artus72 Opublikowano 11 Lipca 2015 Zgłoś Udostępnij Opublikowano 11 Lipca 2015 Dzień dobry, podczas korzystania z różnych stron (nawet bankowości elektronicznej) jestem przekierowywany na ewidentnie podejrzane domeny. Dodatkowo, od kilku dni, nie mogę odtwarzać klipów wideo na youtube.com - widać tylko czarny ekran i kręcące się w nieskończoność kółeczko ładowania materiału. W akcie desperacji wykonałem przywracanie sytemu (do punktu sprzed ponad roku), niestety, bezskutecznie. Czyżby w moim komputerze nastąpiła niekontrolowana rozmnoża jakiegoś elektronicznego paskudztwa? Proszę o pomoc. Pozdrawiam Artur Addition.txt FRST.txt GMER.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 11 Lipca 2015 Zgłoś Udostępnij Opublikowano 11 Lipca 2015 1) Odinstaluj program Sale Clipper 2) Otwórz Notatnik i wklej w nim: 2015-07-05 15:51 - 2015-07-05 15:51 - 00653024 ____N () C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugincontainer.exe2015-07-05 15:55 - 2015-07-11 12:22 - 00573664 _____ () C:\Program Files\Common Files\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\updater.exe2015-07-11 10:13 - 2015-07-11 10:13 - 00514784 _____ () C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugins\10\plugin.exe2015-07-11 13:50 - 2015-07-11 13:50 - 00616672 _____ () C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugins\3\plugin.exe2015-07-11 13:50 - 2015-07-11 13:50 - 01170656 _____ () C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugins\2\plugin.exe2015-07-11 13:50 - 2015-07-11 13:50 - 00781024 _____ () C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugins\5\plugin.exC:\Program Files\Common Files\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7bC:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7bHKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTIONHKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.js <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTIONBHO: Sale Clipper -> {b18906df-1dfa-4d50-8a1f-7d076a8c87b7} -> C:\Program Files\Sale Clipper\Extensions\b18906df-1dfa-4d50-8a1f-7d076a8c87b7.dll [2015-07-05] ()C:\Program Files\Sale ClipperOPR Extension: (Sale Clipper) - C:\Users\Artur\AppData\Roaming\Opera Software\Opera Stable\Extensions\hbeajlnonkobmncepcndnbbjgilbapbp [2015-07-05]R2 Service Mgr SaleClipper; C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\plugincontainer.exe [653024 2015-07-05] ()R2 Update Mgr SaleClipper; C:\Program Files\Common Files\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b\updater.exe [573664 2015-07-11] () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Bulgarian).lnkC:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (English).lnkC:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Espańol).lnkC:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Russian).lnkEmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exeUruchom FRST i kliknij przycisk Fix.Powstanie plik fixlog.txt.Daj ten log. 3) Zrób nowe logi FRST. jessi Odnośnik do komentarza
artus72 Opublikowano 11 Lipca 2015 Autor Zgłoś Udostępnij Opublikowano 11 Lipca 2015 Proszę bardzo Addition.txt Fixlog.txt FRST.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 11 Lipca 2015 Zgłoś Udostępnij Opublikowano 11 Lipca 2015 W tych logach nie widzę już niczego podejrzanego, więc powinno być OK. Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.przez SHIFT+DEL usuń pozostały folder C:\FRST. jessi Odnośnik do komentarza
artus72 Opublikowano 11 Lipca 2015 Autor Zgłoś Udostępnij Opublikowano 11 Lipca 2015 zrobione. Dziękuję za pomoc Odnośnik do komentarza
picasso Opublikowano 13 Lipca 2015 Zgłoś Udostępnij Opublikowano 13 Lipca 2015 jessika Usunęłaś poprawne wpisy - zabezpieczenie wprowadzone przez CryptoPrevent: ==================== Installed Programs ====================== CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) HKLM Group Policy restriction on software: *.bmp*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js HKLM Group Policy restriction on software: *.ppt*.exe HKLM Group Policy restriction on software: *.jpeg*.com HKLM Group Policy restriction on software: %allusersprofile%\*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse HKLM Group Policy restriction on software: *.pptx*.scr HKLM Group Policy restriction on software: *.jpg*.jse HKLM Group Policy restriction on software: *.wma*.cmd HKLM Group Policy restriction on software: %appdata%\*\*.pif HKLM Group Policy restriction on software: *.mp4*.jse HKLM Group Policy restriction on software: *.zip*.scr HKLM Group Policy restriction on software: *.pdf*.com HKLM Group Policy restriction on software: %programdata%\*.jse HKLM Group Policy restriction on software: vssadmin.exe HKLM Group Policy restriction on software: *.pptx*.cmd HKLM Group Policy restriction on software: *.wma*.bat HKLM Group Policy restriction on software: *.ppt*.cmd HKLM Group Policy restriction on software: *.bmp*.com HKLM Group Policy restriction on software: *.xls*.bat HKLM Group Policy restriction on software: *.xlsx*.bat HKLM Group Policy restriction on software: *.rtf*.js HKLM Group Policy restriction on software: *.7z*.scr HKLM Group Policy restriction on software: *.txt*.bat HKLM Group Policy restriction on software: *.wmv*.bat HKLM Group Policy restriction on software: *.divx*.pif HKLM Group Policy restriction on software: *.mp4*.com HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe HKLM Group Policy restriction on software: *.pub*.scr HKLM Group Policy restriction on software: *.docx*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif HKLM Group Policy restriction on software: C:\Users\*.jse HKLM Group Policy restriction on software: *.avi*.bat HKLM Group Policy restriction on software: *.mp4*.pif HKLM Group Policy restriction on software: lsassw86s.exe HKLM Group Policy restriction on software: *.jpg*.cmd HKLM Group Policy restriction on software: *.pub*.js HKLM Group Policy restriction on software: *.xls*.jse HKLM Group Policy restriction on software: %appdata%\*.bat HKLM Group Policy restriction on software: *.jpeg*.js HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com HKLM Group Policy restriction on software: *.docx*.exe HKLM Group Policy restriction on software: *.pptx*.pif HKLM Group Policy restriction on software: *.7z*.js HKLM Group Policy restriction on software: *.docx*.com HKLM Group Policy restriction on software: *.wav*.com HKLM Group Policy restriction on software: *.pptx*.bat HKLM Group Policy restriction on software: %userprofile%\*.bat HKLM Group Policy restriction on software: *.png*.pif HKLM Group Policy restriction on software: *.xls*.scr HKLM Group Policy restriction on software: *.pdf*.pif HKLM Group Policy restriction on software: *.wmv*.cmd HKLM Group Policy restriction on software: *.wma*.jse HKLM Group Policy restriction on software: *.wma*.com HKLM Group Policy restriction on software: *.ppt*.js HKLM Group Policy restriction on software: *.rtf*.com HKLM Group Policy restriction on software: *.divx*.exe HKLM Group Policy restriction on software: *.docx*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js HKLM Group Policy restriction on software: *:\$Recycle.Bin HKLM Group Policy restriction on software: %allusersprofile%\*.js HKLM Group Policy restriction on software: *.wav*.pif HKLM Group Policy restriction on software: %appdata%\*.scr HKLM Group Policy restriction on software: %appdata%\*.pif HKLM Group Policy restriction on software: *.mp3*.js HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr HKLM Group Policy restriction on software: *.pdf*.js HKLM Group Policy restriction on software: *.xls*.com HKLM Group Policy restriction on software: *.ppt*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js HKLM Group Policy restriction on software: %appdata%\*\*.js HKLM Group Policy restriction on software: *.wmv*.exe HKLM Group Policy restriction on software: *.wmv*.js HKLM Group Policy restriction on software: *.gif*.cmd HKLM Group Policy restriction on software: *.wav*.jse HKLM Group Policy restriction on software: %userprofile%\*.cmd HKLM Group Policy restriction on software: *.doc*.jse HKLM Group Policy restriction on software: *.wav*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse HKLM Group Policy restriction on software: *.gif*.scr HKLM Group Policy restriction on software: *.7z*.cmd HKLM Group Policy restriction on software: *.doc*.com HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat HKLM Group Policy restriction on software: %userprofile%\*.pif HKLM Group Policy restriction on software: *.rtf*.exe HKLM Group Policy restriction on software: %programdata%\*\svchost.exe HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd HKLM Group Policy restriction on software: *.doc*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe HKLM Group Policy restriction on software: *.rtf*.jse HKLM Group Policy restriction on software: *.xls*.cmd HKLM Group Policy restriction on software: %appdata%\*\*.bat HKLM Group