HELP_DECRYPT

[pawel1989r]

Witam, proszę o pomoc w usunięciu help_decrypt i przywróceniu moich plików od wczoraj zaczęły mi się tworzyć pliki help_decrypt praktycznie w kazdym folderze i nie mogę otworzyć moich prywatnych plików Na komputerze mam zainstalowany Avast i MAM.

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

Proszę o pomoc

[tachion]

Infekcja CryptoWall 3.0, jeśli nie masz zrobionej kopii newralgicznych danych to zakodowane pliki przepadły (brak decryptera).

Do notatnika wklej i zapisz jako fixlist.txt

Kod:

CreateRestorePoint:
HKU\S-1-5-21-1708182943-3896716782-3857839666-1002\...\Policies\Explorer: []
HKU\S-1-5-21-1708182943-3896716782-3857839666-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
BootExecute: autocheck autochk * sdnclean64.exe
HKU\S-1-5-21-1708182943-3896716782-3857839666-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1708182943-3896716782-3857839666-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1708182943-3896716782-3857839666-1002 -> {C68EBE02-3459-401E-98EF-36D71BCECA7C} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
DPF: HKLM {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://navigram.com/engine/v1140/Navigram.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://navigram.com/engine/v1140/Navigram.cab
DPF: HKLM-x32 {D7F0F5E7-0CCC-4F00-B733-FAD4757D7AC4} http://enormy.pl/bipvw321.cab
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
C:\Qoobox
C:\Windows\erdnt
C:\Users\Asus\AppData\Roaming\GanymedeNet
C:\ProgramData\Spybot - Search & Destroy
C:\Users\Asus\fbchathistory.dat
Task: {0023FF73-7E64-4E37-909B-5589DAE5EF4C} - System32\Tasks\{0D90D32F-5E4D-47F6-AE42-14B2849B2CAF} => pcalua.exe -a F:\blueconnect\Setup.exe -d F:\blueconnect
Task: {09EF617E-C157-4767-B3EF-4E948C7A8539} - System32\Tasks\{C5A1CAC9-D6C9-436F-A350-8F4CFB20BF31} => E:\WizPar.exe
Task: {129E7469-456E-48C7-A67A-AC6216BD5BB9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {15155E38-B074-496B-9614-F104554D9635} - System32\Tasks\Uninstaller_SkipUac_Asus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {19CE9159-35AD-4D0A-A6BB-775AC83115CF} - System32\Tasks\{4238D04D-3034-46AF-97A7-B87BC7F3D831} => D:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe [2014-01-16] (Electronic Arts, Inc.)
Task: {1FD1D8AE-DE95-44B0-875C-06BA63E410E1} - System32\Tasks\{2CDF9D91-8D08-493D-A779-EAB39D508864} => C:\Users\Asus\Desktop\DISK1\SETUP.EXE
Task: {20D51267-D09E-41AA-9BCF-AE0978942816} - System32\Tasks\{311C92AA-8BDD-47B1-A5FA-43CCE1AF557F} => C:\Program Files (x86)\LPCon\LPCon.exe
Task: {23CB8117-41C3-4B75-9783-1C1F0C544F9F} - System32\Tasks\{423995DF-1D6E-4952-A981-34946303BA07} => E:\DL1.exe
Task: {2A5CA31A-DEA5-4C65-B604-43432F4E251D} - System32\Tasks\{8A2900C6-CC30-4284-94AF-B4062F7FF72F} => D:\Concept\CONCEPT.EXE
Task: {2AEA1544-E57E-4782-A886-5CA3CFC35E5F} - System32\Tasks\{B89576A6-8AA6-4B5F-9708-6AFD379CE825} => C:\Program Files (x86)\Foton12464\Foton12464.exe
Task: {2F0C406D-AF7D-440D-A619-B8BF711280FC} - System32\Tasks\{4C6ACA09-7478-46A3-AAF4-5BC2FD4A0DC2} => pcalua.exe -a C:\Users\Asus\Desktop\Smarty_Uninstaller_Sciagnij.pl.exe -d C:\Users\Asus\Desktop
Task: {2FA411AC-8AEC-4702-884F-70F314165F89} - System32\Tasks\{E3502BBB-CD58-4D6B-8EF3-B998235FC862} => pcalua.exe -a C:\Users\Asus\Desktop\Adaware_Installer.exe -d C:\Users\Asus\Desktop
Task: {3291CCED-FA0F-48BE-96AF-19F5EF4AD118} - System32\Tasks\{4CC0E6BA-1F72-4306-867E-C51A3AF243B2} => C:\Users\Asus\Desktop\DL1.exe [2006-09-28] (L.Z.A.E. LUMEL S.A.)
Task: {406F3670-1917-4F07-8A9A-238A2D807A0F} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-10-15] (ASUSTek Computer Inc.)
Task: {41B7C8D3-3308-40D9-9E0D-6B9755A09CD5} - System32\Tasks\{104FBBD7-2C4F-4CDB-918F-7FA63FCF5CD1} => C:\Program Files (x86)\LUMEL\LPCon\LPCon.exe [2014-01-02] (LZAE LUMEL SA)
Task: {49188914-C668-455F-BA97-6C874DE5252D} - System32\Tasks\{6749B8BE-9807-446E-A44E-611BA6FFECFF} => C:\Program Files (x86)\LPCon\LPCon.exe
Task: {4A397F38-EB5A-4F45-B5CA-F3A02D89B9C7} - System32\Tasks\{28F6D86C-8A49-4F07-A642-43E797B023A0} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Dream Vacation Solitaire\install.log"
Task: {4D3C158C-814E-4848-B695-E809874F71D3} - System32\Tasks\{BB0240D0-A598-4571-90DA-9512C1E2A8F8} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {4DD37727-1EC1-4CC2-B145-00B938AF661D} - System32\Tasks\{E70CF89D-BD2B-4F3F-A6B5-93B539257594} => E:\WizPar.exe
Task: {5062F5FE-3309-4B9E-8572-E457EEAF1775} - System32\Tasks\{5D4F37A7-FC29-4980-A1FB-405F2973A240} => C:\Users\Asus\Desktop\DL1.exe [2006-09-28] (L.Z.A.E. LUMEL S.A.)
Task: {553C49D8-BC7E-4BD2-B117-E17FB8371DDD} - System32\Tasks\{3F3F7B59-C30E-4DFF-98F0-6721B293B731} => C:\Users\Asus\Desktop\DL1.exe [2006-09-28] (L.Z.A.E. LUMEL S.A.)
Task: {56D2E45A-ADC5-4FDE-8576-EC35C7D7F81D} - System32\Tasks\{AA058612-6F4D-4AA4-B3E7-1DEC9CAD8412} => C:\Program Files (x86)\LUMEL\LPCon\LPCon.exe [2014-01-02] (LZAE LUMEL SA)
Task: {6340156E-7FFD-46AC-BF33-72626AD8DB1D} - System32\Tasks\{84B10406-8A1C-4D08-9E79-71A33689BB3E} => Firefox.exe
Task: {65611D08-E66A-4482-817F-6D077045A3C7} - System32\Tasks\{24349670-EE76-4F4C-B7D9-41E5DA0A0D08} => E:\DL1.exe
Task: {661C4710-517F-4E95-83D4-ABCBA74B51EC} - System32\Tasks\{7436B929-19CA-42E8-8B99-7ED89806FA16} => E:\DL1.exe
Task: {74E7C2A0-4E1F-4269-9269-59BE8F2958AA} - System32\Tasks\{9514B5E4-5E01-4C7E-9B1A-83821EE0FFE1} => C:\Users\Asus\Desktop\DISK1\SETUP.EXE
Task: {78DB8991-60A7-4CB4-9E37-F17DD02F5673} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-11-17] (ASUSTeK Computer Inc.)
Task: {78F93EB3-971C-4D4F-BEC1-C95DF960FB9A} - System32\Tasks\{249AC2D0-572A-4AB9-BE0E-E79F262944FB} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Go Go Gourmet Chef of the Year\install.log"
Task: {79A69090-2471-4632-B1F6-C63395CE4768} - System32\Tasks\{097C0C49-D752-4680-9537-C42F5DD4AFF6} => C:\Program Files (x86)\LPCon\LPCon.exe
Task: {868AFED3-6968-4A0E-BA62-5B646457553D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-22] (ASUS)
Task: {87B20BAF-A7D2-4711-BD98-92C65C881D38} - System32\Tasks\{7B8D964C-39D3-4520-9ADA-FC6021202FD1} => Firefox.exe
Task: {8DF28C5D-B060-455F-98BB-C75588BD0FF2} - System32\Tasks\{5A42EFAF-4245-45DB-A2BE-C544DADD0A8F} => pcalua.exe -a C:\Users\Asus\Downloads\gg77.exe -d C:\Users\Asus\Downloads
Task: {9C7C5CEF-827B-48A1-9E68-C40DE8B4366A} - System32\Tasks\{22D6BA46-AF91-41CA-BA3A-E83467F2BA8C} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "D:\Program Files (x86)\Gadu-Gadu\gg.exe"
Task: {9D70BB08-E6E3-4F39-A222-4838AB529677} - System32\Tasks\{2A26C872-D886-449A-BEDE-611BFEF39B89} => C:\Users\Asus\Desktop\update tool\x86\Setup-UpdateWP-x86.exe
Task: {A6847B13-A466-476E-9945-B9514EB352C1} - System32\Tasks\{C80E2EC5-FE1C-4B39-9C03-AFE8CAF1B991} => E:\DL1.exe
Task: {AAA94E1E-55F3-489E-AB48-887F4204183C} - System32\Tasks\{99A90EA0-FEC4-42AD-8D9D-FDD077B4149D} => E:\DL1.exe
Task: {ADF0D222-6678-4286-A59E-87ACC89D83A9} - System32\Tasks\{E78FF0CA-0917-44A6-96B9-A3026C156A70} => D:\Concept\CONCEPT.EXE
Task: {B5E20636-C368-483B-AD45-C5642B978340} - System32\Tasks\{EE46099D-5790-4743-BA58-853B5FBEE669} => C:\Program Files (x86)\LUMEL\LPCon\LPCon.exe [2014-01-02] (LZAE LUMEL SA)
Task: {B83760EF-5DEE-47AB-9BF2-C743683D619A} - System32\Tasks\KVPKH => Rundll32.exe "C:\Windows\SysWOW64\bitsadmin0.dll",GNVEHFZUES
Task: {BCC04ADA-D30A-4783-9D8D-5CE4BF031F1A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-11-23] (ASUS)
Task: {BD6EC85C-5CBB-4135-B9E4-DFD58372A221} - System32\Tasks\{392991CE-68FE-4E46-8B80-C6C5A7FEEABC} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Deadtime Stories\install.log"
Task: {CA7FC68B-5C22-4079-9D37-9FAE69FE03AB} - System32\Tasks\ASC8_SkipUac_Asus => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
Task: {CFFBDE7F-2627-4E4A-B841-A99CD1BCA4EC} - System32\Tasks\{2D8516F5-80C7-4A41-86BE-83E2326B91F6} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
Task: {D2A5B641-2A9A-4CF0-AC64-03F51843028A} - System32\Tasks\{7ACA2BA7-05DD-45A9-8343-01F974E355A7} => E:\WizPar.exe
Task: {DBD0B2A2-FF7E-4F4B-B138-C517E5874BED} - System32\Tasks\{36CBBCE6-3F48-4047-BC59-007D686F760A} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Farm Frenzy 3 - Madagascar\install.log"
Task: {DDBE5990-2B10-4DFA-9988-9FB2E3706016} - System32\Tasks\{87CCF440-21C1-4545-8C56-774010FD3E07} => pcalua.exe -a D:\gry\3DMGAME-Sleeping.Dogs-3DM\SleepingDogs\redist\vcredist_x86.exe -d D:\gry\3DMGAME-Sleeping.Dogs-3DM\SleepingDogs\redist
Task: {E22F3104-FC55-48A1-BC4E-5E27A6F7A693} - System32\Tasks\{1DC24749-3C33-4C65-8E42-6C1710265C65} => E:\WizPar.exe
Task: {E30566B7-22C8-42EC-89B2-29CEE5061410} - System32\Tasks\{EE87AAE4-54EE-4F50-A1C9-5D16F75CB769} => pcalua.exe -a "C:\Program Files (x86)\ASUS\Game Park\Mahjong Memoirs\Uninstall.exe" -d "C:\Program Files (x86)\Asus\Game Park\Mahjong Memoirs\"
Task: {E37FA40E-2BF0-474C-86E2-43E9849F7E07} - System32\Tasks\{A9A4E0DC-9256-4ADE-B658-14EDDCCFFF95} => C:\Users\Asus\Desktop\Diablo II\Game.exe [2011-10-18] (Blizzard North)
Task: {EE904B28-B94D-4E37-8C60-D37CCA465AD9} - System32\Tasks\{B859A36E-5033-4042-8FF8-C3AB933D5600} => pcalua.exe -a D:\concept\Concept_26_SR7_en\Install.exe -d D:\concept\Concept_26_SR7_en
Task: {F0F79878-5CE7-4CAB-9DA7-C963FDCE0176} - System32\Tasks\{4FB882C3-F945-402B-B4B9-E996E21CE954} => msiexec.exe /package "C:\AMD\Support\12-8_vista_win7_win8_64_dd_ccc_whql\Config\TVW_USB_ID.MSI"
Task: {F2B5AC0A-8DB5-470D-AAC9-7438CF744018} - System32\Tasks\{AA811AE5-355D-4FA1-870A-1C7CDDC9BAAC} => pcalua.exe -a C:\Users\Asus\Downloads\vm_web2.exe -d C:\Users\Asus\Downloads
Task: {F3DCEFDA-24A5-442E-A612-59E04433EAFF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-16] (ASUS)
Task: {F5058D60-8B7A-4872-AC9B-5A2AF3B40093} - System32\Tasks\{514A3468-878C-457F-9061-53AFC4D0EA88} => C:\Users\Asus\Desktop\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {FC92F633-281C-4390-A431-DC684F4BBB3E} - System32\Tasks\{7E2FDFA9-3AEC-4CE6-A72D-8881E6C57581} => pcalua.exe -a G:\Installer.exe -d G:\
Task: {FDEFB358-6589-4C85-82FE-2A110E9CEE99} - System32\Tasks\{C0D1569D-23CA-4AC2-9603-B65F0A51832A} => pcalua.exe -a "D:\Program Files (x86)\Ubisoft\The Settlers 7 - Droga do królestwa\Data\Base\Support\Uninstall\S7Uninstall.exe" -d "D:\Program Files (x86)\Ubisoft\The Settlers 7 - Droga do królestwa\Data\Base\Support\Uninstall"
Task: C:\Windows\Tasks\KVPKH.job => C:\Windows\system32\rundll32.exe1 C:\Windows\SysWOW64\bitsadmin0.dll
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1
AlternateDataStreams: C:\ProgramData\Temp:373C6DC2
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:D57FAB99
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

W przeglądarce Firefox

Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.

[Aby zobaczyć linki, zarejestruj się tutaj]

Informacje dla pomocy technicznej > Odśwież program Firefox. Reset nie naruszy zakładek i haseł.

Uruchom komputer w trybie normalnym i zrób ponownie logi FRST.txt > Addition.txt

[pawel1989r]

FRST  

[Aby zobaczyć linki, zarejestruj się tutaj]

Addition  

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

Odinstaluj:

ASUS WebStorage
Avast Free ( na chwilę obecną)
ESET Online Scanner v3
Trend Micro Titanium Internet Security

Możesz odinstalować również jeśli nie korzystasz (zaznaczając że odpadnie przy tym część procesów).

ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0012 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0036 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
AsusVibe2.0

Do notatnika wklej i zapisz jako fixlist.txt

Kod:

CloseProcesses:
CreateRestorePoint:
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-10-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-10-10] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Poozpezau
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SonyAgent
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAT4660.tmp.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CDAServer
CMD: del /q /s C:\HELP_DECRYPT.*
CMD: del /q /s D:\HELP_DECRYPT.*
cmd: netsh winsock reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST 
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Zrób pełny skan programem MBAM i pokaż raport.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt

[pawel1989r]

Odinstaluj:

ASUS WebStorage
Avast Free ( na chwilę obecną)
ESET Online Scanner v3
Trend Micro Titanium Internet Security

Możesz odinstalować również jeśli nie korzystasz (zaznaczając że odpadnie przy tym część procesów).

ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0012 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0036 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
AsusVibe2.0

Do notatnika wklej i zapisz jako fixlist.txt

Kod:

CloseProcesses:
CreateRestorePoint:
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-10-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-10-10] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Poozpezau
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SonyAgent
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAT4660.tmp.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CDAServer
CMD: del /q /s C:\HELP_DECRYPT.*
CMD: del /q /s D:\HELP_DECRYPT.*
cmd: netsh winsock reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST 
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Zrób pełny skan programem MBAM i pokaż raport.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt

Dobrze, zrobię to ale na chwilę obecna nie mam dostępu do laptopa bo jestem na urlopie jak wroce to niezwłocznie to zrobię

[pawel1989r]

Addition

[Aby zobaczyć linki, zarejestruj się tutaj]

FRST

[Aby zobaczyć linki, zarejestruj się tutaj]

MAM

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

MBAM widzę nic już nie wykrył.

Z mojej strony to wszystko.

Ściągnij

[Aby zobaczyć linki, zarejestruj się tutaj]

Zapisz na pulpicie,uruchom i zaznacz Remove disinfection tools,następnie kliknij Run
Program do usuwania wszelkich użytych narzędzi typu OTL.ADW.FRST i innych.

[pawel1989r]

MBAM widzę nic już nie wykrył.

Z mojej strony to wszystko.

Ściągnij

[Aby zobaczyć linki, zarejestruj się tutaj]

Zapisz na pulpicie,uruchom i zaznacz Remove disinfection tools,następnie kliknij Run
Program do usuwania wszelkich użytych narzędzi typu OTL.ADW.FRST i innych.

Bardzo dziękuje za pomoc, mam nadzieję że z czasem coś się odmieni i uda mi się odszyfrować dane.