SafeGroupBezpieczeństwoPomoc po zainfekowaniu v
Bardzo spowolniony Windows XP

Tryby wyświetlania wątku
Bardzo spowolniony Windows XP
nikita Offline
Ekipa forum
Liczba postów: 1 612
Liczba wątków: 74
Dołączył: 24.05.2011
Reputacja: 180
#1
07.06.2014, 11:59
Objawy zainfekowania:
System uruchamia się wybitnie długo, działa bardzo ociężale, explorer reaguje dopiero po kilku-kilkunastu sekundach.

Wykonywane działania:
Skanowanie systemu zainstalowanym oprogramowaniem avast! Free; skan + usunięcie wyników przez AdwCleaner; skan OTL. Niestety FRST zrobić nie zdążyłem i na chwilę obecną nie mam dostępu do rzekomo zainfekowanego komputera.

Logi:
Adw:

[Aby zobaczyć linki, zarejestruj się tutaj]

OTL:

[Aby zobaczyć linki, zarejestruj się tutaj]

Extras:

[Aby zobaczyć linki, zarejestruj się tutaj]

SpyShelter Firewall
Szukaj
Odpowiedz
tachion Offline
Ekipa forum
Liczba postów: 4 766
Liczba wątków: 33
Dołączył: 16.02.2011
Reputacja: 507
#2
08.06.2014, 13:18
Adwcleaner nie potrzebnie był wykonywany,pierwsze się odinstalowuje wszelki adware który jest.

OTL już nie jest rozwijany i zostaje jako forma drugoliniowa tylko do wglądu.
Tak więc wolałbym jakby były podane logi z FRST czyli FRST.txt Addition.txt i Shortcut.txt.
Szukaj
Odpowiedz
nikita Offline
Ekipa forum
Liczba postów: 1 612
Liczba wątków: 74
Dołączył: 24.05.2011
Reputacja: 180
#3
08.06.2014, 17:54
tachion napisał(a):Adwcleaner nie potrzebnie był wykonywany,pierwsze się odinstalowuje wszelki adware który jest.

OTL już nie jest rozwijany i zostaje jako forma drugoliniowa tylko do wglądu.
Tak więc wolałbym jakby były podane logi z FRST czyli FRST.txt Addition.txt i Shortcut.txt.
OK, do kilku dni postaram się wrzucić FRST.

Mam!
FRST:

[Aby zobaczyć linki, zarejestruj się tutaj]

Addition:

[Aby zobaczyć linki, zarejestruj się tutaj]

SpyShelter Firewall
Szukaj
Odpowiedz
tachion Offline
Ekipa forum
Liczba postów: 4 766
Liczba wątków: 33
Dołączył: 16.02.2011
Reputacja: 507
#4
25.06.2014, 21:51
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Run: [] => [X]
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\MountPoints2: {54f8a07e-2664-11dc-a64b-0018f3ff154e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
HKU\S-1-5-21-388632619-808285749-524698834-1009\...\MountPoints2: {bc8046ed-9a5d-11e3-88fb-000000000010} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U4 RemoteRegistry;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S4 viagfx; system32\DRIVERS\vtmini.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
S3 xusxwmzb; No ImagePath
S3 ZDCndis5; \??\C:\WINDOWS\system32\ZDCndis5.SYS [X]
S3 ZDPNDIS5; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS [X]
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\APNStub.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\BlackBerryDeviceManager.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\BlackBerryLauncher.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\DesktopInstaller.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmzmhk.dll
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\FreemakeAudioConverter_1.1.0.40.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\ggdrive-menu.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\ggdrive-overlay.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\installChecker.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\installstats.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\lowproc.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\NEventMessages.dll
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\Nokia_PC_Suite_pol.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\NOSEventMessages.dll
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\Quarantine.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\_Untitled.exe
C:\Documents and Settings\Bogdan\Ustawienia lokalne\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\Documents and Settings\W\Ustawienia lokalne\Temp\hpzmsi01.exe
C:\Documents and Settings\W\Ustawienia lokalne\Temp\hpzscr01.exe
C:\Documents and Settings\W\Ustawienia lokalne\Temp\NEventMessages.dll
C:\Documents and Settings\W\Ustawienia lokalne\Temp\WinampPluginSetup_2.1.0.9.exe
C:\Documents and Settings\W\Ustawienia lokalne\Temp\_is1F6.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-388632619-808285749-524698834-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-388632619-808285749-524698834-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-388632619-808285749-524698834-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-388632619-808285749-524698834-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-388632619-808285749-524698834-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-388632619-808285749-524698834-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-388632619-808285749-524698834-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-388632619-808285749-524698834-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-388632619-808285749-524698834-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-388632619-808285749-524698834-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-388632619-808285749-524698834-1009\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-388632619-808285749-524698834-1009\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\FLV Player" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\DTemp" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\WRSA" /f

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Odinstaluj:
FoxTab FLV Player

Ściągnij

[Aby zobaczyć linki, zarejestruj się tutaj]

i kliknij Start.

Wklej na stronę raport z SecurityCheck

[Aby zobaczyć linki, zarejestruj się tutaj]

Uruchom kliknij w dowolny klawisz,poczekaj aż program zakończy działanie.

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

uruchom kliknij w Change paramters,zaznacz wszystko klik ok i następnie Start Scan
Po wszystkim przedstaw raport po skanowaniu,ale nie przenoś niczego do kwarantanny i nie usuwaj.
Szukaj
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości