Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Tworzenie fixlist do FRST

Vvixxa 17 Mar 2017 21:22 537 2
  • #3 18 Mar 2017 02:10
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Task: {5F89CA66-3B66-43B5-9414-80DAC7CE2641} - System32\Tasks\Opera scheduled Autoupdate 1488732680 => C:\Users\Anita\AppData\Local\Programs\Opera\launcher.exe
    Task: {83E6019B-8A55-42BB-BA37-F919D2930E23} - System32\Tasks\{053820AE-C83E-4DBB-96F6-0E0C64EBAD1D} => C:\Users\Anita\Downloads\7SinsSetup.exe
    Task: {8BA20F42-12A0-4E21-81E0-367990116F84} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
    Task: {AF7B6A5D-7B0F-4552-840B-6D44E3456E69} - System32\Tasks\{F9DDC33D-AC8C-43C2-9525-E4567E54B599} => C:\Users\Anita\Downloads\7SinsSetup.exe
    Task: {EDACDE04-C947-4413-9FBB-EE847D0672F5} - System32\Tasks\{2BFF2F94-4A07-4152-9F77-7A1E758F22D7} => pcalua.exe -a "D:\sterowniki Tosh\New Folder\TVWSetup.exe" -d "D:\sterowniki Tosh\New Folder"
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Anita\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Anita\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Anita\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    2017-03-10 11:46 - 2017-02-22 15:40 - 00313344 _____ () C:\Program Files\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe
    () C:\Program Files\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe
    HKLM\...\Run: [] => [X]
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,userinit.exe
    HKU\S-1-5-21-2651833463-700437313-3916016500-1000\...\MountPoints2: {bef3681c-01c7-11e7-9742-d21f8a008b64} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-03-13] (Microsoft Corporation)
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 QForlLgs0EYm Updater; C:\Program Files\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe [313344 2017-02-22] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
    R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [176552 2017-03-03] ()
    2017-03-16 17:10 - 2017-03-17 17:40 - 00000000 ____D C:\AdwCleaner
    2017-03-10 11:50 - 2017-03-10 11:50 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-03-10 11:46 - 2017-03-10 12:10 - 00000000 ____D C:\Program Files\QForlLgs0EYm
    2017-03-10 11:46 - 2017-03-10 11:46 - 00000000 ____D C:\Program Files\QForlLgs0EYm Updater
    2017-03-10 10:45 - 2017-03-10 10:45 - 00000000 __RSH C:\MSDOS.SYS
    2017-03-10 10:45 - 2017-03-10 10:45 - 00000000 __RSH C:\IO.SYS
    2017-03-03 03:35 - 2017-03-03 03:35 - 00176552 _____ C:\Windows\system32\Drivers\cryptfd.sys
    2017-03-05 18:23 - 2017-03-05 18:23 - 0000057 _____ () C:\ProgramData\Ament.ini
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0