Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prosze o Analize logów FRST - -

kamil18183 20 Sty 2016 20:04 411 2
  • Pomocny post
    #2 20 Sty 2016 20:17
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-1390067357-308236825-1417001333-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> Brak ścieżki do pliku
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\PLAY ONLINE\Odinstaluj.lnk -> C:\WINDOWS\system32\SupportAppCB\EXETimer.exe () -> "C:\WINDOWS\system32\SupportAppCB\Uninstall.bat"
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093




    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    AlternateDataStreams: C:\WINDOWS:ecde8b8c58b22
    AlternateDataStreams: C:\Program Files\AcGasSynchro II:60609da9
    AlternateDataStreams: C:\Program Files\Common Files:51059ffaeb890
    AlternateDataStreams: C:\WINDOWS\system32:1464242f5a
    AlternateDataStreams: C:\Documents and Settings\All Users:3cd880a87a8
    AlternateDataStreams: C:\Documents and Settings\KAMIL:6cd05f3d
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:fe93a19e34e9a
    AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51
    AlternateDataStreams: C:\Documents and Settings\KAMIL\Ustawienia lokalne\Temp:2a087d15
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= UWAGA
    SearchScopes: HKU\S-1-5-21-1390067357-308236825-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    FF DefaultSearchEngine: webssearches
    FF SelectedSearchEngine: webssearches
    FF SearchPlugin: C:\Documents and Settings\KAMIL\Dane aplikacji\Mozilla\Firefox\Profiles\3eshjfy7.default\searchplugins\webssearches-1.xml [2016-01-08]
    FF SearchPlugin: C:\Documents and Settings\KAMIL\Dane aplikacji\Mozilla\Firefox\Profiles\3eshjfy7.default\searchplugins\webssearches.xml [2015-12-07]
    FF Extension: YahooToolsProtected - C:\Documents and Settings\KAMIL\Dane aplikacji\Mozilla\Firefox\Profiles\3eshjfy7.default\Extensions\yahooprotected@gmail.com.xpi [2015-11-23] [Brak podpisu cyfrowego]
    StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD800BEVS-08RST2_WD-WXEZ0728209382093
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 IhPul; C:\Documents and Settings\LocalService\Dane aplikacji\TSv\TSvr.exe [X]
    S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    S2 NovaPdfServer; "C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe" [X]
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    S2 WdMan; C:\Documents and Settings\All Users\Dane aplikacji\SWdMS\WdMan.exe -svr [X]
    S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-01-17] ()
    U3 a6kwbjzj; C:\WINDOWS\system32\Drivers\a6kwbjzj.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 esgiguard; \??\C:\Documents and Settings\KAMIL\Pulpit\SpyHunter 4.20.9.4533 Eng 32 Bit Portable\esgiguard.sys [X]
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
    S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
    2016-01-17 12:28 - 2016-01-17 14:20 - 00219689 _____ C:\spyhunter.fix
    2016-01-17 12:04 - 2016-01-17 12:04 - 00000000 ____D C:\sh4ldr
    2016-01-17 12:04 - 2016-01-17 12:04 - 00000000 ____D C:\Documents and Settings\KAMIL\Dane aplikacji\Enigma Software Group
    2016-01-17 12:03 - 2016-01-17 12:03 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-01-17 12:03 - 2016-01-17 12:03 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-01-13 17:55 - 2016-01-13 17:55 - 00000000 ____D C:\Documents and Settings\KAMIL\Dane aplikacji\eCyber
    2016-01-13 12:52 - 2016-01-13 12:52 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Picexa Viewer
    2016-01-13 12:51 - 2016-01-17 13:30 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\TSv
    2016-01-13 12:49 - 2016-01-17 13:30 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\SWdMS
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #3 20 Sty 2016 20:19
    kamil18183
    Poziom 8  

    Dzieki wielkie pomogło

    0