30.12.2017, 17:16
(Ten post był ostatnio modyfikowany: 30.12.2017, 17:18 przez broda99.)
RE: Asus, włączenie bluetooth = bluescreen
Na początek zrobimy trochę porządku.
Odinstaluj: globalupdate Helper.
Do Notatnika wklej (bez frazy "
Kod:"):
Kod:
CustomCLSID: HKU\S-1-5-21-805718677-282137229-2847284142-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Mati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-805718677-282137229-2847284142-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Mati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-805718677-282137229-2847284142-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Mati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Brak pliku
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
Task: {16F5968E-A854-4E43-9DDF-CECFBF6CD860} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {2E3BF03E-B3E1-48E2-8637-0BCA745B580A} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> Brak pliku <==== UWAGA
Task: {3E23B695-6EC8-498A-9E19-2FB4E19749DF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {45974DA9-AE97-464B-9522-9C8F2C25FBB6} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> Brak pliku <==== UWAGA
Task: {45BB24DD-FB09-4311-8FE9-907366E482ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {63A8877F-6C1F-45A9-AB66-9B070C3C3FF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {830A46C0-163A-4A2A-9EA8-1A26E2C1DD63} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {9C249D71-5CB3-4606-A131-830ECDF85F88} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> Brak pliku <==== UWAGA
Task: {B325458F-E464-4CBB-82B3-AA107EA7652C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> Brak pliku <==== UWAGA
Task: {DCF8568D-88E7-4CCF-B3A3-AD408B07714B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> Brak pliku <==== UWAGA
Task: {F643D388-EC33-47F9-87A3-638290B6329E} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> Brak pliku <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-09-02]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku)
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [67072 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [84992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [84992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [79872 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [31232 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\System32\wshbth.dll [63488 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
cmd: netsh winsock reset
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-805718677-282137229-2847284142-1004\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-805718677-282137229-2847284142-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-805718677-282137229-2847284142-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-805718677-282137229-2847284142-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
URLSearchHook: HKU\S-1-5-21-805718677-282137229-2847284142-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-805718677-282137229-2847284142-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKU\S-1-5-21-805718677-282137229-2847284142-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-805718677-282137229-2847284142-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IOBITM~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => Brak pliku
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll => Brak pliku
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Brak pliku
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Brak pliku
FF Extension: (Default) - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Application Update Service Helper) - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Multi-process staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Pocket) - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-11-12] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Form Autofill) - C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Photon onboarding) - C:\Program Files\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Firefox Screenshots) - C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi [2017-11-12] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (Web Compat) - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2017-12-29] [Przestarzałe] [Brak podpisu cyfrowego]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
FF HKLM\...\Mozilla Firefox 57.0.3\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components => nie znaleziono
FF HKLM\...\Mozilla Firefox 57.0.3\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins => nie znaleziono
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
cmd: netsh firewall reset
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
EmptyTemp:
Skrypt unikatowy - proszę nie stosować do "takich samych" przypadków.
Plik > Zapisz jako:
fixlist.txt w katalogu w którym jest FRST.exe. Uruchom FRST:
Napraw > w tym samym katalogu powstanie log wynikowy:
fixlog.txt. Potwierdź restart kompa.
Uwaga: narzędzie usunie wszystkie pliki tymczasowe.
Zamknij wszystkie przeglądarki, uruchom
AdwCleaner >
Skanuj >
Oczyść > restart.
Pokaż log AdwCleaner + fixlog.txt + nowe logi FRST.