Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] ram - Wysokie zużycie ramu

krystian2005 19 Lut 2018 18:01 660 19
  • #1 19 Lut 2018 18:01
    krystian2005
    Poziom 5  

    Witam przez kilka dni mam problem z wysokim zużyciem ramu.
    Na początku moje cpu po włączeniu komputera była 90% zużycie kiedy usunąłem wirusa mój ram po włączeniu komputera był 37% i rósł ciągle do 70 %.
    Bardzo prosiłbym o pomoc moja specyfikacja sprzętowa to:Windows 7 enterprise 64bit Intel core I3-2100 CPU @ 3.10GHz 4GB ramu Nvidia Geforce GTX 550 ti.
    Dołączam także liste procesów. pozdrawiam

    0 19
  • Pomocny post
    #2 19 Lut 2018 18:14
    Kasek21
    Poziom 43  

    Po pierwsze to zły dział!
    Po drugie chociaż byś uszeregował te procesy.

    Co pokazuje zakładka Wydajność?

    krystian2005 napisał:
    kiedy usunąłem wirusa

    Tzn.? Co usunąłeś?

    0
  • #3 19 Lut 2018 18:28
    krystian2005
    Poziom 5  

    wykonałem skan avastem i usunąłem jakieś malware

    0
  • Pomocny post
    #6 19 Lut 2018 18:35
    Kasek21
    Poziom 43  

    krystian2005 napisał:
    Masz tu usługi

    A co komu po tym? :P

    Masz napisane co masz wykonać.

    0
  • #8 19 Lut 2018 19:21
    Kolobos
    Spec od komputerów

    Z Chrome zgraj zakladki ze wszystkich profili, oba zostana usuniete przez skrypt.

    Odinstaluj:
    Adobe Reader 6.0.2 CE, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    Avast Cleanup Premium
    IObit Malware Fighter 5
    McAfee Security Scan Plus
    Turbo Internet

    Uzyj https://solutionfile.trendmicro.com/solutionf.../Ti_120_win_en_Tool_UninstallTool_hfb0001.exe

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
    AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
    Task: {2FFF7371-661D-4FD8-8140-F988ED8E9E4F} - System32\Tasks\Krystian => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Krystian /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA
    Task: {3706590A-D356-4A70-A61C-405D306D6B3A} - System32\Tasks\Driver Booster SkipUAC (Krystian) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
    Task: {57BF8BC2-D6B1-4C6F-8417-54FAF95112C3} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\IObit\Advanced SystemCare\NoteIcon.exe [2017-03-23] (IObit)
    Task: {7FCDAFF2-8ED3-424C-84BE-3CBBCE70A5D6} - System32\Tasks\{4A27B1E5-9B9F-44BD-9771-834D1C7A7B5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Krystian\Downloads\FacebookGameroom.exe -d C:\Users\Krystian\Downloads
    Task: {90C932DC-34CC-49B8-8825-E7BF0B1B7C1C} - System32\Tasks\{7CD30F33-4739-467B-9939-80C6704F7234} => C:\Windows\system32\pcalua.exe -a "D:\msdownld.tmp\gta san andreas.exe" -d D:\msdownld.tmp
    Task: {94C41D97-CAC7-4775-901C-F1806CC05391} - System32\Tasks\{8B9258D3-0E20-40A6-A6EB-871F0ECFEFD5} => C:\Windows\system32\pcalua.exe -a E:\CDSETUP.EXE -d E:\
    Task: {9C87970B-F6CE-452D-91EC-C7389AA4AA53} - System32\Tasks\Opera scheduled Autoupdate 1496581395 => C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {9D9E59F8-F592-4EAE-9F91-0F39F5D66CDA} - System32\Tasks\WinThruster64-Krystian-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== UWAGA
    Task: {B8AC0EB6-A47C-4826-9FD1-CBCF11C56206} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-02-02] (AVAST Software)
    Task: {E5EAE57D-14B6-4E7F-ABE1-B2520A0EB41E} - System32\Tasks\WinThruster64-Krystian-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== UWAGA
    Task: {EB906E30-761A-4385-A587-0654B62DFC4C} - System32\Tasks\{E2CFF8DE-49B1-4667-BABE-31CEBECAB27C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Krystian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ML1C4Y2\Ball3D_Install.exe" -d C:\Users\Krystian\Desktop




