Skocz do zawartości

Przy uruchamianiu systemu wyłącza menadżer zadań i Eset blokuje jakiś dziwny adres


Rekomendowane odpowiedzi

Przy każdym uruchamianiu komputera mam zablokowany menadżer zadań, ten dostępny z menu na pasku i ten pod ALT+CTRL+DEL. Zainstalowałem TrojanRemovera i krzyczy mi przy skanowaniu, że właśnie jest coś ustawione z politykach rejestru, że ma go wyłączać, po skanowaniu odblokowuje mi menadżer.  Dodatkowo Eset co uruchomienie blokuje mi jakiś dziwny adres jt.crabdance.com\comreg.txt. Przejrzałem autostarty i nic nie mogę znaleźć, wiem, że to moja wina, bo instalowałem jakiś badziew z torrentów. W miarę możliwości proszę o pomoc.

Addition.txt FRST.txt Shortcut.txt

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Nie widzę tu żadnej infekcji.

 

Uruchom FRST. 
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym

Spoiler

START::
HKU\S-1-5-19\...\Policies\system: [] 
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: [] 
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-2737232935-218490253-4012713160-1001\...\Policies\system: [] 
HKU\S-1-5-21-2737232935-218490253-4012713160-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Policies\system: [] 
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
EmptyEventLogs: 
FirewallRules: [{F554D1A2-8716-4ABC-8F8F-7B08C9A94C96}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084.exe => Brak pliku
FirewallRules: [{38BA87D3-8A72-4F47-B349-9068AE4863A9}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084.exe => Brak pliku
FirewallRules: [{D47463E2-18A9-4D7E-8659-90163BB0329B}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084 (1).exe => Brak pliku
FirewallRules: [{6F88EE3C-F6C8-40D7-81A2-AA4C31050C16}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084 (1).exe => Brak pliku
FirewallRules: [{E08E7CBF-F785-4604-AF98-4B3B40056569}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084.exe => Brak pliku
FirewallRules: [{85EE72D6-61C3-4C1F-A661-808CB0CBB07A}] => (Allow) C:\Users\Biuro\Downloads\AeroAdmin_616768926084.exe => Brak pliku
FirewallRules: [UDP Query User{251C7899-6F1C-4BF6-AA44-1B11E585261E}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe => Brak pliku
FirewallRules: [TCP Query User{FEFF538E-45D9-4812-B9C2-FF76CE387690}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe => Brak pliku
FirewallRules: [UDP Query User{61450169-87FE-494A-A499-1A487684DFE4}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe => Brak pliku
FirewallRules: [TCP Query User{B896B489-6B7F-4F35-817B-B4EC18B33C50}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe => Brak pliku
FirewallRules: [{ED493ABA-60ED-4FDF-8837-539DBF536499}] => (Allow) C:\Users\Biuro\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku
FirewallRules: [{834830C3-B9C8-454A-978B-C954D6441A0D}] => (Allow) C:\Users\Biuro\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku
FirewallRules: [{CFB09E16-A753-42D4-A03E-201EA4FA8241}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => Brak pliku
FirewallRules: [{42647F88-7517-4535-8DC1-CE1E75296DB4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => Brak pliku
FirewallRules: [{8C42FB7C-ABF2-4F32-BB49-8B976750F3FB}] => (Block) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe => Brak pliku
FirewallRules: [{DA6DB4A3-464D-40BE-9050-CE6720FDAC5A}] => (Allow) C:\WINDOWS\SysWOW64\wscript.exe
FirewallRules: [{76D0BEDF-82E4-47CB-AC08-CC8F683CA9EE}] => (Allow) C:\WINDOWS\SysWOW64\wscript.exe
FirewallRules: [{F14D96B3-22A1-483E-A04E-32FDC9E89DD5}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{1655C731-C4A1-4D21-93C1-88F9EC151C07}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{0BC23F8C-ED92-4792-AF7A-F55B1C713F7C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{3FF895AA-D205-419A-BE0C-2566A6066D03}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FFC6859C-E813-4065-B603-CB30CBF914CD}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{7D69B465-CE3E-4C42-BC4C-D8AA20AF991D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{9516FA39-24CF-44A6-BDAD-76BD06383F65}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{8936013E-1809-4ACE-9E02-074C6FD3CB62}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{5AF3F212-C443-4A9B-8AF1-CAE49AB318D1}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{5C8AAC57-C89E-4B4B-9B28-70CB8D718636}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{AC3507A0-50C2-44FA-B65A-9DE71CCCDDEE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E2797E26-0B42-46FF-A038-65EE09ADBD3D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{4C203D41-6C0F-4F9F-967D-CF3C68E421DC}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{5B19CC47-FB5C-4F9B-8825-EA4FB31CDD48}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{480E7F30-87FD-48CC-982F-C6D5EC2DD718}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{37B2A245-F06B-4DAF-B7F1-3A17A3F04851}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{11AAFD96-F5F4-44A4-9765-D39FDB69B37D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{4213E777-5A6D-4E6B-80CD-D6EBAE201ED2}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