bojkotowy Opublikowano 31 Października 2019 Zgłoś Udostępnij Opublikowano 31 Października 2019 Proszę o pomoc w wygenerowaniu kodu do FIXLIST. Addition Shortcut FRST z góry dziękuje. Odnośnik do komentarza
jessica Opublikowano 1 Listopada 2019 Zgłoś Udostępnij Opublikowano 1 Listopada 2019 Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y. Otworzy się Notatnik - wklej do niego: Spoiler RemoveDirectory: C:\ProgramData\{D8561D35-5214-97F3-D4D2-09B14E90827F} Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe Brak pliku FirewallRules: [{2B547537-80C1-48B5-A33C-D41D995AA947}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku FirewallRules: [{C28D9D9D-EF60-4B4C-8706-80969038B96C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku FirewallRules: [UDP Query User{6A92A5E2-4514-4827-BBF6-8BB6E4D5F98F}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe Brak pliku FirewallRules: [TCP Query User{BEA2D062-051A-41B1-A381-8112DF873676}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe Brak pliku FirewallRules: [{2E11307C-2B1A-478B-91E4-AE1123510423}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe Brak pliku FirewallRules: [{B02DAF43-D6F9-47C2-B1E9-AEBAEE366196}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe Brak pliku FirewallRules: [UDP Query User{8B80FD7A-FBF5-4158-BC9B-BF75374DCC26}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe Brak pliku FirewallRules: [TCP Query User{218555DF-A9CF-4F63-9391-4761DAD6D9DE}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe Brak pliku FirewallRules: [UDP Query User{45702027-A87A-491F-AE89-90510E93FDEF}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe Brak pliku FirewallRules: [TCP Query User{9D21DC37-07ED-4DAC-AAD8-2387FD7E4D96}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe Brak pliku ContextMenuHandlers1_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku ContextMenuHandlers4_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku ContextMenuHandlers5_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA GroupPolicy: Ograniczenia ? <==== UWAGA FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Task: {258E1D4A-8C34-49AF-A572-D6E55BE70F8D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {C21AAD1B-C564-4BB4-9210-50FF7CDFCA53} - System32\Tasks\Yahoo! Powered nesil => C:\Windows\system32\wscript.exe "C:\ProgramData\{D8561D35-5214-97F3-D4D2-09B14E90827F}\tema.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b44383536314433352d353231342d393746332d443444322d3039423134453930383237467d5c66616469666f" "433a5c50726f6772616d446174615c7b44383536314433352d353231342d393746332d443444 (dane wartości zawierają 78 znaków więcej). <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Znasz te programy: Spoiler 2016-11-16 15:36 - 2018-12-30 10:27 - 000328720 _____ (BugSplat, LLC) C:\Program Files (x86)\BsSndRpt.exe 2016-11-16 15:36 - 2018-12-30 10:27 - 000307216 _____ (BugSplat) C:\Program Files (x86)\BugSplat.dll 2016-11-16 15:36 - 2018-12-30 10:27 - 000198272 _____ (BugSplat, LLC) C:\Program Files (x86)\BugSplatRc.dll 2016-11-16 15:36 - 2018-12-30 10:27 - 000249600 _____ (Microsoft Corporation) C:\Program Files (x86)\concrt140.dll 2016-11-16 15:36 - 2018-12-30 10:27 - 005055104 _____ () C:\Program Files (x86)\LeagueClient.exe 2017-07-16 17:16 - 2018-12-30 10:27 - 002551424 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libcrypto-1_1.dll 2017-07-16 17:16 - 2018-12-30 10:27 - 000333952 _____ (The curl library, https://curl.haxx.se/) C:\Program Files (x86)\libcurl.dll 2017-07-16 17:16 - 2018-12-30 10:27 - 000129152 _____ (https://nghttp2.org/) C:\Program Files (x86)\libnghttp2.dll 2017-07-16 17:16 - 2018-12-30 10:27 - 000536192 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libssl-1_1.dll 2017-10-27 10:10 - 2018-12-30 10:27 - 000372864 _____ (Yann Collet, Facebook, Inc.) C:\Program Files (x86)\libzstd.dll 2016-11-16 15:36 - 2018-12-30 10:27 - 000449280 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp140.dll 2016-11-16 15:36 - 2018-12-30 10:34 - 000038754 _____ () C:\Program Files (x86)\system.yaml 2016-11-16 15:36 - 2018-12-30 10:34 - 001193800 _____ (Microsoft Corporation) C:\Program Files (x86)\ucrtbase.dll 2016-11-16 15:36 - 2018-12-30 10:34 - 000080128 _____ (Microsoft Corporation) C:\Program Files (x86)\vcruntime140.dll 2017-07-16 17:16 - 2018-12-30 10:34 - 000128640 _____ () C:\Program Files (x86)\yaml.dll 2017-07-16 17:16 - 2018-12-30 10:34 - 000113792 _____ () C:\Program Files (x86)\zlib.dll Nie ma ich na liście Twoich programów. jessi Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się