Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Analiza logów FRST, czyszczenie komputera, usuwanie złośliwego softu

dzygit123 22 Sty 2017 12:50 315 1
  • CControls
  • #2 22 Sty 2017 12:58
    Kolobos
    Spec od komputerów

    W ustawieniach Chrome usun przywracanie zestawu stron po starcie przegladarki.

    Wykonaj Fixlist.txt dla FRST:
    Task: {734105CC-ECCC-4838-8316-272EE899B94A} - System32\Tasks\ACC => C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat <==== UWAGA
    Task: {9905E105-C8BF-4A0B-A4D0-E515FE4CF62D} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
    Task: {D7640C5A-0832-49A6-A859-E3F011CE0E83} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
    Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    Shortcut: C:\Users\Mad Max\Desktop\# GRY\Quantum Break.v 1.0.118.7029.lnk -> G:\Quantum Break.v 1.0.118.7029\Start.bat (Brak pliku)
    HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [68904 2016-12-26] ()
    HKU\S-1-5-21-3854570899-654879727-4005237014-1002\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
    HKU\S-1-5-21-3854570899-654879727-4005237014-1002\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep"
    HKU\S-1-5-21-3854570899-654879727-4005237014-1002\...\Run: [Napisy24.pl] => "C:\Program Files (x86)\Napisy24\Napisy24.exe" AutoStart
    HKU\S-1-5-21-3854570899-654879727-4005237014-1002\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe"
    IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
    GroupPolicy: Ograniczenia <======= UWAGA
    CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={F1EA8FA4-DEDC-4117-B0F5-14A11F17640F}&mid=d44d50ac6ec847d09dd050cd40174acc-6d7dc82d19e0733af1ac4c0ce30c7e59549b92ff&lang=pl&ds=xn011&pr=sa&d=2012-11-27 18:40:49&v=13.2.0.4&sap=hp","hxxp://isearch.avg.com/?cid={1460FBB1-6325-42DD-9106-2AD9D0E10857}&mid=d44d50ac6ec847d09dd050cd40174acc-6d7dc82d19e0733af1ac4c0ce30c7e59549b92ff&lang=pl&ds=xn011&pr=sa&d=2013-01-14 15:18:19&v=13.3.0.17&sap=hp","hxxp://www.searchnu.com/419","hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=da0ad60c000000000000001d7d0bf7cb","hxxp://www.google.com","hxxp://do-search.com/?type=hp&ts=1428051689&from=cor&uid=ST500DM002-1BD142_W2AHCRNYXXXXW2AHCRNY","hxxp://www.gazeta.pl/0,0.html?p=190"
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    2017-01-22 12:41 - 2017-01-22 12:41 - 02420736 _____ (Farbar) C:\Users\Mad Max\Downloads\FRST64 (2).exe
    2017-01-22 12:40 - 2017-01-22 12:40 - 02420736 _____ (Farbar) C:\Users\Mad Max\Downloads\FRST64 (1).exe
    2017-01-22 12:31 - 2017-01-22 12:31 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\Mad Max\Downloads\DiscordSetup (1).exe
    2017-01-22 12:05 - 2017-01-22 12:05 - 52554240 _____ (Hammer & Chisel, Inc.) C:\Users\Mad Max\Downloads\DiscordPTBSetup (1).exe
    2017-01-13 13:23 - 2017-01-13 13:23 - 00077504 _____ C:\Users\Mad Max\Downloads\playstv_installer (1).exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0