Skocz do zawartości
Zamknięcie Forum PC LAB

Szanowny Użytkowniku,

Informujemy, że za 30 dni tj. 30 listopada 2024 r. serwis internetowy Forum PC LAB zostanie zamknięty.

Administrator Serwisu Forum PC LAB - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie: wypowiada całość usług Serwisu Forum PC LAB z zachowaniem miesięcznego okresu wypowiedzenia.

Administrator Serwisu Forum PC LAB informuje, że:

  1. Z dniem 29 listopada 2024 r. zakończy się świadczenie wszystkich usług Serwisu Forum PC LAB. Ważną przyczyną uzasadniającą wypowiedzenie jest zamknięcie Serwisu Forum PC LAB
  2. Dotychczas zamowione przez Użytkownika usługi Serwisu Forum PC LAB będą świadczone w okresie wypowiedzenia tj. do dnia 29 listopada 2024 r.
  3. Po ogłoszeniu zamknięcia Serwisu Forum od dnia 30 października 2024 r. zakładanie nowych kont w serwisie Forum PC LAB nie będzie możliwe
  4. Wraz z zamknięciem Serwisu Forum PC LAB, tj. dnia 29 listopada 2024 r. nie będzie już dostępny katalog treści Forum PC LAB. Do tego czasu Użytkownicy Forum PC LAB mają dostęp do swoich treści w zakładce "Profil", gdzie mają możliwość ich skopiowania lub archiwizowania w formie screenshotów.
  5. Administrator danych osobowych Użytkowników - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie zapewnia realizację praw podmiotów danych osobowych przez cały okres świadczenia usług Serwisu Forum PC LAB. Szczegółowe informacje znajdziesz w Polityce Prywatności

Administrator informuje, iż wraz z zamknięciem Serwisu Forum PC LAB, dane osobowe Użytkowników Serwisu Forum PC LAB zostaną trwale usunięte ze względu na brak podstawy ich dalszego przetwarzania. Proces trwałego usuwania danych z kopii zapasowych może przekroczyć termin zamknięcia Forum PC LAB o kilka miesięcy. Wyjątek może stanowić przetwarzanie danych użytkownika do czasu zakończenia toczących się postepowań.

Temat został przeniesiony do archiwum

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

xQQ

[Combofix] Log do sprawdzenia

dodany przez xQQ, w Internet, sieci i bezpieczeństwo

Rekomendowane odpowiedzi

xQQ    2

xQQ
Napisano

Dzień dobry. Prosiłbym o sprawdzenie logu - komputer działa strasznie wolno (wolniej niż kiedyś). Robiona defragmentacja programem PerfectDisk, robiony Checkdisk /R.

Najgorzej wygląda sprawa z przeglądarką - speedtest wychodzi poprawnie, pliki ściągają się szybko, lecz strony otwierają się strasznie ślamazarnie.

 

 

