jessica

1) Zauważyłam w necie, że ta infekcja potrafi zniszczyć cały System, więc najpierw skopiuj na pendrive'a wszystkie swoje najważniejsze dokumenty, obrazki, itp.

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego

3) Zrób nowe logi FRST.

przed skanem zaznacz: Shortcut, Additional.

jessi

Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [232448 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Action Center:

============

 

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

-----

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

-----

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Disabled. The default start type is Auto.

 

to nie jest do końca wyjaśnione.

z logów nie wynika, by te powyższe uszkodzenia zostały naprawione

jessi

Ok. 23 sierpnia wraca @Picasso, więc wtedy zgłoś swój temat w tym (lub podobnym, uaktualnionym) temacie: http://www.fixitpc.p...bez-odpowiedzi/
 

Właściwie @Picasso już jest, ale najpierw musi się zająć sprawami administracyjnymi, a dopiero potem zacznie pomagać; (wtorek-czwartek?)

jessi

Tylko kosmetyka:

Otwórz Notatnik i wklej w nim:

S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire\Buy LimeWire PRO.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire\LimeWire 4.18.8.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire\Uninstall.lnk
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
EmptyTemp:

Potem chyba możemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

jessi
 

Otwórz Notatnik i wklej w nim:

CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0086C339-9C0E-4C09-9A2F-FF3D19A44A18}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{067B4B81-B1EC-489F-B111-940EBDC44EBE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{08A99E2F-6D6D-4B80-AF5A-BAF2BCBE4CB9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{203B1EED-DB9F-40FB-87BD-1990982017D2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{25BAAD81-3560-11D3-8471-00C04F79DBC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{280A3020-86CF-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{2EEB4ADF-4578-4D10-BCA7-BB955F56320A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{32BAED44-34B5-11D3-9315-00C04F72D6CF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{470659C0-0C62-4D38-BE62-4243FDE65788}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{47F959F3-F578-473E-AE86-1080B1A3D676}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{566A2EFF-5651-4020-AC1A-EB48E4571EA3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{5C140836-43DE-11D3-847D-00C04F79DBC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{623E2882-FC0E-11D1-9A77-0000F8756A10}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{70F598E9-F4AB-495A-99E2-A7C4D3D89ABF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{728A21C5-3D9E-48D7-9810-864848F0F404}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{777D0CFF-0375-43B9-8532-FB04A4903593}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{82D353DF-90BD-4382-8BC2-3F6192B76E34}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{A7DD2151-A645-409A-9B39-DF146D710E72}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{A888DF60-1E90-11CF-AC98-00AA004C0FA9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{AD763FA6-3B90-41AB-BD44-4F832BEEE55F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{C6365470-F667-11D1-9067-00C04FD9189D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{dc67367a-8b15-47bc-b7f8-0ba0435a504a}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSNCON32.DLL No File
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{dcedfcbf-c7d1-4b81-a20f-7524d306135e}\InprocServer32 -> C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSNCON32.DLL No File
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{DE2D022D-2480-43BE-97F0-D1FA2CF98F4F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{FB74F625-7D25-4455-B840-7B870B5B9322}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1445831302-2848165502-626848564-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> no filepath
HKU\S-1-5-21-1445831302-2848165502-626848564-1000\Software\Classes\.exe:  =>  <===== ATTENTION
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1445831302-2848165502-626848564-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1445831302-2848165502-626848564-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=190712_n_mont_3012_8&babsrc=SP_ss&mntrId=58810bed00000000000000225f31f205
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-1445831302-2848165502-626848564-1000 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-1445831302-2848165502-626848564-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1445831302-2848165502-626848564-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1445831302-2848165502-626848564-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
EmptyTemp:

jessi

1) Spróbuj odinstalować te programy:

DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.1.8.0285 - DT Soft Ltd) <==== ATTENTION
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION  (jest ukryty!)
istartsurf uninstall (HKLM\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
Shopper-Pro (HKLM\...\ShopperPro) (Version:  - ) <==== ATTENTION

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego .

3) Zrób nowe logi FRST.

jessi
 

1) Teraz ten program jest już widoczny, więc spróbuj go odinstalować:

globalupdate Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) <==== ATTENTION

2) Wejdź w Tryb Awaryjny (F8 przed startem Systemu)

3) Otwórz Notatnik i wklej w nim:

R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCRTP.exe [297608 2015-08-04] (Tencent)
R3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TAOFrame.exe [293728 2015-08-04] (Tencent)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys
C:\Windows\System32\Drivers\TAOKernel.sys
C:\Windows\system32\Drivers\TAOAccelerator.sys
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
2015-08-04 10:06 - 2015-08-04 10:06 - 00481632 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\sqlite.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00100704 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\tinyxml.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00088416 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\zlib.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00203104 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQFileFlt.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00063840 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00051552 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-08-04 10:51 - 2015-04-17 12:02 - 00018784 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\oDayProtect.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00137568 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\libexpatw.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00092184 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\xGraphic32.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00342040 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\arkGraphic.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00045920 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\jgImage.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00158048 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\libpng.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00285024 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\libjpegturbo.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00014176 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\jgIOStub.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00194912 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\xImage.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00076128 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\MemDefrag.dll
2015-08-04 10:06 - 2015-08-04 10:06 - 00268640 _____ () C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\plugins\StartupMgr\SoftMon.dll
C:\Program Files\Tencent
C:\Program Files\Common Files\Tencent
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCTRAY.EXE
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMIEProtect.sys
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMUdisk.sys
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQSysMon.sys
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys
R3 TS888; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TS888.sys
R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\tscpm.sys
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSKsp.sys
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSSysKit.sys
C:\Windows\System32\drivers\TsFltMgr.sys
C:\Windows\System32\DRIVERS\TSDefenseBt.sys
C:\Users\Alex\AppData\Roaming\Tencent
C:\ProgramData\TXQMPC
C:\Windows\system32\Drivers\TS888.sys
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingBuster\Uninstall PingBuster.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\Website.lnk
EmptyTemp:

3) Zrób nowe logi FRST.

jessi

mogę zaradzić jakoś rozsyłania tego typu wiadomości?

 

Nic mi nie przychodzi do głowy, jak można by to powstrzymać.

jessi

PUP.Optional.MiniLite.A, C:\Program Files (x86)\MiniLite\msvcp110.dll, Dodano do kwarantanny,

 

A ja nawet nie zwróciłabym uwagi na ten program!

Coraz trudniej odróżnić, co jest dobre, a co złe.

jessi

# Option : Scan

 

Czy Adw-Cleaner usuwał to, co wykrył?

jessi

Tylko kosmetyka:

Otwórz Notatnik i wklej w nim:

Task: {650C3C79-3C88-4897-9A42-DB07B22EC7B8} - System32\Tasks\{408B472F-4C0F-41ED-A0A7-F38CB7CD3FF6} => pcalua.exe -a "D:\Program Files (x86)\Uninstall.exe"
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

Ok. 23 sierpnia wraca @Picasso, więc wtedy zgłoś swój temat w tym (lub podobnym, uaktualnionym) temacie: http://www.fixitpc.p...bez-odpowiedzi/

jessi

Otwórz Notatnik i wklej w nim:

globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {30C9548A-C60A-4163-B16C-89A50BFBE8CB} - System32\Tasks\{03A73401-C37E-47D4-B23E-10649EC2320F} => pcalua.exe -a C:\Users\Alex\Desktop\Free-Hide-IP-31946-dp.cpl
C:\Program Files\Tencent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
FirewallRules: [{800653E1-976C-4142-A78A-82F3B58FBA3A}] => (Allow) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{40F4F7D0-2CC3-42F8-BD80-8F71C1A813AD}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{4577B067-4086-43D8-88CA-3FB2760113D3}] => (Allow) C:\Users\Alex\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{1A0A720B-C4AB-452F-98B0-329F9288E9CA}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{631FCF0C-F113-4CFD-986B-9D8891A2911B}] => (Allow) C:\Users\Alex\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{055042BE-2CF8-4A95-8A87-5EA3D9937747}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{03AE2896-5C6C-474B-8B99-C83C4CFE63A2}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8FB0E168-641C-4617-9C0A-673DBD57661F}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{F6AAA8D2-41A9-4117-A5F4-8EF5349ECA21}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{664E7E89-0EF6-40A0-86AA-51C053754862}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{D4A10035-B301-4BED-9042-AEC4965256D0}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{F139E77A-F32E-41A3-BEC6-47BB3C3F344B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCmgrInstallGuide.exe
FirewallRules: [{62691E92-8086-40FA-AD76-03AEBC35C5EF}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCTray.exe
FirewallRules: [{70BCCEF4-71FC-4F90-9E82-CBD977A48451}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCMgr.exe
FirewallRules: [{F499B39D-2546-429B-B357-B88E26AD015D}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCRTP.exe
FirewallRules: [{FC002D19-7990-4AAE-A916-E97102B01599}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMDL.exe
FirewallRules: [{51C3123B-E961-4AFC-AC7E-F17C33DF14EC}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\bugreport.exe
FirewallRules: [{0B51FE3A-C397-4017-9129-1A2B1A67DC3B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCFileOpen.exe
FirewallRules: [{58B52E3C-AA31-49E0-B7D9-72D0F9DE4DF6}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCLeakScan.exe
FirewallRules: [{375331D8-4BD0-4560-901D-221BC53987B7}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPConfig.exe
FirewallRules: [{CC4A8E5A-975C-415B-AD5E-A3FB408A172A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCSoftMgr.exe
FirewallRules: [{9425F280-F406-40A8-B4B7-940B19905DA9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{8A78900E-2826-4E25-A70C-6C19FBC59FF2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCBTU.exe
FirewallRules: [{2492D291-2EEE-4BC8-B1E7-29AC01AE3780}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCClinic.exe
FirewallRules: [{82FFA897-6A48-436B-BE1B-C74A32E0A7FD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCLaunch.exe
FirewallRules: [{AF2CFEEE-443B-4163-BDB0-20E811102790}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{5EE688A8-7C1F-44AE-BA55-8A49512D91FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCSoftGame.exe
FirewallRules: [{257BA39A-E784-40EE-A826-3DD3420A5DF3}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCSysOptimize.exe
FirewallRules: [{BCA73291-080D-4512-AB86-06EFF7741693}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCUpdateAVLib.exe
FirewallRules: [{F683808F-6743-42D5-9B83-0EFBD26C5931}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQRepair.exe
FirewallRules: [{5B3E9BAE-31D7-49E0-A1B0-713F5456264C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\Uninst.exe
FirewallRules: [{D2938B5D-5689-4DA1-9C45-D05623BDBFBC}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCPatch.exe
FirewallRules: [{3CDC6CC4-153E-4F2C-85BF-ABDDB1CB5BEE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TpkUpdate.exe
FirewallRules: [{601B4058-54B4-4546-8D76-AA986BED2B7F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMRouterMgr.exe
FirewallRules: [{CED259AB-63EF-4DD2-9E45-B576BB02E894}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMAccountProtection.exe
FirewallRules: [{DEE28A60-53A4-45A9-96BF-D2950F853194}] => (Allow) C:\Program Files\Rising\RAV\ravmond.exe
FirewallRules: [{6B459F86-D596-41FA-B454-D27A56F5D01B}] => (Allow) C:\Program Files\Rising\RAV\ravmond.exe
FirewallRules: [{0518D1DC-DB58-4ADD-BFFB-2713967D7CC2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{4F3BF249-3CC9-490B-9D5F-C7A5B0568C42}] => (Allow) C:\Users\Alex\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{D4F2BE7A-A9E3-49E2-B420-36660E6A7EF4}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{26F6731A-7BDB-4709-9669-33B9C413B718}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{037E09EE-1361-4C17-9B5D-7419FAC25D63}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{DF4E3DC2-4F2C-4E91-8E5C-4A6C2F2AF80C}] => (Allow) C:\Users\Alex\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{19D9FFD1-C32C-4A1E-9782-A0B2B01489CE}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe
FirewallRules: [{C112BF2C-988C-4C3E-BD76-DF9257A1466B}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{94661AB8-095B-4D5B-BF8E-C89776C7480C}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
C:\Program Files\Common Files\Tencent
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCTray.exe [355296 2015-08-04] (Tencent)
HKLM\...\Run: [RavTRAY] => "C:\Program Files\Rising\RAV\RSTRAY.EXE" -system
C:\Program Files\Rising
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMGCShellExt.dll [2015-08-04] (Tencent)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98388105_hao_pg
HKU\S-1-5-21-3050552178-2778190213-2786081387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98388105_hao_pg
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQPCRTP.exe [297608 2015-08-04] (Tencent)
R3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TAOFrame.exe [293728 2015-08-04] (Tencent)
S2 RsMgrSvc; "C:\Program Files\Rising\RSD\RsMgrSvc.exe" [X]
S2 RsRavMon; "C:\Program Files\Rising\RAV\ravmond.exe" [X]
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [32568 2015-08-04] (Beijing Rising Information Technology Co., Ltd.)
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMIEProtect.sys [49976 2015-08-18] ()
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QMUdisk.sys [59872 2015-04-17] (Tencent)
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\QQSysMon.sys [108344 2015-08-04] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [77016 2015-08-04] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2015-08-04] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [149944 2015-08-04] (电脑管家)
R3 TS888; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TS888.sys [30392 2015-08-20] (Tencent)
R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\tscpm.sys [43448 2015-08-04] (电脑管家)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2015-08-04] (Tencent)
R5 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128120 2015-08-04] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSKsp.sys [204312 2015-08-04] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.7.16066.216\TSSysKit.sys [101560 2015-08-04] (电脑管家)
S5 sysmon; system32\DRIVERS\sysmon.sys [X]
C:\Windows\System32\drivers\TsFltMgr.sys
C:\Windows\System32\DRIVERS\TSDefenseBt.sys
C:\Windows\System32\Drivers\TFsFlt.sys
C:\Windows\System32\Drivers\TAOKernel.sys
C:\Windows\system32\Drivers\TAOAccelerator.sys
C:\Windows\system32\drivers\hvm.sys
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
C:\Users\Alex\AppData\Roaming\Tencent
C:\ProgramData\Tencent
C:\ProgramData\TXQMPC
C:\Users\Alex\AppData\Local\SysassistByHotWheel
C:\ProgramData\aWinManProa
C:\ProgramData\2WinManPro2
C:\ProgramData\lWinManProl
C:\ProgramData\JWinManProJ
C:\Users\Alex\AppData\Local\Crossbrowse
C:\Users\Alex\AppData\Roaming\X82FxyOAlfq82FaPhMv
EmptyTemp:

