Po co Ci tyle profili w Chrome?
Odinstaluj:
NoVirusThanks Win Update Fixer v1.0 (HKLM\...\NoVirusThanks Win Update Fixer_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)
System Ninja version 4.0 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 4.0 - SingularLabs)
Przejdz do C:\Windows\H548DJ6H\ uruchom plik exe z losowa nazwa i odblokuj Windows Update, dopiero jak to zrobisz to wykonaj reszte!
Wykonaj Fixlist.txt:
CloseProcesses:
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
(services.exe ->) (Greatis Software LLC -> Greatis Software, LLC) C:\Windows\H548DJ6H\SU10Guard.exe
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-2498975880-2355327624-940747532-1001\...\Run: [MicrosoftEdgeAutoLaunch_F29E9BA9745BC2EEFC6CBC94D3CA8B68] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2498975880-2355327624-940747532-1001\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
C:\Windows\SysWOW64\2995\50415.exe
Task: {47B6CB8A-22AD-4061-88C0-CB6EEDAEDD44} - System32\Tasks\21271361373 => C:\Windows\SysWOW64\2995\50415.exe 578a4f48644e33c90afad8265588327c (Access Denied) <==== ATTENTION
C:\Windows\SysWOW64\2995\
CHR StartupUrls: Profile 25 -> "hxxp://www.google.pl/","hxxp://www.dregol.com/?f=7&a=drg_ir_15_22&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0EyByDzytBtAtA0DyCtBtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0B0A0ByC0EzztGtA0B0AzztGzzyDtBtAtGyDtAyDtAtGtAtAyD0CtD0EtDzztAyC0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtByByByE0C0DtCtGzy0E0AyCtGyEyC0BtAtG0A0EtCyCtGtCzztD0DzyzyyD0DzzyC0EtC2QtN0A0LzuyE&cr=2130558624&ir=","hxxps://www.google.com/?trackid=sp-006","hxxp://www.dregol.com/?f=7&a=drg_ir_15_24&cd=2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0EyByDzytBtAtA0DyCtBtN0D0Tzu0StCtByCtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtDtB0Fzy0EyByCtGyByE0DtCtG0AtD0DzytGtA0ByEyEtG0AyD0A0BtC0BtBtA0E0CyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtByByByE0C0DtCtGzy0E0AyCtGyEyC0BtAtG0A0EtCyCtGtCzztD0DzyzyyD0DzzyC0EtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=2096549567&ir=","hxxp://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_31¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0EyByDzytBtAtA0DyCtBtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0EyB0F0CzyzztGyEtD0AzytG0A0ByDtCtGtC0F0E0BtG0DyDyC0DyDyDtCyB0EtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtByByByE0C0DtCtGzy0E0AyCtGyEyC0BtAtG0A0EtCyCtGtCzztD0DzyzyyD0DzzyC0EtC2QtN0A0LzuyE%26cr%3D2048841662%26a%3Dwncy_ir_15_31%26os%3DWindows%2B8.1","hxxp://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_31¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0EyByDzytBtAtA0DyCtBtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDyD0AyDyEtDtByBtGtByBzy0FtGyCyB0E0EtGtB0ByD0CtGtB0ByDtByDtC0B0B0AyEzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtByByByE0C0DtCtGzy0E0AyCtGyEyC0BtAtG0A0EtCyCtGtCzztD0DzyzyyD0DzzyC0EtC2QtN0A0LzuyE%26cr%3D569893649%26a%3Dwncy_ir_15_31%26os%3DWindows%2B8.1","hxxp://en.hao123.com/?tn=sdkw_inner_pop1_01_hao123_us&fr=","hxxp://en.hao123.com/simple1?tn=sdkw_inner_simplehp_03_hao123_us&fr=","hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_kmpswt_16_07¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0AyD0A0ByC0EyByDzytBtAyDyD0EtDtN0D0Tzu0StCyDtCtCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyEyBtCyEyB0DtAtGtCtA0B0CtGzy0B0ByEtGtDzztB0FtG0D0ByCtAyDtCtB0E0Dzz0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0ByDyB0CyD0BtGyCtB0B0AtGyE0C0F0EtG0AtCyBzytGtAtD0FtDtC0CtDyByByEtD0A2QtN0A0LzuyE%26cr%3D1380246164%26a%3Dwncy_kmpswt_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-0f1567e7","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d90f0bc5"