    Task: {F217CF54-6A10-4262-9BBF-7561B27BC3D5} - System32\Tasks\{A823971B-4EF4-4E32-A660-85CC701EF1CF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: C:\Windows\Tasks\WinThruster64-Krystian-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== UWAGA
    Task: C:\Windows\Tasks\WinThruster64-Krystian-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== UWAGA
    C:\Users\Krystian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
    HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit)
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\Run: [Krystian] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: J - J:\setup.EXE /AUTORUN
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: {275d0edd-91ef-11e6-8057-d43d7e95d7cd} - K:\setup.EXE /AUTORUN
    IFEO\launcher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\mcuicnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\ssscheduler.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\uninstaler_skipuac.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\wmplayer.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B619FEFA9-9BD4-40CC-81D1-CAEEC6A57D7E%7D&gp=811041
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> {9E5B7623-8E1A-4E3D-A52B-401721B20D49} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B619FEFA9-9BD4-40CC-81D1-CAEEC6A57D7E%7D&gp=811041
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll [2012-05-09] (Trend Micro Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll [2013-08-20] (Trend Micro Inc.)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll [2012-05-09] (Trend Micro Inc.)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll [2013-08-20] (Trend Micro Inc.)
    BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
    FF user.js: detected! => C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\user.js [2018-01-09]
    FF Homepage: Mozilla\Firefox\Profiles\lp7jenpz.default -> hxxps://encrypted.google.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\lp7jenpz.default -> Enabled: "id":"{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7
    FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-07-03] [Przestarzałe]
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\homepage@mail.ru.xpi [2018-01-05]
    C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\homepage@mail.ru.xpi
    FF Extension: (Mail.Ru) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\search@mail.ru.xpi [2018-01-05]
    C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\search@mail.ru.xpi
    FF Extension: (Turbo Internet) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\turbointernet@turbointernet.com [2018-01-22] [Przestarzałe] [Brak podpisu cyfrowego]
    C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\turbointernet@turbointernet.com
    FF Extension: (Пульт) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-01-05]
    C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2017-02-19] [Przestarzałe] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: (Brak nazwy) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-05-29] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2017-02-19] [Przestarzałe] [Brak podpisu cyfrowego]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\8919903.js [2017-08-08] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\8919903.cfg [2017-08-08] <==== UWAGA
    CHR HomePage: Profile 2 -> mail.ru/cnt/11956636?rciguc__PARAM__
    CHR DefaultSearchURL: Profile 2 -> hxxp://nova.rambler.ru/search?query={searchTerms}&osd=1
    CHR DefaultSearchKeyword: Profile 2 -> nova.rambler.ru
    CHR DefaultSuggestURL: Profile 2 -> hxxp://nova.rambler.ru/suggest?v=3&query={searchTerms}
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2
    CHR Profile: C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-05-06] <==== UWAGA
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion
    CHR Profile: C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\glecultruvtaindetion [2018-02-19] <==== UWAGA
    C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha
    C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\imcaafepnnbkidkcdfjcoaialoakdjfl
    OPR Extension: (Scripter) - C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\imcaafepnnbkidkcdfjcoaialoakdjfl [2017-06-03]
    OPR Extension: (Quick Searcher v16.2) - C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-02-15]
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe [404376 2018-01-05] (McAfee, Inc.)
    S3 cpuz138; Brak ImagePath
    S3 NTIOLib_1_0_3; Brak ImagePath
    S3 WinRing0_1_2_0; Brak ImagePath
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-02-19 16:58 - 2018-02-19 18:44 - 000000374 _____ C:\Windows\Tasks\WinThruster64-Krystian-Startup.job
    2018-02-19 16:58 - 2018-02-19 16:58 - 000002768 _____ C:\Windows\System32\Tasks\WinThruster64-Krystian-Startup
    2018-02-19 16:57 - 2018-02-19 18:44 - 000000382 _____ C:\Windows\Tasks\WinThruster64-Krystian-Notification.job
    2018-02-19 16:57 - 2018-02-19 16:57 - 000003460 _____ C:\Windows\System32\Tasks\WinThruster64-Krystian-Notification
    2018-02-19 16:54 - 2018-02-19 16:55 - 023195976 _____ (Solvusoft Corporation) C:\Users\Krystian\Downloads\Setup_WinThruster_2017.exe
    2018-01-22 19:12 - 2018-01-22 19:12 - 000000000 ____D C:\Users\Krystian\Documents\Turbo Internet
    2018-01-22 19:11 - 2018-02-19 09:16 - 000000000 ____D C:\Program Files (x86)\Turbo Internet
    2018-01-22 19:11 - 2018-01-22 19:11 - 000001049 _____ C:\Users\Public\Desktop\Turbo Internet.lnk
    2018-02-19 18:40 - 2017-04-27 14:24 - 000000000 ____D C:\AdwCleaner
    2018-02-04 18:44 - 2017-08-09 19:01 - 000000080 _____ C:\Users\Krystian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2018-01-24 17:10 - 2017-09-27 16:44 - 000001924 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2018-01-24 17:09 - 2017-07-21 15:46 - 000000000 ____D C:\Program Files\McAfee Security Scan