Zrób nowe logi FRST.

jessi

C:\Program Files\igfx32\igfx32.exe

 

Dziwny program.

Sprawdź ten plik na --> JOTTI/ albo na VIRUSTOTAL

--------------------

S2 downlpadrkdownilad; C:\Users\Witold\AppData\Local\Sanlatron.exe [47616 2015-08-21] () [File not signed]

R2 igfx32; C:\Program Files\igfx32\igfx32.exe [379904 2015-08-19] () [File not signed]

R2 jimocoso; C:\Program Files (x86)\03000200-1440157265-0500-0006-000700080009\jnsvD5A0.tmp [227328 2015-08-21] () [File not signed]

R2 wytocuke; C:\Program Files (x86)\03000200-1440157265-0500-0006-000700080009\hnskECF3.tmp [137728 2015-08-21] () [File not signed]

S2 gopibeko; C:\Users\Witold\AppData\Local\03000200-1440164511-0500-0006-000700080009\snsg48B0.tmp [X]

R2 zoliruwy; C:\Program Files (x86)\03000200-1440157265-0500-0006-000700080009\knstAB3E.tmpfs [X]

 

Piszesz o skanowaniu przy pomocy MBAM - czy usuwał te powyższe?

jessi

Zauważyłem że wszędzie muszę się logować, ciasteczka poszły?

 

To bardzo prawdopodobne, że jest to efekt usuwania przy pomocy FRST, bo komenda EmptyTemp: usuwa pliki tymczasowe przeglądarek.

jessi

trojana (o ile jest to możliwe by ten siedział w Panda Toolbar).

Toolbar może być wykrywany jako "zły", ale w tym przypadku nie traktuj tego wykrycia jako warte uwagi - SpyHunter to nie jest program zaufany, wręcz przeciwnie, zalecane jest jego usuwanie.

zaraz przejrzę nowe logi ...

W nowych logach nie widzę niczego podejrzanego.

A z resztkami Jungle Netu?

 

Prawdopodobnie już ich nie ma, w każdym bądź razie nie widać ich w logach.

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST.

jessi

Otwórz Notatnik i wklej w nim:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1440029249-468090960-2193579702-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 cpuz137; \??\C:\Users\POLOWI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Polowicer\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\Polowicer\AppData\Local\Ok-SendMail-Bron-tok
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT\Ocbase.com.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband\Mount&Blade Warband.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband\Uninstall.lnk
C:\Users\Polowicer\Desktop\Programy\Alcohol 120%.lnk
C:\Users\Polowicer\Desktop\Programy\VirtualDJ Home FREE.lnk
CMD: netsh advfirewall reset
EmptyTemp:

----------------

wylatuje mi ciągle BlueScreen

 

Ok. 23 sierpnia wraca @Picasso, więc wtedy zgłoś swój temat w tym (lub podobnym, uaktualnionym) temacie: http://www.fixitpc.p...bez-odpowiedzi/

by przesunęła temat do odpowiedniego działu forum

jessi

Otwórz Notatnik i wklej w nim:

C:\Users\Józek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wanderburst-a.akamaihd.net_0.localstorage
C:\Users\Józek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wanderburst-a.akamaihd.net_0.localstorage-journal  
FF Extension: Wander Burst - C:\Users\Józek\AppData\Roaming\Mozilla\Firefox\Profiles\2q30qrku.default\Extensions\{08bb51e3-c574-4084-ba55-644318a4596c}.xpi [2015-08-17]
EmptyTemp:

Jeśli  problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.

jessi

3) Zrób nowe logi FRST.

 

miały być logi, a nie log.

uzupełnij to

jessi

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

2) Otwórz Notatnik i wklej w nim:

HKU\S-1-5-21-3416873059-519134790-2141062635-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
AppInit_DLLs-x32: C:\ProgramData\Tristip\jchwrrlp.dll => C:\ProgramData\Tristip\jchwrrlp.dll [119808 2015-08-19] ()
C:\ProgramData\Tristip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3416873059-519134790-2141062635-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3416873059-519134790-2141062635-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3416873059-519134790-2141062635-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S2 Tristip; C:\ProgramData\Tristip\Tristip [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
C:\Users\user\Downloads\SpyHunter-Installer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu\Gadu-Gadu.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu\StrongGG.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu\Usuń StrongGG.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frets on Fire\Frets on Fire.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frets on Fire\Readme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frets on Fire\Uninstall Frets on Fire.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Drumsite Help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Drumsite.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Uninstall Drumsite 1.3.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Tutorial\Advanced.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Tutorial\Advanced2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Tutorial\Basic.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Tutorial\Creative.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drumsite\Tutorial\Patterns.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Lord of Destruction Czytaj to.lnk
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowe logi FRST.

4) Napisz, czy poprawiło to sytuację?

jessi

Tcpip\..\Interfaces\{D5595FDD-0588-4376-B040-7BBB9EB9591A}: [DhcpNameServer] 185.56.30.114 8.8.8.8

 

Holenderskie DNS - nie wiem, czy "dobre", czy "złe".

Jeśli używasz routera, to:

Zaloguj się do routera:

- Zmień ustawienia DNS. Jeśli nie wiesz na jakie, możesz ustawić adresy Google: 8.8.8.8 + 8.8.4.4

- Zabezpiecz router: zmień hasło oraz zamknij dostęp do panelu zarządzania od strony Internetu. Porównaj z tymi artykułami:

http://multimo.telestrada.pl/uwaga1

http://www.pcworld.pl/artykuly/394764_3/Zmasowany.atak.na.routery.polskich.uzytkownikow.Orange.blokuje.falszywe.DNS.y.html

Po konfiguracji uruchom ten test mający potwierdzić zabezpieczenie:

http://cert.orange.pl/modemscan/

Otwórz Notatnik i wklej w nim:

c:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix

jessi

OK, teraz pozostaje czekanie na @Picasso, skoro nie masz infekcji.

jessi

Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter4_is1" /f
BootExecute: autocheck autochk * sh4native Sh4Removal
URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
C:\Windows\Minidump\*.dmp
C:\Users\user\Downloads\sh-remover.exe
C:\spyhunter.fix
C:\Windows\SysWOW64\sh4native.exe
C:\Users\user\Desktop\SpyHunter4.lnk
C:\Windows\Tasks\GKOu5KI8J0Fu65ilvAMpBHle.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4\Deinstalacja programu SpyHunter4.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4\SpyHunter4.lnk
C:\Program Files\Enigma Software Group
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Gothic\Gothic.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Gothic\Uninstall Gothic.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Gothic\Documents\Manual.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Gothic\Documents\Readme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Deinstalacja programu Gameforge Live.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk
C:\Users\user\Desktop\KMSpico Final.lnk
C:\Users\user\Desktop\SpyHunter4.lnk
C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{3EF97878-407F-4E73-930E-414D716469F7}\PlayTasks\2\Manual.lnk
C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{3EF97878-407F-4E73-930E-414D716469F7}\PlayTasks\1\Readme.lnk
C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{3EF97878-407F-4E73-930E-414D716469F7}\PlayTasks\0\Play.lnk
EmptyTemp:

Uaktualnij Javę, wg https://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizuj%C4%85ce-temat/?do=findComment&comment=43590

Napisz, czy problem reklam znikł?

jessi

1)Otwórz Notatnik i wklej w nim:

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
Task: {35123332-A65B-4018-8F39-B2E79C483C84} - System32\Tasks\{56383B7A-D56E-4459-873F-F123CC326996} => pcalua.exe -a C:\Users\Daniel\Desktop\hidusbf\DRIVER\Setup.exe -d C:\Users\Daniel\Desktop\hidusbf\DRIVER
Task: {4E544E05-FB72-4921-996F-7713BC11310C} - System32\Tasks\{44584DE2-435F-4FBA-845A-E1CAC8AADBC0} => pcalua.exe -a C:\Users\Daniel\Desktop\dirm_HIDUSB_dseo13b\Setup.exe -d C:\Users\Daniel\Desktop\dirm_HIDUSB_dseo13b
Task: {609C04DC-DA84-44B6-A985-585FEF5FB0FF} - System32\Tasks\suv1f7deU4Gv3h8ZwUSFjdH => C:\Users\Daniel\AppData\Roaming\suv1f7deU4Gv3h8ZwUSFjdH.exe [2015-04-20] () <==== ATTENTION
Task: {8B25B2BA-FBE4-4AE2-AA40-B089A18B227B} - System32\Tasks\winyhg => C:\Users\Daniel\AppData\Roaming\winyhg.exe [2015-08-20] () <==== ATTENTION
C:\Users\Daniel\AppData\Roaming\winyhg.exe
C:\Users\Daniel\AppData\Roaming\suv1f7deU4Gv3h8ZwUSFjdH.exe
HKU\S-1-5-21-1964153532-139224943-451156895-1000\...\Run: [AdobeBridge] => [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2015-08-20 14:06 - 2015-08-20 14:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\Crossbrowse
2015-08-20 14:02 - 2015-08-20 14:02 - 00584704 _____ C:\Users\Daniel\AppData\Roaming\winyhg.exe
2015-08-20 14:02 - 2015-08-20 14:02 - 00003214 _____ C:\Windows\System32\Tasks\winyhg
2015-08-20 14:02 - 2015-08-20 14:02 - 00000103 ___SH C:\Users\Daniel\AppData\Roaming\winyhg.bat
2015-08-20 14:02 - 2015-08-20 14:02 - 00000016 ___SH C:\Users\Daniel\AppData\Roaming\useridafile
2015-08-20 13:28 - 2015-08-20 13:44 - 00001022 _____ C:\Windows\Tasks\suv1f7deU4Gv3h8ZwUSFjdH.job
2015-08-20 13:28 - 2015-08-20 13:28 - 00004046 _____ C:\Windows\System32\Tasks\suv1f7deU4Gv3h8ZwUSFjdH
2015-08-20 13:28 - 2015-08-20 13:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashRpt
2015-08-20 13:27 - 2015-08-20 13:29 - 00000000 ____D C:\ProgramData\update
2015-08-20 13:27 - 2015-08-20 13:28 - 00000000 ____D C:\ProgramData\DWinManProD
C:\Users\Daniel\AppData\Roaming\suv1f7deU4Gv3h8ZwUSFjdH
C:\Users\Daniel\AppData\Roaming\Microsoft\Office\Niedawny\bibliografia Andzia.docx.LNK
C:\Users\Daniel\AppData\Roaming\Microsoft\Office\Niedawny\bibliografia Klaudia.docx.LNK
C:\Users\Daniel\AppData\Roaming\Microsoft\Office\Niedawny\KLAUDIA KIELAK- BIBLIOGRAFIA.docx.LNK
C:\Users\Daniel\AppData\Roaming\Microsoft\Office\Niedawny\KONSPEKT.docx.LNK
C:\Users\Daniel\AppData\Roaming\Microsoft\Office\Niedawny\MNIEJSZOSCI NARODOWE.doc.LNK
EmptyTemp:

