Powolny zawirusowany komputer
#1
Witam,

Wziąłem się za czyszczenie oraz optymalizację laptopa. Usunąłem wirusy przy pomocy programu comodo antivirus, hitman pro oraz pousuwałem zbędnę programy, aktualizuję system. Laptop odżył ale proszę o sprawdzenie czy coś nie zostało.

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]


Dziękuję
Odpowiedz
#2
Uruchom FRST. Z klawiatury CTRL+Y, zostanie otworzony plik fixlist.txt. Wklej do pliku następującą treść:

Kod:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2790174301-607848586-617294257-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=138
SearchScopes: HKU\S-1-5-21-2790174301-607848586-617294257-1000 -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKU\S-1-5-21-2790174301-607848586-617294257-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
HKLM-x32\...\Run: [WidgetPodatnikInfo] => C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe [266160 2018-02-17] (Podatnik.info Sp. z o.o.)
HKLM-x32\...\RunOnce: [ppro_pproupdexe] => cmd.exe /c MOVE /Y "C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe.new" "C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe"
HKLM-x32\...\RunOnce: [ppro_infoPITpro2015Widgetexeold] => cmd.exe /c DEL /Q /F "C:\Program Files (x86)\Podatnik.info\PIT pro 2015\widget.exe.old"
FF Extension: (DAEMON Tools Toolbar) - C:\Users\Lech\AppData\Roaming\Mozilla\Firefox\Profiles\hqb8yrnt.default\Extensions\[email protected] [2013-11-20] [Legacy] [not signed]
FF Extension: (Iplex to ALLPlayer) - C:\Users\Lech\AppData\Roaming\Mozilla\Firefox\Profiles\hqb8yrnt.default\Extensions\[email protected] [2013-12-27] [Legacy] [not signed]
FF Extension: (ALLYouTubeDownloader) - C:\Users\Lech\AppData\Roaming\Mozilla\Firefox\Profiles\hqb8yrnt.default\Extensions\[email protected] [2016-10-09] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{190bc294-c8e5-471c-9466-3eb945b09542}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542}
FF Extension: (Click Caption) - C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542} [2017-03-12] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-11-16]
U3 a2vg6t58; C:\Windows\System32\Drivers\a2vg6t58.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 a99526rz; C:\Windows\System32\Drivers\a99526rz.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\AVAST Software
C:\Users\Lech\AppData\Roaming\DAEMON Tools Lite
C:\Program Files (x86)\Opera
C:\Program Files (x86)\ALLPlayer
C:\Program Files (x86)\Winamp
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-03-25] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2010-03-25] (Alcohol Soft Development Team)
Task: {247E2298-81FC-44ED-A5E5-8811C15D3BE4} - \User_Feed_Synchronization-{ZCC5A618-1091-40B2-8B2A-6A415D6CA026} -> No File <==== ATTENTION
Task: {25EFB336-81A0-4E69-9071-06F19FCA7A3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {341EC5D5-1A97-47DD-8134-0CAD3B75230A} - System32\Tasks\{DF59C979-EC07-47E0-815B-EFD42B6F8341} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30] (DT Soft Ltd)
Task: {4E13FAC8-2F6B-4C7F-9394-5B6D9367F19D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {BF1FC019-2CFC-4458-A030-110E753ABFA4} - \User_Feed_Synchronization-{SFE3D86C-905F-4D57-BA98-8D7347777DC2} -> No File <==== ATTENTION
Task: {D7F2CFE4-5221-4856-AC78-28F272CDF900} - System32\Tasks\e-pity2015a_styczen => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe
Task: {E0ED57BB-5C2F-4DB3-B160-94D2ACA01AB6} - System32\Tasks\{F21F50E3-FCC4-4C20-91C8-EE7EEED43275} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30] (DT Soft Ltd)
Task: {E4304D61-86EE-4DDC-8D2F-7342C8CC25D1} - System32\Tasks\e-pity2015a_kwiecien => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe
Task: {95B268ED-C528-4C37-B318-F43E92162956} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe
Task: {9CCE2365-0F50-47EF-B578-FBD4BFF9F34B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3CFFBE0-3E90-4292-9E28-556292C8183A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {A84C5B11-586F-48BF-9EA6-0E6887AE1430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: WidgetPodatnikInfo => "C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\C V.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\CV Lech Michal Kolodziejski.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\CV-sprzedawca.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\CVTD23E.tmp.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\imprezy soprtowo rekreacyjne 11.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\imprezy soprtowo rekreacyjne.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\Lech_Kolodziejski_CV nowe1.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\Lech_Kolodziejski_CV nowe2.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\Magda Monika Madej.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\Olga Madej CV.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\Olga Madej_LIST.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\OLGA_MADEJ_CV.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\STORE'N'GO (I).LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Office\Niedawny\zal_nr_4_-_Wzor_legitymacji_policjanta.LNK
C:\Users\Lech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ipla.lnk
RemoveDirectory: C:\AdwCleaner
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: netsh advfirewall reset
EnptyTemp:

Z klawiatury CTRL+S, by zapisać zmiany. Następnie w oknie FRST klik w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt przedstaw go.

Jesli nie potrzebne to odinstaluj:
HP Update
Microsoft Silverlight stara wersja, obecna 5.1.50907
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości