jessica
-
Postów
4 099 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez jessica
-
-
Do Notatnika wklej:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}"=-
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).CHR RestoreOnStartup: "hxxp://search.gboxapp.com/"Google Chrome przeinstaluj.
Poza tym wygląda już OK.
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRSTW Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
jessi
-
Otwórz Notatnik i wklej w nim:
Task: {CD7C98E5-DB32-480B-92CD-D9E650CB4ADD} - System32\Tasks\bench-Updater removing
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {EA8197F2-6791-4C8C-B50A-B1C7898F1283} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe [2013-11-19] () <==== ATTENTION
Task: {F282717F-6569-4C76-B414-B0E3D69D4DC8} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2013-12-18] () <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_pl_31] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382701688&from=cor&uid=_&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382701688&from=cor&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382701688&from=cor&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382701688&from=cor&uid=_&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=724&r=2013/11/19&hid=1511377463245664931&lg=EN&cc=PL
CHR HomePage: hxxp://google.com/
CHR RestoreOnStartup: "hxxp://search.gboxapp.com/"
CHR StartupUrls: "hxxp://search.gboxapp.com/"
CHR Extension: (YouTuAdBlockker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhkbebpdcohjeldbebgbefmomeadhkl
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2014-01-15]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
C:\ProgramData\HaPPy2Saavei
C:\ProgramData\e3e1e0c40f694456
C:\Program Files (x86)\AllSaver
C:\ProgramData\AllSaver
C:\ProgramData\RRoboSaveR
C:\ProgramData\EnjooyCooupon
C:\ProgramData\ShopDrop
C:\ProgramData\Isaver
C:\Windows\Tasks\bench-Updater removing.job
C:\Windows\Tasks\bench-sys.job
C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job
C:\Users\User\AppData\Roaming\cache.ini
C:\Users\User\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\User\AppData\Local\Temp\Caramava_bs.exe
C:\Users\User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkav6g.dll
C:\Users\User\AppData\Local\Temp\FileZilla_3.7.3_win32-setup.exe
C:\Users\User\AppData\Local\Temp\ICReinstall_WinZip175_mfse_fah.exe
C:\Users\User\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
C:\Users\User\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\setup_fst_pl.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\sonarinst.exe
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\_is5E08.exe
C:\Users\User\AppData\Local\Temp\_is6430.exe
Reboot:
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.Zrób nowe logi z FRST - już bez Shortcut
jessi
-
Użyj AdwCleaner. Najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt
-
Do Notatnika wklej:
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_JAN2013_TB] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12]
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).Kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRSTjessi
-
Otwórz Notatnik i wklej w nim:
MSCONFIG\startupreg: ROC_JAN2013_TB => "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
C:\Program Files\AVG SafeGuard toolbar
C:\Program Files\AVG Secure Search
C:\ProgramData\7tbnwrjfr8z.bxx
C:\Users\Pawel\AppData\Local\Temp\uninst1.exe
Reboot:
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.Zrób nowe logi z FRST.
jessi
-
wróć do mojego poprzedniego postu
-
1) Odinstaluj:
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 17.0.2.13 - AVG Technologies)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.22.0 - Delta) <==== ATTENTION
DoowonloAd keeper (HKLM\...\{C1A27135-69EB-8D44-7358-34727DD7B820}) (Version: 4.0.0.1869 - Download keeper) <==== ATTENTIONOptimizerPro (HKLM\...\OptimizerPro) (Version: 1.0 - BetterSoft) <==== ATTENTION
Search Assistant WebSearch 1.74 (HKLM\...\SP_b0285714) (Version: - ) <==== ATTENTION
SearchNewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 3.3.0.1703 - SearchNewTab) <==== ATTENTION2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt3) Otwórz Notatnik i wklej w nim:
Task: {290440F2-445A-47DC-8D6E-BE1C4D5E68F8} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {4CBC9302-ADEA-41AD-B426-2FA59E8F193D} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {72E243E0-10D8-4227-BAEA-D2ED41333A99} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {AB1F31B5-E0C2-46F2-BAA0-0E2E82799A52} - System32\Tasks\EPUpdater => C:\Users\PAWE~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: C:\windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
C:\ProgramData\BetterSoft\OptimizerPro
C:\Program Files\AVG Secure Search
SCONFIG\startupreg: ROC_JAN2013_TB => "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
C:\Program Files\AVG SafeGuard toolbar
C:\Users\Pawel\AppData\Roaming\wyUpdate AU
C:\Users\Pawel\AppData\Roaming\newnext.me
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=7A950026B6750AEC&affID=119357&tt=110813_Dmntr&tsp=4972
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchere.info/?pid=512&r=2013/10/03&hid=9417325475056879057&lg=EN&cc=PL&unqvl=37
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchere.info/?l=1&q={searchTerms}&pid=512&r=2013/10/03&hid=9417325475056879057&lg=EN&cc=PL&unqvl=37
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\17.0.2.13\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
C:\Program Files\Delta
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.0.2.13\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.2.13
CHR Extension: (AVG SafeGuard) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.2.13\avg.crx
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
C:\ProgramData\2308189059
C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
C:\ProgramData\SearchNewTab
C:\ProgramData\DoowonloAd keeper
:\ProgramData\7tbnwrjfr8z.bxx
C:\ProgramData\7tbnwrjfr8z.fvv
C:\Users\Mama\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6dsbgf.dll
C:\Users\Mama\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Mama\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pawel\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Pawel\AppData\Local\Temp\DTLite4481-0347.exe
C:\Users\Pawel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Pawel\AppData\Local\Temp\ICReinstall_Light Image Resizer 4.5.4.0.exe
C:\Users\Pawel\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Pawel\AppData\Local\Temp\optprosetup.exe
C:\Users\Pawel\AppData\Local\Temp\SHSetup.exe
C:\Users\Pawel\AppData\Local\Temp\SIntf16.dll
C:\Users\Pawel\AppData\Local\Temp\SIntf32.dll
C:\Users\Pawel\AppData\Local\Temp\SIntfNT.dll
C:\Users\Samsung\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Samsung\AppData\Local\Temp\i4jdel0.exe
Reboot:Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.
4) Zrób nowe logi z FRST - już bez Shortcut.
jessi
-
W FRST nie widzę tego.
A swoją drogą to dziwne:
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
Widać, że plik jest.PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
Czyżby zmienna środowiskowa była "uszkodzona"?
To tylko takie moje rozmyślania - nie chcę prowadzić tego tematu, więc nie zagłębiam się w to.
Windows Vista
- Kliknąć prawym przyciskiem myszy na ikonie „Mój komputer”.
- Z menu podręcznego wybrać pozycję „Właściwości”.
- Kliknąć na karcie "Zaawansowane" (lub na łączu „Zaawansowane ustawienia systemu” w przypadku systemu Windows Vista).
- W oknie "Edytowanie" wartość zmiennej PATH: początek tej zmiennej powinien być taki: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem
-
Do Notatnika wklej:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FCCB9CFF-7B76-46F5-A504-F6C1EE5BE0D5}]
"NameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FCCB9CFF-7B76-46F5-A504-F6C1EE5BE0D5}]
"NameServer"="8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"
Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG
Plik uruchom (dwuklik i OK). Zrestartuj komputer.
Jeśli to nie pomoże, to trzeba będzie zresetować router.
Jeśli nie wiesz jak, to skontaktujesz się ze swoim dostawcą internetu.
jessi
-
W ramach rewanżu mogę zaoferować lot szybowcem w zielonej górze bo mam licencję hahahahah
to nawet blisko mnie, ale nie skorzystam
jessi
-
Co do logów (w tym dziale Forum logi nie są potrzebne):
1) Odinstaluj:
"qone8 uninstaller" = qone8 uninstaller
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"Softonic-Polska Toolbar" = Softonic-Polska Toolbar
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar"lollipop_01151447" = Lollipop
2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
DRV:64bit: - [2014-06-16 09:25:32 | 000,046,160 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nethfdrv.sys -- (nethfdrv)
FF - prefs.js..browser.search.defaultenginename: "delta-homes"
FF - prefs.js..browser.search.selectedEngine: "delta-homes"
FF - prefs.js..browser.startup.homepage: "http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374"
FF - prefs.js..extensions.enabledAddons: ext%40TrustMediaViewerV1alpha2522.net:1.1
FF - prefs.js..extensions.enabledAddons: shortcutff%40gmail.com:1.4.0
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_start@gmail.com: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7arsgfi7.default\extensions\quick_start@gmail.com [2014-05-24 23:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\faststartff@gmail.com: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7arsgfi7.default\extensions\faststartff@gmail.com [2014-07-20 15:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\shortcutff@gmail.com: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7arsgfi7.default\extensions\shortcutff@gmail.com [2014-07-11 04:05:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@TrustMediaViewerV1alpha2522.net: C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2522\ff [2014-06-28 22:57:33 | 000,000,000 | ---D | M]
[2014-07-20 15:47:26 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\7arsgfi7.default\extensions\faststartff@gmail.com
[2014-05-24 23:52:57 | 000,000,000 | ---D | M] ("Quick Start") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\7arsgfi7.default\extensions\quick_start@gmail.com
[2014-07-11 04:05:21 | 000,000,000 | ---D | M] ("shortcut") -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\7arsgfi7.default\extensions\shortcutff@gmail.com
[2014-06-22 21:41:02 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013-07-25 18:52:19 | 000,006,545 | ---- | M] () -- C:\Users\1\AppData\Roaming\mozilla\firefox\profiles\7arsgfi7.default\searchplugins\babylon.xml
[2014-06-28 22:57:33 | 000,000,000 | ---D | M] (Trust Media Viewer) -- C:\PROGRAM FILES (X86)\TRUSTMEDIAVIEWERV1\TRUSTMEDIAVIEWERV1ALPHA2522\FF
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (ST-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (no name) - {a3a8ba13-8b56-46e6-8bc6-2746089b6cb2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ST-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.6\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ST-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files (x86)\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [fst_pl_31] File not found
O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Clownfish] File not found
O4 - HKCU..\Run: [NextLive] C:\Users\1\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.51.2)
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[2014-07-30 00:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2014-06-16 09:25:16 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014-06-16 09:25:06 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\installd.exe
[2014-06-16 09:24:56 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014-06-16 09:24:46 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\hfnapi.dll
[2014-06-16 09:24:36 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\hfpapi.dll
@Alternate Data Stream - 24 bytes -> C:\Windows:A00E4BBCA1EC6610
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402600866&from=wpm0612&uid=SAMSUNGXHD103SJ_S246J90B171374&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402600866&from=wpm0612&uid=SAMSUNGXHD103SJ_S246J90B171374&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files (x86)\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1396984929&from=smt&uid=SAMSUNGXHD103SJ_S246J90B171374
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt.Te zalecenia nie mają oczywiście żadnego związku z tym problemem:
gdy próbuję otworzyc jakis plik,zdjecie,mój komputer wyswietla sie komunikat "system windows nie moze uzyskac dostepu do okreslonego urzadzenia, sciezki lub pliku.
Możesz nie miec odpowiednich uprawnień, aby uzyskać dostęp do elementu."
to zostawiam dla fachowców z tego działu Forum.
jessi
-
interent dziala bo skype jest uruchomiony.
Skype łączy się chyba inaczej niż przeglądarki.
Nie widzę tu żadnej infekcji.
