jessica

Pomógłby ktoś bo tracę cierpliwość  i mam chęć wyrzucić przez okno kompa

Niestety, @Picasso jest nadal chora.

A takich sprawach jak Twoja Ona jest niezastąpiona.

Gdyby była jakaś infekcja, to może ja potrafiłabym pomóc, ale w logach nie widzę niczego podejrzanego.

Odinstaluj:

AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.5.0.909 - AVG Technologies)

 

Kosmetyka:

Otwórz Notatnik i wklej w nim:

Task: {003A092E-AB59-4F97-A7DE-C1A80C79B5C5} - System32\Tasks\{F439EEEE-A60B-41A4-B9A6-E0B34DD667C1} => pcalua.exe -a E:\Install.exe -d E:\

Task: {06B0CB4B-B053-4939-82D7-353804016AB1} - System32\Tasks\{C12B1AA6-D443-4D14-9B79-AB9339FD01CD} => pcalua.exe -a "C:\Users\WT\Desktop\sonic\Sonic Stage 4.3\SonicStage\ss\English\setup.exe" -d "C:\Users\WT\Desktop\sonic\Sonic Stage 4.3\SonicStage\ss\English"

Task: {0B2DD20B-C77D-4BC5-94FA-3D54337FA3DC} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION

Task: {1DBB3068-5F29-489E-94C8-777C046C2696} - System32\Tasks\{E2F6E474-94A7-4248-9C37-3583B04EEEC1} => pcalua.exe -a F:\autorun.exe -d F:\

Task: {34992972-97DF-4575-BB5E-7F4CA896CE61} - System32\Tasks\{28F6EB7E-4F6C-4EF3-B501-BB54E02B7F56} => pcalua.exe -a "C:\Users\WT\Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7\Alcohol 120% 1.9.2 + Crack\Alcohol120_trial_1_9_2_1705.exe" -d "C:\Users\WT\Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7\Alcohol 120% 1.9.2 + Crack"

Task: {349F56F3-EDED-4F4F-8202-72846E9E63DC} - System32\Tasks\{5B5DDFB7-C0AE-443E-B9F0-F01C565CCC4E} => pcalua.exe -a C:\Users\WT\Downloads\MP3FMv2_ENG(1).exe -d C:\Users\WT\Downloads

Task: {42B473A1-C7A6-4E5B-A49A-4695C7AF6011} - System32\Tasks\{AF56A4FC-C0E8-467B-95C8-1C902D289F85} => pcalua.exe -a C:\Users\WT\Downloads\MP3FMv2_ENG.exe -d C:\Users\WT\Downloads

Task: {453C7EC1-E56C-44D3-8EAD-DB602D6AE95B} - System32\Tasks\{F925ACA1-1279-4E12-861E-269E62902FF7} => pcalua.exe -a F:\setup.exe -d F:\

Task: {52139341-8DEB-4B16-B99B-7E36472595D9} - System32\Tasks\{B55CB65F-EA69-4D34-B3A1-1649885CAD08} => pcalua.exe -a C:\Users\WT\Downloads\WindowsXPMode_pl-pl.exe -d C:\Users\WT\Downloads

Task: {59356572-1D8F-4A82-BA38-1C0749DD4188} - System32\Tasks\{3969430E-311E-43B0-87DF-A9ADDA45573D} => pcalua.exe -a C:\Users\WT\Downloads\burrrn_package.exe -d C:\Users\WT\Downloads

Task: {62D8E493-9CE4-496C-A8C7-DAF9371F4C77} - System32\Tasks\{88104500-054E-40AA-A5AF-2F5B86BA55DD} => pcalua.exe -a "D:\Programy\Solidworks\SolidWorks 2013 SP3.0 [32 Bits & 64 Bits][MULTi][WwW.LoKoTorrents.CoM]\SolidWorks 2013 SP3.0 [32 Bits & 64 Bits][MULTi][WwW.LoKoTorrents.CoM]\setup.exe" -d "D:\Programy\Solidworks\SolidWorks 2013 SP3.0 [32 Bits & 64 Bits][MULTi][WwW.LoKoTorrents.CoM]\SolidWorks 2013 SP3.0 [32 Bits & 64 Bits][MULTi][WwW.LoKoTorrents.CoM]"