    Po wykonaniu WSZYSTKIEGO zamiesc nowe logi z FRST, ze skanowania.

    0
  • #10 20 Lut 2018 11:17
    Kolobos
    Spec od komputerów

    Czy mozesz przestac instalowac te wszystkie antywirusy?
    Mozesz miec tylko JEDEN, reszte odinstaluj.

    Nie wykonales tego co podalem!

    Odinstaluj:
    Adobe Reader 6.0.2 CE, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    Avast Cleanup Premium
    Turbo Internet

    Do tego odinstaluj Avast Premier lub Bitdefender Antivirus Free.

    Fixlist.txt w ogole nie wykonales...

    Po co w ogole piszesz? Zeby zmarnowac moj czas na ponowne sprawdzanie tego samego?

    Napisz jak juz uda Ci sie wysilic na tyle zeby wykonac to co podalem, w przeciwnym razie nie pisz. Zamiesc tez Fixlog z wykonania Fixlist.

    0
  • Pomocny post
    #13 20 Lut 2018 15:21
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    ContextMenuHandlers1: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => -> Brak pliku
    ContextMenuHandlers1-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => -> Brak pliku
    Task: {2FFF7371-661D-4FD8-8140-F988ED8E9E4F} - \Krystian -> Brak pliku <==== UWAGA
    Task: {7FCDAFF2-8ED3-424C-84BE-3CBBCE70A5D6} - System32\Tasks\{4A27B1E5-9B9F-44BD-9771-834D1C7A7B5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Krystian\Downloads\FacebookGameroom.exe -d C:\Users\Krystian\Downloads
    Task: {90C932DC-34CC-49B8-8825-E7BF0B1B7C1C} - System32\Tasks\{7CD30F33-4739-467B-9939-80C6704F7234} => C:\Windows\system32\pcalua.exe -a "D:\msdownld.tmp\gta san andreas.exe" -d D:\msdownld.tmp
    Task: {94C41D97-CAC7-4775-901C-F1806CC05391} - System32\Tasks\{8B9258D3-0E20-40A6-A6EB-871F0ECFEFD5} => C:\Windows\system32\pcalua.exe -a E:\CDSETUP.EXE -d E:\
    Task: {9C87970B-F6CE-452D-91EC-C7389AA4AA53} - System32\Tasks\Opera scheduled Autoupdate 1496581395 => C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {EB906E30-761A-4385-A587-0654B62DFC4C} - System32\Tasks\{E2CFF8DE-49B1-4667-BABE-31CEBECAB27C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Krystian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ML1C4Y2\Ball3D_Install.exe" -d C:\Users\Krystian\Desktop
    Task: {F217CF54-6A10-4262-9BBF-7561B27BC3D5} - System32\Tasks\{A823971B-4EF4-4E32-A660-85CC701EF1CF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    ShortcutWithArgument: C:\Users\Krystian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://rigneda.ru/?utm_source=startlink03&utm_content=adbf052057e305ed7ecce74202676864&utm_term=86EFF967316E5424705A01B9F131EF7E&utm_d=20170107"
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: J - J:\setup.EXE /AUTORUN
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: {275d0edd-91ef-11e6-8057-d43d7e95d7cd} - K:\setup.EXE /AUTORUN
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1155550528-3889577375-2506347432-1000 -> {9E5B7623-8E1A-4E3D-A52B-401721B20D49} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku
    Handler: ftp - Brak wartości CLSID
    Handler: http - Brak wartości CLSID
    Handler: https - Brak wartości CLSID
    Handler: tmtbim - Brak wartości CLSID
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [Brak pliku]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [Brak pliku]
    CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
    S3 cpuz138; Brak ImagePath
    S3 NTIOLib_1_0_3; Brak ImagePath
    S3 WinRing0_1_2_0; Brak ImagePath
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #14 20 Lut 2018 15:26
    Kolobos
    Spec od komputerów

