Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów FRST z laptopa z systemem Win7 64bit

walentyy 05 Wrz 2017 18:37 384 3
  • #1 05 Wrz 2017 18:37
    walentyy
    Poziom 17  

    Proszę o sprawdzenie logów FRST z laptopa Toshiba z systemem Win7 64bit. Komputer był bardzo zawirusowany. Po skanie Kaspersky Rescue i AdwCleanerem jest lepiej, ale nie uruchamiają się instalki nowych programów. Stare, dawno zainstalowane programy działają. Niektóre proste programy można zainstalować w trybie awaryjnym, ale potem nie uruchamiają się w trybie normalnym. W trybie normalnym nie działa też sieć po LAN ani po WiFi, tak jakby karty były wyłączone.
    Logi zrobiłem w trybie awaryjnym.

    0 3
  • Pomocny post
    #2 06 Wrz 2017 00:55
    krzychupar
    Poziom 40  

    Odinstaluj:
    Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C2D01}) (Version: 12.45.1.45 - APN, LLC) <==== UWAGA
    Search the Web (Yahoo) (HKU\S-1-5-21-2638113790-2468071505-565160291-1000\...\a92e2408) (Version: - ) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    ShellIconOverlayIdentifiers-x32: [IB24SynchronizationPending] -> {08AD9864-E486-4cdb-8781-D507026CF5D6} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [IB24Synchronized] -> {08AD9864-E486-4cdb-8781-D507026CF5D7} => -> Brak pliku
    Task: {2C6EAFA0-BC4C-4FD1-951F-831B627CA7C4} - \{310FAA2E-A50C-A35B-04CD-13A1D90C0CF7} -> Brak pliku <==== UWAGA
    Task: {3BE5452A-7FB6-4C35-93BB-E4E4EF99DAD3} - \Bing Search Engine midor -> Brak pliku <==== UWAGA
    Task: {3DECE629-1E69-4FB5-9253-D39AB06D13EE} - System32\Tasks\{617BEE76-541A-43A3-95D8-E2469A4E42F0} => C:\Windows\system32\pcalua.exe -a C:\Users\beata\Downloads\X16-57077_VKYKV-JC3KY-7TQWD-GY7XD-M9P3P.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {445188B4-D4C1-487D-B6E4-8F7C8DF7490F} - System32\Tasks\{91AD36A0-39D4-4B7B-8D4F-AD77FAD808DF} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?page=tsProgressBar
    Task: {47B7290D-D86D-4B99-9ED7-65F36448AA0A} - System32\Tasks\{91C39099-5AB4-4822-A332-BFA691891DA4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.7.0.102/pl/abandoninstall?page=tsProgressBar
    Task: {51DC73ED-D232-4C0C-8AC6-E81FC8E41D35} - System32\Tasks\{96FE6EE4-B001-46B4-A2FA-5EAFE530C46F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.9.0.106/pl/abandoninstall?source=lightinstaller&page=tsInstall
    Task: {76B3DEE6-98CC-48B2-AC26-C376B702EC83} - \{2AB5F9F1-0BF4-723D-0A8A-303B1AE7FC84} -> Brak pliku <==== UWAGA
    Task: {83439347-2DF2-4D20-85D4-147B072DF3E3} - \{5416F4D3-829F-F04D-5205-69BA25E19675} -> Brak pliku <==== UWAGA
    Task: {D8D54A0D-0986-42F2-B7DE-85388B874AED} - System32\Tasks\{CE18E526-A730-487E-BD89-F0FE7C9A04A0} => C:\Windows\system32\pcalua.exe -a C:\Users\beata\Downloads\WhoIsLive.exe -d C:\Users\beata\Downloads
    Task: C:\Windows\Tasks\Bing Search Engine midor.job => Wscript.exe C:\ProgramData\{2A95EFF6-A0D7-6530-2611-FB72BC5370BC}\cite.txt <==== UWAGA
    Task: C:\Windows\Tasks\{2AB5F9F1-0BF4-723D-0A8A-303B1AE7FC84}.job => C:\Users\beata\AppData\Local\{DAE1E~1\helper.exe <==== UWAGA
    Task: C:\Windows\Tasks\{310FAA2E-A50C-A35B-04CD-13A1D90C0CF7}.job => C:\Users\beata\AppData\Local\310FAA~1\Sync.exe <==== UWAGA




