Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Czyszczenie komputera, analiza logów FRST, pozbywanie się wirusów

iguana1234 02 Paź 2016 13:09 336 1
  • #2 02 Paź 2016 13:17
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.5.0 - Polish zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    AVG
    PriceFountain

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    Task: {C19DE671-8DBC-416A-9374-0EA95D829383} - System32\Tasks\{DA0C2150-7ADF-42B1-8331-A2D1D5D7FCD9} => Firefox.exe
    Task: {D5223A59-FB8E-4167-ABA3-278ABBD359FC} - System32\Tasks\{2D3D0A19-6686-442C-94A7-367827819BE6} => Firefox.exe
    Task: {DCD5B6A7-46EA-4BFB-8B03-5C76E94A0FCC} - System32\Tasks\PCLaxnessesConelradsV2 => Rundll32.exe BloodsheddingReapply.dll,main 7 1 <==== UWAGA
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="cmd-brontok.exe"
    Hosts:
    HKLM-x32\...\Run: [be8faf121ac8ac90c6fe60a5c240c710] => C:\Users\PC\AppData\Roaming\photo ss.exe [61440 2012-12-22] ()
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Run: [Sys32] => 0
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Run: [be8faf121ac8ac90c6fe60a5c240c710] => C:\Users\PC\AppData\Roaming\photo ss.exe [61440 2012-12-22] ()
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\MountPoints2: {4ab29614-15e3-11e6-812f-1c6f655b7033} - F:\setup.exe
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\MountPoints2: {55bd71d4-153f-11e6-b381-1c6f655b7033} - E:\setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\be8faf121ac8ac90c6fe60a5c240c710.exe [2012-12-22] ()
    BootExecute: autocheck autochk * aswBoot.exe /M:175a90ac /wow /dir:"C:\Program Files\AVAST Software\Avast"
    AlternateShell: cmd-brontok.exe
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-10-02 12:52 - 2012-12-22 23:38 - 00061440 _____ C:\Users\PC\AppData\Roaming\photo ss.exe
    2016-10-01 19:57 - 2016-10-01 19:58 - 00285656 _____ C:\Windows\Minidump\100116-20092-02.dmp




    2016-10-01 19:53 - 2016-10-01 19:53 - 00285624 _____ C:\Windows\Minidump\100116-20217-01.dmp
    2016-10-01 19:49 - 2016-10-01 19:49 - 00286024 _____ C:\Windows\Minidump\100116-20061-01.dmp
    2016-10-01 19:28 - 2016-10-01 19:28 - 00288136 _____ C:\Windows\Minidump\100116-20092-01.dmp
    2016-10-01 19:23 - 2016-10-01 19:23 - 00287880 _____ C:\Windows\Minidump\100116-20326-01.dmp
    2016-10-01 19:20 - 2016-10-01 19:20 - 00286360 _____ C:\Windows\Minidump\100116-20139-01.dmp
    2016-10-01 19:18 - 2016-10-01 19:18 - 00286200 _____ C:\Windows\Minidump\100116-21902-01.dmp
    2016-10-01 19:16 - 2016-10-01 19:16 - 00286520 _____ C:\Windows\Minidump\100116-15475-01.dmp
    2016-10-01 19:14 - 2016-10-01 19:14 - 00289720 _____ C:\Windows\Minidump\100116-19812-01.dmp
    2016-10-01 13:01 - 2016-10-01 13:01 - 00285336 _____ C:\Windows\Minidump\100116-16770-01.dmp
    2016-10-01 08:44 - 2016-10-01 08:44 - 00283520 _____ C:\Windows\Minidump\100116-12854-01.dmp
    2016-09-30 20:02 - 2016-09-30 20:02 - 00286360 _____ C:\Windows\Minidump\093016-19484-01.dmp
    2016-09-26 13:59 - 2016-09-26 13:59 - 00635472 _____ C:\Windows\Minidump\092616-13618-01.dmp
    2016-10-02 12:52 - 2012-12-22 23:38 - 0061440 _____ () C:\Users\PC\AppData\Roaming\photo ss.exe
    2016-08-15 17:42 - 2016-10-02 12:52 - 0030734 _____ () C:\Users\PC\AppData\Roaming\photo ss.exe.tmp
    2016-02-02 07:52 - 2016-02-02 07:52 - 0021010 _____ () C:\Users\PC\AppData\Roaming\Posoma.txt
    2016-07-07 08:53 - 2016-07-07 08:53 - 0041816 _____ () C:\Users\PC\AppData\Local\Bron.tok.A16.em.bin
    2016-07-07 07:15 - 2016-07-07 07:15 - 0000051 _____ () C:\Users\PC\AppData\Local\Kosong.Bron.Tok.txt
    2015-11-01 15:32 - 2015-11-01 15:32 - 0030947 _____ () C:\Users\PC\AppData\Local\ListHost16.txt
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0