CMD wyłącza sie po sekundzie

[Twój_Anioł_Stróż]

Daj logi z FRST

[CZAJA48]

Prosze.

 

Shortcut.txt FRST.txt Addition.txt

[Zayfi]

Czaja 48, czekaj cierpliwie na Anioła. Masz infekcję.

[Twój_Anioł_Stróż]

----------->>@CZAJA48

 

1) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

Cytuj

HKU\S-1-5-21-3731819311-3803592971-2477603935-1000\...\Winlogon: [Shell] %comspec% <==== ATTENTION

HKU\S-1-5-21-3731819311-3803592971-2477603935-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\CZAJA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\CZAJA\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
RemoveDirectory: C:\Users\CZAJA\AppData\Roaming\Microsoft\SoundMixer
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {023D0873-2AD1-4FD6-BF82-89859523A3BE} - System32\Tasks\{92900149-2091-4305-81FD-6C5FE7594FA1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe" -d "C:\Program Files (x86)\DAEMON Tools Lite"
Task: {158C1637-811D-4672-AD93-BBDF26B24467} - \windowupdate -> No File <==== ATTENTION
Task: {4E36FAD3-5007-4051-83E2-C50B892BE630} - System32\Tasks\{C8E3E5B6-3B5F-4648-B396-FBD3A7A7D61D} => C:\Windows\system32\pcalua.exe -a C:\Users\CZAJA\Desktop\wlsetup-web(1).exe -d C:\Users\CZAJA\Desktop
Task: {C497D130-2F78-43ED-B181-1E06CFCBE19B} - System32\Tasks\{B6A24E64-4111-4909-9F35-637E64F6292D} => C:\Windows\system32\pcalua.exe -a C:\Users\CZAJA\Desktop\dotnetfx35setup(1).exe -d C:\Users\CZAJA\Desktop
Task: {E8ED52B1-1E56-4C81-AE69-20429FEB2CEE} - System32\Tasks\{228FBFA9-E23D-4B6B-AC94-09D5FA129849} => C:\Windows\system32\pcalua.exe -a H:\setup.exe -d H:\
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3731819311-3803592971-2477603935-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
Toolbar: HKU\S-1-5-21-3731819311-3803592971-2477603935-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3731819311-3803592971-2477603935-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [No File]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [No File]
S2 HPSLPSVC; C:\Users\CZAJA\AppData\Local\Temp\7zS7D79\hpslpsvc64.dll [X] <==== ATTENTION
U3 atavextq; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gkernel; \??\C:\Users\CZAJA\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 MDA_NTDRV; \??\C:\Windows\system32\MDA_NTDRV.sys [X]
S3 MSICDSetup; \??\G:\CDriver64.sys [X]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
2100-01-03 02:11 - 2100-01-03 02:11 - 000000938 ___SH () C:\Users\CZAJA\AppData\Roaming\2.bat
2019-04-08 20:40 - 2019-04-08 20:40 - 000000338 ___SH () C:\Users\CZAJA\AppData\Roaming\h.vbs
C:\Users\CZAJA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

 

2) Napisz, czy problem znikł.

 

3) Masz strasznie starą, dziurawą wersję Javy. Konieczna aktualizacja.

Jest jednak problem: masz zainstalowany pakiet biurowy OpenOffice, a ten nie chce współpracować z wersją Javy "jre-8u261" (program biurowy nie chce działać).

Proponuję na razie zainstalować wersję Javy "jre 8u 251) >

https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html#license-lightbox

https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html#license-lightbox

Przed ściągnięciem Javy zrób kopię do "Przywracania Systemu" :

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

Cytuj

CreateRestorePoint:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

To na wypadek, gdybyś po zainstalowaniu Javy zauważył jakieś problemy z działaniem pakietu biurowego, lub przeglądarki internetowej.

.

Edytowane 1 sierpnia 2020 przez Twój_Anioł_Stróż

[MartaSz.]

Bardzo proszę o pomoc. Cmd wyłącza się po sekundzie.

 

 

Addition.txt FRST.txt

[Twój_Anioł_Stróż]

=========>>@MartaSz.

 

Nie masz żadnej infekcji.

