Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o analizę logów z programu FRST.

wiecho762 10 Sty 2018 10:02 135 2
  • CControls
  • #2 10 Sty 2018 11:07
    krzychupar
    Poziom 40  

    Odinstaluj:
    Allin1Convert Internet Explorer Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== UWAGA
    CinemaPlus-3.2cV06.04 (HKLM-x32\...\CinemaPlus-3.2cV06.04) (Version: 1.36.01.22 - Cinema PlusV06.04) <==== UWAGA
    Genesis (HKU\S-1-5-21-4034686583-3572523072-671191548-1001\...\bvymi) (Version: - ) <==== UWAGA
    Infonaut 1.10.0.13 (HKLM-x32\...\Infonaut_1.10.0.13) (Version: 1.10.0.13 - Infonaut) <==== UWAGA
    Kingdom Plugin (HKU\S-1-5-21-4034686583-3572523072-671191548-1001\...\{4F526425-04FB-0EAD-94E4-973ECB281B4F}) (Version: 1.0.2 - Bus Builder corp) <==== UWAGA
    Math Problem Solver (HKU\S-1-5-21-4034686583-3572523072-671191548-1001\...\Math Problem Solver) (Version: - ) <==== UWAGA
    MyBestOffersToday 008.188 (HKLM-x32\...\mbot_pl_188_is1) (Version: - MYBESTOFFERSTODAY) <==== UWAGA
    PPT美化大师 (HKU\S-1-5-21-4034686583-3572523072-671191548-1001\...\PPTAssist) (Version: 1.0.0.0744 - 珠海金山办公软件有限公司) <==== UWAGA
    WarThunder (HKLM-x32\...\WarThunder) (Version: - ) <==== UWAGA
    WinSpeed (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}) (Version: - 24soft) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll -> Brak pliku
    ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll -> Brak pliku
    ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll -> Brak pliku
    Task: {01196988-6BF2-4463-B83C-799D10546668} - \SPDriver -> Brak pliku <==== UWAGA
    Task: {097CA73B-4DCF-45A1-A046-3D361FE5E096} - \Math Problem Solver CPU -> Brak pliku <==== UWAGA
    Task: {09D914CB-4004-449E-88A3-17B772279F7E} - \Optimizer Pro Schedule -> Brak pliku <==== UWAGA
    Task: {134BB7D7-11AD-452A-9646-44724E3B82F8} - \SPBIW_UpdateTask_Time_333539373236303233382d78782345572a4a3441325057 -> Brak pliku <==== UWAGA
    Task: {22B516CB-1134-4E48-9588-2CA03808B1FD} - \Math Problem Solver GPU -> Brak pliku <==== UWAGA
    Task: {343052F0-7437-4F5E-B008-29D69A46A46D} - System32\Tasks\PPTAssistantNotifyTask_Bogdan => C:\Users\Bogdan\AppData\Local\PPTAssist\notify.exe [2015-07-02] (珠海金山办公软件有限公司) <==== UWAGA
    Task: {4ED1B69E-1A1B-44C6-A4C1-1D05C5EA4F97} - \ShopperProJSUpd -> Brak pliku <==== UWAGA
    Task: {60F402DD-CA11-4646-AC2A-4549C36FC8F9} - \ShopperPro -> Brak pliku <==== UWAGA