jessi

SpyHunter4 wersja 4.18.9.4384 (HKLM\...\SpyHunter4_is1) (Version: 4.18.9.4384 - )

To nie jest zaufany program.

Odinstaluj, ale w ten sposób:

kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>Spy Hunter>>Unnistal)

wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.

Tylko pobieżnie przejrzałam logi, bo muszę się zająć swoimi sprawami.

Na razie:

Otwórz Notatnik i wklej w nim:

Task: {525ACBC8-C212-456E-846F-D382EB22C216} - System32\Tasks\GKOu5KI8J0Fu65ilvAMpBHle => C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle.exe <==== ATTENTION

2015-04-19 14:20 - 2015-08-20 09:36 - 0000626 _____ () C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle

Task: {539CBE3B-812B-4413-90B5-C4DD482C5674} - \AutoPico Daily Restart -> No File <==== ATTENTION

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f

C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle.exe

C:\Users\user\Downloads\DAEMON-Tools-Lite-12708-dp.zip

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-01-30] (Enigma Software Group USA, LLC.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()

C:\Program Files\Enigma Software Group

C:\Windows\System32\DRIVERS\EsgScanner.sys

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)

CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>

CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

Zrób nowe logi FRST.

jessi

(Java!)

W logach nie widzę żadnej infekcji.

Kosmetyka:

Otwórz Notatnik i wklej w nim:

Task: {23D4EFF5-D749-46E6-9EF4-157D572E4C38} - System32\Tasks\{1E92400A-FD75-44A6-9D28-C5A63AC7A322} => pcalua.exe -a F:\Patch\imperialglory_vnnn_v11.exe -d F:\Patch
Task: {69733A13-6193-4AE4-B3D6-36DDB219C2A8} - System32\Tasks\{321E83A8-54D9-4643-817C-9F9B584567D8} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Task: {6B87A02A-9E68-48CD-8D56-0FFB39FE7C0B} - System32\Tasks\{08E0FBD4-B80B-4D2E-BBA9-D60B93CDB1C7} => pcalua.exe -a C:\Users\Studion\Desktop\sp52814.exe -d C:\Users\Studion\Desktop
Task: {8CFC6B1C-BF32-4996-85D4-B87A9C8EE00D} - System32\Tasks\{E7F4CE25-8B6B-41D1-A637-572664741AFA} => pcalua.exe -a E:\start.exe -d E:\
Task: {BAE372AD-4223-462C-A1B0-C8AEB06765EE} - System32\Tasks\{7D01DC76-428C-4B39-9694-A6D238CB4D2E} => pcalua.exe -a C:\Users\Studion\Desktop\sp52814(1).exe -d C:\Users\Studion\Desktop
HKU\S-1-5-21-3258366015-1162477691-122715158-1000\...\Run: [] => [X]
HKU\S-1-5-21-3258366015-1162477691-122715158-1000\...\Run: [AdobeBridge] => [X]
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" /f
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
R3 cpuz136; \??\C:\Users\Studion\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires III\Age of Empires III w sieci.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires III\Age of Empires III.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires III\Czytaj to.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires III\Ensemble Studios w sieci.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!\Compare It!.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!\Help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMX Mod X\AMXx Studio.lnk
EmptyTemp:

----------

ok. 23 sierpnia wraca @Picasso, więc wtedy zgłoś swój temat w tym (lub podobnym, uaktualnionym) temacie: http://www.fixitpc.p...bez-odpowiedzi/

jessi