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
[2014-08-04 19:58:21 | 000,000,000 | ---D | M] -- C:\Users\Basienka\AppData\Roaming\Astromenda
[2014-08-04 19:58:21 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Astromenda.job
O4 - HKU\S-1-5-21-4020199023-2767647960-1379107885-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O3 - HKU\S-1-5-21-4020199023-2767647960-1379107885-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2014-08-04 19:58:13 | 000,002,809 | ---- | M] () -- C:\Users\Basienka\AppData\Roaming\mozilla\firefox\profiles\kr90fwvi.default\searchplugins\Astromenda.xml
FF - prefs.js..browser.search.defaultenginename: "Astromenda"
FF - prefs.js..browser.search.selectedEngine: "Astromenda"
:Reg
[-HKEY_USERS\S-1-5-21-4020199023-2767647960-1379107885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-4020199023-2767647960-1379107885-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt.
jessi
-
OK, Rejestr naprawiony.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
SystemLook - usuń ręcznie.
jessi
-
Skoro jest już OK, to:
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
jessi
-
gdy wyłączę przeglądarkę advancedSystemCare pokazuje mi komunikat o tym ,że coś chce zmienić moją stronę domową lecz blokuję tą akcję
Ja w logu OTL jakoś tego nie widzę.
jessi
-
zaraz, muszę pomyśleć - dwie usługi nie zostały odbudowane ...
1) Do Notatnika wklej:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"DisplayName"="@%SystemRoot%\\System32\\polstore.dll,-5010"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,\
73,00,74,00,72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Description"="@%SystemRoot%\\system32\\polstore.dll,-5011"
"ObjectName"="NT Authority\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,62,00,66,00,65,00,\
00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\
72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,73,00,65,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SpdServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\TriggerInfo\0]
"Type"=dword:00000004
"Action"=dword:00000001
"GUID"=hex:07,9e,56,b7,21,84,e0,4e,ad,10,86,91,5a,fd,ad,09
"Data0"=hex:52,00,50,00,43,00,00,00,54,00,43,00,50,00,00,00,25,00,77,00,69,00,\
6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,\
00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,\
65,00,00,00,70,00,6f,00,6c,00,69,00,63,00,79,00,61,00,67,00,65,00,6e,00,74,\
00,00,00,00,00
"DataType0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess]
"DisplayName"="@%Systemroot%\\system32\\mprdim.dll,-200"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\mprdim.dll,-201"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000004
"Type"=dword:00000020
"DependOnGroup"=hex(7):4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,00,00
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,42,00,66,00,65,00,\
00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,48,00,74,00,74,00,70,00,00,\
00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,\
00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ConfigurationFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting]
"AccountSessionIdStart"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers]
"ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-202"
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"ConfigClsid"=""
"DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-203"
"ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers]
"ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-201"
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"ConfigClsid"=""
"DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-200"
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\DemandDialManager]
"DllPath"="%SystemRoot%\\System32\\mprddm.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces]
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0]
"InterfaceName"="Loopback"
"Type"=dword:00000005
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1]
"InterfaceName"="Internal"
"Type"=dword:00000004
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2]
"InterfaceName"="{B19FFBDD-2DE4-4C89-9F2C-FF5C2D8D0738}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3]
"InterfaceName"="{B478FC25-3362-46FA-B72C-544C7BA9D67A}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4]
"InterfaceName"="{0AFFAC03-E9FA-405A-A377-004F0A1883CE}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5]
"InterfaceName"="{C25CA7FB-D708-4E29-9BDC-02FFB2C1B9CF}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6]
"InterfaceName"="{5DBCA5BB-25FF-48A6-BBB0-DFC74866B9ED}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7]
"InterfaceName"="{4D94550A-CD2C-417A-B885-2F7F9FECAA16}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8]
"InterfaceName"="{8F550093-CC2D-4998-9EFE-2E9884E96AD7}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8\Ipv6]
"ProtocolId"=dword:00000057