 

Tylko kosmetyka:

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

Cytuj

FirewallRules: [{C01A339A-7C3C-4E06-A5FB-ED9451A52CB3}] => (Allow) C:\Users\marta\AppData\Local\Kingsoft\WPS Office\11.2.0.9281\office6\wps.exe => Brak pliku

FirewallRules: [TCP Query User{822FD73D-FDB1-4595-8CBB-E00A1C5165C0}C:\users\marta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\marta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{684A2655-06A4-4866-B5F0-737FCDCC80FB}C:\users\marta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\marta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{F6A4A5CF-4A0B-4C1D-ABC8-F6F7425569A7}C:\program files\graphisoft\archicad 20\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 20\licensefilegenerator.exe => Brak pliku
FirewallRules: [UDP Query User{B28FB36A-40F2-4383-98F9-97D9B1BAAA1D}C:\program files\graphisoft\archicad 20\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 20\licensefilegenerator.exe => Brak pliku
FirewallRules: [TCP Query User{14BD03D7-029F-4541-ABDE-1FB872FB3494}C:\users\marta\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{EB4DBF78-8668-4581-A85A-42171BA9B902}C:\users\marta\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{ECBF920C-0D40-4C2F-8688-2337073700AA}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => Brak pliku
FirewallRules: [TCP Query User{518E6C2A-C8F5-4526-9A87-EDCFD1D8768C}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => Brak pliku
FirewallRules: [{5867FFD4-8775-45AA-953F-659933B761D7}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [{A8C67A9C-4209-46C8-B06B-E44CC1D2B3DE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [UDP Query User{CD3DEC56-5E3B-4FA2-ADB5-A95192FAB8DB}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe => Brak pliku
FirewallRules: [TCP Query User{E54FB04E-FE6D-45B5-B6DB-C4324EDAA264}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe => Brak pliku
FirewallRules: [{52D7BBE3-2EEB-40A5-B57C-A4CC414644E0}] => (Block) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => Brak pliku
FirewallRules: [{0DA52001-5B4E-4A07-B0A2-8BFFD24F6FD7}] => (Block) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => Brak pliku
FirewallRules: [UDP Query User{732E9E25-147D-415C-9E1E-DD75BACE7846}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => Brak pliku
FirewallRules: [TCP Query User{0EEC3EF6-0C6A-4B0A-9FD9-18EA3C97C136}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => Brak pliku
HKU\S-1-5-21-3826445441-967861443-3189525451-1001\...\Policies\Explorer: []
Task: {98F74A6A-0D36-4D5F-89C2-5C33101B88CE} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-07-26]
RemoveDirectory: C:\Users\marta\Downloads\FRST-OlderVersion
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

 

Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

 

Masz przestarzałe wersje Javy oraz Open Office.

.

Edytowane 3 sierpnia 2020 przez Twój_Anioł_Stróż

[CZAJA48]

Dziękuje za pomoc Twój_Anioł_Stróż

 

Niestety przy uruchomieniu Win wyświetla mi się nadal włączony już CMD (po czym sam znika po chwili) i nadal sam go nie mogę uruchomić wiec problem nadal jest.

Nie wiem dlaczego również otwarty folder ,,Libraries,, mi się włącza.

 

Zrobiłem już update Java wiec jest już aktualny.

Fixlog.txt

Edytowane 3 sierpnia 2020 przez CZAJA48

[MartaSz.]

23 minuty temu, Twój_Anioł_Stróż napisał:

Bardzo dziękuje za pomoc Twój_Anioł_Stróż

Niestety mój cmd wciąż się wyłącza po chwili.

.

 

Fixlog.txt

[Twój_Anioł_Stróż]

@CZAJA48

 

Powtórz usuwanie, bo z fixlogu wynika, że "fixlist" był pusty, nic nie wkleiłeś do Notatnika.

.

========================================================

 

@MartaSz.

 

U Ciebie najwyraźniej System jest uszkodzony, więc go przeinstaluj (masz wyłączone Przywracanie Systemu, więc nie da się zrobić zwykłego przywracania).

Edytowane 3 sierpnia 2020 przez Twój_Anioł_Stróż

[CZAJA48]

Lepiej zrobić tak:

1) Uruchom FRST

2) Naciśnij jednocześnie CTRL+Y. Otworzy się notatnik gdzie wklej poprawiona zawartość (naciśnij jednocześnie CTRL+V), Kliknij Plik -> Zapisz. Zamknij notatnik.

3) W FRST kliknij na Fix

i zrobione.

 

Gdy zrobiłem: ,,Na klawiaturze naciśnij jednocześnie CTRL+S,, to nie zadziałało, wiec podpunkt nr 2 to lepsza i bezpieczniejsza opcja.