    Task: {66C708A7-8658-420A-ADD6-7E2D1EDF40E4} - System32\Tasks\{0B8F19D0-16AD-4BF0-8D7C-A1B5FA01C8BA} => C:\windows\system32\pcalua.exe -a C:\Users\Bogdan\AppData\Local\Torpedo\unins000.exe
    Task: {7EB9EF96-A744-47A4-AF10-50DE90FB0D65} - \RegClean Pro -> Brak pliku <==== UWAGA
    Task: {A08CDED8-6030-45E3-801E-1266BEEBAAF7} - System32\Tasks\PPTAssistantUpdateTask_Bogdan => C:\Users\Bogdan\AppData\Local\PPTAssist\assistupdate.exe [2015-07-02] (Zhuhai Kingsoft Office Software Co.,Ltd) <==== UWAGA
    Task: {AE1135A8-8283-45A2-BF32-BA41F9AD398E} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
    Task: {E5ABCA4D-CE64-43D3-91D6-CDE02AFC4540} - \Math Problem Solver Optimize -> Brak pliku <==== UWAGA
    Task: C:\windows\Tasks\PPTAssistantNotifyTask_Bogdan.job => C:\Users\Bogdan\AppData\Local\PPTAssist\notify.exe <==== UWAGA
    Task: C:\windows\Tasks\PPTAssistantUpdateTask_Bogdan.job => C:\Users\Bogdan\AppData\Local\PPTAssist\assistupdate.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Bogdan\zdjęcia bogdan\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=501dde4020743b962262699bd1cc7f5976a9fc8b --start-fullscreen
    ShortcutWithArgument: C:\Users\Bogdan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=14...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=14...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=14...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\...\MountPoints2: {8a729549-eb6a-11e7-bf4b-50b7c3d7d18b} - "E:\start.exe"
    Startup: C:\Users\Bogdan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet PCL3 Class Driver (sieć).lnk [2014-02-08]
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://myhome.vi-view.com/web/?type=ds&ts...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.searchcompletion.com?si=16618&home=true
    HKU\S-1-5-21-4034686583-3572523072-671191548-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://myhome.vi-view.com/web/?type=ds&ts...OSHIBAXMQ01ABD050_93J5PBDYTXX93J5PBDYT&q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 - (Brak nazwy) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hSrcAs.dll Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14218551...oshibaxmq01abd050_93j5pbdytxx93j5pbdyt&q={searchTerms}
    SearchScopes: HKLM-x32 -> {807E4CF2-39FC-4AB1-8A53-779E92F0ADF9} URL = hxxp://search.searchcompletion.com?si=16618&bs=true&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {807E4CF2-39FC-4AB1-8A53-779E92F0ADF9} URL =
    SearchScopes: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14218551...oshibaxmq01abd050_93j5pbdytxx93j5pbdyt&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14218551...oshibaxmq01abd050_93j5pbdytxx93j5pbdyt&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> {807E4CF2-39FC-4AB1-8A53-779E92F0ADF9} URL = hxxp://search.searchcompletion.com?si=16618&bs=true&q={searchTerms}
    BHO: Brak nazwy -> {11111111-1111-1111-1111-110411851159} -> Brak pliku
    BHO: iWebar -> {11111111-1111-1111-1111-110611191113} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll => Brak pliku
    BHO: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho64.dll => Brak pliku
    BHO-x32: Brak nazwy -> {10E1725C-7237-41A9-954A-04DCCB1FD16C} -> Brak pliku
    BHO-x32: Brak nazwy -> {11111111-1111-1111-1111-110411851159} -> Brak pliku
    BHO-x32: iWebar -> {11111111-1111-1111-1111-110611191113} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll => Brak pliku
    BHO-x32: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho.dll => Brak pliku
    BHO-x32: Brak nazwy -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> Brak pliku
    BHO-x32: Brak nazwy -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - Brak pliku
    Toolbar: HKU\S-1-5-21-4034686583-3572523072-671191548-1001 -> Brak nazwy - {CD1A63BA-A08C-431B-9A34-F240AADC728D} - Brak pliku
    FF Extension: (SavePass 1.1) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-04-06] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Apps Hat) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com [2015-01-17] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (PHD-V1.4) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-12-11] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (iWebar1) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com [2015-02-28] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (sAvingtoeyou) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\9atnkuqs@oioirnrr.co.uk [2014-09-03] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Plus-HD-V1.4c) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\c1b9d306-75ba-4390-8a8b-76b504015572@gmail.com [2015-03-04] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (rEaalDeal) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\cQgAJH@G.net [2015-01-11] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (CinemaPlus-3.2cV06.04) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-06] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Security Protection) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\detgdp@gmail.com [2015-01-02] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (saver box) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\DwRHN5V@pA.net [2014-10-28] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (ssaferweb) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\e4fqyr@yyeiyvdoke.edu [2014-10-14] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Fast Start) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\faststartff@gmail.com [2014-07-25] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (saver box) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\K@9.co.uk [2014-11-28] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (dieal2dEalit) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\Mi@b.org [2015-01-02] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (DeialsFindeRPro) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\omyta@blrfp.com [2014-09-19] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (COupScanner) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\v6meyu@oooajir.org [2014-08-17] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Sense) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\warnerroberts@hotmail.com [2015-06-29] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (Air Globe 1.0.1) - C:\Users\Bogdan\AppData\Roaming\Mozilla\Firefox\Profiles\f13hgro9.default\Extensions\{21d3b30d-5feb-4224-9a1d-01f7d9334705}.xpi [2015-04-06] [Przestarzałe] [Brak podpisu cyfrowego]
    S2 ByteFenceService; "C:\Program Files\ByteFence\ByteFenceService.exe" [X]
    S2 Update trolatunt; "C:\Program Files (x86)\trolatunt\updatetrolatunt.exe" [X]
    S2 SPDRIVER_1.39.0.1602; .\JSDriver\1.39.0.1602\jsdrv.sys [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 10 Sty 2018 12:07
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0