Policy restriction on software: *.mp4*.bat HKLM Group Policy restriction on software: *.mp3*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\*.js HKLM Group Policy restriction on software: *.txt*.com HKLM Group Policy restriction on software: *.ppt*.com HKLM Group Policy restriction on software: *.xlsx*.com HKLM Group Policy restriction on software: %appdata%\*.exe HKLM Group Policy restriction on software: %allusersprofile%\*.bat HKLM Group Policy restriction on software: *.doc*.js HKLM Group Policy restriction on software: *.pdf*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js HKLM Group Policy restriction on software: *.jpeg*.exe HKLM Group Policy restriction on software: *.mp3*.exe HKLM Group Policy restriction on software: *.zip*.cmd HKLM Group Policy restriction on software: *.7z*.jse HKLM Group Policy restriction on software: *.7z*.pif HKLM Group Policy restriction on software: *.doc*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr HKLM Group Policy restriction on software: *.pub*.com HKLM Group Policy restriction on software: %userprofile%\*.exe HKLM Group Policy restriction on software: %programdata%\*.cmd HKLM Group Policy restriction on software: *.xlsx*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe HKLM Group Policy restriction on software: *.rar*.js HKLM Group Policy restriction on software: *.png*.exe HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat HKLM Group Policy restriction on software: *.rtf*.pif HKLM Group Policy restriction on software: %programdata%\*.com HKLM Group Policy restriction on software: *.xlsx*.exe HKLM Group Policy restriction on software: %userprofile%\*.com HKLM Group Policy restriction on software: %programdata%\*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr HKLM Group Policy restriction on software: *.pdf*.exe HKLM Group Policy restriction on software: %appdata%\*.cmd HKLM Group Policy restriction on software: *.pub*.bat HKLM Group Policy restriction on software: *.rar*.scr HKLM Group Policy restriction on software: *.mp3*.cmd HKLM Group Policy restriction on software: ** HKLM Group Policy restriction on software: *.rtf*.bat HKLM Group Policy restriction on software: *.xlsx*.pif HKLM Group Policy restriction on software: *.rar*.exe HKLM Group Policy restriction on software: %userprofile%\*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe HKLM Group Policy restriction on software: *.pptx*.com HKLM Group Policy restriction on software: *.jpeg*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd HKLM Group Policy restriction on software: *.bmp*.exe HKLM Group Policy restriction on software: *.bmp*.cmd HKLM Group Policy restriction on software: *.pptx*.exe HKLM Group Policy restriction on software: *.jpg*.scr HKLM Group Policy restriction on software: *.divx*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse HKLM Group Policy restriction on software: *.pdf*.scr HKLM Group Policy restriction on software: cipher.exe HKLM Group Policy restriction on software: *.avi*.exe HKLM Group Policy restriction on software: *.jpg*.com HKLM Group Policy restriction on software: *.png*.bat HKLM Group Policy restriction on software: *.jpg*.pif HKLM Group Policy restriction on software: *.mp3*.scr HKLM Group Policy restriction on software: C:\Users\*.bat HKLM Group Policy restriction on software: *.zip*.pif HKLM Group Policy restriction on software: lsassvrtdbks.exe HKLM Group Policy restriction on software: *.rar*.com HKLM Group Policy restriction on software: %userprofile%\*.jse HKLM Group Policy restriction on software: *.mp3*.jse HKLM Group Policy restriction on software: %appdata%\*.js HKLM Group Policy restriction on software: %programdata%\*.exe HKLM Group Policy restriction on software: *.txt*.cmd HKLM Group Policy restriction on software: *.gif*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd HKLM Group Policy restriction on software: %allusersprofile%\*.exe HKLM Group Policy restriction on software: %appdata%\*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat HKLM Group Policy restriction on software: *.ppt*.jse HKLM Group Policy restriction on software: %programdata%\*.scr HKLM Group Policy restriction on software: *.zip*.bat HKLM Group Policy restriction on software: *.xls*.pif HKLM Group Policy restriction on software: %appdata%\*\*.com HKLM Group Policy restriction on software: *.wmv*.pif HKLM Group Policy restriction on software: *.divx*.js HKLM Group Policy restriction on software: *.xlsx*.scr HKLM Group Policy restriction on software: *.xls*.js HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe HKLM Group Policy restriction on software: *.wma*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse HKLM Group Policy restriction on software: *.7z*.com HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com HKLM Group Policy restriction on software: *.txt*.exe HKLM Group Policy restriction on software: %allusersprofile%\*.com HKLM Group Policy restriction on software: *.png*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\*.com HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe HKLM Group Policy restriction on software: *.avi*.jse HKLM Group Policy restriction on software: *.bmp*.scr HKLM Group Policy restriction on software: scsvserv.exe HKLM Group Policy restriction on software: *.pub*.exe HKLM Group Policy restriction on software: *.docx*.pif HKLM Group Policy restriction on software: *.avi*.js HKLM Group Policy restriction on software: C:\Users\*.pif HKLM Group Policy restriction on software: %appdata%\*\*.scr HKLM Group Policy restriction on software: *.jpg*.js HKLM Group Policy restriction on software: *.bmp*.jse HKLM Group Policy restriction on software: *.7z*.bat HKLM Group Policy restriction on software: *.ppt*.bat HKLM Group Policy restriction on software: *.pdf*.bat HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif HKLM Group Policy restriction on software: %programdata%\*.pif HKLM Group Policy restriction on software: *.txt*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com HKLM Group Policy restriction on software: *.png*.com HKLM Group Policy restriction on software: *.mp4*.js HKLM Group Policy restriction on software: *.pdf*.jse HKLM Group Policy restriction on software: *.wmv*.jse HKLM Group Policy restriction on software: *.mp3*.pif HKLM Group Policy restriction on software: *.wma*.exe HKLM Group Policy restriction on software: *.bmp*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd HKLM Group Policy restriction on software: *.doc*.cmd HKLM Group Policy restriction on software: *.jpeg*.jse HKLM Group Policy restriction on software: *.mp3*.com HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr HKLM Group Policy restriction on software: *.rar*.jse HKLM Group Policy restriction on software: %allusersprofile%\*.jse HKLM Group Policy restriction on software: *.jpg*.bat HKLM Group Policy restriction on software: *.gif*.pif HKLM Group Policy restriction on software: %programdata%\*.js HKLM Group Policy restriction on software: *.zip*.jse HKLM Group Policy restriction on software: %appdata%\*\*.exe HKLM Group Policy restriction on software: *.divx*.jse HKLM Group Policy restriction on software: *.jpeg*.scr HKLM Group Policy restriction on software: *.doc*.bat HKLM Group Policy restriction on software: *.rtf*.scr HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat HKLM Group Policy restriction on software: *.wma*.js HKLM Group Policy restriction on software: *.wav*.js HKLM Group Policy restriction on software: *.wav*.exe HKLM Group Policy restriction on software: *.png*.js HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd HKLM Group Policy restriction on software: *.gif*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe HKLM Group Policy restriction on software: *.avi*.pif HKLM Group Policy restriction on software: *.wmv*.scr HKLM Group Policy restriction on software: C:\Users\*.js HKLM Group Policy restriction on software: *.mp4*.cmd HKLM Group Policy restriction on software: *.docx*.bat HKLM Group Policy restriction on software: *.png*.jse HKLM Group Policy restriction on software: *.wmv*.com HKLM Group Policy restriction on software: *.wav*.cmd HKLM Group Policy restriction on software: *.jpeg*.pif HKLM Group Policy restriction on software: *.avi*.com HKLM Group Policy restriction on software: *.docx*.js HKLM Group Policy restriction on software: *.pub*.cmd HKLM Group Policy restriction on software: *.avi*.scr HKLM Group Policy restriction on software: %allusersprofile%\*.scr HKLM Group Policy restriction on software: *.wav*.bat HKLM Group Policy restriction on software: *.txt*.jse HKLM Group Policy restriction on software: %userprofile%\*.js HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr HKLM Group Policy restriction on software: *.xls*.exe HKLM Group Policy restriction on software: *.pub*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com HKLM Group Policy restriction on software: syskey.exe HKLM Group Policy restriction on software: *.doc*.scr HKLM Group Policy restriction on software: *.mp4*.scr HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js HKLM Group Policy restriction on software: *.rar*.bat HKLM Group Policy restriction on software: *.avi*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif HKLM Group Policy restriction on software: *.divx*.bat HKLM Group Policy restriction on software: *.gif*.js HKLM Group Policy restriction on software: *.mp4*.exe HKLM Group Policy restriction on software: %appdata%\*.com HKLM Group Policy restriction on software: *.xlsx*.cmd HKLM Group Policy restriction on software: *.rtf*.cmd HKLM Group Policy restriction on software: *.gif*.bat HKLM Group Policy restriction on software: *.divx*.com HKLM Group Policy restriction on software: %allusersprofile%\*.pif HKLM Group Policy restriction on software: *.png*.scr HKLM Group Policy restriction on software: *.txt*.scr HKLM Group Policy restriction on software: *.wma*.pif HKLM Group Policy restriction on software: *.rar*.cmd HKLM Group Policy restriction on software: C:\Users\*.cmd HKLM Group Policy restriction on software: %appdata%\*\*.jse HKLM Group Policy restriction on software: *.divx*.scr HKLM Group Policy restriction on software: *.txt*.js HKLM Group Policy restriction on software: *.pptx*.jse HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe HKLM Group Policy restriction on software: *.ppt*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd HKLM Group Policy restriction on software: *.pub*.jse HKLM Group Policy restriction on software: C:\Users\*.exe HKLM Group Policy restriction on software: *.jpg*.exe HKLM Group Policy restriction on software: *.gif*.com HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js HKLM Group Policy restriction on software: %appdata%\*\*.cmd HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr HKLM Group Policy restriction on software: *.7z*.exe HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd HKLM Group Policy restriction on software: *.bmp*.js HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif HKLM Group Policy restriction on software: *.jpeg*.cmd HKLM Group Policy restriction on software: *.xlsx*.js HKLM Group Policy restriction on software: *.docx*.cmd HKLM Group Policy restriction on software: *.rar*.pif HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat HKLM Group Policy restriction on software: C:\Users\*.scr HKLM Group Policy restriction on software: *.zip*.com HKLM Group Policy restriction on software: *.zip*.js HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com HKLM Group Policy restriction on software: *.zip*.exe HKLM Group Policy restriction on software: *.pptx*.js HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif artus72 1. Uszkodzona konfiguracja CryptoPrevent: jeśli program tego nie odtworzy, przeładuj wszystko ręcznie. 2. Dalsze poprawki na szczątki adware (ClientConnect Ltd.) i inne. Pobierz ponownie FRST. Do Notatnika wklej: CustomCLSID: HKU\S-1-5-21-3698236117-931745765-820054799-1001_Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\InprocServer32 -> C:\Users\Artur\AppData\Local\Tbccint\Community Alerts\Alert.dll (ClientConnect Ltd.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-3698236117-931745765-820054799-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3698236117-931745765-820054799-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = C:\Users\Artur\AppData\Local\Tbccint C:\Users\Artur\AppData\Roaming\21903 C:\Users\Artur\AppData\Roaming\Opera Software Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Zaprezentyuj wynikowy fixlog.txt. 3. Uruchom AdwCleaner. Zastosuj Szukaj i dostarcz wynikowy log z folderu C:\AdwCleaner. Odnośnik do komentarza
artus72 Opublikowano 14 Lipca 2015 Autor Zgłoś Udostępnij Opublikowano 14 Lipca 2015 CryptoPrevent już uzdrowiłem (ważne, że uciążliwe przekierowania jessi wycięła w pień ) W dalszym ciągu nie mogę odtwarzać filmów na youtube.com. No i dziennik zdarzeń pełen jest jakichś niepokojących komunikatów, których nie potrafię zdiagnozować. AdwCleanerR0.txt Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 15 Lipca 2015 Zgłoś Udostępnij Opublikowano 15 Lipca 2015 Jeszcze poprawki (uwzględniam to co wykrył AdwCleaner). Otwórz Notatnik i wklej w nim: Reg: reg delete HKCU\Software\AppDataLow\Software\PriceGong /f Reg: reg delete HKCU\Software\AppDataLow\Software\Tbccint /f Reg: reg delete "HKCU\Software\Avg Secure Update" /f Reg: reg delete