 

Teraz faktycznie zadziałało. CMD działa :-) Dziękuje Twój_Anioł_Stróż

Fajnie tylko by było zrozumieć jak to się robi

Edytowane 3 sierpnia 2020 przez CZAJA48

[UnnamedPlayer]

7 godzin temu, CZAJA48 napisał:

Fajnie tylko by było zrozumieć jak to się robi

Fajnie? poza Twój_Anioł_Stróż i mną to nikt na tym forum tym się nie zajmuje, poczytaj to może zrozumiesz https://www.fixitpc.pl/topic/23904-frst-tutorial-obsługi-farbar-recovery-scan-tool/

[Alibaba36]

Witam! Bardzo proszę o pomoc. CMD wyłącza się zaraz po włączeniu.

Addition.txt FRST.txt

[UnnamedPlayer]

1.  Uruchom FRST, naciśnij jednocześnie CTRL+Y, otworzy się notatnik - wklej do niego: 
 

Cytuj

 

HKU\S-1-5-21-4149176209-4061254391-1809627797-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4149176209-4061254391-1809627797-1002\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-4149176209-4061254391-1809627797-1002\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Alibaba\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Alibaba\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION

RemoveDirectory: C:\Users\Alibaba\AppData\Roaming\Microsoft\SoundMixer
ShortcutTarget: dfx — skrót .lnk -> C:\Program Files (x86)\DFX\dfx.exe (FxSound, LLC -> ) [File not signed]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
2020-08-05 10:58 - 2019-10-08 20:21 - 000003200 _____ C:\WINDOWS\system32\Tasks\KMS_VL_ALL
Task: {C89F3872-E7E3-4FB2-84FA-4F5F22AABA0D} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd

2020-08-05 10:58 - 2019-10-08 20:21 - 000003200 _____ C:\WINDOWS\system32\Tasks\KMS_VL_ALL
SearchScopes: HKU\S-1-5-21-4149176209-4061254391-1809627797-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 CG7Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 Ds3Service; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe" [X]
S3 updater; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe" /runservice [X]
S2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [X]
S2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [X]
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll -> No File
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll -> No File
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [822]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [822]
AlternateDataStreams: C:\Users\Alibaba\Application Data:NT [40]
AlternateDataStreams: C:\Users\Alibaba\Application Data:NT2 [822]
AlternateDataStreams: C:\Users\Alibaba\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Alibaba\AppData\Roaming:NT2 [822]
AlternateDataStreams: C:\Users\Alibaba\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [822]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [822]
AlternateDataStreams: C:\ProgramData\TEMP:EFB09287 [117]