Task: {643DC9F4-AE0F-4348-87CD-AF442B89BF13} - System32\Tasks\{F654BCF7-A664-4F90-8F4F-DE3873F54785} => pcalua.exe -a "C:\Users\WT\Desktop\SonicStage 4.3 US\SonicStage\ss\English\setup.exe" -d "C:\Users\WT\Desktop\SonicStage 4.3 US\SonicStage\ss\English"

Task: {69613BAB-A359-41F5-9165-67967A26F969} - System32\Tasks\{EBDA85C5-4BA2-45B4-9150-443C153859B9} => pcalua.exe -a C:\Users\WT\Downloads\sonicstage-4-3-01-es-en-win.exe -d C:\Users\WT\Downloads

Task: {6DDA1D7C-D3BD-412C-82DA-922EAA8920EB} - System32\Tasks\{8820EB60-ABCB-4E83-A037-2208CEEED0A6} => pcalua.exe -a C:\Users\WT\Desktop\sonic\MP3CONVERSIONTOOL.EXE -d C:\Users\WT\Desktop\sonic

Task: {7487493A-5776-4773-AB3D-8943EA6E3B5E} - System32\Tasks\{1F123D97-00B7-403D-8DC2-54B4A1B7D5C6} => pcalua.exe -a "D:\Programy\Nowy folder\promodel\Promod\PMSETUP.EXE" -d "D:\Programy\Nowy folder\promodel\Promod"

Task: {7C9BBE87-9110-4900-9EEB-C64C04907E68} - System32\Tasks\{93074F80-6C8C-4CA7-8AB3-E15B5457CA70} => pcalua.exe -a C:\Users\WT\Downloads\PA_Driver.exe -d C:\Users\WT\Downloads

Task: {80FE1D57-BE69-4B1E-AB4E-07E491C0CE6E} - System32\Tasks\{2C66DAF8-CFAD-41B4-8048-2F32360E4025} => pcalua.exe -a C:\Users\WT\Downloads\SonicStageInstaller.exe -d C:\Users\WT\Downloads

Task: {AD608F10-67C7-439E-88E0-A01D692EFBD0} - System32\Tasks\{1D43DC00-8F46-4274-8D0B-3F7E2CCFADE5} => pcalua.exe -a C:\Users\WT\Downloads\SA-MP-03a-Full-Game.exe -d C:\Users\WT\Downloads

Task: {C1C07943-52ED-4170-B536-83C558D2C003} - System32\Tasks\{979E8059-382D-4881-8AFC-8355CA85B38D} => pcalua.exe -a C:\Users\WT\Downloads\converter.exe -d C:\Users\WT\Downloads

Task: {D48EB72B-500B-4CBA-A66C-EA9850F3E61E} - System32\Tasks\{044D6B3A-EE7B-4212-8DC2-DC6F0940FC9A} => pcalua.exe -a C:\Users\WT\Downloads\MP3FMv2_ENG(2).exe -d C:\Users\WT\Downloads

Task: {D5C13710-C66B-49DC-BA29-0EAC70FC5EAA} - System32\Tasks\{15ACB0AD-D375-40D5-A950-EA6E5DEBC8D8} => pcalua.exe -a C:\Users\WT\Downloads\7mwc03ww.exe -d C:\Users\WT\Downloads

Task: {E293112F-1A59-442C-A49B-22BB3AC8A9CF} - System32\Tasks\{3493B540-A6DB-4F3E-9080-1A8B10BB1D73} => pcalua.exe -a "D:\Programy\Nowy folder\promodel\Promod\PMSETUP (2).EXE" -d "D:\Programy\Nowy folder\promodel\Promod"

