Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] prośba o analizę kodu FRST, uruchamiana aplikacja przy włączaniu systemu

majk636363 20 Wrz 2018 09:46 69 2
  • #1 20 Wrz 2018 09:46
    majk636363
    Poziom 3  

    Jak powyżej proszę o analizę kodu FRST, uruchamiana jest jakaś aplikacja przy włączaniu systemu, którego nie potrafię usunąć (komunikat podczas włączania „lsdelate program not found skipping autocheck”, ponadto odczuwalne spowolnienie pracy systemu, chociaż po moich dotychczasowych operacjach nastąpiła znaczna poprawa, jednak uruchamia się dość długo.

    Sprawdzony przez tdskiller, przejechany przez JRT, AdvCleaner, CCleaner i finalnie Malwarebytes, odznaczone co możliwe z uruchamiania z msconfig.

    0 2
  • Pomocny post
    #2 20 Wrz 2018 10:06
    krzychupar
    Poziom 40  

    Odinstaluj:

    Ask Toolbar
    Google Update Helper (Version: 1.3.23.0 - BonanzaDeals) Hidden <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> Brak pliku
    Task: {027F7D06-FF27-4C70-9DB2-8DE54CB09310} - System32\Tasks\{29CFCE11-1358-4EBE-9164-6D0D0A7A92F3} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.14.85.104/pl/go/help.faq.installer?LastError=1601
    Task: {34F1E229-FB83-47A0-BF52-DC7B5A3C5E16} - System32\Tasks\{7122B763-130B-42D8-A430-0DCCD10EADC4} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.11.0.102/pl/go/hel...ller?source=lightinstaller&LastError=1601
    Task: {3575F3B5-4BC7-4D34-BC94-F2DC5F2BA482} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA
    Task: {35839B75-47C5-4225-B591-924B7E54BB3D} - System32\Tasks\{858381CA-D335-4B4A-AAB3-1C5D1A31E702} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.14.85.104/pl/go/help.faq.installer?LastError=1601
    Task: {963D4B8C-6F40-4B6E-ACFF-3F31516C9FDF} - System32\Tasks\{826E7A89-E7D3-4D4B-A720-E307CBC7603D} => C:\Windows\system32\pcalua.exe -a C:\Users\ewa\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
    Task: {A50736FB-EBD0-4A52-A892-21663C6FD2E3} - System32\Tasks\{2B1AD451-A95A-458F-9CBE-391E2AA7A68E} => C:\Windows\system32\pcalua.exe -a "C:\Users\ewa\Desktop\Movies\The KMPlayer\KMPSetup.exe" -d "C:\Users\ewa\Desktop\Movies\The KMPlayer"
    Task: {A6E75CC6-3BA8-4E8D-9CFE-0E94503B5F12} - System32\Tasks\{4D100005-87E2-4145-A24B-F49D873A6AA7} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.11.0.102/pl/go/hel...ller?source=lightinstaller&LastError=1601
    Task: {B0CEBDBA-E410-4B45-9173-D01841D62CA5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {B0EB0F34-D99A-46AD-A700-318381935375} - System32\Tasks\{001933F0-3394-4805-BCBD-8E44839C5067} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.11.0.102/pl/go/hel...ller?source=lightinstaller&LastError=1601




    Task: {BE91148D-726F-4F04-B3D5-BE957DBF31A1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-28] (AVAST Software)
    Task: {C3709D9A-E992-46AD-A568-0A62D65C54FC} - System32\Tasks\{B6B200F9-228A-4E46-810B-73C82A19C847} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.14.85.104/pl/go/help.faq.installer?LastError=1601
    Task: {D1B1AB1D-2C91-4247-8F44-EFF579F2A5DD} - System32\Tasks\{C93B5FFB-B326-43D7-89AB-CBF714280E3E} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.11.0.102/pl/go/hel...ller?source=lightinstaller&LastError=1601
    Task: {DBDA9AD0-476E-4EC2-B9DA-22ACD9EA2430} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-28] (AVAST Software)
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: H - H:\setup.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {18b56ec3-cccf-11e5-af4e-20cf3060c186} - G:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {4782a73e-7235-11e3-bc1b-20cf3060c186} - H:\setup.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {549459ce-813d-11e1-9faa-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {60e7990a-bb32-11e0-97a3-001e101f8924} - F:\setup.exe -a
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {6c26e5ce-fc8c-11e0-9a47-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {6e894264-e9a8-11e3-accc-001e101f7fb6} - F:\setup.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {6e8942ab-e9a8-11e3-accc-001e101f7fb6} - H:\setup.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {7401473e-4cbf-11e0-9bc0-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {755d3414-30ac-11e4-bf49-001e101f2c0e} - F:\autorun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {7aabd94f-4a8f-11e0-89bf-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {7aabd951-4a8f-11e0-89bf-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {7aabd954-4a8f-11e0-89bf-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73aa0-78a0-11e0-ae50-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73bd8-78a0-11e0-ae50-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73bda-78a0-11e0-ae50-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73ccf-78a0-11e0-ae50-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73cde-78a0-11e0-ae50-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {87c73ced-78a0-11e0-ae50-00a0c6000000} - G:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {8be0fa01-24cc-11e0-a762-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {8be0fa04-24cc-11e0-a762-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda950c-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda950e-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda967c-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda9691-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda969e-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda96ef-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {adda96f2-3d3f-11e0-95c3-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {b76c7e54-2996-11e0-841b-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {b76c7e56-2996-11e0-841b-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfcdc-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfcec-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfcf8-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfd76-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfd78-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfd85-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfd87-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {be8dfd8a-359e-11e0-a76a-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {c070ac44-ad41-11e1-8cb7-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {e014a1e4-2755-11e5-abad-20cf3060c186} - G:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {e014a1f0-2755-11e5-abad-20cf3060c186} - G:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {f19d26d6-5865-11e0-a35c-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {f44c257b-813b-11e1-9b59-20cf3060c186} - F:\AutoRun.exe
    HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\MountPoints2: {f9f99de5-7f2c-11e0-82c3-001e101f7fb6} - G:\AutoRun.exe
    BootExecute: autocheck autochk * autocheck lsdelete
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\.DEFAULT -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2739064179-524812488-1678171689-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    FF NewTab: Mozilla\Firefox\Profiles\zul8avnk.default -> about:newtab
    FF Extension: (NoScript) - C:\Users\ewa\AppData\Roaming\Mozilla\Firefox\Profiles\zul8avnk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-05] [Przestarzałe]
    FF HKU\S-1-5-21-2739064179-524812488-1678171689-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [Brak pliku]
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [Brak pliku]
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\new_plugin\npjp2.dll [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-28] (AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-28] (AVAST Software)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    U3 tmlwf; Brak ImagePath
    U3 tmwfp; Brak ImagePath
    Error(1) reading file: "C:\Windows\System32\Tasks\Program aktualizacji online firmy Adobe."
    2018-09-20 09:11 - 2018-09-20 09:15 - 000000000 ____D C:\AdwCleaner
    2018-09-20 09:20 - 2011-10-07 20:39 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-09-20 08:55 - 2018-07-28 11:27 - 000000000 ____D C:\Users\ewa\AppData\Local\AVAST Software
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 20 Wrz 2018 10:24
    majk636363
    Poziom 3  

    rozwiązane, dziękuję serdecznie

    0