FirewallRules: [{0D2B6B94-8CE9-4ECA-8423-D9DAD53FED05}] => (Block) F:\Program Files (x86)\Forza.Horizon.4.Ultimate.Edition-LOOTBOX\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe.exe => No File
FirewallRules: [{FFAEF10A-6ACD-4EFA-8BF9-5D02D1580A4F}] => (Block) F:\Program Files (x86)\Forza.Horizon.4.Ultimate.Edition-LOOTBOX\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe.exe => No File
FirewallRules: [TCP Query User{E179EEB7-8AFE-404A-8D45-BDB695B50BED}F:\program files\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) F:\program files\steam\steamapps\common\arma 3\arma3_x64.exe => No File
FirewallRules: [UDP Query User{BD61430B-89F6-4B10-88A6-B960277AC880}F:\program files\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) F:\program files\steam\steamapps\common\arma 3\arma3_x64.exe => No File
FirewallRules: [TCP Query User{DDDDECDD-E627-4AF5-8F29-F3246EF5D8CC}F:\program files\battlefield 4\bf4.exe] => (Allow) F:\program files\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{C4424559-12C0-46E8-B4F0-A7425314D916}F:\program files\battlefield 4\bf4.exe] => (Allow) F:\program files\battlefield 4\bf4.exe => No File
FirewallRules: [{CCCED79C-8D92-47CE-A53F-AAE1989BA91C}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{4111FE09-26CD-4F9E-95EF-7BFE8652485D}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{19FD8B6E-80FB-4429-98F5-569247AD034A}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [{518FD578-F161-4C37-A581-A6648D990B38}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [TCP Query User{DDDDECDD-E627-4AF5-8F29-F3246EF5D8CC}F:\program files\battlefield 4\bf4.exe] => (Allow) F:\program files\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{C4424559-12C0-46E8-B4F0-A7425314D916}F:\program files\battlefield 4\bf4.exe] => (Allow) F:\program files\battlefield 4\bf4.exe => No File
FirewallRules: [{CCCED79C-8D92-47CE-A53F-AAE1989BA91C}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{4111FE09-26CD-4F9E-95EF-7BFE8652485D}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{19FD8B6E-80FB-4429-98F5-569247AD034A}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [{518FD578-F161-4C37-A581-A6648D990B38}] => (Allow) F:\Program Files\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [TCP Query User{28FA1620-E269-4FED-8ABE-5484F3FC1389}F:\program files\counter-strike 1.6 v43\hl.exe] => (Block) F:\program files\counter-strike 1.6 v43\hl.exe => No File
FirewallRules: [UDP Query User{83F75870-ADF2-4F7C-B3A3-EE1DFFB698CD}F:\program files\counter-strike 1.6 v43\hl.exe] => (Block) F:\program files\counter-strike 1.6 v43\hl.exe => No File
FirewallRules: [{60A1D722-FAB3-420E-A42B-B807175AEA40}] => (Allow) F:\Program Files\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{22A34945-458A-4386-AA37-E1D07F420828}] => (Allow) F:\Program Files\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{1B94B2FE-5F4F-43C0-A48C-3B685C6D7FBC}] => (Allow) F:\Program Files\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{BC8396E0-33A7-4038-BCAE-E0693C867880}] => (Allow) F:\Program Files\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{6AF80ACA-2153-476E-AED9-D41CA4E623A8}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{77D4532C-2140-4CBC-BD79-0A6B59F6A5C0}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{C9447EBC-B89C-4E93-81E8-1D387EAE69CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe => No File
FirewallRules: [{9B8922E2-8001-4857-B12E-FE91251497C8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe => No File
FirewallRules: [{F35B6C71-67F1-40A3-BA3B-427FF15CE2FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe => No File
FirewallRules: [{21E3BC6E-675A-445D-8389-0F284AC6A002}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe => No File
FirewallRules: [{809BE4FC-55C2-4036-BEE4-AFE7C4A507C4}] => (Allow) F:\Program Files\Steam\steamapps\common\Cities_Skylines\dowser.exe => No File
FirewallRules: [{E6E23150-829B-4AEC-8A0D-2049412FD047}] => (Allow) F:\Program Files\Steam\steamapps\common\Cities_Skylines\dowser.exe => No File
FirewallRules: [{28685885-F9FA-40B7-9969-0E677D97D059}] => (Allow) F:\Program Files\gothic\Steam.exe => No File
FirewallRules: [{E0F0549F-E038-4885-9E88-555DA0684FAA}] => (Allow) F:\Program Files\gothic\Steam.exe => No File

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

 

 

2. Naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW)

[MarJan45]

Witam , chcialbym poprosic o pomoc ale raport z FRST mam w jezyku niemieckim , dali byscie rade pomoc?

[Twój_Anioł_Stróż]

dla mnie niemiecki to nie przeszkoda.

[MarJan45]

28 minut temu, Twój_Anioł_Stróż napisał:

dla mnie niemiecki to nie przeszkoda.

No to sie ciesze , tu sa moje raporty z FRST:

Addition.txt FRST.txt

 bede wdzieczny za pomoc

Edytowane 12 września 2020 przez MarJan45

[Twój_Anioł_Stróż]

@MarJan 45

 

Dobra wiadomość jest taka, że nie masz żadnej infekcji.

Zła wiadomość jest taka, że skoro nie masz infekcji, to trudno zgadnąć, co wywołuje u Ciebie tytułowy problem.

 

Tylko kosmetyka:

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

Cytuj

RemoveDirectory: C:\Users\Marjan\Downloads\FRST-OlderVersion

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

Edytowane 12 września 2020 przez Twój_Anioł_Stróż

[MarJan45]

Zrobilem jak napisales ,komputer sie zrestartowal, i w sumie to ja niemialem problemu z cmd, jestem tutaj bo na forum War Thundera opisalem pewien problem i jeden z urzytkownikow majac podobny problem do mojego zasugerowal zebym poszukal pomocy tutaj, tak czy inaczej dziekuje za poswiecony czas

[pawel14]

witam,

Cmd wyłącza się zaraz po uruchomieniu, bardzo proszę o pomoc.

FRST.txt Addition.txt

[Twój_Anioł_Stróż]

-------------@pawel14

 

Jest infekcja SOUNDMODULE!

