Malware.Trace

Desann12 · 13 Czerwiec 2015 17:59

Acorus · 13 Czerwiec 2015 18:09

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File <==== ATTENTION
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater No Task File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - \Microsoft\Windows Defender\MpIdleTask No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
U4 AdobeFlashPlayerUpdateSvc; No ImagePath
U4 BDESVC; No ImagePath
U4 CscService; No ImagePath
U4 DPS; No ImagePath
U4 ehRecvr; No ImagePath
U4 ehSched; No ImagePath
U4 gupdate; No ImagePath
U4 gupdatem; No ImagePath
U4 idsvc; No ImagePath
U4 IEEtwCollectorService; No ImagePath
U4 JavaQuickStarterService; No ImagePath
U4 Mcx2Svc; No ImagePath
U4 MozillaMaintenance; No ImagePath
U4 nvUpdatusService; No ImagePath
U4 SCardSvr; No ImagePath
U4 SCPolicySvc; No ImagePath
U4 SDRSVC; No ImagePath
U4 SessionEnv; No ImagePath
U4 swprv; No ImagePath
U4 TabletInputService; No ImagePath
U4 TermService; No ImagePath
U4 UmRdpService; No ImagePath
U4 VSS; No ImagePath
U4 WatAdminSvc; No ImagePath
U4 WbioSrvc; No ImagePath
U4 WdiServiceHost; No ImagePath
U4 WdiSystemHost; No ImagePath
U4 wercplsupport; No ImagePath
U4 WPCSvc; No ImagePath
U4 wscsvc; No ImagePath
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Desann12 · 13 Czerwiec 2015 18:38

Zrobione.

Acorus · 14 Czerwiec 2015 08:27

Jak wszystko gra to skasuj folder C:\FRST.

Desann12 · 16 Czerwiec 2015 09:24

Nie da się folderu usunąć