C:\Program Files (x86)\Shutness\Application\chrome.exe
Masz Trojana, który udaje, że jest Google Chrome.
1) Odinstaluj
Ball Form (HKU\S-1-5-21-290575239-1943465458-3441839995-1000\...\{E8470B66-97C1-8A83-045C-236130DF56D7}) (Version: 1.5.2 - Comp Cooking corp) <==== ATTENTION
2)
Shortcut: C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.)
ShortcutWithArgument: C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
Te skróty dam do usuwania, bo przekierowują na fałszywe Chrome.
Potem zrobisz sobie nowe skróty w tych samych lokalizacjach.
3) Otwórz Notatnik i wklej w nim:
HKU\S-1-5-21-290575239-1943465458-3441839995-1000\...\ChromeHTML: -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.) <==== ATTENTION
ShortcutWithArgument: C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
C:\Users\ULA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs
FirewallRules: [{8696D599-11F4-4A6C-BA99-997307D657B6}] => C:\Program Files (x86)\Shutness\Application\chrome.exe
2017-01-18 20:01 - 2017-01-18 20:53 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-01-18 20:01 - 2017-01-18 20:01 - 00000000 ____D C:\Program Files (x86)\reports
2017-01-18 20:01 - 2017-01-18 20:01 - 00000000 _____ C:\Program Files (x86)\metadata
2017-01-18 20:00 - 2017-01-18 20:00 - 00000000 ____D C:\Users\ULA\AppData\Local\Shutness
2017-01-18 19:59 - 2017-01-18 19:59 - 00000000 ____D C:\Program Files (x86)\Shutness
2017-01-10 23:17 - 2017-01-10 23:17 - 00000000 _____ C:\temp.dat
2017-01-18 20:01 - 2016-09-20 20:33 - 00000019 _____ C:\Users\Public\Documents\temp.dat
EmptyTemp:
Plik zapisz pod nazwą
fixlist.txt i umieść obok FRST.exe
Uruchom
FRST i kliknij przycisk
Fix (NAPRAW).
4) Zrób nowe logi FRST - już bez Shortcut.
.