    Miales usunac Trend Micro, podalem do tego program, a w logach nadal go widze.
    To samo z Bitdefender Antivirus Free, nadal go widze w logach.

    Usun recznie plik C:\Users\Krystian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk

    Wykonaj Fixlist.txt:
    AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
    AV: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
    Task: {2FFF7371-661D-4FD8-8140-F988ED8E9E4F} - \Krystian -> Brak pliku <==== UWAGA
    Task: {3706590A-D356-4A70-A61C-405D306D6B3A} - System32\Tasks\Driver Booster SkipUAC (Krystian) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
    Task: {7FCDAFF2-8ED3-424C-84BE-3CBBCE70A5D6} - System32\Tasks\{4A27B1E5-9B9F-44BD-9771-834D1C7A7B5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Krystian\Downloads\FacebookGameroom.exe -d C:\Users\Krystian\Downloads
    Task: {90C932DC-34CC-49B8-8825-E7BF0B1B7C1C} - System32\Tasks\{7CD30F33-4739-467B-9939-80C6704F7234} => C:\Windows\system32\pcalua.exe -a "D:\msdownld.tmp\gta san andreas.exe" -d D:\msdownld.tmp
    Task: {94C41D97-CAC7-4775-901C-F1806CC05391} - System32\Tasks\{8B9258D3-0E20-40A6-A6EB-871F0ECFEFD5} => C:\Windows\system32\pcalua.exe -a E:\CDSETUP.EXE -d E:\
    Task: {9C87970B-F6CE-452D-91EC-C7389AA4AA53} - System32\Tasks\Opera scheduled Autoupdate 1496581395 => C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {EB906E30-761A-4385-A587-0654B62DFC4C} - System32\Tasks\{E2CFF8DE-49B1-4667-BABE-31CEBECAB27C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Krystian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ML1C4Y2\Ball3D_Install.exe" -d C:\Users\Krystian\Desktop
    Task: {F217CF54-6A10-4262-9BBF-7561B27BC3D5} - System32\Tasks\{A823971B-4EF4-4E32-A660-85CC701EF1CF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    ShortcutWithArgument: C:\Users\Krystian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://rigneda.ru/?utm_source=startlink03&utm_content=adbf052057e305ed7ecce74202676864&utm_term=86EFF967316E5424705A01B9F131EF7E&utm_d=20170107"
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: J - J:\setup.EXE /AUTORUN
    HKU\S-1-5-21-1155550528-3889577375-2506347432-1000\...\MountPoints2: {275d0edd-91ef-11e6-8057-d43d7e95d7cd} - K:\setup.EXE /AUTORUN
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll [2013-08-20] (Trend Micro Inc.)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll [2013-08-20] (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll [2012-05-09] (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll [2012-05-09] (Trend Micro Inc.)
    Handler: tmtbim - Brak wartości CLSID
    FF user.js: detected! => C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\user.js [2018-02-20]
    FF NewTabOverride: Mozilla\Firefox\Profiles\lp7jenpz.default -> Enabled: "id":"{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7
    FF Extension: (Brak nazwy) - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\lp7jenpz.default\Extensions\turbointernet@turbointernet.com [2018-02-20] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF Extension: (Brak nazwy) - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2018-02-20] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: (Brak nazwy) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2018-02-20] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: (Brak nazwy) - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2018-02-20] [Brak podpisu cyfrowego]
    C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ligncphnohhjkgekjkghahajihclailj
    CHR Extension: (Пульс) - C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ligncphnohhjkgekjkghahajihclailj [2018-01-05]
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ligncphnohhjkgekjkghahajihclail
    CHR Extension: (Brak nazwy) - C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgoflmajhinnohnhkfeggflmmppiilck [2017-06-03]
    CHR Extension: (Пульс) - C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ligncphnohhjkgekjkghahajihclailj [2018-02-20]
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgoflmajhinnohnhkfeggflmmppiilck
    CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\imcaafepnnbkidkcdfjcoaialoakdjfl
    OPR Extension: (Scripter) - C:\Users\Krystian\AppData\Roaming\Opera Software\Opera Stable\Extensions\imcaafepnnbkidkcdfjcoaialoakdjfl [2018-02-20]
    S3 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [310952 2012-07-13] (Trend Micro Inc.)
    S3 cpuz138; Brak ImagePath
    S3 NTIOLib_1_0_3; Brak ImagePath
    S3 WinRing0_1_2_0; Brak ImagePath
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-02-20 09:49 - 2018-02-20 09:49 - 000000000 ____D C:\Users\Krystian\Downloads\FRST-OlderVersion
    2018-02-20 09:40 - 2017-04-27 14:24 - 000000000 ____D C:\AdwCleaner

