Simonkornik Opublikowano 27 Maja 2016 Zgłoś Udostępnij Opublikowano 27 Maja 2016 Opis problemu: parę dni temu złapałem wirusa -Filecoder.CryptProjectXXX.E , który mi zaszyfrował większość danych na komputerze, oszczędził jedynie partycje systemową. Komputer wyczyściłem m.in. Esetem, jednakże dane pozostały zaszyfrowane (powoli godzę się z tym, że nieprędko je odzyskam jeśli w ogóle). Po skanowaniu esetem, Malwarebytes Anti-Malware wydaje mi się, iż komputer jest wolny od wirusów. Jednakże zaobserwowałem następujący problem: - program utorrent nie uruchamia się, a przy próbie uruchomienia zwraca następującą informację: Program ...\utorrent.exe "System windows nie może otworzyć tego programu, ponieważ jest on chroniony przez zasady ograniczeń oprogramowania. Aby uzyskać więcej informacji otwórz Podgląd zdarzeń lub skontaktuj się z administratorem systemu." W dzienniku zdarzeń widnieje taki komunikat: "uTorrent.exe został ograniczony przez administratora przy użyciu lokalizacji z regułą zasad {8175bb06-3481-4dd5-83f9-903ea9226443} o ścieżce ..\Dane aplikacji\*\*.exe." Ponowna reinstalacja programu nic nie dała. Pytanie czy te problemy są wynikiem działalności wspomnianego wirusa i czy przypadkiem innych programów "przy okazji" nie uszkodził oraz czy idzie w jakiś prosty sposób to naprawić poza formatem? Addition.txt FRST.txt GMER.txt Odnośnik do komentarza
picasso Opublikowano 27 Maja 2016 Zgłoś Udostępnij Opublikowano 27 Maja 2016 Zabrakło raportu FRST Shortcut. Opis problemu: parę dni temu złapałem wirusa -Filecoder.CryptProjectXXX.E , który mi zaszyfrował większość danych na komputerze, oszczędził jedynie partycje systemową. Jeśli zaszyfrowane pliki mają rozszerzenie *.crypt, to rzeczywiście nie ma na razie ratunku... Prawdopodobnie zainfekował Cię CryptXXX w wersji 3.0, jest to obecnie nie do odkodowania. Temat na forum: KLIK. Program ...\utorrent.exe "System windows nie może otworzyć tego programu, ponieważ jest on chroniony przez zasady ograniczeń oprogramowania. Aby uzyskać więcej informacji otwórz Podgląd zdarzeń lub skontaktuj się z administratorem systemu." W dzienniku zdarzeń widnieje taki komunikat: "uTorrent.exe został ograniczony przez administratora przy użyciu lokalizacji z regułą zasad {8175bb06-3481-4dd5-83f9-903ea9226443} o ścieżce ..\Dane aplikacji\*\*.exe." Ponowna reinstalacja programu nic nie dała. To jest kwestia tego, że zainstalowałeś CryptoPrevent, który tworzy ograniczenia zabezpieczające przed uruchomieniem infekcji typu ransom: HKLM Group Policy restriction on software: *.png*.com HKLM Group Policy restriction on software: *.bmp*.bat HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr HKLM Group Policy restriction on software: *.rar*.com HKLM Group Policy restriction on software: *.ppt*.exe HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd HKLM Group Policy restriction on software: *.wma*.exe HKLM Group Policy restriction on software: *.divx*.cmd HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif HKLM Group Policy restriction on software: *.xlsx*.com HKLM Group Policy restriction on software: *.wma*.jse HKLM Group Policy restriction on software: *.xls*.bat HKLM Group Policy restriction on software: %userprofile%\*.com HKLM Group Policy restriction on software: *.bmp*.pif HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat HKLM Group Policy restriction on software: *.mp3*.bat HKLM Group Policy restriction on software: *.7z*.jse HKLM Group Policy restriction on software: *.png*.jse HKLM Group Policy restriction on software: %userprofile%\*.js HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat HKLM Group Policy restriction on software: *.doc*.pif HKLM Group Policy restriction on software: %appdata%\*.pif HKLM Group Policy restriction on software: *.mp3*.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr HKLM Group Policy restriction on software: %appdata%\*\*.pif HKLM Group Policy restriction on software: *.ppt*.pif HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr HKLM Group Policy restriction on software: *.gif*.cmd HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd HKLM Group Policy restriction on software: *.xls*.pif HKLM Group Policy restriction on software: *.jpeg*.cmd HKLM Group Policy restriction on software: *.pub*.scr HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat HKLM Group Policy restriction on software: lsassw86s.exe HKLM Group Policy restriction on software: *.avi*.jse HKLM Group Policy restriction on software: *.txt*.pif HKLM Group Policy restriction on software: *.doc*.scr HKLM Group Policy restriction on software: *.xlsx*.exe HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat HKLM Group Policy restriction on software: *.png*.cmd HKLM Group Policy restriction on software: %allusersprofile%\*.com HKLM Group Policy restriction on software: *.jpg*.exe HKLM Group Policy restriction on software: *.7z*.js HKLM Group Policy restriction on software: *.zip*.js HKLM Group Policy restriction on software: syskey.exe HKLM Group Policy restriction on software: *.png*.pif HKLM Group Policy restriction on software: *.xls*.scr HKLM Group Policy restriction on software: *.divx*.pif HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe HKLM Group Policy restriction on software: *.divx*.scr HKLM Group Policy restriction on software: *.xlsx*.bat HKLM Group Policy restriction on software: *.rtf*.cmd HKLM Group Policy restriction on software: *.mp4*.exe HKLM Group Policy restriction on software: *.xls*.cmd HKLM Group Policy restriction on software: *.doc*.jse HKLM Group Policy restriction on software: *.wma*.com HKLM Group Policy restriction on software: *.doc*.com HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe HKLM Group Policy restriction on software: *.xlsx*.scr HKLM Group Policy restriction on software: *.wma*.bat HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse HKLM Group Policy restriction on software: *.ppt*.js HKLM Group Policy restriction on software: *.doc*.cmd HKLM Group Policy restriction on software: *.bmp*.jse HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com HKLM Group Policy restriction on software: *.txt*.com HKLM Group Policy restriction on software: *.xls*.jse HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd HKLM Group Policy restriction on software: *.zip*.exe HKLM Group Policy restriction on software: *.bmp*.js HKLM Group Policy restriction on software: %appdata%\*.com HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js HKLM Group Policy restriction on software: *.docx*.pif HKLM Group Policy restriction on software: *.doc*.js HKLM Group Policy restriction on software: *.divx*.com HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com HKLM Group Policy restriction on software: *.pub*.exe HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe HKLM Group Policy restriction on software: %appdata%\*.jse HKLM Group Policy restriction on software: *.gif*.js HKLM Group Policy restriction on software: *.wav*.js HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif HKLM Group Policy restriction on software: *.pptx*.cmd HKLM Group Policy restriction on software: %allusersprofile%\*.exe HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif HKLM Group Policy restriction on software: *.wav*.cmd HKLM Group Policy restriction on software: *.txt*.cmd HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js HKLM Group Policy restriction on software: *.pdf*.jse HKLM Group Policy restriction on software: *.txt*.exe HKLM Group Policy restriction on software: *.png*.bat HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif HKLM Group Policy restriction on software: *.doc*.bat HKLM Group Policy restriction on software: *.xlsx*.cmd HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com HKLM Group Policy restriction on software: *.docx*.js HKLM Group Policy restriction on software: %appdata%\*.bat HKLM Group Policy restriction on software: *.pub*.bat HKLM Group Policy restriction on software: *.pdf*.scr HKLM Group Policy restriction on software: *.png*.exe HKLM Group Policy restriction on software: *.jpg*.js HKLM Group Policy restriction on software: *.jpg*.com HKLM Group Policy restriction on software: *.rar*.jse HKLM Group Policy restriction on software: *.jpeg*.scr HKLM Group Policy restriction on software: *.gif*.exe HKLM Group Policy restriction on software: %appdata%\*\*.jse HKLM Group Policy restriction on software: %allusersprofile%\*.cmd HKLM Group Policy restriction on software: *.rar*.scr HKLM Group Policy restriction on software: *.ppt*.scr HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif HKLM Group Policy restriction on software: *.pdf*.js HKLM Group Policy restriction on software: *.wav*.jse HKLM Group Policy restriction on software: *.docx*.jse HKLM Group Policy restriction on software: *.wmv*.pif HKLM Group Policy restriction on software: *.7z*.com HKLM Group Policy restriction on software: *.wmv*.jse HKLM Group Policy restriction on software: *.ppt*.bat HKLM Group Policy restriction on software: *.txt*.jse HKLM Group Policy restriction on software: %appdata%\*.scr HKLM Group Policy restriction on software: *.pdf*.exe HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat HKLM Group Policy restriction on software: *.divx*.jse HKLM Group Policy restriction on software: %userprofile%\*.bat HKLM Group Policy restriction on software: *.pdf*.bat HKLM Group Policy restriction on software: %allusersprofile%\*.bat HKLM Group Policy restriction on software: *.mp3*.cmd HKLM Group Policy restriction on software: *.wav*.scr HKLM Group Policy restriction on software: *.gif*.bat HKLM Group Policy restriction on software: *.avi*.bat HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat HKLM Group Policy restriction on software: ** HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com HKLM Group Policy restriction on software: C:\Documents and Settings\*.js HKLM Group Policy restriction on software: *.7z*.exe HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js HKLM Group Policy restriction on software: *.jpeg*.com HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe HKLM Group Policy restriction on software: *.gif*.scr HKLM Group Policy restriction on software: %userprofile%\*.exe HKLM Group Policy restriction on software: *.bmp*.cmd HKLM Group Policy restriction on software: *.rtf*.scr HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse HKLM Group Policy restriction on software: *.7z*.cmd HKLM Group Policy restriction on software: *.jpg*.scr HKLM Group Policy restriction on software: %appdata%\*.exe HKLM Group Policy restriction on software: *.ppt*.jse HKLM Group Policy restriction on software: *.zip*.com HKLM Group Policy restriction on software: *.gif*.com HKLM Group Policy restriction on software: *.rar*.js HKLM Group Policy restriction on software: *.jpg*.bat HKLM Group Policy restriction on software: *.pub*.cmd HKLM Group Policy restriction on software: *.jpg*.jse HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse HKLM Group Policy restriction on software: %appdata%\*\*.exe HKLM Group Policy restriction on software: %appdata%\*\*.cmd HKLM Group Policy restriction on software: *.wma*.pif HKLM Group Policy restriction on software: *.pptx*.pif HKLM Group Policy restriction on software: *.ppt*.cmd HKLM Group Policy restriction on software: *.wav*.exe HKLM Group Policy restriction on software: *.wav*.bat HKLM Group Policy restriction on software: *.jpeg*.js HKLM Group Policy restriction on software: *.zip*.jse HKLM Group Policy restriction on software: *.pdf*.com HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js HKLM Group Policy restriction on software: *.avi*.com HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd HKLM Group Policy restriction on software: *.png*.js HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe HKLM Group Policy restriction on software: *.rtf*.com HKLM Group Policy restriction on software: *.divx*.js HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr HKLM Group Policy restriction on software: *.bmp*.exe HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe HKLM Group Policy restriction on software: *.gif*.jse HKLM Group Policy restriction on software: *.ppt*.com HKLM Group Policy restriction on software: %appdata%\*\*.js HKLM Group Policy restriction on software: *.jpeg*.pif HKLM Group Policy restriction on software: *:\RECYCLER HKLM Group Policy restriction on software: *.bmp*.scr HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe HKLM Group Policy restriction on software: *.7z*.bat HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif HKLM Group Policy restriction on software: *.xlsx*.pif HKLM Group Policy restriction on software: %allusersprofile%\*.scr HKLM Group Policy restriction on software: *.wma*.js HKLM Group Policy restriction on software: *.gif*.pif HKLM Group Policy restriction on software: *.wmv*.bat HKLM Group Policy restriction on software: %appdata%\*\*.bat HKLM Group Policy restriction on software: *.docx*.scr HKLM Group Policy restriction on software: *.avi*.cmd HKLM Group Policy restriction on software: %appdata%\*.cmd HKLM Group Policy restriction on software: *.pub*.jse HKLM Group Policy restriction on software: *.docx*.exe HKLM Group Policy restriction on software: *.mp3*.pif HKLM Group Policy restriction on software: *.7z*.scr HKLM Group Policy restriction on software: *.divx*.bat HKLM Group Policy restriction on software: *.pptx*.jse HKLM Group Policy restriction on software: *.mp3*.scr HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe HKLM Group Policy restriction on software: %userprofile%\*.cmd HKLM Group Policy restriction on software: *.docx*.com HKLM Group Policy restriction on software: *.rar*.cmd HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat HKLM Group Policy restriction on software: *.pptx*.exe HKLM Group