Usunięcie gosave z przeglądarki chrome

Dla specjalistów Bezpieczeństwo
#1

Addition http://www.wklej.org/id/1528356/

FRSt http://www.wklej.org/id/1528366/

#2

Otwórz Notatnik i wklej:

ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
CHR Extension: (GoSave) - C:\ProgramData\dcggoocanmhhfgfciflfmbmbomgacmll\ [2014-11-06]
CHR Extension: (No Name) - C:\Users\gwizdek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-11-17]
CHR Extension: (No Name) - C:\Users\gwizdek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-11-17]
CHR Extension: (No Name) - C:\Users\gwizdek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-17]
CHR Extension: (No Name) - C:\Users\gwizdek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-11-17]
CHR Extension: (No Name) - C:\Users\gwizdek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc [2014-11-17]
S3 AsrSetupDrv; \\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-11-18 09:25 - 2014-11-18 09:31 - 00000000 ____ D () C:\Qoobox
2014-11-18 09:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-18 09:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-18 09:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-18 09:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-18 09:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-18 09:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-18 09:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-18 09:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.