    Task: C:\Windows\Tasks\{5416F4D3-829F-F04D-5205-69BA25E19675}.job => C:\Users\beata\AppData\Roaming\5416F4~1\PRODUC~1.EXE <==== UWAGA
    Shortcut: C:\Users\beata\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Moje witryny sieci Web w sieci MSN\target.lnk -> hxxp://www.msnusers.co
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKLM\...\Policies\Explorer: [HideSCAHealth] 0
    HKU\S-1-5-21-2638113790-2468071505-565160291-1000\...\MountPoints2: {7428444b-16d1-11e2-883f-1c75088af4c3} - F:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-2638113790-2468071505-565160291-1000\...\MountPoints2: {eaee6034-9aba-11e6-9758-1c75088af4c3} - F:\startme.exe
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\S-1-5-21-2638113790-2468071505-565160291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 - (Brak nazwy) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {5E1F7977-6626-4EB2-86FA-EF469B99BB8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {5E1F7977-6626-4EB2-86FA-EF469B99BB8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {03C51870-E0D6-4A36-8058-5E4CC3C74961} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {03C51870-E0D6-4A36-8058-5E4CC3C74961} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> DefaultScope {5E1F7977-6626-4EB2-86FA-EF469B99BB8D} URL =
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {03C51870-E0D6-4A36-8058-5E4CC3C74961} URL =
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {0B46B8B0-689D-47F0-BB5C-B6C63A130D00} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart....1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e7428c3e&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {5E1F7977-6626-4EB2-86FA-EF469B99BB8D} URL =
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {B1B44CA6-A4A7-4B56-941A-A492DD980677} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=^U3^OSJ000^YY^PL&gct=&itbv=12.10.6.60&apn_uid=5D77F5F8-220A-441D-817B-45660A747308&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_dbr=ff_10.0.2&doi=2013-06-02&trgb=IE,FF&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-2638113790-2468071505-565160291-1000 -> {C9F0331B-0CDA-4E88-A38D-891455FB0ABB} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    BHO-x32: Brak nazwy -> {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> Brak pliku
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Brak pliku
    FF NewTab: Mozilla\Firefox\Profiles\p41pyp8z.default -> about:newtab
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p41pyp8z.default -> Bing Search Engine
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p41pyp8z.default -> Bing Search Engine
    FF Homepage: Mozilla\Firefox\Profiles\p41pyp8z.default -> hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-ff628119
    FF Keyword.URL: Mozilla\Firefox\Profiles\p41pyp8z.default -> user_pref("keyword.URL", true);
    FF SearchPlugin: C:\Users\beata\AppData\Roaming\Mozilla\Firefox\Profiles\p41pyp8z.default\searchplugins\bing search engine.xml [2017-03-13]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => nie znaleziono
    FF HKU\S-1-5-21-2638113790-2468071505-565160291-1000\...\Firefox\Extensions: [eran@whoislive.com] - C:\Users\beata\AppData\Local\Temp\whoislive.xpi => nie znaleziono
    CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Google
    CHR DefaultSuggestURL: Default -> hxxps://www.google.com/search?q={searchTerms}
    CHR Extension: (Whoislive) - C:\Users\beata\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdkkghemjaackpnodiacedfadojaboh [2014-06-12] [UpdateUrl: hxxp://www.whoislive.com/download/ChromeUpdate.xml] <==== UWAGA
    CHR HKU\S-1-5-21-2638113790-2468071505-565160291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2638113790-2468071505-565160291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2638113790-2468071505-565160291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2638113790-2468071505-565160291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [cfdkkghemjaackpnodiacedfadojaboh] - C:\Users\beata\AppData\Local\Temp\whoislive.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx <nie znaleziono>
    2017-09-05 17:19 - 2017-09-05 17:22 - 000000000 ____D C:\AdwCleaner
    2017-09-05 17:25 - 2017-02-18 12:09 - 000000268 _____ C:\Windows\Tasks\{78F15D40-8DB0-2600-F6BB-733991366978}.job
    2017-09-05 17:23 - 2017-02-26 20:13 - 000000274 _____ C:\Windows\Tasks\{5416F4D3-829F-F04D-5205-69BA25E19675}.job
    2017-09-05 17:23 - 2016-11-22 07:04 - 000000990 _____ C:\Windows\Tasks\Bing Search Engine midor.job
    2017-09-05 17:03 - 2016-08-16 20:50 - 000000262 _____ C:\Windows\Tasks\{310FAA2E-A50C-A35B-04CD-13A1D90C0CF7}.job
    2017-09-05 16:55 - 2011-10-29 19:47 - 000003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8ED30349-9467-4493-BD4F-A6273A476C75}
    2017-09-05 16:19 - 2013-05-16 15:14 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2638113790-2468071505-565160291-1000UA.job
    2017-09-05 16:19 - 2013-05-16 15:14 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2638113790-2468071505-565160291-1000Core.job
    2017-09-05 16:04 - 2016-11-22 07:03 - 000000000 ____D C:\Users\beata\AppData\Local\{894EBF12-ADE6-D3AA-C07E-F642E4160ADA}
    2017-09-05 15:24 - 2016-09-21 11:59 - 000000266 _____ C:\Windows\Tasks\{2AB5F9F1-0BF4-723D-0A8A-303B1AE7FC84}.job
    2017-09-05 07:13 - 2017-02-26 20:13 - 000000000 ____D C:\Users\beata\AppData\Roaming\5416f4d3829ff04d520569ba25e19675
    2017-09-05 07:13 - 2016-08-16 20:50 - 000000000 ____D C:\Users\beata\AppData\Local\{DAE1EC5A-FFB3-812C-9485-A6FE48575BC0}
    2017-09-05 07:07 - 2016-12-06 21:47 - 000000000 ____D C:\Users\beata\AppData\Local\310faa2ea50ca35b04cd13a1d90c0cf7
    2017-09-05 07:06 - 2016-11-22 07:04 - 000000000 ____D C:\ProgramData\{2A95EFF6-A0D7-6530-2611-FB72BC5370BC}
    C:\Windows\Tasks\{2AB5F9F1-0BF4-723D-0A8A-303B1AE7FC84}.job
    C:\Windows\Tasks\{310FAA2E-A50C-A35B-04CD-13A1D90C0CF7}.job
    C:\Windows\Tasks\{5416F4D3-829F-F04D-5205-69BA25E19675}.job
    C:\Windows\Tasks\{78F15D40-8DB0-2600-F6BB-733991366978}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 07 Wrz 2017 08:44
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.

    0