 

Są też inne infekcje.

 

1) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

Cytuj

HKU\S-1-5-21-3771344872-2845823952-390537197-1000\...\Winlogon: [Shell] %comspec% <==== UWAGA

HKU\S-1-5-21-3771344872-2845823952-390537197-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq FirewallModule.exe" 2>NUL | find /I /N "FirewallModule.exe">NUL && exit & if exist "C:\Users\Admin\AppData\Roaming\Microsoft\FirewallModule\FirewallModule.exe" ( start /MIN "" "C:\Users\Admin\AppData\Roaming\Microsoft\FirewallModule\FirewallModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
RemoveDirectory: C:\Users\Admin\AppData\Roaming\Microsoft\FirewallModule
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
Task: {21F07C4D-64E6-4284-9488-E1967BB50C7D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== UWAGA
Task: {2A3DEC56-D648-44F4-8B62-D3409A4CD1F6} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => C:\Windows\system32\winlogui.exe [750592 2019-11-25] (Microsoft Corporation) [Brak podpisu cyfrowego]
Task: {4D9023B8-73C5-4932-A744-6D4CBEE6848C} - System32\Tasks\{B728A4B6-F07C-48B5-8275-8A52E2C264C7} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
Task: {5B2A7400-039A-4520-9140-4FEFD5E30231} - System32\Tasks\{530558A2-0F9F-4560-8780-D8954A82D86A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\DreamWorks Interactive\Neverhood\setup95.exe" -d C:\Users\Admin\Desktop\Gry
Task: {98FF6CAB-700C-4258-834D-1E3EC59635EB} - System32\Tasks\{D6E18FE2-83B1-40E6-91DB-DBC1403FA9F0} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\CH341SER.EXE -d C:\Users\Admin\Downloads
Task: {AD3F2C3B-146F-4D10-94F2-F72467016833} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== UWAGA
Task: {EBABF5E9-7DBE-438D-A46F-9212CB2E86D7} - System32\Tasks\{F9CF30E9-685E-4F9B-8E2B-4F9E6615FD33} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Downloads\LTspiceXVII (1).exe" -d C:\Users\Admin\Downloads
ProxyServer: [S-1-5-21-3771344872-2845823952-390537197-1000] => http=5.197.149.233:8080;https=5.197.149.233:8080;ftp=5.197.149.233:8080
HOSTS:
CHR Session Restore: Default -> [funkcja włączona]
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== UWAGA
S3 ArcService; E:\Neverwinter\Arc\ArcService.exe [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S3 PAExec; C:\Windows\PAExec.exe -service [X]
S3 atikmdag; system32\DRIVERS\atikmdag.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
RemoveDirectory: C:\Users\Admin\Downloads\FRST-OlderVersion
RemoveDirectory: C:\ProgramData\boost_interprocess
2018-08-06 10:15 - 2018-08-06 10:15 - 000000000 _____ () C:\Users\Admin\AppData\Roaming\FC29FA0894FE.ini
2018-04-26 22:54 - 2018-04-26 22:54 - 007604224 _____ () C:\Users\Admin\AppData\Local\agent.dat
2018-04-26 22:54 - 2018-04-26 22:54 - 000070896 _____ () C:\Users\Admin\AppData\Local\Config.xml
2018-04-26 22:53 - 2018-04-26 22:54 - 000016416 _____ () C:\Users\Admin\AppData\Local\InstallationConfiguration.xml
2018-04-26 22:53 - 2018-04-26 22:53 - 000140800 _____ () C:\Users\Admin\AppData\Local\installer.dat
2018-04-26 22:54 - 2018-04-26 22:54 - 000018432 _____ () C:\Users\Admin\AppData\Local\Main.dat
2018-04-26 22:54 - 2018-04-26 22:54 - 000005568 _____ () C:\Users\Admin\AppData\Local\md.xml
2018-04-26 22:54 - 2018-04-26 22:54 - 000126464 _____ () C:\Users\Admin\AppData\Local\noah.dat
2018-04-26 22:53 - 2018-05-26 14:03 - 000929792 _____ () C:\Users\Admin\AppData\Local\sham.db
2018-04-26 22:54 - 2018-04-26 22:54 - 001895383 _____ () C:\Users\Admin\AppData\Local\Suntone.bin
2018-04-26 22:54 - 2018-04-26 22:54 - 001985710 _____ () C:\Users\Admin\AppData\Local\Unois.tst
2018-04-26 22:54 - 2018-04-26 22:54 - 000278507 _____ () C:\Users\Admin\AppData\Local\Zathtech.tst
FirewallRules: [{11F7C237-4B42-404A-9F81-03070B479932}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => Brak pliku
FirewallRules: [{8C64967B-B183-4228-A52A-9D6096BA447E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => Brak pliku
FirewallRules: [{02A05483-73B5-4F13-BBE2-71FF1D039BB6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => Brak pliku
FirewallRules: [{1B809AD1-4979-4BF4-B9E5-691C37E3B69F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => Brak pliku
FirewallRules: [{BEDF2ABA-C24C-41CE-9B86-D103592599A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => Brak pliku
FirewallRules: [TCP Query User{B39CF02E-F0A8-4819-99D1-41B9B2D04086}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe => Brak pliku
FirewallRules: [UDP Query User{C36EE9FA-80EA-430C-89E7-3D638A65445A}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe => Brak pliku
FirewallRules: [TCP Query User{AD9E663F-CCF1-4503-8BA9-9B12AD0AA3E9}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Brak pliku
FirewallRules: [UDP Query User{EAED1DCD-E5CA-4C93-9B51-CA54B6511037}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Brak pliku
FirewallRules: [TCP Query User{4C8D16F8-91C3-40F9-8E6A-1881995EC95D}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Brak pliku
FirewallRules: [UDP Query User{156A694B-CE26-4D85-9C19-0A4F429624F9}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