Task: {F2D235DD-C899-4E6C-8659-14C77D47EF06} - System32\Tasks\{AAA344FB-2084-42F6-8CA8-A319B37E07D0} => pcalua.exe -a C:\Users\WT\Downloads\SonicStageInstaller_[www.pobieralnia.org].exe -d C:\Users\WT\Downloads

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File

CustomCLSID: HKU\S-1-5-21-1104414289-543613260-1847677347-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File

C:\Program Files (x86)\Common Files\AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

C:\Program Files (x86)\AVG Secure Search

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-06-19] ()

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-1104414289-543613260-1847677347-1000\...\Policies\Explorer: []

FF SearchPlugin: C:\Users\WT\AppData\Roaming\Mozilla\Firefox\Profiles\83btim74.default-1398242682662\searchplugins\avg-secure-search.xml [2015-06-19]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-06-19]

FF Extension: AVG Security Toolbar - C:\Users\WT\AppData\Roaming\Mozilla\Firefox\Profiles\83btim74.default-1398242682662\Extensions\avg@toolbar [2015-06-19]

R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-06-19] (AVG Secure Search)

S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]

C:\ProgramData\AVG Secure Search

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Na wszelki wypadek zrób nowe logi - jeśli @Picasso tu kiedyś zajrzy, to będzie miała aktualne logi.

jessi

Skoro nic się nie dzieje, to chyba możemy kończyć:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

jessi

Adw-Cleaner:

najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

TDSSKiler nie wykrył żadnych nieprawidłowości.

jessi

Czy po użyciu Adw-Cleaner'a problem jest dalej aktualny?

W logach nie widzę niczego podejrzanego.

Kosmetyka:

Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {DC9464FA-8BB5-4552-A07F-E107B0BB239D} - System32\Tasks\{81F8EAD5-C551-4E40-B154-576D8D7BCCBF} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -c -maintain plugin
EmptyTemp:

jessi

1) Odinstaluj

SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION

(jeśli pojawi się pytanie, czy tylko usunąć z listy - to zgódź się)

2) Otwórz Notatnik i wklej w nim:

Task: {5DE3451F-7FE6-4DD6-A1A6-CED5BA2E2C5E} - System32\Tasks\{74510947-0BD2-4A19-BE4A-6FD6CD48DE17} => pcalua.exe -a C:\Users\Kuba\Desktop\​‌\HAC\setup.exe -d C:\Users\Kuba\Desktop\​‌\HAC
Task: {C38C8713-6FC8-44D9-8DF5-BA81C879A347} - System32\Tasks\{CE30E140-EF1F-48F3-A446-84A1B8B3F896} => pcalua.exe -a D:\cda_menu.exe -d D:\
FF Plugin HKU\S-1-5-21-4210197690-3277502692-2936419266-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
C:\ProgramData\boost_interprocess
C:\Windows\Minidump\070815-19921-01.dmp
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP
EmptyTemp:

-------------------------

2009-09-04 18:00 - 2009-09-04 18:00 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1078954 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1397822 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0179125 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0133095 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0046002 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0695857 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1606031 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0195758 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab

 

Dziwne programy.

Ale nie ruszam ich, bo nie wiem, czy są potrzebne, czy nie.

jessi

to jest jakaś kpina aby ściągać od nich antywirus,

Zgadzam się z tym całkowicie.

Na szczęście Facebook w ogóle nie jest potrzebny do prawidłowego działania komputera.

Spróbuj przeinstalować przeglądarkę, na której pojawia się ten komunikat.

jessi

 Problem nie ustąpił.

Sadząc po logach, to jest już OK.

Z wyjątkiem brakujących plików Antywirusa.

Spróbuj go przeinstalować.

jessi

W logach nie widzę żadnej infekcji.

