Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wirus zamyka przeglądarkę i programy typu Malwarebytes + wyświetla reklamy

leszek234 28 Sie 2018 04:47 219 4
  • Pomocny post
    #2 28 Sie 2018 06:18
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Brak pliku
    Task: {0C3A21DA-0759-4A34-A508-019E62BCC0BE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {128F4A68-AAA4-4DD8-A1C8-21FC2E20C1B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {26639DBB-25B6-4602-A643-6CA34AE7C03A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {3186628B-AE67-4045-9AE6-C0C8571B53FF} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {3B7167E1-ED84-4B01-AD23-E408DE0A066F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {42AB895C-C54E-443F-BFC9-89B1A454EFE7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {44371AD0-FFAF-4D5C-8C88-B2C7C0D3B4DB} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {464DD813-E6C9-4204-8CC7-2A100FF23323} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {59419798-D86B-4A49-9315-C7127578DA3E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {63ABB0FB-B35E-47BF-8ABC-2B093BA92D54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {78FA4DB9-4D86-474F-A8B9-332FC31FD0D7} - \Microsoft\Windows\Setup\EOONotify -> Brak pliku <==== UWAGA
    Task: {8D5DAAB9-2D2C-41E0-B47C-B6C2105F1E50} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {91058913-4894-464D-8B06-9DA27D82DB7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA
    Task: {94B412CA-A279-4794-8929-881B8BA52F36} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {94B8C86D-C235-4403-8619-84607DD5739A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {ADC240C9-994D-42E4-9607-E2D983F29C66} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA
    Task: {E1A353B4-CC15-4926-9F74-BD5127CD5516} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA




    Task: {E631B674-E43A-4983-8C86-74CC9591BC38} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    FirewallRules: [{1F35F118-DA16-4C4C-9E4C-75BE70122EBF}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{11AB0692-D3A9-4F98-BC62-8B4BF5C2B410}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{52CEC5D1-14BA-41B3-A4CC-A0730593FD7C}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{83BB022B-D82D-4E22-964A-7DAE8598C28E}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{707C9618-11B2-490E-94F3-21D527C423A3}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8DC1B7AB-8490-4181-9D2D-6FBA87B17181}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8F64007A-B8C2-471A-BD3A-D9F557998803}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1B7D1A7D-EF99-4589-9018-DF33E52ADD59}] => (Allow) C:\Users\Leszek\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{47DC63B0-44DB-4E48-816B-65686BF9C862}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{087555E2-067A-4682-BFE7-EF06D83CA43A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{5DD2E223-9967-4CB3-8681-4AB82943EB80}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{085C54BD-FDDC-44F2-8884-689083DCAEE5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D81743B7-249F-4E89-9DBA-AB9501B3004F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C7AAB270-E78B-4667-9661-E7741078DAB4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{BFA23694-5362-4A4A-BC57-BCDFD2A437E0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E77717C1-8561-4FEA-BE43-3D8AC6512946}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7F19F9BE-7305-4FF4-8D0C-8C0ED4A0554D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{29518978-BE82-449B-87F2-A5788ECE3906}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C4688F6F-00EC-408B-928B-6DA2E8A4C56A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C6A61EF8-92C1-4805-9D44-4FC0A05951B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{396CEBCF-E67E-4A36-95F2-1AD48B106CEF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    HKU\S-1-5-21-79382842-1986707580-2895184986-1000\...\MountPoints2: {0bf01a64-87bf-11e8-9f10-305a3ae083b8} - "I:\autorun.exe"
    HKU\S-1-5-21-79382842-1986707580-2895184986-1000\...\MountPoints2: {0bf01c39-87bf-11e8-9f10-305a3ae083b8} - "I:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-79382842-1986707580-2895184986-1000\...\MountPoints2: {0bf01d1e-87bf-11e8-9f10-305a3ae083b8} - "I:\autorun.exe"
    GroupPolicy: Ograniczenia ? <==== UWAGA
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.4\bin\ssv.dll => Brak pliku
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    U3 idsvc; Brak ImagePath
    2018-08-27 20:14 - 2018-08-28 04:27 - 000000000 ____D C:\WINDOWS\{2E03268B-4782-44EF-B29B-44B65D240959}
    2018-08-27 17:17 - 2018-08-27 17:17 - 000003900 _____ C:\WINDOWS\System32\Tasks\{C80014CC-2C49-BC96-4E2D-AFDD6021AF81}
    2018-08-27 17:17 - 2018-08-27 17:17 - 000003796 _____ C:\WINDOWS\System32\Tasks\{280D522D-26B0-A413-E6BC-658D14BEE555}
    2018-08-27 17:17 - 2018-08-27 17:17 - 000003562 _____ C:\WINDOWS\System32\Tasks\{81973C17-A653-AFA2-1A65-F36B243A2608}
    2018-08-15 20:11 - 2018-08-15 20:11 - 000000000 ____D C:\ProgramData\WEBZEN
    2018-04-12 00:34 - 2018-04-12 00:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Leszek\YriEICge.exe
    2018-04-12 00:34 - 2018-04-12 00:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\AuyYF.exe
    2017-04-23 18:47 - 2017-04-23 18:47 - 000003584 _____ () C:\Users\Leszek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-08-27 17:17 - 2018-08-27 17:17 - 000000002 _____ () C:\Users\Leszek\AppData\Local\imw.ini
    2017-09-18 05:18 - 2017-09-18 05:18 - 000000001 _____ () C:\Users\Leszek\AppData\Local\llftool.4.40.agreement
    2016-02-22 19:31 - 2018-07-01 05:28 - 000007599 _____ () C:\Users\Leszek\AppData\Local\Resmon.ResmonCfg
    2016-02-19 17:57 - 2016-02-19 17:57 - 000000000 _____ () C:\Users\Leszek\AppData\Local\{83F65CF3-41DF-4E19-BC7C-B64F921FAC8A}
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • #3 28 Sie 2018 08:27
    leszek234
    Poziom 9  

    Wielkie dzięki, zrobiłem jak napisałeś i pomogło.

    0
  • Pomocny post
    #4 28 Sie 2018 10:55
    krzychupar
    Poziom 40  

    Usuń C:\FRST i zamknij temat.

    0
  • #5 28 Sie 2018 11:03
    leszek234
    Poziom 9  

    Zamykam i jeszcze raz dziękuję.

    0