 

2)

Cytuj

ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== UWAGA

Jeśli sam tego nie instalowałeś, to odinstaluj ten program.

 

3)

Cytuj

Tcpip\..\Interfaces\{D91D19CB-67BB-46FD-B472-CBB50F2A9B0E}: [NameServer] 185.156.172.178,185.93.180.131

To niemieckie DNS - masz coś wspólnego z Niemcami?

 

4)

Cytuj

Error: (10/01/2020 09:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Ściągnij MicrosoftFixit50688.msi stąd > http://www.mediafire.com/download/6hwcm6b77098cbb/MicrosoftFixit50688.msi
i go uruchom jako Administator.

 

5) Napisz, czy problem znikł?

Edytowane 1 października 2020 przez Twój_Anioł_Stróż

[pawel14]

Komputer zrestrtował się ale po załadowwniu pulpitu jest tylko czarny ekran. 

[Twój_Anioł_Stróż]

Zrób twardy restart - może to tylko chwilowe.

[broooda6]

Witam, u mnie to samo. Konsola po sekundzie się wyłącza.

Addition.txt FRST.txt

[UnnamedPlayer]

1. Odinstaluj 

Update for PriceFountain (HKU\S-1-5-21-2547025499-2957695338-2062215047-1001\...\{594841BA-D453-76A2-1373-397A7F119AEA}) (Version:  - Update for PriceFountain) <==== UWAGA

 

1.  Uruchom FRST, naciśnij jednocześnie CTRL+Y, otworzy się notatnik - wklej do niego: 
 

Cytuj

 

HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-2547025499-2957695338-2062215047-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-2547025499-2957695338-2062215047-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jowita\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jowita\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA

RemoveDirectory: C:\Users\Jowita\AppData\Roaming\Microsoft\SoundMixer
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Brak pliku)
Task: {03815EF3-DD79-495C-A614-FD13EBD835A9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {08E3787A-A5AC-4402-891A-72DEA339F7B0} - System32\Tasks\{D22D0EA8-A32F-470D-B054-1A423CD2A2A6} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jowita\AppData\Roaming\WarThunder\Uninstaller.exe -c /Run /ePN:0W1T1C0T1M2Y1G1Q1P1C
Task: {15F4A3CA-9307-49F5-8E2B-BCEB27E26CEC} - System32\Tasks\{E95ACD51-786D-478F-914E-475EDA39F39D} => C:\WINDOWS\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {16E0BD67-5978-45A3-8027-34055115AAFE} - System32\Tasks\{5101E321-E3E4-43DE-84F4-910B2D9F5A0C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {27603EA3-EABE-4231-9747-58CE8972BFA6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {317582AB-7C3B-4884-AFDE-DD32140864E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {44F53852-8E16-4BDF-ACFC-563BE44B533B} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {8AF3A37F-78FC-4A49-8CE1-E00DC5D79F48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {90ED1175-4907-483E-B734-237BA36B42E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {AC37D529-B538-4516-809A-4993FAB191B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {BA5973E6-6DB6-4285-B290-48436C81302C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {C486A35F-D361-4F0F-87AE-B88372F45D8A} - System32\Tasks\{594841BA-D453-76A2-1373-397A7F119AEA} => C:\Users\Jowita\AppData\Roaming\{59484~1\SYNHEL~1 [Argument = /Check]
Task: {D56750FA-72F7-471F-8961-B8E2767C650C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {E224148B-7865-4077-AD7F-E848150ACBBC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {EC93C80F-B761-4C80-8566-A5A6446D5ACD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {F01268C0-341D-4D2E-9AF4-163671643C22} - \WPD\SqmUpload_S-1-5-21-2547025499-2957695338-2062215047-1001 -> Brak pliku <==== UWAGA
Task: {F0F1F4A2-3BE2-4C21-8EA2-A17E6AE0A82E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\{594841BA-D453-76A2-1373-397A7F119AEA}.job => C:\Users\Jowita\AppData\Roaming\{59484~1\SYNHEL~1/CheckJOWITA\Jowita0֠< <==== UWAGA
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
HKLM\...\.scr: EAGLESCR => "c:\EAGLE 9.6.2\eagle.exe" -C "" "%1" <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2547025499-2957695338-2062215047-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_ir_18_37_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyCtByDyBtCzztAtAtDtCzyzyyCtBtA0AtN0D0Tzu0StByEyEzytN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0E0FyDzzyE0A0FtGtC0E0C0BtGtByEtB0EtGyCtB0B0FtGyC0D0AtDtC0ByDtDyC0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC1Q1O1SyD1StBtAtG1Q1S1PyEtGyE1O1TyEtG1TtByC1RtGtD1QzzyB1OzyyBtD1OzztD1P2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtAtDtN1Q2Z1B1P1RzutCyDtAyBtDtDtDyEyCtD%26cr%3D710336244%26a%3Dwnd_ir_18_37_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2547025499-2957695338-2062215047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2547025499-2957695338-2062215047-1001 -> DefaultScope {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_ir_18_37_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyCtByDyBtCzztAtAtDtCzyzyyCtBtA0AtN0D0Tzu0StByEyEzytN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0E0FyDzzyE0A0FtGtC0E0C0BtGtByEtB0EtGyCtB0B0FtGyC0D0AtDtC0ByDtDyC0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC1Q1O1SyD1StBtAtG1Q1S1PyEtGyE1O1TyEtG1TtByC1RtGtD1QzzyB1OzyyBtD1OzztD1P2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtAtDtN1Q2Z1B1P1RzutCyDtAyBtDtDtDyEyCtD%26cr%3D710336244%26a%3Dwnd_ir_18_37_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2547025499-2957695338-2062215047-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_ir_18_37_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyCtByDyBtCzztAtAtDtCzyzyyCtBtA0AtN0D0Tzu0StByEyEzytN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0E0FyDzzyE0A0FtGtC0E0C0BtGtByEtB0EtGyCtB0B0FtGyC0D0AtDtC0ByDtDyC0AtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC1Q1O1SyD1StBtAtG1Q1S1PyEtGyE1O1TyEtG1TtByC1RtGtD1QzzyB1OzyyBtD1OzztD1P2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtAtDtN1Q2Z1B1P1RzutCyDtAyBtDtDtDyEyCtD%26cr%3D710336244%26a%3Dwnd_ir_18_37_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2547025499-2957695338-2062215047-1001 -> {ED50D883-DF50-429E-A5B2-D5C82AC624B4} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
BHO-x32: Brak nazwy -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Brak pliku
FirewallRules: [{D9DEB48B-E288-42F6-BA9F-B159FBB12D36}] => (Allow) C:\Users\Jowita\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Brak pliku
FirewallRules: [TCP Query User{FA199677-A17C-4633-80DB-F05DBA2ADC20}C:\users\jowita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jowita\appdata\roaming\spotify\spotify.exe => Brak pliku
FirewallRules: [UDP Query User{195C9095-F501-4DE5-9971-0D6E4682A62C}C:\users\jowita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jowita\appdata\roaming\spotify\spotify.exe => Brak pliku
FirewallRules: [TCP Query User{0751A7B7-6F08-4D80-9F9B-D4175EA835CE}C:\users\jowita\appdata\roaming\utorrent\updates\3.4.8_42358.exe] => (Allow) C:\users\jowita\appdata\roaming\utorrent\updates\3.4.8_42358.exe => Brak pliku
FirewallRules: [UDP Query User{8D7619F7-0349-4625-B2E3-C5FA9B5434F4}C:\users\jowita\appdata\roaming\utorrent\updates\3.4.8_42358.exe] => (Allow) C:\users\jowita\appdata\roaming\utorrent\updates\3.4.8_42358.exe => Brak pliku
FirewallRules: [TCP Query User{08B61B04-25E8-4BE7-A1B6-DE4C31C26A27}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe => Brak pliku
FirewallRules: [UDP Query User{B6562485-8E2C-432F-9C37-C6ABD4CC701E}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe => Brak pliku
FirewallRules: [TCP Query User{186E2B86-3BA0-4A3E-B8FE-CABCABDC6D6F}C:\users\jowita\appdata\roaming\utorrent\updates\3.4.9_42671.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.4.9_42671.exe => Brak pliku
FirewallRules: [UDP Query User{5913C6AB-50C3-42B4-A5D2-FB5C593610E4}C:\users\jowita\appdata\roaming\utorrent\updates\3.4.9_42671.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.4.9_42671.exe => Brak pliku
FirewallRules: [TCP Query User{7032DF89-AC9F-4A7F-A4A5-81A1CAA0F585}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43534.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43534.exe => Brak pliku
FirewallRules: [UDP Query User{0FEB87A8-836D-45FE-808F-3384092EB436}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43534.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43534.exe => Brak pliku
FirewallRules: [TCP Query User{F1EF0DA9-AE6D-4EEC-8C3A-E42F1D7F7B99}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43900.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43900.exe => Brak pliku
FirewallRules: [UDP Query User{8B72CC5F-CFE9-4959-B85F-42DF03D9425A}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43900.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.0_43900.exe => Brak pliku
FirewallRules: [TCP Query User{BC231941-F160-479C-B322-D78F3FF9DB75}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.1_44321.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.1_44321.exe => Brak pliku
FirewallRules: [UDP Query User{F3868082-A90A-4744-BD17-F3ACB1E200C3}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.1_44321.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.1_44321.exe => Brak pliku
FirewallRules: [TCP Query User{56E79516-D7BB-4958-9ECA-56DB77FBEC09}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.3_44352.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.3_44352.exe => Brak pliku
FirewallRules: [UDP Query User{C8FE6FB8-BF22-45B7-9FBF-99B11210F7D2}C:\users\jowita\appdata\roaming\utorrent\updates\3.5.3_44352.exe] => (Block) C:\users\jowita\appdata\roaming\utorrent\updates\3.5.3_44352.exe => Brak pliku
FirewallRules: [{5882EC6C-B5A3-4D96-9D9B-AA8321C2AE3A}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe => Brak pliku
FirewallRules: [TCP Query User{BB01CA77-3C16-4638-A3CB-ABD0AFEDABE8}C:\program files (x86)\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files (x86)\the sims 4\game\bin\ts4.exe => Brak pliku
FirewallRules: [UDP Query User{E83F558E-9763-4FA5-96E4-0C4D94984674}C:\program files (x86)\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files (x86)\the sims 4\game\bin\ts4.exe => Brak pliku
FirewallRules: [TCP Query User{FAD8199C-7628-4B57-A876-F857D0D621FB}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe => Brak pliku
FirewallRules: [UDP Query User{91DFF438-49EA-42CB-A0B8-0BB71AC12071}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe => Brak pliku
FirewallRules: [TCP Query User{8651090B-05E3-4AFC-86CB-849A5F745710}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe => Brak pliku
FirewallRules: [UDP Query User{3EFA1BF6-3823-4E1B-B948-DC3CC91751A3}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe => Brak pliku
FirewallRules: [TCP Query User{A671A6F6-A018-4BB0-AC36-B2B0E470D7A0}C:\users\jowita\desktop\dcc\dcc.exe] => (Allow) C:\users\jowita\desktop\dcc\dcc.exe => Brak pliku
FirewallRules: [UDP Query User{7431F451-E7FB-49AC-A9CA-000E2690D4DF}C:\users\jowita\desktop\dcc\dcc.exe] => (Allow) C:\users\jowita\desktop\dcc\dcc.exe => Brak pliku
EmptyTemp:

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}

 

2. Naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW)

[broooda6]

@UnnamedPlayer

WIELKIE dzięki!  Wszystko działa