Frap utworzono 19 sierpnia utworzono 19 sierpnia (edytowane) Witam, wczoraj przegladając autostart w menedżerze zadań napotkałem na 2 pliki, które są mi nieznane. Przesyłam tutaj scan z FRSTFRST SCAN.txtAddition.txt
Bromidum komentarz 20 sierpnia komentarz 20 sierpnia (edytowane) Google wskazuje, że są to pliki tworzone przez grę Once human. https://www.google.com/search?q=AF_uuid_2139460 1) Odinstaluj: - µTorrent (zamień na qBittorent) - Infatica P2B Network (adware) 2) Uruchom FRST/FRST64.exe, wciśnij kombinację klawiszy ctrl + y. Otworzy się notatnik, do którego wklej zawartość skryptu. Zamknij i zapisz. W FRST kliknij „napraw” → CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [AF_uuid_2139460] => 8c305d81-2ae9-44f9-ae21-8fa9c28dde43 (Brak pliku) HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [AF_counter_2139460] => 1 (Brak pliku) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [MicrosoftEdgeAutoLaunch_8D09302FCF8E383B5E153FCD0175557F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3814952 2024-08-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (Brak pliku) HKU\S-1-5-21-589323234-2505209021-2406813636-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Kacper\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) Task: {D779E654-BB29-4296-9999-ABA976682103} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (Brak pliku) Task: {96F5839E-301F-472B-B211-AF934379BCE1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-12-13] () [Brak podpisu cyfrowego] Task: {DA52BDBD-9666-4D36-A332-63812100784A} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica_agent.exe [3708512 2023-10-30] (Infatica Pte. Ltd. -> ) Task: {1F5FFC60-D518-4C28-ADCB-EC6A9B0B2BBF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (dane wartości zawierają 6 znaków więcej). Task: {A147CE99-B29B-4DE0-9188-FBD488C524A4} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-589323234-2505209021-2406813636-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (dane wartości zawierają 6 znaków więcej). Task: {34C7366A-D779-4D12-BBB0-1509B39BE620} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-03] (Mozilla Corporation -> Mozilla Foundation) Task: {304BB2FE-E393-42D7-A67D-0255EB580649} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1723912360 => C:\Users\Kacper\AppData\Local\Programs\Opera GX\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Kacper\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {286EA6CF-16A1-43BF-8F08-297CA94D2FCE} - System32\Tasks\Opera GX scheduled Autoupdate 1720861622 => C:\Users\Kacper\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [5779360 2024-08-07] (Opera Norway AS -> Opera Software) CustomCLSID: HKU\S-1-5-21-589323234-2505209021-2406813636-1001_Classes\CLSID\{f9517764-05a4-a748-620a-95087d06a241}\localserver32 -> "C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe" -ToastActivated => Brak pliku Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b742a615-ec36-4c29-8423-efdad811692b}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b742a615-ec36-4c29-8423-efdad811692b}: [DhcpDomain] home S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== UWAGA S3 NEProtect; \??\G:\SteamLibrary\steamapps\common\Once Human\NEProtect.sys [X] S3 TavernWorker_1_1; "C:\Program Files\IRONMACE\Tavern\Steam\TavernApp_1_1\TavernWorker.exe" [X] C:\Program Files (x86)\Infatica P2B C:\Program Files\Cloudflare\Cloudflare WARP AlternateDataStreams: C:\ProgramData:c77b76c9 [1358] AlternateDataStreams: C:\ProgramData:NT [40] AlternateDataStreams: C:\ProgramData:NT2 [918] AlternateDataStreams: C:\Windows\tracing:? [16] AlternateDataStreams: C:\Users\All Users:c77b76c9 [1358] AlternateDataStreams: C:\Users\All Users:NT [40] AlternateDataStreams: C:\Users\All Users:NT2 [918] AlternateDataStreams: C:\ProgramData\Dane aplikacji:c77b76c9 [1358] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40] AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [918] AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [3442] AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:c77b76c9 [1358] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [918] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk:0B59401BDF [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — tryb prywatny.lnk:62BDDE73C6 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype dla firm.lnk:475F79A635 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442] AlternateDataStreams: C:\Users\Kacper\Dane aplikacji:c77b76c9 [1358] AlternateDataStreams: C:\Users\Kacper\Dane aplikacji:NT [40] AlternateDataStreams: C:\Users\Kacper\Dane aplikacji:NT2 [918] AlternateDataStreams: C:\Users\Kacper\AppData\Roaming:c77b76c9 [1358] AlternateDataStreams: C:\Users\Kacper\AppData\Roaming:NT [40] AlternateDataStreams: C:\Users\Kacper\AppData\Roaming:NT2 [918] AlternateDataStreams: C:\Users\Kacper\AppData\Local\Microsoft:ISBD [32] AlternateDataStreams: C:\Users\Kacper\Documents\GTA San Andreas User Files:c77b76c9 [1358] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6752] CMD: netsh advfirewall reset CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: sfc /scannow EmptyEventLogs: EmptyTemp: Plik naprawczy przeznaczony jest tylko dla autora wątku! Po wykonaniu skryptu i ponownym uruchomieniu załącz utworzony fixlog.txt
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.