{062F0E8D-16A2-4722-9682-3FA993FDA319}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{F422EA77-B64D-41B4-BDE4-91326883433B}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{F82A7658-04BA-4205-825D-5FC67B5C9362}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FE371CDD-BFDC-43DC-8C34-5F161B207569}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{2333B98E-8FE5-47E2-B6FD-A8B9A362161A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{7A7B918F-D2D6-4785-9A7F-B2C437BED579}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{F4030871-E7AB-413A-AED8-5ACF2FA2A868}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{70EF6AEA-0178-47D4-9674-0B2826639D3D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{63BFB4D0-C87D-4449-BD83-7A7759F43A49}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{449549BA-45F7-4794-96F7-37B6B4295CDE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E84A2C9E-7A76-4046-AFEA-F783789C5EFD}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{EACA4FC8-81A3-4FA5-A46B-615EE2E2F0D9}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E64A116D-B8A4-4862-A8F2-00605CC20390}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{93EC5DE0-23BA-413C-B10D-35B99ED63D9D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{44F0F64C-BD80-458D-A039-971B7B2CABF8}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{200E298B-3D47-4478-BD63-96A299186CFE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{56709463-E18F-4738-9C02-D3F292C83C3A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CB0BD94F-E175-42DD-BCC8-359E04900783}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{1617CE4F-5E58-4D6C-BF5D-6E9AF5B40D63}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{62F0D83B-3EBB-4771-8827-28D22555F3AF}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{1A3E3FF6-3710-41E5-AAF9-69E2E8E905F4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{98B40A7B-C4F7-4144-A0D6-B75220DB092F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{9AA8C231-DAC4-4903-BCBF-B47CEFEB4C36}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{C0FE80BB-0331-4405-A564-E3FA879420DB}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{EAAE7E32-C6C7-4CFF-98E8-F2FBB536C95E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{86CDA1B3-183B-4489-98ED-88FD83C7AD51}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{93DFDDBA-A6CD-42BC-BB06-A271178F35D1}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{F20E51F4-0C17-4F70-8D28-3F50322F2ECE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FCE61E54-D759-45A6-8BDF-88440B3BA5A9}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E0F87E6F-0B5C-4E25-86EB-F50D0F665DAC}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{05C1D9F6-B5E8-4277-A7E8-EEE3270E51B4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{0617D638-933B-41BE-9411-20A91CE81D12}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{C0B787BD-891D-49E0-93A1-1AC6D1CB66F8}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{8778E191-6AD7-4C6B-B506-62DC48937A21}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{30C1E9D2-1F57-4CAD-A2D9-BB6FA0EDE763}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{626D051F-D143-4834-B080-75AFAF1A20AF}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{50B60214-7C46-4952-AABC-3FD7E06DC5F4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{F2676EEF-F55C-4DAF-A105-4F406F04917F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{064643F0-C1C5-46AD-9D73-4A6B224E4FE4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FF798977-49D3-4E66-B3A7-C29926D3BE1B}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{90E67D66-1F1D-421B-A863-D00B5702849C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{AEB799A5-D17C-427A-BFBA-BBDE9D3FDBC9}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{63919314-38C7-473F-A472-D081591FECB9}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{DA7262F6-69FA-4EFF-8DBB-A0E5B11A6430}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{48F1BF99-2397-4991-B374-8C004D259596}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{66AA036D-F9C1-4EB0-97ED-EA11DAC070AA}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{B1143427-D9C1-4BEB-9F3A-B3729C8D613F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{BAD49AEC-772E-49F4-ABFD-050FF1DB7D36}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{59A9883C-F266-4D79-B894-7F5AE5345C8A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{54913EF0-6ECB-4E7C-92BC-36EB41FAF164}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{0222909A-965A-407A-8B8D-7F2AEBB295AB}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{7761BDD3-C6CD-4DF0-A4A0-207A35F32D44}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{48008FA7-E008-4504-930B-530C47E85292}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{2FA25775-2788-4863-8DFB-1893E14C3EFA}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{6C5E24F8-AF66-4C4E-A686-FFE26926B31A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E68CF726-D15D-4C01-8F18-511BAD1BB39D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{95D590E3-3E67-433B-828F-898CBBEF647E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{3B21B82C-5BE2-4C79-8CAE-33181D9F1C2F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{9887CBF9-4E87-4770-8074-8D4BDA9E943A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{07DA6308-6C99-4DBC-B89E-78E656680E28}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{23CD6026-6870-41AD-A5B2-930224896BF5}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CE605106-0D9C-4605-8ACD-01E657598407}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{41187563-5513-4E75-94D0-1D1B2D57DD0F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{56549E73-14DB-418B-9FFC-A6B17F0AA19E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{38858087-D2F4-449D-9D0B-C1A4DEEA56F8}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{7AF935E0-4E70-44ED-B5AD-2330318C979B}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{030D0B33-F499-4A2B-AF02-DC47D41D49EA}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CC678969-763C-4E07-9BCB-CCBB29B9AA4F}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{511C21DB-0CA1-4A63-9FDD-97BD29AE1AAC}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E303FD22-1F90-463F-AF5D-6F3A9E2C155C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{33EB964A-9F18-477B-B505-AD31D03FF106}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{13129A3B-D6B6-4BCE-B583-A053A3B7D73A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{5F79757C-D248-4D83-A880-7EA4459D3482}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{C16FB201-BD4A-4087-B582-ECFBE844B441}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E90318AE-3092-407E-800C-3E48EE83F4D0}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{1DEB35C5-33F0-434A-A862-5C8D395E8AF0}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{9C716677-4CCB-4477-B9C1-80BFFA128DDE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{32232FE8-EC69-4647-96D0-807B697103F4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{95FB538B-6AC0-405C-9389-9FEACAE10181}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CAF8B1F1-FB8C-4831-B93E-2E4197357F6E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{B55043C1-5761-40EC-B5BD-219325BAE835}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CABD83FC-672A-419A-B115-8915535DFF9C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{262699AC-6079-45BF-94D9-D191AB003E72}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{0D35A95A-342A-4679-B2D8-CA6C16E9E759}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{64B907BF-D8C1-4121-A99B-96CD143A8F8D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{CCA323AC-05FD-4DE1-A331-4299F2F433B0}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{70BBA849-8D02-465B-8AD7-70334834F0EC}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{406B58D3-9C7B-4E6C-9B82-AA4A2C7BED82}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{DCD3349E-5625-42C0-98B6-CC0EB54F9DBE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{EB3B199D-E8B4-4076-B422-9C645D2C5858}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{DAD7E1D3-9983-4C5A-845D-088C5CA5BFFE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{AE15234A-6E0D-4399-A837-84747497CAC3}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{49C2654F-812E-4BAF-9BFD-49B05B08159C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{98BCC970-A263-4730-A993-6CF304D8D14A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FD266669-982C-4FEC-BA7A-64B4C27F03F5}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E16E47B1-2431-4390-BB66-3FE4E782E7CB}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{25FA537C-BA81-4772-9AF0-F6433190ED0A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{3DEE726C-57E1-4833-BEB4-4465A31ADFEC}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{A569E5DD-A418-4516-B30A-956D2B759BBB}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{8859E461-9D02-424D-841A-CB6A17AAF88B}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{B3445D8C-938E-4F75-8ADE-7F84AF36B7D9}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{A3ED0063-5E51-4817-8E99-E3C739BC5C6E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{55425F6D-A2D7-4F4D-9A6A-75A7445E6A39}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{354E803F-3867-4B95-A12D-5C63BD7816D5}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{6B08EA8F-428B-457A-BD60-6A100589E87D}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{A419AC82-E4BC-4161-879C-91B25CAE02C5}] => (Allow) C:\WINDOWS\System32\WScript.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
C:\Users\Biuro\Desktop\Pulpit\Programy\EaseUS Partition Master 13.0.lnk 
C:\Users\Biuro\Desktop\Pulpit\Programy\EaseUS Todo Backup Free 13.0.lnk
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia ? <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Task: {38846E17-D0EB-4FA2-8150-7DA0A1E8860E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Brak pliku)
Task: {BDCE670D-95D3-468E-83F7-863E6343AD20} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (Brak pliku)
C:\Users\Biuro\Downloads\fixlist.txt
EmptyTemp:
END::


W FRST kliknij na Fix (NAPRAW).
 

Napisz, czy to coś zmieniło, czy nic?

 

jessi

Odnośnik do komentarza

Kosmetyka:

Uruchom FRST. 
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym

Spoiler

START::
FirewallRules: [{28114C2E-C925-4679-BB0E-523FB8958FFE}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{15E71875-724D-4B79-9548-035CECDB3B6B}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{86A2635C-1F6E-4E64-A855-BD92CC740006}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{4725F968-2ABF-4593-AB6D-2652CBF5EA40}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{78CD3739-452B-48D0-AB3C-472709ACF0D3}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{014CE9D2-4325-4DED-BB75-F53007081142}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{45629A0D-264F-4206-AFD5-E701BFBCDBD0}] => (Allow) C:\WINDOWS\System32\WScript.exe
HKU\S-1-5-19\...\Policies\system: [] 
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\68.0.2.0\GoogleDriveFS.exe [50728728 2022-12-31] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Policies\system: [] 
HKU\S-1-5-21-2737232935-218490253-4012713160-1001\...\Policies\system: [] 
HKU\S-1-5-18\...\Policies\system: [] 
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Task: {FA5D207C-18BC-44E1-9133-0E131D7C640A} - \TR_AntiHijack -> Brak pliku <==== UWAGA
EmptyTemp:
END::


W FRST kliknij na Fix (NAPRAW).

.

Uruchom FRST.
W polu SEARCH (SZUKAJ) wklej:
crabdance
kliknij na przycisk "Search Registry" (Szukaj w Rejestrze).
Raport z tego będzie tam, gdzie jest FRST.

 

jessi

Odnośnik do komentarza

W Rejestrze nie ma nic z "crabdance.

Czy po uruchomieniu  komputera nie masz od razu włączone YouTube?

 

Uruchom FRST. 
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym

Spoiler

START::
HKU\S-1-5-19\...\Policies\system: [] 
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: [] 
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-2737232935-218490253-4012713160-1001\...\Policies\system: [] 
HKU\S-1-5-21-2737232935-218490253-4012713160-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Policies\system: [] 
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
FirewallRules: [{02E2C65F-E883-467A-AFC3-FB3FB5392466}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{A52A8691-4A46-413C-AF22-F9B2D8A49570}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{3D0D360F-A598-43FA-B85C-5EDF096B8326}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{0EFB1AF2-6603-4290-A29C-9281A020FEF7}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{C52D4A72-3452-4B60-9951-BF89E9A28D21}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{9346478C-F205-47CB-9E28-A22E00A6F14A}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{73C89B12-BC69-424D-BEE9-BC4DDCA91B4E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{76C214D8-DF69-4FE5-AE05-B034A80E45F5}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{E351348D-158B-41B4-BF7F-47F92ED0B62E}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{8CABBA64-7F4E-4304-871B-492B30AC372C}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{D323A7DC-24F3-42D6-B1B6-6D3523BFDB97}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{75AE4A0E-40F7-42DC-AF21-313F5E254221}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{8FE5DD6C-C048-4DE1-A246-1BE702CF4EEB}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{B10EA169-0563-4513-A7B8-A6F6AB1DB202}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FFE75938-C863-4E8C-8006-C032A4820720}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{19218712-4D3B-449E-B7BE-EC8CE5A975DD}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{78BA5A64-8897-4CE3-9D30-23F40B2725A1}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{193C5CC5-C6D8-403E-9AAC-027250652AD6}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{2C1E77E4-31AB-4795-8E5B-9F55988E4AA4}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{92D02196-9354-44E4-A483-3CEB63F48738}] => (Allow) C:\WINDOWS\System32\WScript.exe
FirewallRules: [{FC0E650B-8C89-443A-BF7A-BDB5766B2323}] => (Allow) C:\WINDOWS\System32\WScript.exe
EmptyTemp:
END::


W FRST kliknij na Fix (NAPRAW).

 

jessi

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...