Nie można zainstalować antywirusa, informacja o trojanie

munirowata22 · 27 Czerwca 2015

Cześć,

od pewnego czasu nie miałam aktywnego antywirusa, dlatego postanowiłam się tym zająć i pojawiły się problemy z instalacją lub działaniem antywirusów:

-NOD - nie można zainstalować, pojawia się komunikat o możliwym blokowaniu przez złośliwe oprogramowanie

-AVAST- zainstalowany, ale nie skanuje w żadnym trybie

-AVG- nie można zainstalować.

Dodatkowo po przekopiowaniu plików na pendriva i włożeniu do chronionych komputerów pojawia się informacja o trojanie.

Przy tworzeniu logów nie ma problemów przy FRST, natomiast za każdym razem jak skanuje tym GMER po jakiejś godzinie restartuje mi się komputer, nie wiem z jakiej przyczyny i dlatego tego raportu nie dołączam na razie do tego posta.

Nie wiem co robić dalej, dlatego proszę o pomoc

Addition.txt

FRST.txt

Shortcut.txt

jessica · 28 Czerwca 2015

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

2) Odinstaluj

Ask Toolbar Updater (HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION

3) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

4) Otwórz Notatnik i wklej w nim:

R2 VSSS; C:\Users\Daria\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105859264 2015-06-25] (Microsoft Corporation) [File not signed]
C:\Users\Daria\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msficnbd.exe <===== ATTENTION
HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
Toolbar: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630081
C:\Program Files\2H8N7MDT.exe
C:\ProgramData\msficnbd.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST.

Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).

jessi

munirowata22 · 28 Czerwca 2015

Wykonałam wszystko zgodnie z zaleceniami, poniżej logi i raporty.

Dziękuję bardzo za pomoc!

jessica · 28 Czerwca 2015

1) Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
  00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
  72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
  69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
  00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
  20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
  00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >> > z prawokliku Scal

2) Adw-Cleaner: najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

3) Otwórz Notatnik i wklej w nim:

HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109220&tl=280113_9107&tt=280113_9107&babsrc=SP_ss&mntrId=e8642215000000000000b888e34d0eaf
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {C5B49038-413F-45C5-B5FA-E114C9720D5B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=B1ACDA15-4953-4A96-BE87-FDA8AFBD0251&apn_sauid=0DA6AB2E-0285-4CF5-895C-7917C194895A
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQUBSWRqK&i=26
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO-x32: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> No File
FF SearchPlugin: C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\searchplugins\askcom.xml [2013-02-08]
FF SearchPlugin: C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\searchplugins\babylon1.xml [2013-01-29]
FF Extension: incredibar.com - C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\Extensions\ffxtlbr@incredibar.com [2013-01-02]
FF Extension: 800E462367584665B2DE84048EC35A51 - C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\Extensions\{800E4623-6758-4665-B2DE-84048EC35A51} [2014-09-05]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
Task: {0389844C-763A-4F3F-B60F-817A03AF610B} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-4 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-4.exe <==== ATTENTION
Task: {1B4F355E-1FB2-4286-B7A0-9EB6B92A74F8} - System32\Tasks\a52b1416-2932-4a36-994b-b91909531fea => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: {1C66E70A-DE86-43E0-A92D-6BAE357E7F1B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{08DD05A7-7648-4488-8E68-06EB48B7496B}.exe
C:\Program Files (x86)\Object Browser
Task: {2EF3E322-3B1E-49CF-9636-BF388CF9114B} - System32\Tasks\{E4F9C3DA-4CCB-47CD-9F7D-0607F3E52692} => pcalua.exe -a "C:\Program Files (x86)\Object Browser\Uninstall.exe" -c /fromcontrolpanel=1
Task: {479D18CA-BA2B-4638-98DA-A9C74061DB84} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-2 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-2.exe <==== ATTENTION
Task: {4ABB4634-9DEA-4479-B522-5BB74B893DDB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1153746196-1546038390-1762079413-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {518F2DBA-0EA8-4FF3-A2B0-5FD6D00DBDF0} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-3 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-3.exe <==== ATTENTION
Task: {52CA9910-E230-455E-862D-27A00172224A} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-5 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-5.exe <==== ATTENTION
Task: {8D16EE62-C2CD-4F52-A830-AC81B6E35A32} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-1 => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe <==== ATTENTION
Task: {9DCD5510-66B6-4743-A4A5-D38AF1A09A9C} - System32\Tasks\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4 => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: {C55A5034-9E15-498E-B14E-FE29D5CB319B} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F4A6B38E-3974-4252-904A-A4726B91D4F1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{8B75DCDE-5CA4-4EBF-BDB0-14BFFA066991}.exe
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-1.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exeF/reinstallapp /runfrom=task /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /codedownloaddomain=http:/js.clientdataservice.com /defbro=ch /allusers /autoupdateulr='http:/update.clientdataservice.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-2.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-2.exe/enablebho /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /bhoguid=11111111-1111-1111-1111-110311281150 /defbro=ch /allusers /autoupdateulr='http:/update.clientdataservice.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-3.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-4.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-4.exeă/installxpi /agentregpath='Object Browser' /extensionfilepath C:\Program Files (x86)\Object Browser\32850.xpi' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /waitforbrowser=300 /extensionid=9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com /extensionversion=0.94 /prefsbranch=a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/32850.rdf /extensionname='Object Browser' /extensiondesc='Browser enhancer' /publishername='Object Browser' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.clientdataservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-5.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-5.exei/runupdater /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.clientdataservice.com /updaterversion=2 /monetizationdomain=http:/stats.mstatsserv.com /autoupdateulr='http:/update.clientdataservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.job => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe–/installxpi /agentregpath='TheFreeHD-Sport TV V10' /extensionfilepath C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5.xpi' /appid=63319 /srcid='001822' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409587655 /statsdomain=http:/stats.loadclientinputsrv.com /errorsdomain=http:/errors.loadclientinputsrv.com /waitforbrowser=300 /extensionid=PLEWM61628944@WIIQRX30104349.com /extensionversion=0.95 /prefsbranch=aPLEWM61628944WIIQRX30104349com63319 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/63319.rdf /extensionname='TheFreeHD-Sport TV V10' /extensiondesc='Turn your pc into a TV! Enjoy endless variety of worldwide sports, movies and news channels.' /publishername='tab' /defbro=ch /sid=S-1-5-21-1153746196-1546038390-1762079413-1000 /addinfojson='{asw:[8192, -1610612735, 536871936],browser_name:__BROWSER_NAME__}' /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.loadclientinputsrv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\a52b1416-2932-4a36-994b-b91909531fea.job => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{8B75DCDE-5CA4-4EBF-BDB0-14BFFA066991}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{08DD05A7-7648-4488-8E68-06EB48B7496B}.exe <==== ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Program Files (x86)\Mobogenie
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

4) Zrób nowy log zFSS

5)Zrób nowe logi z FRST.

jessi

munirowata22 · 29 Czerwca 2015

Po wykonaniu pierwszego kroku wyskakuje mi błąd:

"Nie można zaimportować C:\Users\Daria\Desktop\fix.reg: nie wszystkie dane zostały pomyślnie zapisane w rejestrze. Niektóre klucze są otwarte przez system lub inne procesy"

jessica · 29 Czerwca 2015

Po wykonaniu pierwszego kroku wyskakuje mi błąd:

"Nie można zaimportować C:\Users\Daria\Desktop\fix.reg: nie wszystkie dane zostały pomyślnie zapisane w rejestrze. Niektóre klucze są otwarte przez system lub inne procesy"

wykonaj następne zalecenia, potem zobaczymy, co się zmieniło, a co nie

jessi

munirowata22 · 29 Czerwca 2015

Po wykonaniu skanu Adwcleanerem i restarcie komputera przed uruchomieniem systemu pojawił mi się na jakąś minutę czarny ekran, zmienił mi się wygląd Windowsa na szary, jak w starych systemach i dodatkowo w centrum sieci i udostępniania nie wykrywa mi żadnej sieci a każda próba połączenia kończy się niepowodzeniem. ("uruchomienie usługi zależności lub grupy nie powiodło się" przy próbie włączenia usług internetowych).