ComboFix 17-12-11.01 - Administrator 2018-01-09  11:18:44.13.3 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.3582.2211 [GMT 1:00]
Uruchomiony z: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2017-12-09 do 2018-01-09  )))))))))))))))))))))))))))))))
.
.
2018-01-09 10:25 . 2018-01-09 10:25	--------	d-----w-	c:\users\Public\AppData\Local\temp
2018-01-09 10:25 . 2018-01-09 10:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2018-01-09 10:25 . 2018-01-09 10:25	--------	d-----w-	c:\users\DDStudio\AppData\Local\temp
2017-12-31 16:57 . 2013-08-08 13:33	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2017-12-31 16:56 . 2017-12-31 16:56	--------	d-----w-	c:\program files\PreSonus
2017-12-29 15:04 . 2017-12-29 15:04	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B33183-689F-4BA7-9791-A73799D17345}\offreg.1808.dll
2017-12-29 14:58 . 2017-11-18 00:30	13899592	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{67B33183-689F-4BA7-9791-A73799D17345}\mpengine.dll
2017-12-25 15:09 . 2017-12-31 16:57	--------	d-----w-	c:\users\Administrator\AppData\Roaming\PreSonus
2017-12-23 13:30 . 2017-12-23 14:00	--------	d-----w-	c:\program files (x86)\Minimal ADB and Fastboot
2017-12-15 16:56 . 2018-01-09 10:13	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Min
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-12-13 15:51 . 2014-11-19 19:33	803328	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2017-12-13 15:51 . 2014-11-19 19:33	144896	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-20 22:05 . 2016-02-20 22:06	718497	----a-w-	c:\program files\unins001.exe
2016-02-20 21:59 . 2016-02-20 22:00	719521	----a-w-	c:\program files\unins000.exe
2014-03-07 10:03	293888	--sha-r-	c:\windows\SysWOW64\avcodec-lav-1321.dll
2014-03-07 10:03	3109520	--sha-r-	c:\windows\SysWOW64\avcodec-lav-55.dll
2014-03-07 10:03	98960	--sha-r-	c:\windows\SysWOW64\avfilter-lav-4.dll
2014-03-07 10:03	550032	--sha-r-	c:\windows\SysWOW64\avformat-lav-55.dll
2009-09-27 07:39	415744	--sh--w-	c:\windows\SysWOW64\avisynth.dll
2014-03-07 10:03	59536	--sha-r-	c:\windows\SysWOW64\avresample-lav-1.dll
2005-07-14 10:31	32256	--sh--w-	c:\windows\SysWOW64\AVSredirect.dll
2014-03-07 10:03	181392	--sha-r-	c:\windows\SysWOW64\avutil-lav-52.dll
2004-02-22 08:11	764416	--sh--w-	c:\windows\SysWOW64\devil.dll
2014-03-07 10:03	122512	--sha-r-	c:\windows\SysWOW64\HLaudio.dll
2014-03-07 10:03	203408	--sha-r-	c:\windows\SysWOW64\HLsplit.dll
2014-03-07 10:03	313520	--sha-r-	c:\windows\SysWOW64\HLvideo.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\i420vfw.dll
2014-03-07 10:03	166544	--sha-r-	c:\windows\SysWOW64\IntelQuickSyncDecoder.dll
2014-03-07 10:03	109712	--sha-r-	c:\windows\SysWOW64\libbluray.dll
2011-02-11 09:26	112128	--sha-r-	c:\windows\SysWOW64\OptimFROG.dll
2014-03-07 10:03	118416	--sha-r-	c:\windows\SysWOW64\swscale-lav-2.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54	188416	--sha-r-	c:\windows\SysWOW64\winDCE32.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
2014-05-30 10:05	140344	----a-w-	c:\program files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe" [2017-12-25 1981624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2015-01-09 235624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2015-2-10 1553408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
R1 QMUdisk;tencent QMUdisk;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [x]
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [x]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe [x]
R2 QQSysMonX64;QQSysMonX64;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys;c:\windows\SYSNATIVE\DRIVERS\hidusbf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFltX64.sys;c:\windows\SYSNATIVE\Drivers\TFsFltX64.sys [x]
R3 TSSKX64;TSSKX64;c:\windows\system32\drivers\tsskx64.sys;c:\windows\SYSNATIVE\drivers\tsskx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R4 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 TAOKernelDriver;Tencent Auto Optimize Platform.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 wfcre;wfcre;c:\windows\system32\drivers\wfcre.sys;c:\windows\SYSNATIVE\drivers\wfcre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator64.sys;c:\windows\SYSNATIVE\Drivers\TAOAccelerator64.sys [x]
S3 debutfilter;Debut Filter Driver v6.40.02;c:\windows\system32\DRIVERS\debutfilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\debutfilterx64.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 RTL8023x64;Sterownik Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-{07BE616F-9E42-4C90-AF4F-0F32A5B088E7} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe
AddRemove-{6955BA75-52B6-4C6F-BCC4-1014920D587C}_is1 - c:\programdata\Valhalla DSP
AddRemove-{93F8FDC3-4F25-47D1-9662-23D2131CD3E1}_is1 - c:\programdata\Valhalla DSP
AddRemove-{9F06F464-479A-403E-AF92-70CBB8D674A1} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,23,64,30,4c,a9,58,4c,9a,12,0f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,23,64,30,4c,a9,58,4c,9a,12,0f,\
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AC3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ac3"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ALAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.alac"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AMR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.amr"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AMV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.amv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.aob"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ape"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc64.avi"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.avs"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.bdmv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.caf"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIVX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.divx"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.dts"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.dv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.evo"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.F4V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.f4v"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flac"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HDMOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.hdmov"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromiumHTM.PLTWCVPRNGNRD7YZDTNKAPSJWM"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromiumHTM.PLTWCVPRNGNRD7YZDTNKAPSJWM"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ifo"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.it"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2P\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m2p"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mk3d"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MKA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mka"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mkv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mlp"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mo3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mo3"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpc"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpl"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpls"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPV4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpv4"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mtm"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mxf"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OFR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ofr"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OFS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ofs"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.oga"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogg"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogm"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.opus"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.pls"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ra"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ram"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.REC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rec"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rm"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMVB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rmvb"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.s3m"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromiumHTM.PLTWCVPRNGNRD7YZDTNKAPSJWM"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.spx"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tak"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tp"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tps"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TRP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.trp"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tta"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.umx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.umx"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.vob"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WEBM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.webm"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.wv"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromiumHTM.PLTWCVPRNGNRD7YZDTNKAPSJWM"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromiumHTM.PLTWCVPRNGNRD7YZDTNKAPSJWM"
.
[HKEY_USERS\S-1-5-21-2681745283-3134298508-109547193-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.xm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_126_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_126_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_126.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2018-01-09  11:27:05
ComboFix-quarantined-files.txt  2018-01-09 10:27
ComboFix2.txt  2017-12-15 17:37
.
Przed: 441 657 069 568 bajtów wolnych
Po: 441 122 160 640 bajtów wolnych
.
- - End Of File - - C7450D633012C152CD551303C8F0301E
A36C5E4F47E84449FF07ED3517B43A31

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Gość   

Gość
Napisano

W logu nie ma nic ciekawego. Zrób i podaj logi z FRST.

Przed skanowaniem zaznacz jak na zrzucie:

 

FRSTjpg_qxawwrw.jpg

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Gość   

Gość
Napisano

Z ciekawostek - próbowałem skanować Malwarebytes Anti-Malware, ale po zainstalowaniu program w ogóle nie chce się uruchomić.

Nic dziwnego. Antywirusy (w tym Malwarebytes) są zablokowane metodą Niezaufanych certyfikatów.

 

Otwórz notatnik systemowy i wklej do niego poniższą zawartość:

 

CloseProcesses:
HKU\S-1-5-21-2681745283-3134298508-109547193-500\...\ChromeHTML: ->  <==== UWAGA
Task: {0DB9BCEA-38B0-46CD-9AE9-1202F9438E23} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {0DB9BCEA-38B0-46CD-9AE9-1202F9438E23} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {1F4D1A21-4A97-486F-91D3-5DE2C6235AD6} - System32\Tasks\{24CB4727-B76E-405D-A296-D28361A9503F} => C:\Windows\system32\pcalua.exe -a C:\Users\Administrator\Downloads\hidusbf(1)\DRIVER\Setup.exe -d C:\Users\Administrator\Downloads\hidusbf(1)\DRIVER
Task: {89ABB7E0-174A-4448-9F9D-AE183025455C} - \WordShark Auto Updater 1.10.0.20 Pending Update -> Brak pliku <==== UWAGA
Task: {96B964D5-6DB5-4C05-AA9E-BE27C494D2F2} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
Task: {B978C671-FA03-4EB6-8E88-46605B9D9F60} - System32\Tasks\{9838A5A3-8398-487C-892F-3C9CDDCB5656} => C:\Windows\system32\pcalua.exe -a "I:\FORMAT\Obrazy\MU Technologies MU Voice VST RTAS v1.1.1\setup.exe" -d "I:\FORMAT\Obrazy\MU Technologies MU Voice VST RTAS v1.1.1"
Task: {CC3B5176-2762-4AA5-A9DE-E525FA167C65} - \WordShark Auto Updater 1.10.0.20 Core -> Brak pliku <==== UWAGA
Task: {D225F7AD-8BF6-4B20-A9CF-13AA2FA215D6} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {D225F7AD-8BF6-4B20-A9CF-13AA2FA215D6} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {DB361AC0-1554-4D7E-A888-206BCB225F0D} - System32\Tasks\{963E89E5-C64D-4AF4-9584-C7A4183F6EB2} => C:\Windows\system32\pcalua.exe -a C:\Users\Administrator\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=face
Task: {DE063C83-0B46-4168-BB98-2874941B5AAE} - System32\Tasks\Salary => C:\Windows\system32\rundll32.exe "C:\Program Files\Salary\Salary.dll",ltSHkKrB <==== UWAGA
Task: {F89353AF-2F21-46CA-9EA0-EF2CDE551122} - System32\Tasks\{E7073067-DA9D-4452-8F70-7C963F1EF3A9} => C:\Windows\system32\pcalua.exe -a "E:\EWQLSO Gold Edition Setup.exe" -d E:\
C:\Users\Administrator\AppData\Roaming\istartsurf
C:\Program Files\Salary
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Ðdd-оns).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
AlternateDataStreams: C:\Users\Administrator\Cookies:g2FjwvqFVmpDYGHcMeMPCv [2164]
AlternateDataStreams: C:\Users\Administrator\Ustawienia lokalne:p4i6xReAPMITV0VUUwe7dV [2504]
AlternateDataStreams: C:\Users\Administrator\AppData\Local:p4i6xReAPMITV0VUUwe7dV [2504]
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Dane aplikacji:p4i6xReAPMITV0VUUwe7dV [2504]
AlternateDataStreams: C:\ProgramData\Microsoft:3BuMOqtISXZScV3KobD [2300]
AlternateDataStreams: C:\ProgramData\Microsoft:9OBHByOpBYvhGHg54Gg4F4T0HfkCT2 [2288]
AlternateDataStreams: C:\ProgramData\Microsoft:DVhIO9404V9iBUy01EROEL [2090]
AlternateDataStreams: C:\ProgramData\Microsoft:H9UVXSTWKfybnOkWCcfWq [2298]
AlternateDataStreams: C:\ProgramData\Microsoft:mROdBk0GsbYnVdo7JZ [2446]
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QQPCTray
C:\Program Files (x86)\Tencent
C:\program files (x86)\common files\tencent
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppHelper
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui
FirewallRules: [{0329B451-1032-4CB0-8C04-3451F54BB8CC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2681745283-3134298508-109547193-500\...\Policies\Explorer: []
BootExecute: PDBoot.exeautocheck autochk * 
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-2681745283-3134298508-109547193-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [brak pliku]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [brak pliku]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [brak pliku]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S2 TAOAccelerator; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [X]
S1 TAOKernelDriver; System32\Drivers\TAOKernel64.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [X]
S3 TSSKX64; System32\drivers\tsskx64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 wfcre; system32\drivers\wfcre.sys [X]
C:\Users\Administrator\AppData\Roaming\*.*
C:\Program Files\*.dat
C:\Program Files\*.exe
2017-09-24 14:39 - 2017-09-24 14:39 - 000004608 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CMD: netsh advfirewall reset
Hosts:
EmptyTemp:

Plik zapisz jako fixlist.txt w C:\Users\Administrator\AppData\Local\Temp\scoped_dir1300_20707 (tzn. w tym samym folderze co FRST). Uruchom FRST i kliknij w nim na Napraw. Na zakończenie naprawy (może trochę potrwać) FRST poprosi o restart systemu.

Po restarcie podaj log z naprawy (Fixlog.txt) i zrób nowe logi (bez Shortcut).

 

CHR dev: Chrome dev build wykryto! <==== UWAGA

Odinstaluj tę dziurawą wersję Google Chrome. Zainstaluj stąd.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Gość   

Gość
Napisano

MBAM już powinien działać.

Otwórz notatnik systemowy i wklej do niego poniższe:

 

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Ðdd-оns).lnk
DeleteKey: HKCU\Software\Tencent
DeleteKey: HKLM\SOFTWARE\Tencent
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Tencent
MSCONFIG\startupreg:  QQPCTray => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe"  /regrun
testsigning: ==> Ustawiony "Tryb testu". Sprawdź obecność niepodpisanego sterownika <==== UWAGA
nointegritychecks: ==> "IntegrityChecks" [funkcja wyłączona] <==== UWAGA

Plik zapisz jako fixlist.txt w C:\Users\Administrator\Downloads (kodowanie przy zapisywaniu ustaw na UTF-8). Uruchom FRST i kliknij w nim na Napraw. Tak jak pisałem, przeinstaluj albo w ogóle odinstaluj Google Chrome. Napisz później czy problem z wydajnością ustąpił.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

xQQ    2

xQQ
Napisano

MBAM już działa, wyrzucił troszkę śmieci a wydajność jest znacznie lepsza. Nie wiem co było przyczyną, ale teraz komputer działa jak należy.

 

Dziękuję bardzo

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Przejdź do listy tematów

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...