jessica

coś jednak zostało. Czy mógłbym prosić o pomoc w usunięciu?

To znaczy co zostało?

Kosmetyka:

Otwórz Notatnik i wklej w nim:

C:\ProgramData\7t3lchrjq.bxx

C:\ProgramData\7t3lchrjq.fvv

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

Task: {8F4E2A45-461F-464A-9915-ACA40D6975C6} - System32\Tasks\{9EFAB96C-3DD4-4BF3-BE0B-9555BD230CDE} => pcalua.exe -a C:\Users\ADMIN\Desktop\MinecraftZyczu.exe -d C:\Users\ADMIN\Desktop

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1412374346-2171061969-3971479809-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

1) Odinstaluj te programy:
 

WindowsMangerProtect20.0.0.1064 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1064 - WindowsProtect LIMITED) <==== ATTENTION

Roll Around (HKLM\...\Roll Around) (Version: 2.0.5551.10058 - Roll Around) <==== ATTENTION!

Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.25.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION

2) Zrób log z USBFix LISTING https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=74

3) Zrób log z Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=118323

najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

Zrób nowe logi FRST

HKLM\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
Startup: D:\Documents and Settings\laptop\Menu Start\Programy\Autostart\asodakaossd.lnk [2015-07-01]
ShortcutTarget: asodakaossd.lnk -> D:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

Dla mnie to wygląda jak infekcja, ale wolę sie upewnić: znasz to?

jessi

Otwórz Notatnik i wklej w nim:

Task: {8EBC4508-3504-4D21-84E9-BE11E8FC1074} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-11] () <==== ATTENTION
C:\ProgramData\Origin\update.vbe
C:\Program Files (x86)\Mobogenie
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Winlogon: [userinit] userinit.exe,c:\program files (x86)\microsoft\desktoplayer.exe, [X]
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1435928185&z=7bc0ac8b34e44d318c589efg2z3cfw6t9o1bbgbbdw&from=cor&uid=395049983_1052483_D82015E4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1435928185&z=7bc0ac8b34e44d318c589efg2z3cfw6t9o1bbgbbdw&from=cor&uid=395049983_1052483_D82015E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1435928185&z=7bc0ac8b34e44d318c589efg2z3cfw6t9o1bbgbbdw&from=cor&uid=395049983_1052483_D82015E4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1435928185&z=7bc0ac8b34e44d318c589efg2z3cfw6t9o1bbgbbdw&from=cor&uid=395049983_1052483_D82015E4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2001989473-1170954191-3321282362-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
OPR Extension: (Sale Clipper) - C:\Users\Semijah\AppData\Roaming\Opera Software\Opera Stable\Extensions\gapifbibdpjapmnfblcdbokbmcecknkk [2015-07-03]
C:\ProgramData\f43a0a22-b5b9-43e4-9c6f-705bf4e40c7b
C:\Program Files (x86)\Sale Clipper
C:\Users\Semijah\daemonprocess.txt
C:\Users\Semijah\Desktop\Mobogenie.lnk
EmptyTemp:

Zrób nowe logi FRST.

jessi

1) Odinstaluj te programy:

Assist Point

do-search uninstall

2) Otwórz Notatnik i wklej w nim:

C:\Documents and Settings\All Users\Dane aplikacji\c716fd70-872c-4aaa-a07f-e248365d7f56
C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV&q={searchTerms}
HKU\S-1-5-21-1482476501-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428599424&from=cor&uid=ST3320613AS_9SZ079KVXXXX9SZ079KV&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-1326574676-725345543-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Assist Point -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> C:\Program Files\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll
C:\Program Files\Assist Point
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: do-search
FF SearchPlugin: C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\h1k86f3f.default\searchplugins\ask-web-search.xml
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\h1k86f3f.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\h1k86f3f.default\extensions\istart_ffnt@gmail.com
R2 Service Mgr AssistPoint; C:\Documents and Settings\All Users\Dane aplikacji\c716fd70-872c-4aaa-a07f-e248365d7f56\plugincontainer.exe
R2 Update Mgr AssistPoint; C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56\updater.exe
C:\Documents and Settings\Kamil\Pulpit\Obraz\Adobe Reader 9.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\Bioshock.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\Play The Forest.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\Rig'n'Roll .lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\S.K.I.L.L. - Special Force 2.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\SpaceEngine.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\UFOAlien Invasion-2.5.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\Uplay.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\visit www.nosteam.ro.lnk
C:\Documents and Settings\Kamil\Pulpit\Obraz\Wolfenstein.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\WinRAR\Co nowego w ostatniej wersji.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\WinRAR\Podręcznik RARa dla konsoli.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\WinRAR\Pomoc WinRARa.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\WinRAR\WinRAR.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\UFOAlien Invasion\MAP-Editor.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\Ubisoft\Uplay\Uninstall.lnk
C:\Documents and Settings\Kamil\Menu Start\Programy\Ubisoft\Uplay\Uplay.lnk
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
EmptyTemp:

