Nie mogę pobrać/zainstalować antywirusa

[krfcm]

Witam ostatnio usunołem mojego antyvirusa w celu zmienienia go na avasta. Gdy próbuję pobrać avasta z strony oficjalnej jak i z innych pobiera się normalnie a po pobraniu "Nie powiodła się" postanowiłem że skoro nie avast to może być kaspersky, on się pobrał normalnie ale przy próbie instalacji wyskakuje nieznany błąd. Stwierdziłem że przeskanuje komputer NOD online skaner, a tu podczas próby aktualizacji błąd proxy

SS pobierania

http://scr.hu/0zgr/slxx3

Reszte dodam gdy tylko będe je miał (w tej chwili się skanują)

Addition.txt

FRST.txt

Shortcut.txt

Extras.Txt

OTL.Txt

gmer.txt

[picasso]

System jest zainfekowany, a programy antywirusowe dodatkowo zablokowane via Image File Execution Options. Przeprowadź następujące operacje:

1. Otwórz Notatnik i wklej w nim:

CloseProcesses:
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Users\Admin\AppData\Local\Temp\MSDCSC\msdcsc.exe,C:\Windows\system32\Client Server Runtime Process,C:\Users\Admin\Documents\MSDCSC\msdcsc.exe,C:\Windows\system32\WindowsDefender32\UPDATED32.exe,\MSDCSC\msdcsc.exe,C:\Windows\system32\config\systemprofile\AppData\Local\Temp\MSDCSC\msdcsc.exe,C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
HKU\.DEFAULT\...\Run: [MicroUpdate] => \MSDCSC\msdcsc.exe [257536 2014-08-27] (Microsoft Corp.)
HKU\.DEFAULT\...\Policies\system: [DisableTaskMgr] 1
HKU\.DEFAULT\...\Policies\system: [DisableRegistryTools] 1
HKU\.DEFAULT\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Run: [MicroUpdate] => C:\Users\Admin\Documents\MSDCSC\msdcsc.exe [257536 2014-08-27] (Microsoft Corp.)
HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Run: [Default Key] => C:\Users\Admin\AppData\Roaming\Default Folder\Default File.exe [284192 2014-08-17] (Microsoft)
HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2752573723-1407471058-2751402729-1000\...\Winlogon: [shell] C:\Users\Admin\AppData\Roaming\wserver.exe [291328 2014-08-24] () AppInit_DLLs: C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-23] ()
AppInit_DLLs-x32: c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-23] ()
R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-23] () [File not signed]
S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [702344 2014-07-27] (Cherished Technololgy LIMITED)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-27] (Fuyu LIMITED)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-01] (StdLib)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 FairplayKD2; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=55&CUI=&UM=6&UP=SP4FC40864-787D-4805-8240-5CAFB50A99C4&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1406473711&from=irs&uid=395049983_266035_8C8E1A1B
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=58&CUI=&UM=6&UP=SPCD622F3E-54B8-4741-93E5-CA505417B4C6&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MA804117C-9E04-40D4-B5DF-625593C253C1&SearchSource=58&CUI=&UM=6&UP=SPCD622F3E-54B8-4741-93E5-CA505417B4C6&q={searchTerms}&SSPV=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
BHO: weubsaveere -> {3319CBFF-0B7E-F6DF-061A-2A17A2FBF004} -> C:\ProgramData\weubsaveere\gZ.x64.dll ()
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File
BHO-x32: weubsaveere -> {3319CBFF-0B7E-F6DF-061A-2A17A2FBF004} -> C:\ProgramData\weubsaveere\gZ.dll ()
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction GroupPolicy: Group Policy on Chrome detected Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Task: {1B4B0EBE-5284-4A3C-9DCC-D2B6D0399A42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2F45BA02-353A-4A35-9D3B-2EB42FF1C40A} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis82A6.exe
Task: {31FAA86C-5554-4094-A2BB-CBA83BCE663B} - System32\Tasks\{223D2C2B-F815-451F-9F15-BCD3E50E8277} => C:\Users\Admin\Desktop\craftenterminal.exe
Task: {628C464B-9449-45F5-BDC2-9F95261ECBF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {7C90A235-66F6-407F-8A4E-9DFC07F4D6DA} - System32\Tasks\{363A0176-B51D-47C2-AB5D-788050F4823E} => C:\Users\Admin\Downloads\PAYDAY-2\setup.exe
Task: {E2C033C7-12B2-491F-A4C2-ED4C15F505A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E358385F-C7CA-4BBC-8F8A-F296F00CA551} - \AmiUpdXp No Task File Task: {F02BBDE6-B318-42A7-BCC9-CBCFC402C754} - System32\Tasks\{E4A8B222-6DE4-4935-A96C-5F4A16B1813F} => C:\Users\Admin\Desktop\lol\setup.exe
Task: {F08E851F-3568-403B-8FB9-7D5CBAE9144B} - System32\Tasks\{FD5B2FD4-13AA-479C-B271-8B0C5E9553FD} => C:\Users\Admin\Downloads\PAYDAY-2\setup.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43940229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43940229.sys => ""="Driver"
C:\MSDCSC
C:\Program Files (x86)\wweBesaover
C:\ProgramData\374311380
C:\ProgramData\TEMP
C:\ProgramData\wweBesaover
C:\Users\Admin\*.dll
C:\Users\Admin\*.exe
C:\Users\Admin\AppData\Local\Google
C:\Users\Admin\AppData\Roaming\*.exe
C:\Users\Admin\AppData\Roaming\msconfig.ini
C:\Users\Admin\AppData\Roaming\dclogs
C:\Users\Admin\AppData\Roaming\Default Folder
C:\Users\Admin\AppData\Roaming\Imminent
C:\Users\Admin\AppData\Roaming\java
C:\Users\Admin\Documents\MSDCSC
C:\Users\Admin\Downloads\avast_premier_antivirus*
C:\Users\Admin\Downloads\rkill_*.exe
C:\Users\Default\AppData\Local\SearchProtect
C:\Windows\28122008.txt
C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
C:\Windows\System32\config\systemprofile\AppData\Local\Temp
C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
C:\Windows\SysWOW64\Client Server Runtime Process
C:\Windows\SysWOW64\SearchProtect
C:\Windows\SysWOW64\Windows Server
C:\Windows\SysWOW64\WindowsDefender32
RemoveDirectory: C:\ProgramData\AVAST Software
RemoveDirectory: C:\ProgramData\Kaspersky Lab Setup Files
Folder: C:\Temp
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CLPSLauncher" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\GeekBuddyRSP" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IePluginServices" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update Deal Keeper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Util Deal Keeper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Ask" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Tab Search by Askx64" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. System zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Przez Panel sterowania odinstaluj adware Network System Driver, WindowsMangerProtect20.0.0.502, WinSpeed oraz Remote Manipulator System - Host (o ile nie instalowałeś celowo, wygląda to na jakiś soft typu "remote admin") i szczątek Google Update Helper.

3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Zakładki i hasła nie zostaną naruszone.

4. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut). Dołącz też plik fixlog.txt.



.

[krfcm]

Mam nadzieję że dałem to co trzeba

Fixlog.txt

FRST.txt

[picasso]

Rozumiem, że "Remote Manipulator System - Host" to była celowa instalacja i została ominięta rozmyślnie, bo nadal to widzę w logu. Reszta zadań wykonana. Kolejne działania:

 

1. Uruchom AdwCleaner. Zastosuj Szukaj, a po tym Usuń. Powstanie folder C:\AdwCleaner z raportem z usuwania. Przedstaw log.

 

2. Otwórz Notatnik i wklej w nim:

 

Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
RemoveDirectory: C:\ProgramData\1d268881d9c7e4d5
RemoveDirectory: C:\ProgramData\weubsaveere
RemoveDirectory: C:\Users\Admin\Desktop\Stare dane programu Firefox
DeleteQuarantine:

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Dostarcz wynikowy fixlog.txt.

 

 

 

.

[krfcm]

Nie instalowałem Remote Manipulator System - Host celowo, co więcej usunąłem go

[picasso]

W takim układzie w punkcie 2 załaduj zmodyfikowany skrypt:

 

CloseProcesses:
R2 RManService; C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe [6057728 2014-01-22] (TektonIT)
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
RemoveDirectory: C:\Program Files (x86)\Remote Manipulator System - Host
RemoveDirectory: C:\ProgramData\1d268881d9c7e4d5
RemoveDirectory: C:\ProgramData\weubsaveere
RemoveDirectory: C:\Users\Admin\Desktop\Stare dane programu Firefox
DeleteQuarantine:

 

A po wszystkim zrób nowy log FRST z opcji Scan, zaznacz również pole Addition.

 

 

 

.