Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Brak możliwości uruchomienia Malwarebytes.

Kesio1503 01 Sie 2018 09:30 84 2
  • #1 01 Sie 2018 09:30
    Kesio1503
    Poziom 3  

    Witam. Moim problem jest to że gdy chcę uruchomić program Malwarebytes to pojawia się on tylko na chwile na pasku zadań i nic więcej. Podejrzewam że to może być wirus, bo od czasu do czasu pobierze się jakiegoś torrent'a grę czy film, więc zawsze jest jakieś ryzyko. Załączam skan z FRST

    0 2
  • #2 01 Sie 2018 09:58
    safbot1st
    Poziom 43  

    Wklej w notatanik:

    Code:
    CloseProcesses:
    
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2515972867-1874455749-57273613-1001\...\Run: [CCleaner Monitoring] => D:\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
    Hosts:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2515972867-1874455749-57273613-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    HKU\S-1-5-21-2515972867-1874455749-57273613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2515972867-1874455749-57273613-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2515972867-1874455749-57273613-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
    FF Plugin: @java.com/DTPlugin,version=11.181.2 -> D:\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [Brak pliku]
    FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> D:\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [Brak pliku]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [Brak pliku]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [Brak pliku]
    CHR HomePage: Default -> hxxp://0v8ls09_st500lt012-9ws142%26tm%3D1449428642/
    CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxps://www.youtube.com/?hl=pl&gl=PL","hxxps://www.google.com/","hxxps://www.google.com/"




    CHR NewTab: Default ->  Active:"chrome-extension://nlelcimpcijaiibpmnmmlpcjeaihleoa/start/index.html"
    S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
    S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
    S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
    S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]
    2018-07-31 10:49 - 2018-07-31 10:49 - 000003900 _____ C:\Windows\System32\Tasks\{57E66E76-C3DC-0C64-6163-0D8BEC432945}
    2018-07-31 10:49 - 2018-07-31 10:49 - 000003786 _____ C:\Windows\System32\Tasks\{91004D37-BF6D-D369-2CDE-1C10D00457F5}
    2018-07-31 10:49 - 2018-07-31 10:49 - 000003566 _____ C:\Windows\System32\Tasks\{3B47605A-06CB-C4CB-E0CA-03FBB195876B}
    2018-07-31 10:49 - 2018-07-31 10:49 - 000000002 _____ C:\Users\fresh\AppData\Local\imw.ini
    2018-07-22 20:56 - 2018-07-22 20:56 - 000000000 ____D C:\ProgramData\TEMP
    2018-07-22 19:54 - 2018-07-22 19:54 - 000000016 _____ C:\ProgramData\mntemp
    2018-07-13 19:47 - 2018-06-15 20:13 - 000000000 ___HD D:\msdownld.tmp
    2016-07-16 13:43 - 2016-07-16 13:43 - 000058368 ____N (Microsoft Corporation) C:\Users\fresh\aUJxDdevRDLty.exe
    2006-12-01 23:37 - 2006-12-01 23:37 - 000904704 _____ (Microsoft Corporation) D:\msdia80.dll
    2018-06-16 09:03 - 2018-06-16 09:03 - 000000000 _____ () D:\Recovery.txt
    2016-07-16 13:43 - 2016-07-16 13:43 - 000177152 ____N (Microsoft Corporation) C:\Users\fresh\AppData\Roaming\NuUXn.exe
    2016-07-16 13:43 - 2016-07-16 13:43 - 000058368 ____N (Microsoft Corporation) C:\Users\fresh\AppData\Local\dsYUpEIOL.exe
    2018-07-31 10:49 - 2018-07-31 10:49 - 000000002 _____ () C:\Users\fresh\AppData\Local\imw.ini
    safeboot: Minimal => Ustawiony trwały rozruch w Trybie awaryjnym <==== UWAGA
    CustomCLSID: HKU\S-1-5-21-2515972867-1874455749-57273613-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9660272FD48C}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
    Task: {79BAD95F-E91A-40BD-A35E-246C2461F1FB} - System32\Tasks\{57E66E76-C3DC-0C64-6163-0D8BEC432945} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://fs1news.ru/cl/?guid=cdtbovczve3ls576j3u3g7lssihc9wsb&prid=1&pid=4_1324_0
    FirewallRules: [{FC3995E0-6724-45CE-B493-9BB168E54300}] => (Allow) C:\Users\fresh\AppData\Local\dsYUpEIOL.exe
    FirewallRules: [{A59DB005-E41F-49E5-9D2E-429840B11B1D}] => (Allow) C:\Users\fresh\aUJxDdevRDLty.exe
    EmptyTemp:


    ,zapisz jako fixlist.txt obok FRST.exe i w FRST wybierz "Napraw".
    Po naprawie włącz usruchamianie w trybie nie-awaryjnym, usuń C:\FRST i to wszystko.

    0
  • #3 01 Sie 2018 10:19
    Kesio1503
    Poziom 3  

    Dzięki za pomoc

    0