Sprawdzenie FRST, komputer muli


(Lutekwwl) #1

Witam, proszę o sprawdzenie FRST, ponieważ mam wrażenie że ostatnio komputer zaczął dziwnie pracować

 

http://wklej.org/id/1657623/  Additional

http://wklej.org/id/1657624/  FRST


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-1103858147-2764314287-2259581806-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425842275&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425842275&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425842275&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {04199388-A6C4-4DC6-BA5D-E93FCBD30DAC} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {9174D96B-1174-4DCD-878E-529C154179C0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103858147-2764314287-2259581806-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&ts=1425842377&type=default&q={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: iWebar - C:\Users\Envy\AppData\Roaming\Mozilla\Firefox\Profiles\tedtv59n.default\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-10-12]
FF Extension: No Name - C:\Users\Envy\AppData\Roaming\Mozilla\Firefox\Profiles\tedtv59n.default\extensions\istart_ffnt@gmail.com [Not Found]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-08] (SysTool PasSame LIMITED)
S2 SPDRIVER_1.37.0.1368; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1368\jsdrv.sys [X]
2015-03-08 20:19 - 2015-03-08 20:19 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-03-08 20:19 - 2015-03-08 20:19 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-03-08 20:19 - 2015-03-08 20:19 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-03-08 20:18 - 2015-03-08 20:21 - 00000000 ____ D () C:\Users\Envy\AppData\Local\Gameo
2015-02-26 19:37 - 2015-02-26 19:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Envy\Downloads\SpyHunter-installer.exe
2015-02-24 16:29 - 2015-02-26 20:05 - 00000000 ____ D () C:\AdwCleaner
2015-01-10 22:18 - 2015-02-25 17:28 - 0000005 _____ () C:\Program Files (x86)\is.dat
2015-01-10 22:19 - 2015-01-10 22:19 - 0016384 _____ () C:\Program Files (x86)\uik.dat
2015-02-13 03:35 - 2015-02-13 03:35 - 0000036 _____ () C:\Users\Envy\AppData\Local\housecall.guid.cache
2015-02-13 03:45 - 2015-02-13 03:45 - 0000010 _____ () C:\Users\Envy\AppData\Local\sponge.last.runtime.cache
2015-02-13 03:52 - 2015-02-13 03:52 - 0101251 _____ () C:\Users\Envy\AppData\Local\ars.cache
2015-02-13 03:52 - 2015-02-13 03:52 - 0207033 _____ () C:\Users\Envy\AppData\Local\census.cache
2013-11-08 23:06 - 2013-11-08 23:12 - 0000822 _____ () C:\ProgramData\hpzinstall.log
Task: {4114B5E7-2053-4C75-BECC-893FBBCDEE23} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B7EDF942-668A-4271-9500-A11DEB7403A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Lutekwwl) #3

http://wklej.org/id/1658017/  fixlog

http://wklej.org/id/1658019/  FRST


(Atis) #4

Odinstaluj Spybot - Search and Destroy .

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425842275&from=cor&uid=HGSTXHTS541075A9E680_J813007MG5UUBAG5UUBAX&q={searchTerms}
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK