FRST i GMER - nie moge pobrac pilne

[mateo8898]

Nic dziwnego, złapałaś z powrotem jakiś syf.

Wklej do notatnika:

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
Task: {62DCED02-CB2F-4393-982C-4941E96E62DE} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
Task: {6A21BC20-1C39-495A-A06D-ABD9A7233A4E} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
C:\Program Files\WordFly_1.10.0.28
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
KU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=pr_37b5ddee-4d4c-4fa2-9ac2-6c1d04564912&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=pr_37b5ddee-4d4c-4fa2-9ac2-6c1d04564912&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
BHO: Brak nazwy {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Brak pliku
Toolbar: HKLM - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAIUeVwKUVhCDAdCdAgVVVxIRxhBdA5bTA0VFlYWIQFeU1tEFxNBNARaB0tXUUEeGGlxR1dMZVxQI1ZOBEsIYEVT
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUdwBdUwkQEhgRIQ0JTA0UGFMOIg0PAhRFRQJAdVgABwsTFAMFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA==
FF Extension: Discovery App - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{75e4f711-85ee-4dcd-b4f3-77cf124536fb}.xpi [2015-11-23] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\extensions\[email protected] => nie znaleziono
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\extensions\[email protected] => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
R2 Service Mgr DiscoveryApp; C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd\plugincontainer.exe [724712 2015-12-10] () <==== UWAGA
C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd
R2 Update Mgr DiscoveryApp; C:\Program Files\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd\updater.exe [605928 2015-12-10] () <==== UWAGA
R1 {0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t; C:\Windows\System32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t.sys [55864 2014-10-18] (StdLib)
R1 {1f1a6417-232f-4d66-b329-9186268a4e91}t; C:\Windows\System32\drivers\{1f1a6417-232f-4d66-b329-9186268a4e91}t.sys [55864 2014-10-16] (StdLib)
R1 {38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t; C:\Windows\System32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t.sys [55864 2014-10-11] (StdLib)
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}t; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}t.sys [55864 2014-10-20] (StdLib)
R1 {44b76908-31ad-4fdd-90ce-abbdbb78f175}t; C:\Windows\System32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}t.sys [55864 2014-10-15] (StdLib)
R1 {45df5bc0-27fc-482b-88e9-68b0812c4d00}t; C:\Windows\System32\drivers\{45df5bc0-27fc-482b-88e9-68b0812c4d00}t.sys [55864 2014-10-11] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}t; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}t.sys [55864 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}t; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224 2014-08-06] (StdLib)
R1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t; C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t.sys [55864 2014-10-21] (StdLib)
R1 {9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}t; C:\Windows\System32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}t.sys [55864 2014-10-17] (StdLib)
R1 {a00759f4-8f6e-4f04-880d-18a7306588c3}t; C:\Windows\System32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}t.sys [55864 2014-10-13] (StdLib)
R1 {a67a3db7-d53a-49b6-ad54-991a8bad27b3}t; C:\Windows\System32\drivers\{a67a3db7-d53a-49b6-ad54-991a8bad27b3}t.sys [55864 2014-10-12] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}t; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}t.sys [55864 2014-10-19] (StdLib)
R1 {df8d93ab-56ab-414d-b711-87b0e2749bbd}t; C:\Windows\System32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}t.sys [55864 2014-10-17] (StdLib)
R1 {eb00a2af-f43a-4114-8049-3fd98517b465}t; C:\Windows\System32\drivers\{eb00a2af-f43a-4114-8049-3fd98517b465}t.sys [55864 2014-10-14] (StdLib)
R1 {f916f162-d4e9-413b-95d2-589769dc98ff}t; C:\Windows\System32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}t.sys [55864 2014-10-15] (StdLib)
U1 eabfiltr; Brak ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
2015-11-23 22:08 - 2015-12-10 22:28 - 00000000 ____D C:\Program Files\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd
2015-11-23 22:05 - 2015-11-23 22:05 - 00000000 ____D C:\ProgramData\UniqueId
2015-11-23 21:13 - 2015-12-08 21:42 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\istartpageing
EmptyTemp:

Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Napraw. Powstanie plik fixlog.txt, który podajesz na forum.
Następnie podaj nowe logi z FRST.

[Julka38]

Kod: Zaznacz wszystko

Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:14-12-2015
Uruchomiony przez Ilona (2015-12-14 21:33:45) Run:6
Uruchomiony z C:\Users\Ilona\Downloads
Załadowane profile: Ilona (Dostępne profile: Ilona)
Tryb startu: Normal

==============================================

fixlist - zawartość:
*****************
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
Task: {62DCED02-CB2F-4393-982C-4941E96E62DE} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
Task: {6A21BC20-1C39-495A-A06D-ABD9A7233A4E} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
C:\Program Files\WordFly_1.10.0.28
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
KU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=pr_37b5ddee-4d4c-4fa2-9ac2-6c1d04564912&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=pr_37b5ddee-4d4c-4fa2-9ac2-6c1d04564912&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1694770522-3577824347-4236469000-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884&q={searchTerms}
BHO: Brak nazwy -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Brak pliku
Toolbar: HKLM - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAIUeVwKUVhCDAdCdAgVVVxIRxhBdA5bTA0VFlYWIQFeU1tEFxNBNARaB0tXUUEeGGlxR1dMZVxQI1ZOBEsIYEVT
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUdwBdUwkQEhgRIQ0JTA0UGFMOIg0PAhRFRQJAdVgABwsTFAMFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA==
FF Extension: Discovery App - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{75e4f711-85ee-4dcd-b4f3-77cf124536fb}.xpi [2015-11-23] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\extensions\[email protected] => nie znaleziono
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\extensions\[email protected] => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1448312683&z=1067b6dfadb549c4471126agezbzfb0c8gao7c5q7q&from=cornl&uid=WDCXWD2500BEVS-60UST0_WD-WXC50809688496884
R2 Service Mgr DiscoveryApp; C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd\plugincontainer.exe [724712 2015-12-10] () <==== UWAGA
C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd
R2 Update Mgr DiscoveryApp; C:\Program Files\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd\updater.exe [605928 2015-12-10] () <==== UWAGA
R1 {0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t; C:\Windows\System32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t.sys [55864 2014-10-18] (StdLib)
R1 {1f1a6417-232f-4d66-b329-9186268a4e91}t; C:\Windows\System32\drivers\{1f1a6417-232f-4d66-b329-9186268a4e91}t.sys [55864 2014-10-16] (StdLib)
R1 {38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t; C:\Windows\System32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t.sys [55864 2014-10-11] (StdLib)
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}t; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}t.sys [55864 2014-10-20] (StdLib)
R1 {44b76908-31ad-4fdd-90ce-abbdbb78f175}t; C:\Windows\System32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}t.sys [55864 2014-10-15] (StdLib)
R1 {45df5bc0-27fc-482b-88e9-68b0812c4d00}t; C:\Windows\System32\drivers\{45df5bc0-27fc-482b-88e9-68b0812c4d00}t.sys [55864 2014-10-11] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}t; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}t.sys [55864 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}t; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224 2014-08-06] (StdLib)
R1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t; C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t.sys [55864 2014-10-21] (StdLib)
R1 {9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}t; C:\Windows\System32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}t.sys [55864 2014-10-17] (StdLib)
R1 {a00759f4-8f6e-4f04-880d-18a7306588c3}t; C:\Windows\System32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}t.sys [55864 2014-10-13] (StdLib)
R1 {a67a3db7-d53a-49b6-ad54-991a8bad27b3}t; C:\Windows\System32\drivers\{a67a3db7-d53a-49b6-ad54-991a8bad27b3}t.sys [55864 2014-10-12] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}t; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}t.sys [55864 2014-10-19] (StdLib)
R1 {df8d93ab-56ab-414d-b711-87b0e2749bbd}t; C:\Windows\System32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}t.sys [55864 2014-10-17] (StdLib)
R1 {eb00a2af-f43a-4114-8049-3fd98517b465}t; C:\Windows\System32\drivers\{eb00a2af-f43a-4114-8049-3fd98517b465}t.sys [55864 2014-10-14] (StdLib)
R1 {f916f162-d4e9-413b-95d2-589769dc98ff}t; C:\Windows\System32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}t.sys [55864 2014-10-15] (StdLib)
U1 eabfiltr; Brak ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
2015-11-23 22:08 - 2015-12-10 22:28 - 00000000 ____D C:\Program Files\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd
2015-11-23 22:05 - 2015-11-23 22:05 - 00000000 ____D C:\ProgramData\UniqueId
2015-11-23 21:13 - 2015-12-08 21:42 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\istartpageing
EmptyTemp:
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62DCED02-CB2F-4393-982C-4941E96E62DE} => klucz nie znaleziono.
C:\Windows\System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Core => klucz nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A21BC20-1C39-495A-A06D-ABD9A7233A4E} => klucz nie znaleziono.
C:\Windows\System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Pending Update => klucz nie znaleziono.
"C:\Program Files\WordFly_1.10.0.28" => nie znaleziono.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość nie znaleziono.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono.
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono.
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono.
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => klucz nie znaleziono.
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => klucz nie znaleziono.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wartość nie znaleziono.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => klucz nie znaleziono.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAIUeVwKUVhCDAdCdAgVVVxIRxhBdA5bTA0VFlYWIQFeU1tEFxNBNARaB0tXUUEeGGlxR1dMZVxQI1ZOBEsIYEVT => nie znaleziono
Firefox "homepage" pomyślnie usunięto
C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{75e4f711-85ee-4dcd-b4f3-77cf124536fb}.xpi => nie znaleziono.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Wartość nie znaleziono.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Wartość nie znaleziono.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
Service Mgr DiscoveryApp => serwis nie znaleziono.
"C:\ProgramData\653ac11b-b606-42c5-b357-bca0fd28d1cd" => nie znaleziono.
Update Mgr DiscoveryApp => serwis nie znaleziono.
{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t => serwis nie znaleziono.
{1f1a6417-232f-4d66-b329-9186268a4e91}t => serwis nie znaleziono.
{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t => serwis nie znaleziono.
{3c9eada7-386c-4a04-ab1e-4eb122397ced}t => serwis nie znaleziono.
{44b76908-31ad-4fdd-90ce-abbdbb78f175}t => serwis nie znaleziono.
{45df5bc0-27fc-482b-88e9-68b0812c4d00}t => serwis nie znaleziono.
{6191cc23-5db4-4079-aaac-546c45b08af1}t => serwis nie znaleziono.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}t => serwis nie znaleziono.
{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t => serwis nie znaleziono.
{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}t => serwis nie znaleziono.
{a00759f4-8f6e-4f04-880d-18a7306588c3}t => serwis nie znaleziono.
{a67a3db7-d53a-49b6-ad54-991a8bad27b3}t => serwis nie znaleziono.
{cfbbf934-a234-4282-8ef3-310abb84c3e4}t => serwis nie znaleziono.
{df8d93ab-56ab-414d-b711-87b0e2749bbd}t => serwis nie znaleziono.
{eb00a2af-f43a-4114-8049-3fd98517b465}t => serwis nie znaleziono.
{f916f162-d4e9-413b-95d2-589769dc98ff}t => serwis nie znaleziono.
eabfiltr => serwis nie znaleziono.
ewusbnet => serwis nie znaleziono.
huawei_enumerator => serwis nie znaleziono.
hwdatacard => serwis nie znaleziono.
IntcAzAudAddService => serwis nie znaleziono.
SymIMMP => serwis nie znaleziono.
wfdrvr_vt_1_10_0_28 => serwis nie znaleziono.
"C:\Program Files\Common Files\653ac11b-b606-42c5-b357-bca0fd28d1cd" => nie znaleziono.
"C:\ProgramData\UniqueId" => nie znaleziono.
"C:\Users\Ilona\AppData\Roaming\istartpageing" => nie znaleziono.
EmptyTemp: => 13.1 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 21:33:51 ====

Po powstaniu fixlog - samoistnie następuje zamykanie systemu i komputer się wyłącza. W efekcie czego nie otrzymuję logów z FRST. W trakcie naprawy, jaką wykonuje FRST, pojawia się komunikat, że program Plugin przestał działać. Co z tym zrobić?

[mateo8898]

W takim razie zrób nowe logi z FRST.

[Julka38]

http://www.wklej.eu/index.php?id=60dcbbdf9c
http://www.wklej.eu/index.php?id=d7aadcb684
http://www.wklej.eu/index.php?id=d342ba7468

[mateo8898]

Odinstaluj Discovery App, istartpageing, istartsurf uninstall. Następnie wklej do notatnika:

HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUdwBdUwkQEhgRIQ0JTA0UGFMOIg0PAhRFRQJAdVgABwsTFAMFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4PWFxDEVQQbQtZVQhcFVAaJhRaVQ4SDAFHd1oNAAEXE1cWdh9aFQQTR0cFME0FB18EURNNfX1REloeV1BROXhIEQ==&q={searchTerms}
FF Extension: Discovery App - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{fed7e0d4-4a57-4cfd-851a-1ce870fd7fff}.xpi [2015-12-09] [Brak podpisu cyfrowego]
2015-12-12 00:02 - 2015-12-12 00:03 - 00000000 ____D C:\fba6c10e424ea0cfe3c7f81c
2015-11-23 22:08 - 2015-12-10 18:23 - 00000000 ____D C:\Program Files\Discovery App
2015-11-23 22:07 - 2015-11-23 22:07 - 00962128 _____ (Installer Soft Program ) C:\Users\Ilona\Downloads\WinRAR-12398-dp.exe

Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Napraw. Powstanie plik fixlog.txt, który podajesz na forum.
Następnie podaj nowe logi z FRST.

[Julka38]

Kod: Zaznacz wszystko

Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:16-12-2015
Uruchomiony przez Ilona (2015-12-16 17:06:40) Run:7
Uruchomiony z C:\Users\Ilona\Downloads
Załadowane profile: Ilona (Dostępne profile: Ilona)
Tryb startu: Normal

==============================================

fixlist - zawartość:
*****************
HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartpageing.com/?type=hp&ts=1448309619&z=d7221535e4b7ce07a566c70g0z4z9b2c7ebt6q6gdt&from=cor&uid=wdcxwd2500bevs-60ust0_wd-wxc50809688496884
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUdwBdUwkQEhgRIQ0JTA0UGFMOIg0PAhRFRQJAdVgABwsTFAMFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDWHRTMA==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4PWFxDEVQQbQtZVQhcFVAaJhRaVQ4SDAFHd1oNAAEXE1cWdh9aFQQTR0cFME0FB18EURNNfX1REloeV1BROXhIEQ==&q={searchTerms}
FF Extension: Discovery App - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{fed7e0d4-4a57-4cfd-851a-1ce870fd7fff}.xpi [2015-12-09] [Brak podpisu cyfrowego]
2015-12-12 00:02 - 2015-12-12 00:03 - 00000000 ____D C:\fba6c10e424ea0cfe3c7f81c
2015-11-23 22:08 - 2015-12-10 18:23 - 00000000 ____D C:\Program Files\Discovery App
2015-11-23 22:07 - 2015-11-23 22:07 - 00962128 _____ (Installer Soft Program ) C:\Users\Ilona\Downloads\WinRAR-12398-dp.exe
*****************

HKU\S-1-5-21-1694770522-3577824347-4236469000-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
Firefox "homepage" pomyślnie usunięto
Firefox "Keyword.URL" pomyślnie usunięto
C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\nvoku6jg.default\Extensions\{fed7e0d4-4a57-4cfd-851a-1ce870fd7fff}.xpi => pomyślnie przeniesiono
C:\fba6c10e424ea0cfe3c7f81c => pomyślnie przeniesiono
"C:\Program Files\Discovery App" => nie znaleziono.
C:\Users\Ilona\Downloads\WinRAR-12398-dp.exe => pomyślnie przeniesiono

==== Koniec  Fixlog 17:06:41 ====

Odnośnie istartpageing, istartsurf uninstall pojawił się komunikat, że nie można odinstalować, bo być może wcześniej został odinstalowany. Pytał czy usunąć z listy programów. Usunęłam.

http://www.wklej.eu/index.php?id=578491caaf
http://www.wklej.eu/index.php?id=069bfc9245
http://www.wklej.eu/index.php?id=da244e2d8c

[mateo8898]

I jak teraz sytuacja?

[Julka38]

Jest ok Dzięki

[mateo8898]

Kroki końcowe:
Wklej do notatnika:

DeleteQuarantine:

Plik zapisujesz pod nazwą fixlist.txt i umieszczasz obok FRST. Uruchom FRST i kliknij w nim Napraw

Zainstaluj http://www.instalki.pl/programy/downloa ... hecky.html