jessica

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup"="C:\\Users\\ania\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

Zrób nowy log z OTL.

Zrób nowy log z SystemLook - ustawienia te same, co poprzednio.

jessi

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-08-06 10:47:27 | 000,045,248 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-1474419822-2050037556-1255546541-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

2) Masz wszystkie foldery w Autostarcie - to nieprawidłowe, świadczy o uszkodzeniu Rejestru.

Do  >SystemLook-64 wklej:

:reg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

jessi

lecz teraz jest duży problem ponieważ na innym forum mi doradzali i napisali mi fix'a do FRST i zrobiłem później kazali mi usunąć C:/FRST , ja bezmyślnie usunąłem to normalnie Shift + Del bez trybu awaryjnego ... no a dalej odmówiło mi dostępu do pliku a reszta wyparowała było tam 256mb śmiecia

 

nie bardzo rozumiem, o co Ci chodzi?

jessi

1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

2) Użyj >>RogueKiller (aby pobrać kliknij na obrazek x64 po Lien de téléchargement :)
Kliknij w nim SCAN, a po wyszukaniu szkodliwych rzeczy kliknij DELETE. Pokaż oba raporty z niego.

3) Otwórz Notatnik i wklej w nim:

C:\Users\user\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
Task: {7684A7CC-CA0A-47FA-A035-EAAE0EDA8011} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {A3CCB37D-87D6-4E10-9918-EB62EA883899} - \CCleanerSkipUAC No Task File <==== ATTENTION
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{556f87dd-9a44-a124-c6e9-595638fe0978}\   \...\???\{556f87dd-9a44-a124-c6e9-595638fe0978}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
R1 {59981518-8b2b-431e-90db-17dacc8cfa86}Gw64; C:\Windows\System32\drivers\{59981518-8b2b-431e-90db-17dacc8cfa86}Gw64.sys [61112 2014-05-16] (StdLib)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Reboot:

4) Zrób nowe logi z FRST.

5) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko)

jessi

Tylko kosmetyka:

Task: {6DC63372-CC6E-446E-9B3C-17F6032393EF} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION

użyłem OCCT w celu sprawdzenia kondycji sprzętowej lecz nie potrafię zrozumieć wykresów, rzuciło mi się również w oczy taki komunikat z tego programu "CPU Overclocking: -47%" - nie wiem czy to ma znaczenie,

Załóż temat w dziale https://www.fixitpc.pl/forum/43-hardware/

jessi

W takim razie kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

SystemLook - usuń ręcznie.

jessi

A co do tych plików  .exe. to niestety nie wiem ale znając moje córki może coś tam namieszały

Być może to jakieś kodeki.

Zostawiamy je w spokoju.

Jeśli Avast już nie wykrywa "url:mal", to możemy kończyć:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

jessi

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

jessi

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.175.225.136 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4ED4D5-2688-4FEF-87ED-4593961F857E}: DhcpNameServer = 5.175.225.136 8.8.8.8

 

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CA4ED4D5-2688-4FEF-87ED-4593961F857E}]

"NameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CA4ED4D5-2688-4FEF-87ED-4593961F857E}]

"NameServer"="8.8.8.8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]

"DhcpNameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]

"DhcpNameServer"="8.8.8.8"

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera.

2) Jeśli korzystasz z routera, to go zresetuj.

Jeśli nie wiesz jak, to skontaktuj się ze swoim dostawcą internetu.

jessi

Widzę, że masz trochę śmieci, więc:

jessi

Tylko kosmetyka:

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-1163469901-3333247925-1792307710-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

===========================================

Error - 03-08-2014 08:29:00 | Computer Name = Goku-Komputer | Source = WinMgmt | ID = 10
Description =

Aby automatycznie rozwiązać ten problem, kliknij > Fix.it. na stronie http://go.microsoft.com/?linkid=9775756
Następnie kliknij przycisk Uruchom w oknie dialogowym Pobieranie pliku i wykonaj kroki w kreatorze Fix.it.
(Link zapasowy > http://www.mediafire.com/download/6hwcm6b77098cbb/MicrosoftFixit50688.msi )

jessi

Skoro nie znasz tych rozszerzeń, to:

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnllbhakmnbcloknbhkhabcnbnhgaim
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

:Commands
[emptytemp]

>>Google Chrome

> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >
    
> po prawej kliknij na Rozszerzenia >
> kliknij na ikonkę Kosza po prawej od  nieznanych Ci rozszerzeń

napisz, jak oceniasz obecną sytuację?

jessi

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).
 

