Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logów FRST

kazo.m 12 Maj 2017 22:59 249 1
  • #1 12 Maj 2017 22:59
    kazo.m
    Poziom 15  

    Witam.
    Mam prośbę o sprawdzenie logów FRST.
    Znajomy zaktualizował system z Windows 8 na Windows 10.
    Od tamtej pory pojawiają mu się co jakiś czas BSODy. Dość nie regularnie, ale powiedziałem mu, żeby zrobił zdjęcie z kodem błędu, by zlokalizować problem.
    Przejrzałem dziennik zdarzeń i tam panuje masakra pod względem ilości błędów i problemów z różnymi aplikacjami. Zgrałem od niego pliki dmp i je sprawdzę.
    Ale mam prośbę o sprawdzenie logów FRST, bo chyba ma jakieś oprogramowanie, które powoduje część problemów.

    0 1
  • #2 12 Maj 2017 23:05
    Kolobos
    Spec od komputerów

    Odinstaluj:
    mystartsearch uninstall
    Reimage Repair
    WinZipper

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-2090519856-3487979285-1284895173-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Bogusław\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2090519856-3487979285-1284895173-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Bogusław\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2090519856-3487979285-1284895173-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Bogusław\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Brak pliku
    Task: {018093E2-ABEC-470A-928F-23AD14DFFFBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {0AAE84BB-15EB-44E2-848D-93AF0767B473} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-11-13] (Reimage ltd.) <==== UWAGA
    Task: {0AF411C8-B093-4733-B2E3-1FECA45DCE84} - System32\Tasks\{A296930A-B0AD-4003-B417-9E0391C7D415} => pcalua.exe -a E:\CMS\IE_Plugins_V1.1.0.86.exe -d E:\CMS
    Task: {1AC736C5-708A-42DB-84A9-A25E1B253C59} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {2A08F00C-85FA-4876-BD3B-B8CAEE2FD1BD} - System32\Tasks\{34929DF7-C92D-4B92-A9FC-7F52EFF13B29} => pcalua.exe -a "D:\PROGRAMY WGRANE NA STAŁE\PointSoft\photopro.exe" -d C:\Users\Bogusław\Desktop
    Task: {31DBBDDD-A1D0-4342-A662-C7EDBEDC4994} - \WPD\SqmUpload_S-1-5-21-2090519856-3487979285-1284895173-1001 -> Brak pliku <==== UWAGA
    Task: {457ABC3B-773A-4B89-A0A1-110E98749C45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {5DA958C9-497E-40BE-9B97-E4ABC6AAC794} - System32\Tasks\{9699DF9E-B368-4B7E-8DC4-E6A75412BE17} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM
    Task: {71272955-D5E7-4FD0-B7EF-00BEB59778C2} - System32\Tasks\{821445C7-E528-45A9-A9D4-F18ACF983C42} => launchwinapp.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM
    Task: {7AA2DF11-67BB-419A-B29E-4FB605D27670} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {7EECEBAB-65B6-4609-A4BE-5B8287D3ACE1} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-04-20] (Reimage®) <==== UWAGA




    Task: {BA3A5C8E-8C4D-45E3-B17A-95F72C0D1ADA} - System32\Tasks\{9AEF6ADA-7848-4F8B-BCFD-A9B0488CBA3A} => launchwinapp.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM
    Task: {BB68F208-E771-40AD-B306-EE5E5660FB18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {C4ACF79F-98E9-4D9D-A508-4986B0A5158E} - System32\Tasks\{6D6FFC08-E799-4276-A3E1-B1F55FA85874} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/abando...all?source=lightinstaller&amp;page=tsMain
    Task: {E956C5DA-BE57-4F0F-8584-3F8198468D7E} - System32\Tasks\{F84C79EC-29F1-4B6A-A546-70F68AFFDC99} => pcalua.exe -a C:\Users\Bogusław\Documents\Setup.exe -d C:\Users\Bogusław\Documents
    ShortcutWithArgument: C:\Users\Bogusław\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (© 2015 Microsoft Corporation) C:\Users\Bogusław\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2090519856-3487979285-1284895173-1001\...\Run: [BingSvc] => C:\Users\Bogusław\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=48EACBEC-C835-4C60-8FD7-1D9398BB9B26
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=...SHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447...;uid=TOSHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=...SHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX&q={searchTerms}
    HKU\S-1-5-21-2090519856-3487979285-1284895173-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447...;uid=TOSHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2090519856-3487979285-1284895173-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=...SHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX&q={searchTerms}
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Brak pliku
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Brak pliku
    CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1444563392&z=69d9ab22f97c6d8406d94e6g9z8z6z3wfqeq1mcm0t&from=cor&uid=TOSHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX"
    CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&...SHIBAXDT01ACA100_Z4NE1B3NSXXZ4NE1B3NSX&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mystartsearch
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Bogusław\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKU\S-1-5-21-2090519856-3487979285-1284895173-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Bogusław\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8076144 2017-04-20] (Reimage®)
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
    2017-05-12 20:19 - 2017-05-12 20:19 - 00602112 _____ (OldTimer Tools) C:\Users\Bogusław\Desktop\OTL.exe
    2017-05-11 20:28 - 2017-02-17 19:37 - 00003532 _____ C:\WINDOWS\System32\Tasks\Reimage Reminder
    2017-05-11 20:28 - 2017-02-17 19:37 - 00000000 ___DC C:\rei
    2017-05-11 20:28 - 2017-02-17 19:36 - 00000140 _____ C:\WINDOWS\Reimage.ini
    2017-05-11 20:12 - 2015-11-11 12:18 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-06-22 23:01 - 2016-06-22 23:01 - 0000016 _____ () C:\ProgramData\mntemp
    2017-02-06 16:12 - 2017-02-06 16:12 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
    2015-10-22 19:52 - 2015-10-22 19:52 - 0001728 _____ () C:\ProgramData\__wdump.txt
    2015-10-11 13:36 - 2015-11-11 12:18 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0