Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
Task: {B0380297-32BD-47D3-BA04-F66974AFABD7} - System32\Tasks\YoutubeDownloader_upd => C:\Users\adran\AppData\Roaming\YoutubeDownloader_upd\python\pythonw.exe <==== UWAGA
Task: {B7D067A3-0066-4B8B-9356-E96BB73CC362} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
C:\Program Files (x86)\Microleaves\
Task: {C01767C8-23D0-4BA6-9E98-2CDD1F0B7E16} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-09-03] (Easeware)
Task: {E17A5052-4AD0-484B-A159-28459E025F05} - System32\Tasks\YoutubeDownloader => C:\Users\adran\AppData\Roaming\YoutubeDownloader\python\pythonw.exe <==== UWAGA
Task: Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
Hosts:
C:\Users\adran\AppData\Roaming\YoutubeDownloader\
() C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe
(CloudBees, Inc.) C:\Users\adran\AppData\Local\NtvHost\syssvc.exe
(Google Chrome) C:\Users\adran\AppData\Local\NtvHost\native.exe
C:\Users\adran\AppData\Local\NtvHost\
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
C:\Program Files (x86)\ProxyGate\
HKLM-x32\...\Run: [pdvserv] => D:\pdvserv\pdvserv.exe
HKU\S-1-5-21-53933394-1202882831-3124867869-1001\...\Run: [YoutubeDownloader_upd] => "C:\Users\adran\AppData\Roaming\YoutubeDownloader_upd\python\pythonw.exe" "start.pyc" ml3 <==== UWAGA
HKU\S-1-5-21-53933394-1202882831-3124867869-1001\...\Run: [YoutubeDownloader] => "C:\Users\adran\AppData\Roaming\YoutubeDownloader\python\pythonw.exe" "start.pyc" ml3 <==== UWAGA
HKU\S-1-5-21-53933394-1202882831-3124867869-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [273920 2018-04-12] (Microsoft Corporation) <==== UWAGA
HKU\S-1-5-21-53933394-1202882831-3124867869-1001\...\Command Processor:
@mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== UWAGA
R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
S2 P2PEnhance; C:\Program Files (x86)\P2PEnhance\P2PEnhance.exe [X]
2018-11-01 14:12 - 2018-09-07 20:07 - 000000000 ____D C:\Users\adran\AppData\Local\NtvHost
2018-09-07 20:11 - 2018-09-07 20:11 - 000000324 _____ () C:\ProgramData\fdfggf.exe
2018-09-07 20:22 - 2018-09-07 20:22 - 000000116 _____ () C:\ProgramData\ythdg.exe
2018-09-18 19:09 - 2018-09-18 19:09 - 000000000 _____ () C:\Users\adran\AppData\Roaming\FC29FA0894FE.ini
2018-09-07 20:09 - 2018-09-07 20:09 - 000140800 _____ () C:\Users\adran\AppData\Local\installer.dat
Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun:
http://www.bleepingcomputer.com/download/adwcleaner/ Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ oraz
http://ftp.drweb.com/pub/drweb/cureit/launch.exe
Po wszystkim usun katalog C:\FRST oraz C:\Adwcleaner i to wszystko.