HKCU\Software\PRODUCTSETUP /f Reg: reg delete HKCU\Software\Tbccint /f Reg: reg delete HKCU\Software\Tbccint_HKLM /f Reg: reg delete HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} /f Reg: reg delete HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} /f Reg: reg delete HKLM\SOFTWARE\Classes\Toolbar.CT3327997 /f Reg: reg delete "HKU\.DEFAULT\Software\Avg Secure Update" /f RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\ProgramData\apn RemoveDirectory: C:\ProgramData\Tbccint RemoveDirectory: C:\Users\Artur\AppData\LocalLow\Tbccint Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Zaprezentuj wynikowy fixlog.txt. W dalszym ciągu nie mogę odtwarzać filmów na youtube.com. Sprawdź czy zmienia postać rzeczy rekonfiguracja akceleracji sprzętowej: KLIK. No i dziennik zdarzeń pełen jest jakichś niepokojących komunikatów, których nie potrafię zdiagnozować. O co konkretnie chodzi? Komentując to co jest widoczne w Addition: Application errors: ================== Error: (07/11/2015 03:47:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2015 03:45:53 PM) (Source: Software Protection Platform Service) (EventID: 12293) (User: ) Description: Publikowanie usługi zarządzania kluczami w systemie DNS w domenie „” nie powiodło się. Informacje: 0x80070057 Error: (07/11/2015 03:45:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvNetworkService.exe, wersja: 1.0.2.5, sygnatura czasowa: 0x52e70698 Nazwa modułu powodującego błąd: NvNetworkService.exe, wersja: 1.0.2.5, sygnatura czasowa: 0x52e70698 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000b057c Identyfikator procesu powodującego błąd: 0x8a0 Godzina uruchomienia aplikacji powodującej błąd: 0xNvNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvNetworkService.exe1 Ścieżka modułu powodującego błąd: NvNetworkService.exe2 Identyfikator raportu: NvNetworkService.exe3 System errors: ============= Error: (07/11/2015 03:50:44 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (07/11/2015 03:45:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa NVIDIA Network Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. - Błąd WMI (WinMgmt) numer 10 nie ma żadnego znaczenia. Jego likwidacja to jedynie "kosmetyka": KLIK. - Błąd "Software Protection Platform Service" - nie wiem. - Błędy Usługi NVIDIA Network Service (NvNetworkService.exe) - usługę możesz po prostu wyłączyć via services.msc. Alternatywnie, możesz rozważyć deinstalację aktualizatora NVIDIA GeForce Experience 1.8.2. - to nie jest kluczowy elewment zestawu nVidia, może tworzyć problemy. - "Wykonywanie kopii w tle woluminu" - ograniczony magazyn na punkty Przywracania systemu. Odnośnik do komentarza
artus72 Opublikowano 15 Lipca 2015 Autor Zgłoś Udostępnij Opublikowano 15 Lipca 2015 Po dwukrotnym kliknięciu (celem uruchomienia) na FRST aplikacja... znikła Kilkukrotne próby pobrania programu ze strony bleepingcomputer spełzały na niczym. Dopiero w trybie awaryjnym z obsługą sieci udało się go ściągnąć i zastosować podany przez Ciebie fixlist. [EDYTA] youtube działa pod IE. W firefox nadal kicha. Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 15 Lipca 2015 Zgłoś Udostępnij Opublikowano 15 Lipca 2015 Fix wykonany, więc standardowe koki na koniec z DelFix i czyszczeniem folderów Przywracania: KLIK. Po dwukrotnym kliknięciu (celem uruchomienia) na FRST aplikacja... znikła Podejrzany program antywirusowy. Wiele AV nie potrafi dobrze sformułować detekcji i klasyfikuje FRST jako "trojana" zapobiegając jego pobraniu lub natychmiast usuwając z dysku po pobraniu. youtube działa pod IE. W firefox nadal kicha. Rozumiem, że w IE wyłączyłeś akcelerację sprzętową? Firefoxa wcześniej w systemie nie było, ale dla tej przeglądarki podobny trop z akceleracją: Opcje > Zaawansowane > Ogólne > Korzystaj z akceleracji sprzętowej, jeśli dostępna. Odnośnik do komentarza
artus72 Opublikowano 15 Lipca 2015 Autor Zgłoś Udostępnij Opublikowano 15 Lipca 2015 (edytowane) w systemie Firefoxa nie bylo, bo korzystam z wersji portable. IE odtwarzał filmy zanim spróbowałem z fixem MS. Zajrzę wieczorem do preferencji FF (teraz siedzę w kieracie). Na razie dziękuję za dotychczasową pomoc [EDYTA] checkbox "Korzystaj z akceleracji sprzętowej..." był zaznaczony. [EDYTA2] temat można zamknąć - zainstalowałem fajerfoksowy dodatek YouTube Flash Video Player i filmiki śmigają pozdrawiam i jeszcze raz dziękuję za pomoc DelFix.txt Edytowane 17 Lipca 2015 przez artus72 Odnośnik do komentarza
Rekomendowane odpowiedzi