    Po wykonaniu zamiesc Fixlog oraz nowe logi ze skanowania.
    Najlepiej wykonaj Fixlist w trybie awaryjnym.

    0
  • Pomocny post
    #17 20 Lut 2018 17:40
    Kolobos
    Spec od komputerów

    Nie pisz post pod postem, uzywaj ZMIEN. Nie wykonales tego co podalem tylko to co podal krzychupar.

    0
  • #18 20 Lut 2018 20:38
    krystian2005
    Poziom 5  

    kolobos ale ja to robie

    0
  • Pomocny post
    #19 20 Lut 2018 20:46
    Kolobos
    Spec od komputerów

    Cos tam robisz, ale tylko to co Ci sie podoba...

    Miales usunac: C:\Users\Krystian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk i jak widac plik nadal jest tam gdzie byl.

    Miales odinstalowac Bitdefender Antivirus Free i nadal jest aktywny.


    Nowy Fixlist.txt:
    FF NewTabOverride: Mozilla\Firefox\Profiles\lp7jenpz.default -> Enabled: "id":"{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7
    C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ligncphnohhjkgekjkghahajihclailj
    CHR Extension: (Пульс) - C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ligncphnohhjkgekjkghahajihclailj [2018-01-05]
    2018-02-20 15:53 - 2018-02-20 15:53 - 000000000 ____D C:\Users\Krystian\AppData\LocalLow\Trend Micro
    2018-02-20 15:53 - 2012-05-02 20:25 - 000232464 _____ (Trend Micro Inc.) C:\Windows\TmNSCIns.dll
    2018-02-20 09:49 - 2018-02-20 09:49 - 000000000 ____D C:\Users\Krystian\Downloads\FRST-OlderVersion

    Jezeli Пульс nadal bedzie w Chrome to zgraj zakladki i usun katalog profilu z C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #20 21 Lut 2018 16:28
    krystian2005
    Poziom 5  

    Dziękuje za pomoc, ale niestety musiałem formatować.

    0