-4257-acf0-b1f29b376fa0} -> Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - Brak pliku
    DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Brak pliku
    CHR Extension: (Brak nazwy) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    2016-01-04 20:45 - 2016-01-05 18:31 - 00000000 ____D C:\Users\Roland\Downloads\FRST-OlderVersion
    2016-01-05 17:48 - 2014-07-14 15:08 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-01-03 12:25 - 2013-09-13 20:12 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    W pasek adresu wpisz: about:support Kliknij Odśwież program Firefox.
    Do Firefoxa zainstaluj uBlock.

    0
  • #4 05 Sty 2016 21:15
    roland2570
    Poziom 11  

    Serdeczne Dzięki

    0