Kosmetyka:

Otwórz Notatnik i wklej w nim:

HKU\S-1-5-19\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2674993562-3757165582-3732150407-1000\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
EmptyTemp:

jessi

Otwórz Notatnik i wklej w nim:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Jeśli to poprawiło sytuację, to będziemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

jessi

W logach nie widzę niczego podejrzanego.

Kosmetyka:

Otwórz Notatnik i wklej w nim:

AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL" File not found
C:\WINDOWS\Minidump\0*.dmp
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

jessi

Az mi się wierzyć nie chce, że te logi były robione po użyciu Adw-Cleaner'a!

1) Odinstaluj:
 

AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION

istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION

2) Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0EB45812-50FB-4FFC-8854-1CB507722678} - System32\Tasks\{342D25EC-1B49-42FD-B7E9-7145692D888D} => pcalua.exe -a "C:\Users\Kuba\Desktop\​‌\HAC\Advanced RAR Password Recovery.exe" -d C:\Users\Kuba\Desktop\​‌\HAC
Task: {1D9B0FD1-BBA3-4994-950F-9E0766DA6A3E} - System32\Tasks\{60938517-7198-4632-B31E-627AFFB697CF} => pcalua.exe -a "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer\Millenaire Installer.exe" -d "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer"
Task: {30082EF5-A046-469C-BE97-47E3B72950FA} - System32\Tasks\Z9e8sf5IR => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe [2015-04-20] () <==== ATTENTION
Task: {7D2CD53F-E29D-4DA3-B6ED-CFBE3A304B54} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {84CDA21A-FC4D-4D67-BD6E-9FB819A12ECE} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe
Task: {97E3A1E2-848B-4157-9FB3-AE1E3FE0AAD5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {B6C853E8-B6AE-4AB9-BAE4-47F39EBA84B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {CFD06470-0D42-4E4E-B747-6796C31C59F9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe
Task: {E79B7989-60E0-46CA-9C28-B17F2801289C} - System32\Tasks\veVNOUyn6maUmgP => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe [2015-04-20] () <==== ATTENTION
Task: {F63B190E-97D4-40AA-83C1-B28C10BFE297} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {FD4D1BEE-24EA-48DA-9D6B-3A7B7CE13F07} - System32\Tasks\{C299A6C4-78B5-442E-BEF8-B6456F21055D} => pcalua.exe -a C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft\Minecraft_Beta_Cracked_v1.7.3.exe -d C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe <==== ATTENTION
Task: C:\Windows\Tasks\veVNOUyn6maUmgP.job => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Z9e8sf5IR.job => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe <==== ATTENTION
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-06 16:05 - 2015-07-06 16:05 - 00591360 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs
2015-07-06 16:46 - 2015-07-06 16:46 - 00165376 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp
2015-07-08 21:42 - 2015-07-08 11:03 - 03287696 _____ () C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe
C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876
C:\Program Files (x86)\gmsd_pl_005010025
C:\Program Files (x86)\MiuiTab
HKLM-x32\...\Run: [mbot_pl_11] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010023] => [X]
HKLM-x32\...\Run: [smartWeb] => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_pl_005010025] => C:\Program Files (x86)\gmsd_pl_005010025\gmsd_pl_005010025.exe [3988112 2015-07-08] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010025.exe] => C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe [3287696 2015-07-08] ()
Startup: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-08]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartsurf.xml [2015-07-08]
FF Extension: QuickSearch - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\Extensions\searchffv2@gmail.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\extensions\searchffv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 vicoqudu; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp [165376 2015-07-06] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-08] (DTools LIMITED) <==== ATTENTION
R2 tohohyko; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-08 21:44 - 2015-07-08 22:05 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-08 21:44 - 2015-07-08 21:45 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-08 21:44 - 2015-07-08 21:44 - 00001013 _____ C:\Users\Kuba\Desktop\AnyProtect.lnk
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-08 21:43 - 2015-07-08 21:44 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-07-08 21:43 - 2015-07-08 21:43 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsnCDB.tmp
2015-07-08 21:43 - 2015-07-08 21:43 - 00000000 __SHD C:\Users\Kuba\AppData\Roaming\AnyProtectEx
2015-07-08 21:42 - 2015-07-08 22:20 - 00000000 ____D C:\Users\Kuba\AppData\Local\gmsd_pl_005010025
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\istartsurf
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010025
2015-07-08 21:41 - 2015-07-08 21:41 - 00004040 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-07-08 21:41 - 2015-07-08 21:41 - 00000000 ____D C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-07 17:44 - 2015-07-07 17:44 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsc814E.tmp
2015-07-07 16:52 - 2015-07-07 16:52 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nss99FF.tmp
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\prleth.sys
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\hgfs.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\boost_interprocess
EmptyTemp:

3) Zrób nowe logi FRST.

jessi

Otwórz Notatnik i wklej w nim:

C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9

C:\Program Files\WordAnchor_1.10.0.19

HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [159744 2004-08-03] (Microsoft Corporation)

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION

R2 Update Mgr InternetProgram; C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [350456 2015-01-08] ()

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

R2 wasvc_1.10.0.19; C:\Program Files\WordAnchor_1.10.0.19\Service\wasvc.exe [299096 2015-06-16] (WA)

S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]

S3 sbusb; system32\DRIVERS\sbusb.sys [X]

C:\WINDOWS\system32\Drivers\wafd_1_10_0_19.sys

C:\Documents and Settings\All Users\Dane aplikacji\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

Zrób nowe logi FRST.

jessi

Znałam ten opis "Spyrov.a", ale w Twoich logach nie było oznak tej infekcji.

jessi

plik " aiasfacoiaksf.vbss " dalej istnieje na urządzeniach podpiętych usb

to niedobrze

USBFix: Kliknij w nim na: CLEAN.

Daj raport z tego usuwania.

jessi

Process  C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [2616] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 12:48:18)  0000000000400000

 

Jest winowajca

1) Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

2) Otwórz Notatnik i wklej w nim:

R2 VSSS; C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104751744 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION

C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CCustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

Task: {0E0D1772-56FF-4B9A-B9FF-19897CB630C4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION

Task: {C5DE164D-F51D-441F-ABE5-997209D99D6A} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION

Task: {C9021965-F56E-4584-86B4-9755381A72E8} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION

Task: {E49FBE4E-9127-485A-AC9C-75F140F917CD} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION

C:\Program Files (x86)\ExpressFiles\EFUpdater.exe

HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION!

HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Classes\exefile:  <===== ATTENTION!

HKLM\...\Policies\Explorer\Run: [564675125] => C:\ProgramData\msnckgfm.exe [102346752 2014-11-21] ()

HKLM\...\Policies\Explorer\Run: [1885449592] => C:\ProgramData\msogmzjr.exe [93585408 2014-11-21] ()

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4109652526-3747850710-83083684-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383208129&from=cor&uid=ST1000LM024XHN-M101MBB_S2RQJ9EC924237

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> DefaultScope {A18BA569-169B-4C1D-828A-8DC7E616026C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=7e9fe951000000000000c68508e575ff

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {A18BA569-169B-4C1D-828A-8DC7E616026C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8P0bU1QC&i=26

SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {F663D89E-C743-42FC-B8D2-C301C321BB54} URL =

BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd.)

Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd.)