R2 SU10Guard; C:\Windows\H548DJ6H\SU10Guard.exe [72776 2020-05-31] (Greatis Software LLC -> Greatis Software, LLC)
S3 McAWFwk; "C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe" [X]
2025-01-24 16:30 - 2025-01-24 16:30 - 001337944 _____ (NoVirusThanks Company Srl ) C:\Users\patty\Downloads\win_update_fixer_setup.exe
2025-01-24 16:30 - 2025-01-24 16:30 - 000001111 _____ C:\Users\patty\Desktop\Win Update Fixer.lnk
2025-01-24 16:30 - 2025-01-24 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2025-01-24 16:30 - 2025-01-24 16:30 - 000000000 ____D C:\Program Files\NoVirusThanks
2025-01-24 16:23 - 2025-01-24 16:23 - 002165120 _____ (Macecraft Software) C:\Users\patty\Downloads\UpdateFixer_Portable (1).exe
2025-01-24 15:47 - 2025-01-24 15:47 - 002165120 _____ (Macecraft Software) C:\Users\patty\Downloads\UpdateFixer_Portable.exe
2025-01-24 17:41 - 2022-11-09 20:42 - 000000000 ____D C:\Windows\H548DJ6H
2025-01-24 16:31 - 2023-02-18 17:09 - 000000258 __RSH C:\ProgramData\ntuser.pol
Do tego jeszcze jakies simsy zainstalowane do zlego katalogu, tez wywal:
2022-12-27 20:45 - 2000-01-05 20:39 - 000006784 _____ () C:\Program Files (x86)\Clcd16.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000027648 _____ () C:\Program Files (x86)\Clcd32.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000177152 _____ () C:\Program Files (x86)\Clokspl.exe
2022-12-27 20:45 - 2000-01-05 20:39 - 000172544 _____ () C:\Program Files (x86)\Dplayerx.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000031744 _____ () C:\Program Files (x86)\Drvmgt.dll
2022-12-27 20:45 - 1999-10-30 00:33 - 000835628 ____R () C:\Program Files (x86)\gimex.dll
2022-12-27 20:45 - 1999-02-09 10:46 - 000137728 ____R (Intel Corporation) C:\Program Files (x86)\ijl10.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000010848 _____ () C:\Program Files (x86)\Secdrv.sys
2022-12-27 20:45 - 2000-01-05 20:39 - 002166784 _____ (Maxis, a division of Electronic Arts) C:\Program Files (x86)\Sims.exe
2022-12-27 20:45 - 2000-01-05 20:39 - 002158637 _____ (Maxis, a division of Electronic Arts) C:\Program Files (x86)\Sims.icd
2022-12-27 20:45 - 2022-12-27 20:46 - 000680529 _____ () C:\Program Files (x86)\Uninst.isu
2022-12-27 20:45 - 2000-01-05 20:39 - 000006784 _____ C:\Program Files (x86)\Clcd16.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000027648 _____ C:\Program Files (x86)\Clcd32.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000177152 _____ C:\Program Files (x86)\Clokspl.exe
2022-12-27 20:45 - 2000-01-05 20:39 - 000172544 _____ C:\Program Files (x86)\Dplayerx.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 000031744 _____ C:\Program Files (x86)\Drvmgt.dll
2022-12-27 20:45 - 1999-10-30 00:33 - 000835628 ____R C:\Program Files (x86)\gimex.dll
2022-12-27 20:45 - 1999-02-09 10:46 - 000137728 ____R (Intel Corporation) C:\Program Files (x86)\ijl10.dll
2022-12-27 20:45 - 2000-01-05 20:39 - 002166784 _____ (Maxis, a division of Electronic Arts) C:\Program Files (x86)\Sims.exe
Po wy konaniu uzyj tez Adwcleaner oraz Mabm i usun to co wykryja.
zaraz ogarne i odpisze