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters]
"ServiceDLL"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,72,00,64,00,69,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"QuarantineInstalled"=dword:00000001
"LoggingFlags"=dword:00000002
"ServerFlags"=dword:00802602
"ServiceDllUnloadOnStop"=dword:00000001
"Stamp"=dword:00000000
"UsersConfigured"=dword:00000000
"RouterType"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\AccountLockout]
"MaxDenials"=dword:00000000
"ResetTime (mins)"=dword:00000b40
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\IKEV2]
"idleTimeout"=dword:0000012c
"networkBlackoutTime"=dword:00000708
"saLifeTime"=dword:00007080
"saDataSize"=dword:00019000
"ConfigOptions"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Ip]
"AllowClientIpAddresses"=dword:00000000
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000001
"EnableRoute"=dword:00000001
"IpAddress"="0.0.0.0"
"IpMask"="0.0.0.0"
"UseDhcpAddressing"=dword:00000001
"EnableNetbtBcastFwd"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Ipv6]
"AdvertiseDefaultRoute"=dword:00000001
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000000
"EnableRoute"=dword:00000001
"UseDhcpAddressing"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Nbf]
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Performance]
"Library"="rasctrs.dll"
"Open"="OpenRasPerformanceData"
"Close"="CloseRasPerformanceData"
"Collect"="CollectRasPerformanceData"
"InstallType"=dword:00000001
"PerfIniFile"="rasctrs.ini"
"First Counter"=dword:000007fe
"Last Counter"=dword:00000824
"First Help"=dword:000007ff
"Last Help"=dword:00000825
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy]
"Allow LM Authentication"=dword:00000000
"ProductDir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
49,00,41,00,53,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\01]
@="IAS.ProxyPolicyEnforcer"
"Requests"="0 1 2"
"Responses"="0 1 2 3 4"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\02]
@="IAS.Realm"
"Providers"="1"
"Requests"="0 1"
"Responses"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\03]
@="IAS.Realm"
"Requests"="0 1"
"Responses"="0"
"Providers"="0 2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\04]
@="IAS.NTSamNames"
"Providers"="1"
"Responses"="0"
"Requests"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\05]
@="IAS.CRPBasedEAP"
"Providers"="1"
"Requests"="0 2"
"Responses"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\06]
@="IAS.Realm"
"Providers"="1"
"Requests"="0"
"Responses"="0"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\07]
@="IAS.NTSamNames"
"Providers"="1"
"Requests"="0"
"Responses"="0"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\08]
@="IAS.MachineNameMapper"
"Providers"="1"
"Requests"="0"
"Responses"="0"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\09]
@="IAS.BaseCampHost"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\10]
@="IAS.RadiusProxy"
"Providers"="2"
"Responses"="0"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\11]
@="IAS.ExternalAuthNames"
"Providers"="2"
"Requests"="0"
"Responses"="1"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\12]
@="IAS.NTSamAuthentication"
"Requests"="0"
"Responses"="0 1 2"
"Providers"="1"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\13]
@="IAS.UserAccountValidation"
"Providers"="1 3"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
"Reasons"="33"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\14]
@="IAS.MachineAccountValidation"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\15]
@="IAS.EAPIdentity"
"Providers"="1"
"Requests"="0"
"Replays"="0"
"Responses"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\16]
@="IAS.QuarantineEvaluator"
"Providers"="1"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\17]
@="IAS.PolicyEnforcer"
"Providers"="1 3"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
"Reasons"="33"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\18]
@="IAS.NTSamPerUser"
"Providers"="1 3"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
"Reasons"="33"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\19]
@="IAS.URHandler"
"Providers"="1 3"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
"Reasons"="33"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\20]
@="IAS.RAPBasedEAP"
"Providers"="1"
"Requests"="0 2"
"Replays"="0"
"Responses"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\21]
@="IAS.PostEapRestrictions"
"Providers"="0 1 3"
"Requests"="0"
"Replays"="0"
"Responses"="0 1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\22]
@="IAS.PostQuarantineEvaluator"
"Providers"="1"
"Requests"="0"
"Replays"="0"
"Responses"="1 2 5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\23]
@="IAS.ChangePassword"
"Providers"="1"
"Requests"="0"
"Replays"="0"
"Responses"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\24]
@="IAS.AuthorizationHost"
"Replays"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\25]
@="IAS.EAPTerminator"
"Providers"="0 1"
"Requests"="0 2"
"Replays"="0"
"Responses"="1 2 3 5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\26]
@="IAS.DatabaseAccounting"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\27]
@="IAS.Accounting"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\28]
@="IAS.MSChapErrorReporter"
"Providers"="0 1 3"
"Requests"="0"
"Replays"="0"
"Responses"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers]
"Stamp"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers\Ip]
"ProtocolId"=dword:00000021
"GlobalInfo"=hex:01,00,00,00,78,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\
01,00,00,00,30,00,00,00,06,00,ff,ff,34,00,00,00,01,00,00,00,38,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,00,01,00,00,00,03,00,\
00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\
00,07,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers\Ipv6]
"ProtocolId"=dword:00000057
"GlobalInfo"=hex:01,00,00,00,78,00,00,00,02,00,00,00,0f,00,ff,ff,08,00,00,00,\
01,00,00,00,30,00,00,00,06,00,ff,ff,34,00,00,00,01,00,00,00,38,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,00,01,00,00,00,16,27,\
00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,00,07,00,00,00,03,00,00,\
00,0a,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00002]
"AddressSize"=dword:00000004
"MaxChangeNotifyRegistrations"=dword:00000010
"MaxHandlesReturnedInEnum"=dword:00000019
"MaxNextHopsInRoute"=dword:00000003
"MaxOpaqueInfoPointers"=dword:00000005
"ViewsSupported"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00023]
"AddressSize"=dword:00000010
"MaxChangeNotifyRegistrations"=dword:00000010
"MaxHandlesReturnedInEnum"=dword:00000019
"MaxNextHopsInRoute"=dword:00000003
"MaxOpaqueInfoPointers"=dword:00000005
"ViewsSupported"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Security]
"Security"=hex:01,00,04,80,5c,00,00,00,68,00,00,00,00,00,00,00,14,00,00,00,02,\
00,48,00,03,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
z prawokliku na plik Scal i potwierdź import do rejestru.
2) Pobierz narzędzie SetACL, (SetACL.3.06
z folderu Commandline version wypakuj wersję dopasowaną do systemu (x86 = 32-bit, x64 = 64-bit) i umieść w katalogu C:\Windows.
W Notatniku wklej poniższą treść i zapisz plik pod nazwą fix.txt. Plik umieść bezpośrednio na C:\."machine\SYSTEM\CurrentControlSet\Services\PolicyAgent",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters\Cache",4,"O:BAD:PAI(A;OICI;CCDCLCSWRPRC;;;S-1-5-80-3044542841-3639452079-4096941652-1606687743-1256249853)" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\TriggerInfo",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\TriggerInfo\0",4,"O:BA"
START > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:
SetACL -on "HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent" -ot reg -actn restore -bckp C:\fix.txt3) W Notatniku wklej poniższą treść i zapisz plik pod nazwą fix.txt. Plik umieść bezpośrednio na C:\.
"machine\SYSTEM\CurrentControlSet\Services\RemoteAccess",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IKEV2",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipv6",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\15",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\16",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\17",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\18",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\19",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\20",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\21",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\22",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\23",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\24",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\25",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\26",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\27",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\28",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00002",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00023",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Security",4,"O:BA"
START > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:
SetACL -on "HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess" -ot reg -actn restore -bckp C:\fix.txt
4) Zrestartuj komputer.
5) Zrób nowy log z FSS
jessi
-
Ja skryptów pisać nie potrafię, przepraszam że tak męczę no ale ... mogę prosić o napisanie tego skryptu?
Skrypt podałam w poście nr 4 (punkt nr 2)
jessi
-
Infekcja ZeroAcces zniszczyła usługi Systemowe.
1) Pobierz >>ESET ServicesRepair
Kliknij prawym na pliku ServicesRepair i wybierz Uruchom jako administrator.2) Zrób nowy log z FSS.
jessi
-
jak odinstalować tego browser protectora tak łopatologicznie poproszę bo jestem taki bardzo słabo zaawansowany w CCleaner nie ma tego i dodaj usuń też nie.
Dziwne, że nie ma go w dodaj/usuń, bo figuruje na liście Twoich programów.
W każdym bądź razie wykonaj to ze Skryptem.
jessi
-
OTL nie potrafi pokazać rozszerzeń w Comodo Dragon, wiec tu nie ma czego szukać.
Na pokazanym obrazku widzę po prawej KOSZ - kliknij na niego; to powinno usuną te rozszerzenie.
jessi
-
1) Odinstaluj:
Browsers Protector (HKLM\...\Browsers Protector) (Version: 1.0.0.0 - Publisher Name) <==== ATTENTION
(jeśli pojawi się pytanie: "czy tylko usunąć z listy" - to zgódź się)
2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
[2012/05/06 16:58:39 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{ec33fa85-a9a7-3893-31d6-35aacbe8e69f}
O2 - BHO: (AllTubeaNoAds) - {AB608946-D5ED-0C64-1ACA-8F658686E2C9} - C:\ProgramData\AllTubeaNoAds\qw1.dll File not found
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-2744727062-2866847131-1637843027-1011\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
:Commands
[emptytemp]Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
=============================================================
I mam jeszcze taki problem po resecie routera nie mogę podłączyć się do internetu na NetBooku za każdą próbą dostaję komunikat: "System Windows nie mógł nawiązać połączenia z siecią (nazwa)"Podaj link, gdzie była udzielana pomoc - może był jakiś błąd w usuwaniach?
jessi
-
Czy warto używać programu SpyHunter 4?
Zanalazł 40 błędów, ale po zapoznaniu się z opiniami na temat tego programu mam wątpliwości czy należy z niego korzystać.
Opinia @Picasso:
SpyHunter, to wątpliwy skaner stosujący wredną formę reklamy naciskającą na instalację, a po niej okazuje się, że usuwanie jest płatne.Odinstaluj go.
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTLSRV:64bit: - [2014-01-09 08:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
DRV:64bit: - [2014-01-07 04:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-3484592011-385650997-741581504-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {2F298EB5-D8E9-84A1-15BA-9D3E88446552} - No CLSID value found.
O2:64bit: - BHO: (Reg Error: Value error.) - {52906AFD-B5BF-3EAD-F366-D520963DF2EF} - C:\Program Files (x86)\NextCCoup\Twc4ij7.x64.dll File not found
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Adblocker) - {2F298EB5-D8E9-84A1-15BA-9D3E88446552} - C:\Program Files (x86)\Adblocker\uIC3N2eq.dll File not found
O2 - BHO: (Reg Error: Value error.) - {52906AFD-B5BF-3EAD-F366-D520963DF2EF} - C:\Program Files (x86)\NextCCoup\Twc4ij7.dll File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3484592011-385650997-741581504-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoEmpire.bat ()
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
[2014-08-06 23:43:24 | 000,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014-08-06 23:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014-08-02 00:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\97c20d6c2baff476
[2014-08-02 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Local\Packages
[2014-08-06 23:43:25 | 000,002,258 | ---- | C] () -- C:\Users\Tomek\Desktop\SpyHunter.lnk
:Files
C:\Program Files (x86)\NextCCoup
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-3484592011-385650997-741581504-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
Czy problem zniknął?
jessi
-
Nie wiesz czemu Gmer nie chciał chodzić?
Nie wiem, nie widzę żadnych przeszkód, by działał.
Gmer to chimeryczne narzędzie, , różnie działa (lub nie).
A powolny start systemu,i mala z wiecha przytarcie systemu.Jest coś aby zrobić selekcje i osunąć z auto startu coś.
Chyba jest, ale ja się takimi sprawami nie zajmuję.
jessi
-
Kończymy:
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRSTFSS - usuń ręcznie.
Fix.Reg - usuń ręcznie.
jessi
Użycie procesora 100% - Pomocy!
w Hardware
Opublikowano
Przecież już Ci zaleciłam, gdzie masz napisać temat, skoro to problem sprzętowy.
a to potwierdzenie, że to wina sprzętu.
jessi