Witam, mam ten sam problem co reszta z zaszyfrowanymi plikami.
Przepraszam że skan nie jest na wklej.pl ale z jakiś przyczyn nie mogę wpisać kodu captcha
http://www.wklejto.pl/261630
Atis
25 Wrzesień 2016 23:57
#2
Masz pokazać trzy logi i żeby były ukośniki w ścieżkach.
Odinstaluj Spybot - Search & Destroy 2.
http://wklej.to/
http://wklej.to/LuLte FRST
http://wklej.to/0dpRx Addition
http://wklej.to/k87Sk Shortcut
Jako ciekawostka dodam że zablokowało wszystkie zdjecia robione telefonem na androidzie, natomiast folder w którym mialem dawno temu zrobione zdjecia telefonem z WP zostały nie tknięte.
Atis
26 Wrzesień 2016 06:53
#4
Odinstaluj McAfee SiteAdvisor.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-1327530391-1672669331-960508864-1001…\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1327530391-1672669331-960508864-1001…\Run: [{5DE67937-45D5-45E4-923C-0B7F7EC929A7}] => C:\Users\Bartek\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014 (2).exe [30993712 2016-04-15] (Riot Games) HKU\S-1-5-21-1327530391-1672669331-960508864-1001…\RunOnce: [Uninstall C:\Users\Bartek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Bartek\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64” ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction ? <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION Toolbar: HKU\S-1-5-21-1327530391-1672669331-960508864-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM…\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32…\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx S2 0307191474839670mcinstcleanup; C:\Users\Bartek\AppData\Local\Temp\030719~1.EXE [883024 2016-09-25] (McAfee, Inc.) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit) S2 ZAMSvc; “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /service [X] S2 ZAMSvc; “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /service [X] S1 ZAM; ??\C:\WINDOWS\System32\drivers\zam64.sys [X] 2016-09-25 23:39 - 2016-09-25 23:39 - 01244848 _____ ( ) C:\Users\Bartek\Downloads\Odkurzacz-12322-dp.exe 2016-09-24 12:58 - 2016-09-25 23:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-09-24 01:34 - 2016-09-24 01:35 - 00000328 _____ C:\Users\Bartek\Downloads\Files encrypted.txt 2016-09-24 01:34 - 2016-09-24 01:34 - 00000328 _____ C:\Users\Bartek\Documents\Files encrypted.txt 2016-09-24 01:27 - 2016-09-24 01:27 - 00000020 _____ C:\Users\Bartek\Documents\uid.txt 2016-09-24 01:27 - 2016-09-24 01:27 - 00000020 _____ C:\Users\Bartek\AppData\Roaming\uid.txt 2016-09-24 08:41 - 2016-04-13 23:56 - 00000000 ____D C:\AdwCleaner 2016-04-13 22:59 - 2016-04-13 22:59 - 6504960 _____ () C:\Users\Bartek\AppData\Roaming\agent.dat 2016-04-13 23:05 - 2016-04-13 23:05 - 0005120 _____ () C:\Users\Bartek\AppData\Roaming\GiftBag.db 2016-04-13 22:58 - 2016-04-13 22:58 - 0127488 _____ () C:\Users\Bartek\AppData\Roaming\Installer.dat 2016-04-13 22:59 - 2016-04-13 22:59 - 0018432 _____ () C:\Users\Bartek\AppData\Roaming\Main.dat 2016-02-24 00:15 - 2016-03-24 14:10 - 1065984 _____ () C:\Users\Bartek\AppData\Local\file__0.localstorage CustomCLSID: HKU\S-1-5-21-1327530391-1672669331-960508864-1001_Classes\CLSID{3F001453-97D8-C311-7910-E15BFE1B6772}\InprocServer32 -> C:\ProgramData\Package Cache{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.xml () CustomCLSID: HKU\S-1-5-21-1327530391-1672669331-960508864-1001_Classes\CLSID{4EB99DBC-E0FA-620C-25AD-368E53DB423D}\InprocServer32 -> C:\Users\Bartek\AppData\Roaming\Macromedia\Flash Player#Security\FlashPlayerTrust\Adobe Illustrator19Trust_64.nls () CustomCLSID: HKU\S-1-5-21-1327530391-1672669331-960508864-1001_Classes\CLSID{A1CC3FF6-3F92-9DEA-8CD1-366CCE77DEA9}\InprocServer32 -> C:\ProgramData\Intel\SUR\IDUU\AppData\appdata-iduu.nls () CustomCLSID: HKU\S-1-5-21-1327530391-1672669331-960508864-1001_Classes\CLSID{FAA6F39A-A7A4-74B0-1815-A47503E2E076}\InprocServer32 -> C:\Users\Bartek\AppData\Roaming\Adobe\Adobe Illustrator 19 Settings\en_US\x64\DB_CrashRecovery.txt () Task: {005B8DCB-E86F-47A2-A81F-44FDD77C1DC1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {3330890C-9666-4616-A8F7-B4F3D1829C6C} - \Reimage Reminder -> No File <==== ATTENTION Task: {3C379E37-2CDB-4422-880C-181AE7A2C1EF} - System32\Tasks\InstallShield Update Service => C:\Users\Bartek\AppData\Local\PeerDistRepub\ISSCH\issch.exe Task: {7336ECB3-B6D3-4EC4-AF2D-449624EB892B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {770DF9B1-9C20-4B21-BE1E-2B604D2B60AC} - System32\Tasks\BartekWarlikeYabberV2 => Rundll32.exe PremierVoile.dll,main 7 1 <==== ATTENTION Task: {99790D84-D21B-4DF7-9CF5-D379FB3B1F2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {A0E52B4A-213B-461C-AE8F-B8BE9B2504E8} - \ReimageUpdater -> No File <==== ATTENTION Hosts: EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
FRST
http://wklej.to/P3e4G
fixlog
http://wklej.to/mGS1T
Z góry dziękuję za sprawdzenie