Wyłączający się CMD

[Gilu]

Witam, po włączeniu CMD (nawet na uprawnieniach administratora) okno wyskakuje na chwilę, po czym zaraz znika. Proszę bardzo o pomoc.FRST.txtAddition.txt

[jessica]

Jest szkodliwy SOUNDMIXER!

 

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

 

2) Odinstaluj program

ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== UWAGA

 

3) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

RemoveDirectory: C:\Users\Gilso\AppData\Roaming\Microsoft\SoundMixer
HKU\S-1-5-21-3781072641-3015877658-920937925-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-3781072641-3015877658-920937925-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Gilso\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Gilso\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\ProxyGate
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKU\S-1-5-21-3781072641-3015877658-920937925-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Gilso\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3781072641-3015877658-920937925-1001\...\Policies\Explorer: []
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== UWAGA
S3 WsDrvInst; G:\Gry\New TunesGo\DriverInstall.exe [X]
FirewallRules: [UDP Query User{D5AA1DB3-810A-45BA-8E94-8290FD354FA9}G:\gry\monopoly plus\monopoly.exe] => (Block) G:\gry\monopoly plus\monopoly.exe Brak pliku
FirewallRules: [TCP Query User{387DD5E1-50D7-4DFA-B416-1371CA1A58AB}G:\gry\monopoly plus\monopoly.exe] => (Block) G:\gry\monopoly plus\monopoly.exe Brak pliku
FirewallRules: [UDP Query User{3C2AE5C5-4AAC-4D83-9763-EA96C839D2F3}C:\users\gilso\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\gilso\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{6896321C-408A-4292-944B-6E7A01FAC484}C:\users\gilso\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\gilso\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{15EE63D2-F73B-4CB0-BFC2-951E8E3B3F7E}C:\users\gilso\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gilso\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{D06CF1F1-23A1-4A59-AF97-212332ACB412}C:\users\gilso\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gilso\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S.
W FRST kliknij na Fix (NAPRAW).

 

4) Zrób nowe logi FRST.

 

jessi