Opisz dokladnie ,gdzie mam kliknac w fix nie wiem jak to zrobic.

Uruchom FRST.

Kliknij w nim na przycisk FIX

jessi

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\istartsurfSoftware]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\istartsurfSoftware\istartsurfhp]

Sądząc po tym, co wykrył SystemLook, to problem już nie istnieje.

Czy tak jest w rzeczywistości?

jessi

Otwórz Notatnik i wklej w nim:

C:\Users\euro\AppData\Roaming\wyUpdate AU
HKLM-x32\...\Run: [] => [X]
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{6921D528-9D3A-4294-86B2-FC7897EE1679}.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{E2CEA9D0-DB0B-4BE3-98D2-F2979264DD2C}.exe
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {C8851F6E-979A-4F7D-A53D-0A9CFFA0FB31} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{E2CEA9D0-DB0B-4BE3-98D2-F2979264DD2C}.exe
Task: {16B70C08-991E-42F4-ACB9-046F8768514E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\windows\TEMP\{6921D528-9D3A-4294-86B2-FC7897EE1679}.exe
HKU\S-1-5-21-2100001416-2170443706-2230923172-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2100001416-2170443706-2230923172-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
C:\Program Files (x86)\AVG Secure Search
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-374&apn_uid=1043981578034602&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-374&apn_uid=1043981578034602&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
earchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-374&apn_uid=1043981578034602&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {E24D0F05-5CA4-4296-9718-8DDE31B631CC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {E300269F-D3AF-455A-81D3-170D890ADB1C} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=82F1CA3C-CBD5-4AE8-8698-5BA5D1244448&apn_sauid=E746018A-23BE-4EFF-B5F8-5EE1028EC239
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys
C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Program Files (x86)\Greener Web
Reboot:

Czy problem dalej aktualny?

jessi

W logach nie widzę niczego podejrzanego.

Zrób log z Farbar Service Scanner.

Otwórz Notatnik i wklej w nim:

GroupPolicyUsers\S-1-5-21-2620197854-1719786493-1418023469-1002\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2620197854-1719786493-1418023469-1001\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2620197854-1719786493-1418023469-1000\User: Group Policy restriction detected <======= ATTENTION

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

S3 catchme; \??\C:\Users\Joanna\AppData\Local\Temp\catchme.sys [X]

S3 esihdrv; \??\C:\Users\Kamil\AppData\Local\Temp\esihdrv.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96618110.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96618110.sys => ""="Driver"

Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

jessi

1) Odinstaluj:

Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION

Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3)

PRC - [2014-07-27 09:47:09 | 000,226,853 | ---- | M] () -- C:\Users\Kasia\AppData\Local\NativeScriptTooltip\MotionStartWinsock.exe
PRC - [2014-07-27 09:47:09 | 000,098,340 | ---- | M] () -- C:\Users\Kasia\AppData\Local\NativeScriptTooltip\NativeScriptTooltip.exe

 

Sprawdź je na --> JOTTI/ albo na VIRUSTOTAL

Otwórz Notatnik i wklej w nim:

