Nieznane pliki systemowe, prośba o sprawdzenie logów


(Konradsala98) #1

Witam


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3993103293-211103488-1508663823-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3993103293-211103488-1508663823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 Avira.OE.ServiceHost; "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe" [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2015-06-25 09:27 - 2015-01-30 16:27 - 00000000 ____ D C:\ProgramData\TEMP
2015-03-20 14:12 - 2015-03-20 14:12 - 0000038 ___SH () C:\Users\Konrad$\AppData\Local\69ff07055291669bb2b218.72821112
2015-01-01 11:59 - 2015-01-01 12:04 - 0000000 _____ () C:\Users\Konrad$\AppData\Local\{7D4C8CBD-FB88-4BF6-A5F5-9718C74A5971}
CustomCLSID: HKU\S-1-5-21-3993103293-211103488-1508663823-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Konrad$\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
HKU\S-1-5-21-3993103293-211103488-1508663823-1001\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-3993103293-211103488-1508663823-1001\Software\Classes\exefile: <===== ATTENTION!
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Konradsala98) #3

Tam w fixolgu jest mniej rzeczy, bo wcześniej usunąłem sam.

 

FRST

http://wklej.org/hash/e770369d663/

 

Fixlog

http://wklej.org/hash/adb0ad13127/

 

 

Jak zobaczysz w logach znów jest coś w chromie, niewiem co to jest.


(Atis) #4

Nie widać nic szkodliwego.

Skasuj folder C:\FRST

Dysk przeskanuj ESET Online Scanner


(Konradsala98) #5

To temat do zamknięcia