Policy restriction on software: *.wmv*.js HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com HKLM Group Policy restriction on software: *.mp4*.com HKLM Group Policy restriction on software: scsvserv.exe HKLM Group Policy restriction on software: *.bmp*.com HKLM Group Policy restriction on software: %userprofile%\*.pif HKLM Group Policy restriction on software: %appdata%\*.js HKLM Group Policy restriction on software: *.wma*.cmd HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse HKLM Group Policy restriction on software: *.mp4*.js HKLM Group Policy restriction on software: *.7z*.pif HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd HKLM Group Policy restriction on software: *.pub*.pif HKLM Group Policy restriction on software: *.avi*.pif HKLM Group Policy restriction on software: *.divx*.exe HKLM Group Policy restriction on software: *.rtf*.bat HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr HKLM Group Policy restriction on software: *.mp4*.scr HKLM Group Policy restriction on software: *.doc*.exe HKLM Group Policy restriction on software: %userprofile%\*.jse HKLM Group Policy restriction on software: %programdata%\*\svchost.exe HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse HKLM Group Policy restriction on software: lsassvrtdbks.exe HKLM Group Policy restriction on software: *.rar*.pif HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse HKLM Group Policy restriction on software: *.wav*.pif HKLM Group Policy restriction on software: *.png*.scr HKLM Group Policy restriction on software: *.jpeg*.bat HKLM Group Policy restriction on software: *.pptx*.com HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd HKLM Group Policy restriction on software: *.jpg*.cmd HKLM Group Policy restriction on software: *.txt*.js HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js HKLM Group Policy restriction on software: *.xls*.com HKLM Group Policy restriction on software: *.zip*.pif HKLM Group Policy restriction on software: *.zip*.cmd HKLM Group Policy restriction on software: *.pptx*.scr HKLM Group Policy restriction on software: %userprofile%\*.scr HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse HKLM Group Policy restriction on software: *.jpeg*.exe HKLM Group Policy restriction on software: vssadmin.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr HKLM Group Policy restriction on software: *.wav*.com HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js HKLM Group Policy restriction on software: *.txt*.bat HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe HKLM Group Policy restriction on software: *.mp4*.jse HKLM Group Policy restriction on software: *.rar*.bat HKLM Group Policy restriction on software: *.pub*.js HKLM Group Policy restriction on software: *.mp3*.jse HKLM Group Policy restriction on software: *.txt*.scr HKLM Group Policy restriction on software: %appdata%\*\*.com HKLM Group Policy restriction on software: *.wmv*.scr HKLM Group Policy restriction on software: *.xlsx*.js HKLM Group Policy restriction on software: *.wmv*.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com HKLM Group Policy restriction on software: *.rtf*.exe HKLM Group Policy restriction on software: *.rtf*.jse HKLM Group Policy restriction on software: %allusersprofile%\*.jse HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif HKLM Group Policy restriction on software: *.docx*.bat HKLM Group Policy restriction on software: *.jpeg*.jse HKLM Group Policy restriction on software: *.wmv*.com HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse HKLM Group Policy restriction on software: *.mp4*.pif HKLM Group Policy restriction on software: *.wma*.scr HKLM Group Policy restriction on software: *.zip*.bat HKLM Group Policy restriction on software: *.xls*.js HKLM Group Policy restriction on software: *.pptx*.bat HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com HKLM Group Policy restriction on software: *.wmv*.cmd HKLM Group Policy restriction on software: *.pdf*.pif HKLM Group Policy restriction on software: *.rtf*.pif HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js HKLM Group Policy restriction on software: *.mp3*.js HKLM Group Policy restriction on software: *.docx*.cmd HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd HKLM Group Policy restriction on software: *.xls*.exe HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat HKLM Group Policy restriction on software: *.jpg*.pif HKLM Group Policy restriction on software: %allusersprofile%\*.js HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com HKLM Group Policy restriction on software: *.mp4*.bat HKLM Group Policy restriction on software: *.avi*.exe HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse HKLM Group Policy restriction on software: *.rtf*.js HKLM Group Policy restriction on software: *.pdf*.cmd HKLM Group Policy restriction on software: %appdata%\*\*.scr HKLM Group Policy restriction on software: *.xlsx*.jse HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe HKLM Group Policy restriction on software: %allusersprofile%\*.pif HKLM Group Policy restriction on software: *.zip*.scr HKLM Group Policy restriction on software: *.avi*.js HKLM Group Policy restriction on software: *.pptx*.js HKLM Group Policy restriction on software: *.avi*.scr HKLM Group Policy restriction on software: cipher.exe HKLM Group Policy restriction on software: *.mp3*.com HKLM Group Policy restriction on software: *.mp4*.cmd HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif HKLM Group Policy restriction on software: *.pub*.com HKLM Group Policy restriction on software: *.rar*.exe Jedna z tych reguł pokrywa się z lokalizacją z której startujesz uTorrent. Nie zgadza mi się tylko komunikat, gdyż on kieruje do reguły "\Dane aplikacji\*\*.exe", a wg raportu FRST uTorrent siedzi w "Moich dokumentach". Są też dwa skróty do niego, ale nie wiem do której ścieżki kierują (brak raportu FRST Shortcut). 2016-05-26 22:23 - 2016-05-26 22:23 - 02530304 _____ (BitTorrent Inc.) C:\Documents and Settings\Kornik\Moje dokumenty\uTorrent.exe 2016-05-26 22:52 - 2014-12-07 16:26 - 00002641 _____ C:\Documents and Settings\Kornik\Pulpit\µTorrent.lnk 2016-05-26 22:52 - 2014-12-07 16:26 - 00002641 _____ C:\Documents and Settings\Kornik\Menu Start\µTorrent.lnk Spróbuj przenieść uTorrent.exe po prostu na Pulpit. Odnośnik do komentarza
Rucek Opublikowano 27 Maja 2016 Zgłoś Udostępnij Opublikowano 27 Maja 2016 A propos uTorrent - wywal to... program ostatnio odwalił jakiś dziwny numer.... Kaspersky zablokował jakieś pliki "uTorrentie" z lokalizacji tymczasowych. Lepszy będzie klient "qBittorrent". Odnośnik do komentarza
Simonkornik Opublikowano 27 Maja 2016 Autor Zgłoś Udostępnij Opublikowano 27 Maja 2016 Dzięki, pomogła zmiana lokalizacji programu. I tak zaszyfrowane pliki mają rozszerzenie crypt, więc pozostaje mi cierpliwie czekać, aż może znajdzie się sposób na ich odkodowanie. Natomiast odnośnie utorrenta, to póki co jest mi potrzebny do odzyskania/"odszyfrowania" części plików, które przez niego pobierałem przed zaszyfrowaniem moich danych, więc póki co, zmienić nie mogę ( na szczęście używam wersji bez jeszcze zaimplementowanego procesu utorrentie). Odnośnik do komentarza
picasso Opublikowano 31 Maja 2016 Zgłoś Udostępnij Opublikowano 31 Maja 2016 Podstawowy zgłoszony problem rozwiązany. Dodatkowe działania: 1. Odinstaluj stare wersje (luki!): Foxit Reader, Gadu-Gadu 7.7, Nowe Gadu-Gadu, Java 6 Update 20, Opera 11.00, Opera 12.17, PeerBlock 1.1 (r518). Uwaga dodatkowa, za niedługo do deinstalacji będzie też Dropbox, aplikacja przestanie działać na XP: KLIK. 2. Skrypt kosmetyczny pod kątem martwych wpisów. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-05-19] () HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe -update pepperplugin CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx SearchScopes: HKU\S-1-5-21-1060284298-1004336348-1177238915-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Kornik^Menu Start^Programy^Autostart^CEF0AD98D4F1B.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Kornik^Menu Start^Programy^Autostart^CEF0AD98D4F1H.lnk DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins C:\Documents and Settings\Kornik\Dane aplikacji\Enigma Software Group C:\Documents and Settings\Kornik\Moje dokumenty\SpyHunter-Installer.exe C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\{547E64BD-D1C6-470D-8CB3-598813043609} C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\pss\CEF0AD98D4F1B.lnkStartup C:\WINDOWS\pss\CEF0AD98D4F1H.lnkStartup C:\WINDOWS\System32\DRIVERS\EsgScanner.sys CMD: del /q C:\*Decryptor*.txt EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt w folderze z którego uruchamiasz FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. Przedstaw ten plik. Nowe skany FRST nie są potrzebne. Odnośnik do komentarza
picasso Opublikowano 20 Grudnia 2016 Zgłoś Udostępnij Opublikowano 20 Grudnia 2016 Nowe wieści: KLIK. Kaspersky złowił określoną pulę kluczy do nowszych wariantów CryptXXX i zaktualizował dekoder RannohDecryptor pod kątem odkodowania wariantów o rozszerzeniach .crypt, .cryp1, .crypz. Niemniej nie ma gwarancji, że pliki da się odkodować. Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się