Task: {BAAB145C-4CB1-4C22-AA8B-BFA7AC15F15D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Users\Kasia\AppData\Local\NativeScriptTooltip\MotionStartWinsock.exe
C:\Users\Kasia\AppData\Local\NativeScriptTooltip\NativeScriptTooltip.exe
C:\Users\Kasia\AppData\Local\NativeScriptTooltip
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.only-search.com/?babsrc=HP_kms&affID=129280&tt=&mntrid=3C4A08EDB99CA117&tsp=5319
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C4A08EDB99CA117&affID=129280&tsp=5319
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C4A08EDB99CA117&affID=129280&tsp=5319
SearchScopes: HKCU - {892AA7C3-3C69-47EB-BC51-F57423AE6437} URL = http://www.only-search.com/?babsrc=SP_kms&affID=129280&tt=&mntrid=3C4A08EDB99CA117&tsp=5319&q={searchTerms}&r=697
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-07-30]
FF HKCU\...\Firefox\Extensions: [{71524336-70b1-48ef-9014-3c537fb12c7b}] - C:\Program Files (x86)\LyricsPal\130.xpi
S3 cpuz136; \??\C:\Users\Kasia\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S1 dbbcdpoi; \??\C:\Windows\system32\drivers\dbbcdpoi.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 ikaactsa; \??\C:\Windows\system32\drivers\ikaactsa.sys [X]
S3 RgFltX64; \??\C:\Users\Kasia\AppData\Local\NativeScriptTooltip\RgFltX64.sys [X]
C:\Program Files (x86)\globalUpdate
C:\Users\Kasia\AppData\Roaming\VOPackage
C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
C:\Users\Kasia\AppData\Local\NativeScriptTooltip
C:\Users\Kasia\AppData\Local\globalUpdate
C:\Windows\system32\roboot64.exe
C:\ProgramData\374311380
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Users\Kasia\Documents\Optimizer Pro
C:\Users\Kasia\AppData\Local\Temp\bitool.dll
C:\Users\Kasia\AppData\Local\Temp\checktbexist.exe
C:\Users\Kasia\AppData\Local\Temp\dlLogic.exe
C:\Users\Kasia\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Kasia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbpdo2b.dll
C:\Users\Kasia\AppData\Local\Temp\Firefox Setup 13.0.1.exe
C:\Users\Kasia\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Kasia\AppData\Local\Temp\MixiCND_CID2.exe
C:\Users\Kasia\AppData\Local\Temp\nsmBDDA.exe
C:\Users\Kasia\AppData\Local\Temp\nsoEC5A.exe
C:\Users\Kasia\AppData\Local\Temp\nsuA838.exe
C:\Users\Kasia\AppData\Local\Temp\optprosetup.exe
C:\Users\Kasia\AppData\Local\Temp\SHSetup.exe
C:\Users\Kasia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kasia\AppData\Local\Temp\spstub.exe
C:\Users\Kasia\AppData\Local\Temp\ubiE37E.tmp.exe
C:\Users\Kasia\AppData\Local\Temp\utt1708.tmp.exe
C:\Users\Kasia\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Kasia\AppData\Local\Temp\_isE52.exe
Reboot:

4) Zrób nowe logi z FRST (już bez Shortcut)

Napisz, czy problem dalej występuje?

jessi
 

1) Odinstaluj:

"bi_uninstaller" = Bundled software uninstaller

"BringStar" = BringStar

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - [2014-08-02 16:51:17 | 000,323,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BringStar\updateBringStar.exe -- (Update BringStar)
SRV - [2014-08-02 16:50:09 | 000,323,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BringStar\bin\utilBringStar.exe -- (Util BringStar)
IE - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kasia\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kasia\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
[2012-01-20 16:12:03 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012-01-20 17:09:03 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001..\Run: [ChomikBox] C:\Program Files (x86)\ChomikBox\ChomikBox.exe File not found
O4 - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001..\Run: [Google Update] "C:\Users\Kasia\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-3679647880-3557698151-4004413339-1001..\Run: [Tiny download manager] C:\Users\Kasia\AppData\Local\DM\TinyDM.exe (http://www.tinydm.com/)
O4 - Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz6E5B.tmp ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
[2012-01-21 09:37:44 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Babylon
[2013-02-22 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\OpenCandy
[2014-03-22 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\systweak

:Files
C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnopkaehgphfcfgpfpafeafkcbomfaf
C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkhcgdjkpapinigjlojhpcjgecmlgida
C:\Users\Kasia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghhaokdkjnmafmeifhiambkegfffppk

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1BAC7C96-E739-4261-921F-A05A601304E0}]
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7B3710CE-A169-4297-B420-775D4CF1D96F}]
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7BBDC796-BB92-4D5F-895D-8A512FA9B2C0}]
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}]
[-HKEY_USERS\S-1-5-21-3679647880-3557698151-4004413339-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

:Commands
[emptytemp]

4) Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)

5)

[2014-03-28 15:14:47 | 000,151,552 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\001D8075.exe
[2014-03-28 15:14:45 | 000,435,200 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\001D782B.exe
[2014-03-28 14:44:37 | 000,151,552 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\0001E1C6.exe
[2014-03-28 14:44:31 | 000,435,200 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\0001CA21.exe
[2014-03-28 14:44:31 | 000,435,200 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\0001C9A4.exe

Znasz te powyższe?