3) Zrób log z Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=118323

najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

4)

Disk            \Device\Harddisk0\DR0                                      malicious Win32:MBRoot code @ sector 61 !
Disk            \Device\Harddisk0\DR0                                                                  PE file @ sector 625121280 !

 

To prawdopodobnie tylko "przewrażliwienie" GMER'a, ale na wszelki wypadek zrób log z TDSSKiller https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=33542

jessi

1) Odinstaluj do-search uninstall.

2) Użyj AdwCleaner. Najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego. Pokaż raport z niego.

3) Zrób nowe logi FRST.

1. Odinstaluj niepotrzebny do niczego Akamai NetSession Interface.

2. Otwórz Notatnik i wklej w nim:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

3. Wejdź po kolei na dyski H, I i J. Na nich są foldery "Removable Drive" do których infekcja przesunęła wszystkie dane.

Przenieś z tych folderów pliki poziom wyżej, a foldery "Removable Drive" przez SHIFT+DEL skasuj.

4. Zrób nowe logi: Farbar Service Scanner, FRST, USBFix LISTING.

jessi

Nie sądzę, by było to coś poważnego.

Otwórz Notatnik i wklej w nim:

C:\ProgramData\DT0001.dat
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\Bandrzal\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGMXMIEDGO; \??\C:\Windows\system32\drivers\GGMXMI.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 hamachi; system32\DRIVERS\hamachi.sys [X]
S3 USBPNPA; system32\drivers\CM108.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vvftav303; system32\drivers\vvftav303.sys [X]
S3 WinRing0_1_2_0; No ImagePath
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]
FF Extension: PriceFountain - C:\Users\Bandrzal\AppData\Roaming\Mozilla\Firefox\Profiles\npahywwu.default-1368875828711\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-10-11]
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-3861928909-2305400966-3731113094-1001\...\Run: [AdobeBridge] => [X]
Task: {E9C4B4B7-C67C-4607-9DBE-B93577B2BF09} - System32\Tasks\{72110989-16D0-49FA-A5EF-1ACDDC21E37C} => pcalua.exe -a C:\Users\Bandrzal\Desktop\Setup\en_visual_c++_2010_sp1_redistributable_package_x86_651767.exe -d C:\Users\Bandrzal\Desktop\Setup
Task: {DB70CC1F-2257-4457-97B3-7B2B5C807104} - System32\Tasks\{9DB5C4F1-ACB6-410A-8205-D040C2B9EAAF} => pcalua.exe -a "C:\Users\Bandrzal\Desktop\minecraftbijacz\Minecraft 1.7.9.exe" -d C:\Users\Bandrzal\Desktop\minecraftbijacz
Task: {C2CDB58D-E765-423B-81DA-608CCBE6BF1A} - System32\Tasks\{1CA69BCF-4592-4B4E-B07E-177F2B1A5D79} => pcalua.exe -a "C:\Program Files\Nero\Nero 12\Uninstall.exe"
Task: {C47F63B0-E6BC-493F-B139-F569DD18E468} - System32\Tasks\{93258980-B526-4C2E-9068-F0E76DB85FBC} => pcalua.exe -a C:\Users\Bandrzal\Downloads\GameRangerSetup.exe -d C:\Users\Bandrzal\Downloads
Task: {871F2DEB-4E64-4B33-9ED0-AEFB754AB61B} - System32\Tasks\{31C0FE04-C032-4992-8215-9F5B0B3AE3E0} => pcalua.exe -a C:\Users\Bandrzal\Downloads\TagesSetup.exe -d C:\Users\Bandrzal\Downloads
Task: {483F6BB4-D510-4267-9239-657BFB9D09CB} - System32\Tasks\{6056E63B-7711-4589-BD80-0283A70B8ADD} => pcalua.exe -a H:\Redist\DirectX\dxsetup.exe -d H:\Redist\DirectX
Task: {3252662B-5756-4A30-8F37-C9AD0F8A416A} - System32\Tasks\{5F239F31-B899-4C79-9A82-2CA7099BA569} => pcalua.exe -a "C:\Users\Bandrzal\Downloads\Nero Lite 12.0.28001full_registered.exe" -d C:\Users\Bandrzal\Downloads
C:\Users\Bandrzal\AppData\Roaming\dclogs
C:\Windows\system32\secushr.dat
EmptyTemp:

jessi

W logach nic nie wskazuje na istnienie infekcji.

Error: (06/28/2015 08:32:58 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Nie można utworzyć punktu przywracania (Proces = C:\windows\system32\svchost.exe -k netsvcs; Opis = Windows Update; Błąd = 0x80070422).

Zastanawia mnie ten błąd - w logu Additional nie ma żadnych nieprawidłowości z System Restore:

==================== Restore Points =========================

jessi

################## | G:\ - Removable drive (FAT32) |

 

 

################## | H:\ - Removable drive (FAT32) |

 

 

################## | I:\ - Removable drive (FAT32) |

Czy zawsze były tam foldery o takiej nazwie?

Jeśli ich nie było, to wejdź po kolei na dyski G; H i I. Na nich są foldery "- Removable drive" do których infekcja przesunęła wszystkie dane.

Przenieś z tych folderów pliki poziom wyżej, a foldery "- Removable drive" przez SHIFT+DEL skasuj.

Otwórz Notatnik i wklej w nim:

HKLM\...\Run: [] => [X]

HKLM\...\Policies\Explorer\Run: [1721265593] => C:\ProgramData\mszstcuhk.exe

C:\ProgramData\mszstcuhk.exe

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

W USBFix kliknij na przycisk "VACCINATE" - powstaną obiekty zaporowe "autorun.inf".

Napisz, jak oceniasz sytuację na penach?

jessi

Po wykonaniu pierwszego kroku wyskakuje mi błąd:

"Nie można zaimportować C:\Users\Daria\Desktop\fix.reg: nie wszystkie dane zostały pomyślnie zapisane w rejestrze. Niektóre klucze są otwarte przez system lub inne procesy"

wykonaj następne zalecenia, potem zobaczymy, co się zmieniło, a co nie

jessi

Otwórz Notatnik i wklej w nim:

C:\ProgramData\mszstcuhk.exe
CMD: attrib /d /s -s -h g:\*
CMD: attrib /d /s -s -h H:\*
CMD: attrib /d /s -s -h I:\*
g:\*.lnk
H:\*.lnk
I:\*.lnk
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{77F7F122-20B0-4117-A2FB-059D1FC88256}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{79EAC9F2-BAF9-11CE-8C82-00AA004BA90B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{C39EE728-D419-4BD4-A3EF-EDA059DBD935}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No Filepath
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowy log z USBFix LISTING.

Zrób nowe logi FRST.

jessi

1) Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
  00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
  72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
  69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
  00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
  20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
  00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>  > z prawokliku Scal
 

2) Adw-Cleaner: najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

3) Otwórz Notatnik i wklej w nim:

HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630083&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109220&tl=280113_9107&tt=280113_9107&babsrc=SP_ss&mntrId=e8642215000000000000b888e34d0eaf
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {C5B49038-413F-45C5-B5FA-E114C9720D5B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=B1ACDA15-4953-4A96-BE87-FDA8AFBD0251&apn_sauid=0DA6AB2E-0285-4CF5-895C-7917C194895A
SearchScopes: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQUBSWRqK&i=26
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO-x32: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} ->  No File
FF SearchPlugin: C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\searchplugins\askcom.xml [2013-02-08]
FF SearchPlugin: C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\searchplugins\babylon1.xml [2013-01-29]
FF Extension: incredibar.com - C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\Extensions\ffxtlbr@incredibar.com [2013-01-02]
FF Extension: 800E462367584665B2DE84048EC35A51 - C:\Users\Daria\AppData\Roaming\Mozilla\Firefox\Profiles\6x8pd7z3.default\Extensions\{800E4623-6758-4665-B2DE-84048EC35A51} [2014-09-05]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
Task: {0389844C-763A-4F3F-B60F-817A03AF610B} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-4 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-4.exe <==== ATTENTION
Task: {1B4F355E-1FB2-4286-B7A0-9EB6B92A74F8} - System32\Tasks\a52b1416-2932-4a36-994b-b91909531fea => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: {1C66E70A-DE86-43E0-A92D-6BAE357E7F1B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{08DD05A7-7648-4488-8E68-06EB48B7496B}.exe
C:\Program Files (x86)\Object Browser
Task: {2EF3E322-3B1E-49CF-9636-BF388CF9114B} - System32\Tasks\{E4F9C3DA-4CCB-47CD-9F7D-0607F3E52692} => pcalua.exe -a "C:\Program Files (x86)\Object Browser\Uninstall.exe" -c /fromcontrolpanel=1
Task: {479D18CA-BA2B-4638-98DA-A9C74061DB84} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-2 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-2.exe <==== ATTENTION
Task: {4ABB4634-9DEA-4479-B522-5BB74B893DDB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1153746196-1546038390-1762079413-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {518F2DBA-0EA8-4FF3-A2B0-5FD6D00DBDF0} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-3 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-3.exe <==== ATTENTION
Task: {52CA9910-E230-455E-862D-27A00172224A} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-5 => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-5.exe <==== ATTENTION
Task: {8D16EE62-C2CD-4F52-A830-AC81B6E35A32} - System32\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-1 => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe <==== ATTENTION
Task: {9DCD5510-66B6-4743-A4A5-D38AF1A09A9C} - System32\Tasks\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4 => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: {C55A5034-9E15-498E-B14E-FE29D5CB319B} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F4A6B38E-3974-4252-904A-A4726B91D4F1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{8B75DCDE-5CA4-4EBF-BDB0-14BFFA066991}.exe
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-1.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exeF/reinstallapp /runfrom=task /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /codedownloaddomain=http:/js.clientdataservice.com /defbro=ch /allusers /autoupdateulr='http:/update.clientdataservice.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-2.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-2.exe/enablebho /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /bhoguid=11111111-1111-1111-1111-110311281150 /defbro=ch /allusers /autoupdateulr='http:/update.clientdataservice.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-3.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-4.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-4.exeă/installxpi /agentregpath='Object Browser' /extensionfilepath C:\Program Files (x86)\Object Browser\32850.xpi' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /waitforbrowser=300 /extensionid=9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com /extensionversion=0.94 /prefsbranch=a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/32850.rdf /extensionname='Object Browser' /extensiondesc='Browser enhancer' /publishername='Object Browser' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.clientdataservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\078a5343-cbe2-47cc-84cc-5012167f2506-5.job => C:\Program Files (x86)\Object Browser\078a5343-cbe2-47cc-84cc-5012167f2506-5.exei/runupdater /agentregpath='Object Browser' /appid=32850 /srcid='000037' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_3_28 /installationtime=1396706717 /statsdomain=http:/stats.clientdataservice.com /errorsdomain=http:/errors.clientdataservice.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.clientdataservice.com /updaterversion=2 /monetizationdomain=http:/stats.mstatsserv.com /autoupdateulr='http:/update.clientdataservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.job => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe–/installxpi /agentregpath='TheFreeHD-Sport TV V10' /extensionfilepath C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5.xpi' /appid=63319 /srcid='001822' /subid='0' /zdata='0' /bic=C416F6A973BC4C888435F9454DF93FFCIE /verifier=fbf80d6d4d6e56727d8635ec712e887c /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409587655 /statsdomain=http:/stats.loadclientinputsrv.com /errorsdomain=http:/errors.loadclientinputsrv.com /waitforbrowser=300 /extensionid=PLEWM61628944@WIIQRX30104349.com /extensionversion=0.95 /prefsbranch=aPLEWM61628944WIIQRX30104349com63319 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/63319.rdf /extensionname='TheFreeHD-Sport TV V10' /extensiondesc='Turn your pc into a TV! Enjoy endless variety of worldwide sports, movies and news channels.' /publishername='tab' /defbro=ch /sid=S-1-5-21-1153746196-1546038390-1762079413-1000 /addinfojson='{asw:[8192, -1610612735, 536871936],browser_name:__BROWSER_NAME__}' /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.loadclientinputsrv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\a52b1416-2932-4a36-994b-b91909531fea.job => C:\Program Files (x86)\TheFreeHD-Sport TV V10\9a92a1a9-68c9-4d92-a9e2-93509767d9c5-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{8B75DCDE-5CA4-4EBF-BDB0-14BFFA066991}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{08DD05A7-7648-4488-8E68-06EB48B7496B}.exe <==== ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Program Files (x86)\Mobogenie
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f
EmptyTemp:

4) Zrób nowy log zFSS

5)Zrób nowe logi z FRST.

jessi

Wg mnie - powinno już być OK.

Otwórz Notatnik i wklej w nim:

C:\Users\Morgana\Desktop\A PDF Page Crop 4.7. keygen.lnk

C:\Users\Morgana\Desktop\dane\pulpit\123 AVI to GIF Converter.lnk

C:\Users\Morgana\Desktop\dane\pulpit\Format Factory.lnk

C:\Users\Morgana\Desktop\dane\pulpit\NapiProjekt.lnk

C:\Users\Morgana\Desktop\dane\pulpit\Subtitle Workshop.lnk

C:\Users\Morgana\Desktop\dane\notatki\notatki - semestr 4\notatki_z_czwartkowych_cw_przed_swietami\PDFCreator.lnk

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1429903780&from=wpc&uid=ST500LM000-SSHD-8GB_W7612E8MXXXXW7612E8M

ShortcutWithArgument: C:\Users\Morgana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1429903780&from=wpc&uid=ST500LM000-SSHD-8GB_W7612E8MXXXXW7612E8M

ShortcutWithArgument: C:\Users\Morgana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1429903780&from=wpc&uid=ST500LM000-SSHD-8GB_W7612E8MXXXXW7612E8M

ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1429903780&from=wpc&uid=ST500LM000-SSHD-8GB_W7612E8MXXXXW7612E8M

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Uruchom FRST i kliknij przycisk Fix.

Jeśli będzie OK, to będziemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST.

FSS - usuń ręcznie.

jessi

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

2) Odinstaluj

Ask Toolbar Updater (HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION

3) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

4) Otwórz Notatnik i wklej w nim:

R2 VSSS; C:\Users\Daria\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105859264 2015-06-25] (Microsoft Corporation) [File not signed]
C:\Users\Daria\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msficnbd.exe <===== ATTENTION
HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1153746196-1546038390-1762079413-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=ST750LM022XHN-M750MBB_S2UNJ9CC304820&ts=1382630081
C:\Program Files\2H8N7MDT.exe
C:\ProgramData\msficnbd.exe
EmptyTemp:

Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST.

Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).
 

jessi

Otwórz Notatnik i wklej w nim:

Task: {E5357AF0-B974-4F23-8496-CE3A2B1DB77D} - \Bidaily Synchronize Task No Task File <==== ATTENTION

C:\Users\Morgana\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1818464453-2590412624-2668118778-1001\...\CurrentVersion\Windows: [Load]   <===== ATTENTION

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

FF Extension: Digital More - C:\Users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\fq9vde4g.default\Extensions\{2f99c32c-506e-4aa6-9392-ea1d3a366b7e}.xpi [2015-04-28]

R2 VSSS; C:\Users\Morgana\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104548224 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION

R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

C:\WINDOWS\Minidump\*.dmp

C:\Program Files\HAIBE70K.exe

C:\Program Files\WUIBZJHV.exe

C:\Program Files\NVOWPSVO.exe

C:\Users\Morgana\Downloads\gqerkjxf.exe

C:\Program Files\JR4IL9HF.exe

2015-06-25 21:25 - 2015-06-25 21:25 - 01415680 _____ (wj32) C:\Program Files\R8WJ1IEO.exe

2015-06-25 21:09 - 2015-06-25 21:09 - 01415680 _____ (wj32) C:\Program Files\E0YF1FSW.exe

C:\Program Files\85WTAJIK.exe

2015-06-25 18:09 - 2015-06-25 18:09 - 01415680 _____ (wj32) C:\Program Files\P2LS65YW.exe

2015-06-25 18:09 - 2015-06-25 18:09 - 01415680 _____ (wj32) C:\Program Files\AWIFSUDC.exe

2015-06-24 10:47 - 2015-06-24 10:47 - 01415680 _____ (wj32) C:\Program Files\5TB4MFNC.exe

2015-06-24 09:56 - 2015-06-24 09:56 - 01415680 _____ (wj32) C:\Program Files\LZ7AN6JY.exe

2015-06-24 09:56 - 2015-06-24 09:56 - 01415680 _____ (wj32) C:\Program Files\B92PS5OH.exe

2015-06-24 09:56 - 2015-06-24 09:56 - 01415680 _____ (wj32) C:\Program Files\B8Z1NKXK.exe

2015-06-24 09:56 - 2015-06-24 09:56 - 01415680 _____ (wj32) C:\Program Files\4CK3LAIW.exe

C:\Program Files\F8VJRK5P.exe

C:\Program Files\9VSE2TSV.exe

2015-06-23 20:53 - 2015-06-23 20:53 - 01415680 _____ (wj32) C:\Program Files\4MFSBJRB.exe