Toolbar: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mateusz\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-12-22]

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

C:\Program Files\9EJ6JLND.exe

C:\Program Files\MCEJCBD6.exe

C:\Program Files\Z3KJ9J95.exe

2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\V2P3A0TD.exe

2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\70D6K7KV.exe

2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\3BM819EP.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\WM9ESOZP.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\NJ0T6TP9.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\KY6CKSKY.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\KVXMUE35.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\BJXT16H3.exe

2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\9WY02FE4.exe

2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\PRZPC10T.exe

2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\LKSIKMOK.exe

2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\LAILN9ED.exe

2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\KMRTV27X.exe

2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\69BG6GKS.exe

2015-07-05 16:24 - 2015-07-05 16:24 - 01415680 _____ (wj32) C:\Program Files\8GLHPX5R.exe

2015-07-05 16:24 - 2015-07-05 16:24 - 01415680 _____ (wj32) C:\Program Files\3WM6JU89.exe

2015-07-05 11:47 - 2015-07-05 11:47 - 01415680 _____ (wj32) C:\Program Files\7W7W4KYT.exe

2015-07-03 18:18 - 2015-07-03 18:18 - 01415680 _____ (wj32) C:\Program Files\TV0TSUWL.exe

2015-07-02 14:06 - 2015-07-02 14:06 - 01415680 _____ (wj32) C:\Program Files\KDIKMTYX.exe

2015-07-02 12:18 - 2015-07-02 12:18 - 01415680 _____ (wj32) C:\Program Files\TSUHJKSF.exe

2015-07-02 10:44 - 2015-07-02 10:44 - 01415680 _____ (wj32) C:\Program Files\9Y08YON0.exe

2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\TY36GIKA.exe

2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\E76E4RTF.exe

2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\49Z43T68.exe

2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\LTJLNFP9.exe

2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\KSUW1R13.exe

2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\JXT16HM8.exe

2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\FHJLKCB4.exe

2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\CBJ9EG5U.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\HNMUKUWM.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\EPOW49H3.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\E7U2A3BX.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\CHJ8VHJ5.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\98YX2RWV.exe

2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\35AG5768.exe

2015-06-25 16:21 - 2015-06-25 16:21 - 01415680 _____ (wj32) C:\Program Files\D65AZMO1.exe

2015-06-24 10:04 - 2015-06-24 10:04 - 01415680 _____ (wj32) C:\Program Files\6NUEYZM6.exe

2015-06-24 10:04 - 2015-06-24 10:04 - 01415680 _____ (wj32) C:\Program Files\1OKSHMLB.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\OE13SUM5.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\JRHJOEDN.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\FKDFH46G.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\92468IKJ.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\80Z7XNPF.exe

2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\4L2JEVC7.exe

2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\LKTVKMOV.exe

2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\KGLKD35F.exe

2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\GUKY9FK3.exe

2015-06-23 14:49 - 2015-06-23 14:49 - 01415680 _____ (wj32) C:\Program Files\S346SGKE.exe

C:\ProgramData\MakeMarkerFile.exe

C:\ProgramData\msnckgfm.exe

C:\ProgramData\msogmzjr.exe

C:\Users\EasySurvey\EasySurvey.exe

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

3) Zrób nowe logi z FRST.

4) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).

jessi

nie odpowiedziałeś na pytanie - gdzie NOD to wykrywa?

jessi

dalej nie moge dodac centrum akcji

 

Otwórz Notatnik i wklej w nim:

Reg: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} /v AutoStart /t REG_SZ /d "" /f

HKLM-x32\...\Run: [Adobe] => C:\ProgramData\Adobe\28BA2003.vbe

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1946104158-849987808-3721883152-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Gr\AppData\Local\Akamai\netsession_win.exe"

HKU\S-1-5-21-1946104158-849987808-3721883152-1001\...\Policies\Explorer: []

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

EDIT:

Edycja działa nieprawidłowo.

W w tej powyższej "fixlist" powinna być jeszcze jedna linijka:

C:\ProgramData\Adobe\28BA2003.vbe

ale nie da się jej tam dodać - forum źle działa,

jessi

Niestety nic z tego nie rozumiem. Po kolei co mam zrobic,ć co otworzyc na co kliknąć , ja na prawdę jestem tępa w sprawie kompa i to bardzo, proszę tak w punktach i co to te sprzetowe problemy?

Ad.1: programy chyba umiesz odinstalowywać?

Ad.2: ściągnij Adw-Cleaner z podanego linka

uruchom go, kliknij na przycisk SZUKAJ (SCAN), poczekaj chwilę, aż uaktywni się przycisk USUŃ (CLEANING) - wtedy kliknij na niego.

Temat napisany w dziale WINDOWS 8, więc Moderator tego działu @mgrzeg (https://www.fixitpc.pl/user/4727-mgrzeg/), po przejrzeniu Twego tematu i ewentualnych zaleceniach, powinien przesunąć temat do działu Hardware https://www.fixitpc.pl/forum/43-hardware/

Czy przesunie - tego nie wiem, to nie zależy ode mnie.

jessi

co do logów:

1) Odinstaluj

do-search uninstall (HKLM-x32\...\do-search uninstall) (Version:  - do-search) <==== ATTENTION!

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

Nic więcej podejrzanego w logach nie widzę.

Oprócz problemu sprzętowego:
 

Error: (07/09/2015 08:29:13 AM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR467

 

Error: (07/08/2015 05:46:28 PM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR465.

Error: (07/08/2015 05:46:28 PM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

 

 

https://www.fixitpc.pl/topic/5553-blad-sterownik-wykryl-blad-kontrolera-na-deviceharddiskxdrx-i-jego-interpretacja/
https://www.fixitpc.pl/forum/43-hardware/

jessi

W logach nie ma niczego podejrzanego.

Kosmetyka:

Otwórz Notatnik i wklej w nim:

CustomCLSID: HKU\S-1-5-21-790525478-1677128483-839522115-1004_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\DOCUME~1\NTT\MOJEDO~1\POBIER~1\BESTPL~1.EXE No File
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-790525478-1677128483-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [X]
S3 WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 esihdrv; \??\C:\DOCUME~1\NTT\USTAWI~1\Temp\esihdrv.sys [X]
EmptyTemp:

jessi

Logi FRST są nieaktualne po nich był użyty Adw-Cleaner.

Odinstaluj SpyHunter,  ale w ten sposób:
kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>Spy Hunter>>Unnistal)
wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.

Potem zrób nowe logi FRST

Przed skanem zaznacz "Additional" oraz "Shortcut".

jessi
 

nod32 znajduje trojana spyrov.a.

 

Gdzie (ścieżka, nazwa pliku)?

Kosmetyka:

Otwórz Notatnik i wklej w nim:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1614895754-1606980848-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

C:\WINDOWS\Minidump\Mini*.dmp

C:\Documents and Settings\ami\Dane aplikacji\603CB485

C:\Documents and Settings\All Users\Dane aplikacji\{895B5EDC-F84C-4A82-9575-9E50396F6B01}

CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

jessi

z dysków zewnętrznych wszystko zniknęło?

Wejdź po kolei na dyski H, J, L. Na nich są foldery "bez nazwy" do których infekcja przesunęła wszystkie dane.
Przenieś z tych folderów pliki poziom wyżej, a foldery "bez nazwy" przez SHIFT+DEL skasuj.

Otwórz Notatnik i wklej w nim:

HKLM\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
Startup: D:\Documents and Settings\laptop\Menu Start\Programy\Autostart\asodakaossd.lnk [2015-07-01]
ShortcutTarget: asodakaossd.lnk ->  (No File)
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck" /f
D:\Documents and Settings\laptop\Dane aplikacji\afweorgqweasf.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

jessi
 

Witam ponownie,

 

czy ktoś ma jakiś pomysł?

Jak sam widzisz - nikt nie ma pomysłu.

W logach - nic podejrzanego.

jessi

SRV - [2015-01-08 13:39:54 | 000,350,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\Updater.exe -- (Update Mgr InternetProgram)

1. Użyj AdwCleaner. Najpierw kliknij na Skanuj, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk Usuń, to kliknij na niego. Pokaż raport z czyszczenia.

2. Zrób logi z FRST.

jessi