Pytam, bo w tej lokalizacji nie powinno być żadnych plików *.exe.

jessi

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\Webzen\Mu\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (awiebfhb)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (af50ujwh)
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0

:Commands
[emptytemp]

CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnllbhakmnbcloknbhkhabcnbnhgaim\1.0.3_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge\2.4_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

Znasz te rozszerzenia w Google Chrome?

jessi

Otwórz Notatnik i wklej w nim:

HKLM-x32\...\Run: [fst_pl_169] => [X]

Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-21-2083487716-658805820-2044387795-1000\Software\Microsoft\Internet Explorer\SearchScopes" /f

CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Ewelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki

Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

Do SystemLook x64 wklej:

:regfind

istartsurf

Naciśnij Look i pokaż raport.

jessi

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC92FAFF-3571-484B-8AB1-EFE8604BD2F1}]
"NameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC92FAFF-3571-484B-8AB1-EFE8604BD2F1}]
"NameServer"="8.8.8.8"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"

:Commands
[emptytemp]

Jeśli to nie pomoże, to będzie trzeba zresetować router.

Jeśli nie wiesz jak, to skontaktuj się ze swoim dostawcą internetu.

=======================================================================

Error - 2014-08-05 14:42:32 | Computer Name = Wisnia-PC | Source = WinMgmt | ID = 10
Description =

Aby automatycznie rozwiązać ten problem, kliknij > Fix.it. na stronie http://go.microsoft.com/?linkid=9775756
Następnie kliknij przycisk Uruchom w oknie dialogowym Pobieranie pliku i wykonaj kroki w kreatorze Fix.it.
(Link zapasowy > http://www.mediafire.com/download/6hwcm6b77098cbb/MicrosoftFixit50688.msi )

jessi

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.175.225.136 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{564E77AC-0D4F-4CD8-947C-21BD77214D29}: DhcpNameServer = 5.175.225.136 8.8.8.8

 

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{564E77AC-0D4F-4CD8-947C-21BD77214D29}]
"NameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{564E77AC-0D4F-4CD8-947C-21BD77214D29}]
"NameServer"="8.8.8.8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

Jeśli to nie pomoże, to trzeba będzie zresetować router (chyba korzystasz z routera?).

Jeśli nie wiesz jak, to skontaktuj się ze swoim dostawcą internetu.

Inne "rzeczy":

Odinstaluj "AVG Secure Search" = AVG Security Toolbar

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2014/08/05 18:35:43 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

[2014/08/05 18:35:43 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKLM..\Run: []  File not found

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

[2014/03/21 20:05:48 | 000,003,730 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll File not found

DRV:64bit: - [2014/06/22 17:06:55 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

SRV - [2014/06/22 17:06:55 | 001,813,528 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe -- (vToolbarUpdater18.1.7)

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\mutualpublic\Monitor.exe run -- (Mutual Monitor)

MOD - [2014/06/22 17:06:55 | 002,571,288 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

MOD - [2014/06/22 17:06:55 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll

 

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt.

Zainstaluj nowszą, bezpieczniejszą wersję Javy:

>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)

Być może trzeba też zainstalować nowszą wersję Javy 64 bit >http://java.com/pl/download/faq/java_win64bit.xml

jessi

Error - 2014-08-04 16:22:49 | Computer Name = Damiano-Damiano | Source = Service Control Manager | ID = 7001

Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji

 w sieci, której nie można uruchomić z powodu następującego błędu:   %%1068

 

To z wczorajszego dnia, z dzisiejszego nie ma tego błedu, więc chyba to nieaktualne.

Kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

jessi

1) Odinstaluj:

"MyFreeCodec" = MyFreeCodec

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-08-04 13:54:13 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw.sys
[2014-08-04 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\Damiano\AppData\Local\Torch
[2014-08-04 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\cosstminn
[2014-08-04 09:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\cosstminn
[2014-08-04 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\Damiano\AppData\Local\Chromatic Browser
[2014-08-04 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\c85c83d20c14c27d
[2014-08-04 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\Damiano\AppData\Local\Comodo
[2014-08-04 09:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adanak
O4 - HKU\S-1-5-21-3963789872-904171762-207307952-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
[2014-08-04 09:45:03 | 000,000,000 | ---D | M] (cosstminn) -- C:\Users\Damiano\AppData\Roaming\mozilla\Firefox\Profiles\qa7c70i0.default\extensions\7ljjfx5@aeubq.edu
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2014-07-22 11:42:34 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw.sys -- ({2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw)


:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

jessi

Picasso już od 10 miesięcy jest chora, i na razie nie zanosi się na Jej powrót.

Niestety, w tym dziale nie ma zapasowego Moderatora, więc pomoc prawie nie istnieje.

1) Odinstaluj:

"AVG SafeGuard toolbar" = AVG SafeGuard toolbar

"fst_pl_96_is1" = fst_pl_96

"SearchProtect" = Search Protect
"ShopperPro" = Shopper-Pro

"sweet-page uninstaller" = sweet-page uninstaller

"webget" = webget

Akamai NetSession Interface

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Użyj  > MBAM
Zaznacz wszystko co wykryje, kliknij na Usuń zaznaczone.
Podaj z tego raport.

4) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
DMOD - [2014-06-09 16:48:15 | 002,567,192 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2014-06-09 16:48:15 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
MOD - [2014-03-20 23:06:14 | 001,603,608 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
RV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2014-07-29 13:24:05 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014-07-29 13:24:05 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014-07-22 09:47:56 | 001,812,992 | ---- | M] (ShopperPro) [Auto | Running] -- C:\Program Files\Common Files\ShopperPro\spbiu.exe -- (SPBIUpd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva409.sys -- (XDva409)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys -- (FairplayKD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (amne3upc)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a7eehfst)
DRV - [2014-07-22 09:53:12 | 000,041,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ShopperPro\JSDriver\1.37.0.202\jsdrv.sys -- (SPDRIVER_1.37.0.202)
DRV - [2014-07-22 09:47:10 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\ShopperPro\spbiw.sys -- (SPBIUpdd)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll File not found
O2 - BHO: (Apps Hat) - {11111111-1111-1111-1111-110411851159} - C:\Program Files\Apps Hat\Apps Hat-bho.dll (Nero)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [sPDriver] C:\Program Files\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\ppp\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\ppp\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=93a8d8e39d8147d2ba17d15e7712a207-280eebffd4b62125f56ac22c8758693e69e718be /CMPID=0214c File not found
O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKCU..\Run: [sPDriver] C:\Program Files\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe ()
O4 - HKCU..\Run: [Tiny download manager] "C:\Users\ppp\AppData\Local\DM\TinyDM.exe" /M File not found
O4 - Startup: C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10 Registration.lnk =  File not found
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
[2014-07-29 12:53:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YTAHelper
[2014-07-29 12:53:50 | 000,000,000 | ---D | C] -- C:\Users\ppp\AppData\Local\globalUpdate
[2014-07-29 12:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
[2014-07-29 12:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apps Hat
[2014-07-29 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO
[2014-07-29 12:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
[2014-07-29 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014-07-29 12:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
[2014-07-29 12:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperPro
[2014-07-29 18:55:05 | 000,001,434 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-5_user.job
[2014-07-29 18:54:20 | 000,002,560 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-4.job
[2014-07-29 18:54:19 | 000,001,418 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-5.job
[2014-07-29 18:54:16 | 000,001,532 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-6.job
[2014-07-29 18:54:12 | 000,001,320 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-2.job
[2014-07-29 18:54:11 | 000,001,530 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-1.job
[2014-07-29 18:53:22 | 000,003,778 | ---- | M] () -- C:\Windows\tasks\030b3de7-1793-48da-9839-f6ab73d18535-11.job
[2014-07-29 18:51:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014-07-29 18:51:11 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-29 13:29:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

:Commands
[emptytemp]

==================================================================================

Error - 2014-07-29 12:50:30 | Computer Name = Zachary | Source = WinMgmt | ID = 10
Description =

Aby automatycznie rozwiązać ten problem, kliknij > Fix.it. na stronie http://go.microsoft.com/?linkid=9775756
Następnie kliknij przycisk Uruchom w oknie dialogowym Pobieranie pliku i wykonaj kroki w kreatorze Fix.it.
(Link zapasowy > http://www.mediafire.com/download/6hwcm6b77098cbb/MicrosoftFixit50688.msi )

jessi