2015-06-23 20:53 - 2015-06-23 20:53 - 01415680 _____ (wj32) C:\Program Files\46TGAPNS.exe

2015-06-23 19:43 - 2015-06-23 19:43 - 01415680 _____ (wj32) C:\Program Files\9CAC5NKJ.exe

2015-06-23 11:24 - 2015-06-23 11:24 - 01415680 _____ (wj32) C:\Program Files\FIKYM4SM.exe

2015-06-23 11:23 - 2015-06-23 11:23 - 01415680 _____ (wj32) C:\Program Files\0R4HUCEM.exe

2015-06-23 11:21 - 2015-06-23 11:21 - 01415680 _____ (wj32) C:\Program Files\T2AYRKN2.exe

EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe

Wejdź w Tryb Awaryjny (F8 przed startem Systemu).

Uruchom FRST i kliknij przycisk Fix.

Powstanie plik fixlog.txt.

Daj ten log.

Zrób log z Farbar Service Scanner.

Zrób nowe logi z FRST.

jessi

SRV - [2015-06-25 15:21:12 | 099,884,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Users\Mati\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe -- (VSSS)

Koleina osoba z tą samą infekcją (to ona blokuje wszystkie programy ochronne).

@Picasso wymaga logów z FRST i GMER - KLIK. Uzupełnij to.

jessi

Otwórz Notatnik i wklej w nim:

C:\Users\Cezary\AppData\Roaming\Microsoft\Protect\conhost.exe
HKU\S-1-5-21-669934448-3564392166-1087876309-1001\...\Run: [Console Protect Service] => C:\Users\Cezary\AppData\Roaming\Microsoft\Protect\conhost.exe [184962 2015-06-18] ()
EmptyTemp:

Zrób to. o ile nie usunął już tego Comodo.

jessi

DNS Servers: 5.104.175.153 - 8.8.8.8

Powtórz działania z routerem

jessi

W takim razie kończymy:

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST

.

2015-06-25 19:19 - 2014-01-13 18:20 - 00000000 ___HD C:\Program Files (x86)\Temp

Jakiś dziwna nazwa programu.

Nie ma go na liście Twoich programów.

Folder jest ukryty, ale po odkryciu go spróbuj go usunąć ręcznie.

jessi

Strong Signal doklejają do ściąganych programów tylko na vortalu "DobreProgramy", więc musiałeś coś stamtąd ściągać.

Otwórz Notatnik i wklej w nim:

FF Extension: Strong Signal - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\s07xx2ul.default\Extensions\{38557805-f7a3-4a68-ba6e-ee08fbcdb280}.xpi [2015-03-13]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Windows\Minidump\062515-32984-01.dmp
HKU\S-1-5-21-1304424282-937763637-458994368-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL14/175
EmptyTemp:

Napisz, czy problem znikł?

jessi

W logach nie widzę żadnej infekcji.

Drobna kosmetyka:

Otwórz Notatnik i wklej w nim:

HKLM-x32\...\Run: [] => [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

jessi

znów źle działa opcja "cytuj" - muszę pisać post pod postem. :(

Otwórz Notatnik i wklej w nim:

Task: {D1C86F4C-D993-427B-9ACA-C764CE61284C} - System32\Tasks\{0A832C90-8707-46AA-914B-82523E6F75D3} => pcalua.exe -a C:\Users\pikus\Desktop\rome\setup.exe -d C:\Users\pikus\Desktop\rome
Task: {D97187BC-2FB5-4BBA-86D5-D0609C5F111C} - System32\Tasks\{CE065A0B-CC64-42C4-A459-FFC9A6CCC679} => pcalua.exe -a C:\Users\pikus\Desktop\irfanview_lang_polski.exe -d C:\Users\pikus\Desktop
CHR Extension: (LiveVDO plugin) - C:\Users\pikus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
C:\Windows\Minidump\Mini062515-01.dmp
EmptyTemp:

Potem:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

FSS - usuń ręcznie.

Jeśli dalej będzie problem z Avirą, to ją przeinstalujesz.

jessi

Odinstaluj:

LiveVDO plugin 1.3 (HKLM\...\LiveVDO plugin) (Version: 1.3 - LiveVDO.tv, Inc.) <==== ATTENTION

W takim razie kończymy:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

FSS - usuń ręcznie.

jessi
 

Spróbuj to zrobić w Trybie Awaryjnym (F8 przed startem Systemu).

jessi