Skocz do zawartości

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

RemoveDirectory: C:\ProgramData\{D8561D35-5214-97F3-D4D2-09B14E90827F}
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe Brak pliku
FirewallRules: [{2B547537-80C1-48B5-A33C-D41D995AA947}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{C28D9D9D-EF60-4B4C-8706-80969038B96C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [UDP Query User{6A92A5E2-4514-4827-BBF6-8BB6E4D5F98F}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe Brak pliku
FirewallRules: [TCP Query User{BEA2D062-051A-41B1-A381-8112DF873676}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe Brak pliku
FirewallRules: [{2E11307C-2B1A-478B-91E4-AE1123510423}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe Brak pliku
FirewallRules: [{B02DAF43-D6F9-47C2-B1E9-AEBAEE366196}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe Brak pliku
FirewallRules: [UDP Query User{8B80FD7A-FBF5-4158-BC9B-BF75374DCC26}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{218555DF-A9CF-4F63-9391-4761DAD6D9DE}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe Brak pliku
FirewallRules: [UDP Query User{45702027-A87A-491F-AE89-90510E93FDEF}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe Brak pliku
FirewallRules: [TCP Query User{9D21DC37-07ED-4DAC-AAD8-2387FD7E4D96}C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe Brak pliku
ContextMenuHandlers1_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku
ContextMenuHandlers4_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku
ContextMenuHandlers5_S-1-5-21-4159281621-2215491488-1283168613-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\asus\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
GroupPolicy: Ograniczenia ? <==== UWAGA
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {258E1D4A-8C34-49AF-A572-D6E55BE70F8D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {C21AAD1B-C564-4BB4-9210-50FF7CDFCA53} - System32\Tasks\Yahoo! Powered nesil => C:\Windows\system32\wscript.exe "C:\ProgramData\{D8561D35-5214-97F3-D4D2-09B14E90827F}\tema.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b44383536314433352d353231342d393746332d443444322d3039423134453930383237467d5c66616469666f" "433a5c50726f6772616d446174615c7b44383536314433352d353231342d393746332d443444 (dane wartości zawierają 78 znaków więcej). <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztAtB0EyEtC0B0Bzyzy0E0E0F0B0EtN0D0Tzu0StCzzyCzytN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0E0A0C0FyEtBtDtGtC0CtCyDtG0BtC0C0FtGyCyDzyyEtG0EtAtA0FyD0BtCyDyBtDtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyB0CtBtCtDyCzztGtC0FzzyEtGyEyCzy0DtG0B0AtAzytGtAtDyD0A0DtByByEtCtCzy0E2QtN0A0LzuyE%26cr%3D776266490%26a%3Dwbf_ir_17_06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S.
W FRST kliknij na Fix (NAPRAW).

 

Znasz te programy:

Spoiler

2016-11-16 15:36 - 2018-12-30 10:27 - 000328720 _____ (BugSplat, LLC) C:\Program Files (x86)\BsSndRpt.exe
2016-11-16 15:36 - 2018-12-30 10:27 - 000307216 _____ (BugSplat) C:\Program Files (x86)\BugSplat.dll
2016-11-16 15:36 - 2018-12-30 10:27 - 000198272 _____ (BugSplat, LLC) C:\Program Files (x86)\BugSplatRc.dll
2016-11-16 15:36 - 2018-12-30 10:27 - 000249600 _____ (Microsoft Corporation) C:\Program Files (x86)\concrt140.dll
2016-11-16 15:36 - 2018-12-30 10:27 - 005055104 _____ () C:\Program Files (x86)\LeagueClient.exe
2017-07-16 17:16 - 2018-12-30 10:27 - 002551424 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libcrypto-1_1.dll
2017-07-16 17:16 - 2018-12-30 10:27 - 000333952 _____ (The curl library, https://curl.haxx.se/) C:\Program Files (x86)\libcurl.dll
2017-07-16 17:16 - 2018-12-30 10:27 - 000129152 _____ (https://nghttp2.org/) C:\Program Files (x86)\libnghttp2.dll
2017-07-16 17:16 - 2018-12-30 10:27 - 000536192 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\libssl-1_1.dll
2017-10-27 10:10 - 2018-12-30 10:27 - 000372864 _____ (Yann Collet, Facebook, Inc.) C:\Program Files (x86)\libzstd.dll
2016-11-16 15:36 - 2018-12-30 10:27 - 000449280 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp140.dll
2016-11-16 15:36 - 2018-12-30 10:34 - 000038754 _____ () C:\Program Files (x86)\system.yaml
2016-11-16 15:36 - 2018-12-30 10:34 - 001193800 _____ (Microsoft Corporation) C:\Program Files (x86)\ucrtbase.dll
2016-11-16 15:36 - 2018-12-30 10:34 - 000080128 _____ (Microsoft Corporation) C:\Program Files (x86)\vcruntime140.dll
2017-07-16 17:16 - 2018-12-30 10:34 - 000128640 _____ () C:\Program Files (x86)\yaml.dll
2017-07-16 17:16 - 2018-12-30 10:34 - 000113792 _____ () C:\Program Files (x86)\zlib.dll

Nie ma ich na liście Twoich programów.

 

jessi

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...