Resztę zrobiłam zgodnie z planem. Załączam wszystkie logi.

picasso · 29 Czerwca 2015

jessika

Post usuwam. Zaznaczasz że w msconfig wyłączona mnogość usług, przy czym zalecasz do włączenia tylko dwie (via services.msc) i jednocześnie usuwasz klucze msconfig (ich usunięcie spowoduje, że nie będzie się dało zastosować msconfig do odkręcenia akcji). Skoro msconfig został użyty do ich wyłączenia, to msconfig się stosuje by to odwrócić.

munirowata22

1. Start > w polu szukania wpisz msconfig > z prawokliku Uruchom jako Administrator > w karcie Usługi zaznacz wszystkie odznaczone i zresetuj komputer.

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: AppMgmt => 3

MSCONFIG\Services: aspnet_state => 3

MSCONFIG\Services: AudioEndpointBuilder => 2

MSCONFIG\Services: AudioSrv => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BFE => 2

MSCONFIG\Services: BITS => 3

MSCONFIG\Services: Browser => 3

MSCONFIG\Services: BrYNSvc => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: CertPropSvc => 3

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2

MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2

MSCONFIG\Services: COMSysApp => 3

MSCONFIG\Services: cphs => 3

MSCONFIG\Services: CryptSvc => 2

MSCONFIG\Services: CscService => 2

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: Dhcp => 2

MSCONFIG\Services: DiagTrack => 2

MSCONFIG\Services: Dnscache => 2

MSCONFIG\Services: dot3svc => 2

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: DsiWMIService => 2

MSCONFIG\Services: EapHost => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: ehRecvr => 3

MSCONFIG\Services: ehSched => 3

MSCONFIG\Services: ePowerSvc => 2

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 3

MSCONFIG\Services: FLEXnet Licensing Service 64 => 3

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hidserv => 3

MSCONFIG\Services: hkmsvc => 3

MSCONFIG\Services: HomeGroupListener => 3

MSCONFIG\Services: HomeGroupProvider => 3

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: idsvc => 3

MSCONFIG\Services: IEEtwCollectorService => 3

MSCONFIG\Services: IKEEXT => 2

MSCONFIG\Services: IPBusEnum => 2

MSCONFIG\Services: iphlpsvc => 2

MSCONFIG\Services: KeyIso => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LanmanServer => 2

MSCONFIG\Services: LanmanWorkstation => 2

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: lmhosts => 2

MSCONFIG\Services: Microsoft Office Groove Audit Service => 3

MSCONFIG\Services: mitsijm2014 => 2

MSCONFIG\Services: MMCSS => 2

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: msiserver => 3

MSCONFIG\Services: napagent => 3

MSCONFIG\Services: Netlogon => 3

MSCONFIG\Services: Netman => 3

MSCONFIG\Services: netprofm => 3

MSCONFIG\Services: NlaSvc => 2

MSCONFIG\Services: nsi => 2

MSCONFIG\Services: odserv => 3

MSCONFIG\Services: ose => 3

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PcaSvc => 2

MSCONFIG\Services: PeerDistSvc => 3

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: PolicyAgent => 3

MSCONFIG\Services: Power => 2

MSCONFIG\Services: ProtectedStorage => 3

MSCONFIG\Services: PSI_SVC_2_x64 => 2

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 3

MSCONFIG\Services: RemoteRegistry => 3

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: SamSs => 2

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SENS => 2

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: ShellHWDetection => 2

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: Spooler => 2

MSCONFIG\Services: sppuinotify => 3

MSCONFIG\Services: SSDPSRV => 2

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: stisvc => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TBS => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: Themes => 2

MSCONFIG\Services: THREADORDER => 3

MSCONFIG\Services: TrkWks => 2

MSCONFIG\Services: TrustedInstaller => 3

MSCONFIG\Services: UI0Detect => 3

MSCONFIG\Services: UmRdpService => 3

MSCONFIG\Services: upnphost => 2

MSCONFIG\Services: UxSms => 2

MSCONFIG\Services: VaultSvc => 3

MSCONFIG\Services: vds => 3

MSCONFIG\Services: VSS => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WatAdminSvc => 3

MSCONFIG\Services: wbengine => 3

MSCONFIG\Services: WbioSrvc => 3

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WcsPlugInService => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: WebClient => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WinHttpAutoProxySvc => 3

MSCONFIG\Services: Winmgmt => 2

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: Wlansvc => 2

MSCONFIG\Services: wltrysvc => 2

MSCONFIG\Services: wmiApSrv => 3

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: WPDBusEnum => 3

MSCONFIG\Services: wscsvc => 2

MSCONFIG\Services: WSearch => 2

MSCONFIG\Services: wuauserv => 2

MSCONFIG\Services: wudfsvc => 3

MSCONFIG\Services: WwanSvc => 3

2. Zrób nowy log FRST z opcji Scan - zaznacz ponownie pole Addition, by powstały dwa logi.

munirowata22 · 29 Czerwca 2015

Zrobiłam jak zaleciłaś. Problem z Internetem i wyglądem Windowsa zniknął.

Poniżej logi z FRST.

Addition.txt

FRST.txt

picasso · 29 Czerwca 2015

Kolejne poprawki na wpisy szczątkowe / puste (w tym po nieistniejącym Firefox i F-Secure) oraz zdefektowany sterownik SPTD zgłaszający błędy w Dzienniku:

System errors:
=============

Error: (06/29/2015 06:14:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:

sptd
 

Error: (06/29/2015 06:13:30 PM) (Source: sptd) (EventID: 4) (User: )

Description: Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Do wdrożenia:

1. Odinstaluj szczątek Windows Media Player Firefox Plugin.

2. Przywracanie systemu zostało wyłączone (prawdopodobnie przez infekcję):

==================== Restore Points ========================= 

ATTENTION: System Restore is disabled

Wejdź do konfiguracji Przywracania systemu: KLIK. Zaznacz Ochronę dla dysku C.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
DisableService: sptd
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-06-27] (ESET)
R1 FSES; C:\Windows\System32\drivers\fses.sys [44496 2009-11-26] (F-Secure Corporation)
Task: {2C9E5B6C-DBB5-4C30-AFD6-52E1E1BA201B} - System32\Tasks\{FEC07447-FECD-4798-BFDE-4D2B6E80C793} => pcalua.exe -a "E:\Windows98 Driver\setup.exe" -d "E:\Windows98 Driver"
Task: {2D2A657D-2E70-4DE8-BF27-573CEEF5B644} - System32\Tasks\{755C5001-591A-4CEE-A4AC-F7E29DB4206D} => pcalua.exe -a C:\Users\Daria\Desktop\Shockwave_Installer_Slim.exe -d C:\Users\Daria\Desktop
Task: {308B6619-5C77-4559-B4E8-1B8D79186A3A} - System32\Tasks\{66BF84A6-3F09-4409-B2E8-5D7A269E9046} => pcalua.exe -a "C:\Users\Daria\Desktop\Nowy folder\setup.EXE" -d "C:\Users\Daria\Desktop\Nowy folder"
Task: {3BB17040-A85C-4F9E-AB5B-7154AFCABD5B} - System32\Tasks\{A1ECF8DC-57BB-443F-A209-9C32471889B7} => pcalua.exe -a C:\Windows\IsUn0415.exe -c -f"C:\Program Files (x86)\SuperMemo UX\Courses\Angielski No Problem 3\Uninst.isu"
Task: {3E5DAED4-351E-4A47-BD9C-886032F672F0} - System32\Tasks\{BD7C3AB6-A836-4A01-A1D7-B7A0527AAE02} => C:\Program Files (x86)\MATLAB71\bin\win32\MATLAB.exe
Task: {671714E5-0553-4E26-A4E3-19BA007E7F96} - System32\Tasks\{EABC7668-1F5D-4634-8D15-C6CD379F2132} => pcalua.exe -a "C:\Program Files (x86)\MATLAB71\uninstall\uninstall.exe" -c C:\Program Files (x86)\MATLAB71\
Task: {6C1A83EB-7520-4462-BF12-A6C9444CC481} - System32\Tasks\{4FDA19A2-4C1B-4B01-9654-B1D0B1299F9A} => pcalua.exe -a C:\Users\Daria\Desktop\securew2_win.exe -d C:\Users\Daria\Desktop
Task: {6CA10C05-723B-47B8-9999-3BE55FFCF5E1} - System32\Tasks\{D61306E0-FB69-485C-AB01-4A38723CE090} => pcalua.exe -a "C:\Program Files (x86)\F-Secure\Uninstall\fsuninst.exe" -c /UninstRegKey:"F-Secure Anti-Virus"
Task: {B6563DD4-D281-4287-BC77-391C054A5035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1153746196-1546038390-1762079413-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Run: [iRNeroReboot] => "C:\Users\Daria\Desktop\Nero_BurningROM2015_setup-16.3c_trial.exe" /reboot="1"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Program Files\ESET
C:\ProgramData\AVAST Software
C:\ProgramData\ESET
C:\ProgramData\Temp
C:\Users\Daria\AppData\Local\cache
C:\Users\Daria\AppData\Local\Mozilla
C:\Users\Daria\AppData\Roaming\Mozilla
C:\Users\Daria\AppData\Roaming\TuneUp Software
C:\Users\Daria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
C:\Windows\system32\Drivers\ESETCleanersDriver.sys
C:\Windows\system32\Drivers\fses.sys
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure Manager" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure TNB" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-516" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader" /f
Reg: reg query HKLM\System\CurrentControlSet\Services\Eaphost\Methods /s
CMD: netsh advfirewall reset
CMD: type C:\Windows\system32\Drivers\etc\hosts

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Napraw uszkodzony specjalny skrót IE. W pasku eksploratora wklej poniższą ścieżkę i ENTER:

C:\Users\Daria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools

Prawoklik na zlokalizowany tam skrót Internet explorer (bez dodatków) > Właściwości > w polu Element docelowy po ścieżce "C:\Program Files\Internet Explorer\iexplore.exe" dopisz dwie spacje i -extoff

4. Wyczyść Dzienniki zdarzeń: Start > w polu szukania wpisz eventvwr.msc > z prawokliku Uruchom jako Administrator > rozwiń gałąź "Dzienniki systemu Windows" i z prawokliku opróżnij pod-gałęzie Aplikacja, SYSTEM. Zresetuj Windows.

5. Zrób nowy log FRST z opcji Scan - zaznacz Addition, ale nie Shortcut. Dołącz też plik fixlog.txt.

munirowata22 · 29 Czerwca 2015

Zrobione, dołączam logi.

Addition.txt

Fixlog.txt

FRST.txt

picasso · 29 Czerwca 2015

Prawie wszystko zrobione. Jedna z komend się nie wykonała (za późno poprawiłam literówkę). Kolejne poprawki. Otwórz Notatnik i wklej w nim:

Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\Methods /s
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 /s
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [845560 2012-09-21] (Duplex Secure Ltd.)
C:\Windows\System32\Drivers\sptd.sys
RemoveDirectory: C:\AdwCleaner
RemoveDirectory: C:\FRST\Quarantine

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Przedstaw wynikowy fixlog.txt.

munirowata22 · 29 Czerwca 2015

To ten log, o którym pisałaś.

Fixlog.txt

Zaloguj się

Nie można zainstalować antywirusa, informacja o trojanie

Rekomendowane odpowiedzi

munirowata22

Odnośnik do komentarza

jessica

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

jessica

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

jessica

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

picasso

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

picasso

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

picasso

Odnośnik do komentarza

munirowata22

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Zarejestruj nowe konto

Zaloguj się

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność