jessica
-
Postów
4 099 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez jessica
-
-
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
O2 - BHO: (no name) - {AD2CA38D-7CDB-8FD9-0332-080E0E309D23} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [iTunesHelper] wscript.exe //B "C:\Users\UKASZ~1\AppData\Local\Temp\iTunesHelper.vbe" File not found
O4 - Startup: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
[2013-11-23 08:35:12 | 069,554,284 | -HS- | C] () -- C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
:Files
iTunesHelper.vbe /alldrives
H:\*.lnk
attrib /d /s -s -h H:\* /C
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.Zrób nowy log z USBFix, z opcji LISTING
jessi
-
1) 1. Otwórz Notatnik i wklej w nim:
Startup: C:\Users\LKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jwwhqft.lnk
ShortcutTarget: jwwhqft.lnk -> C:\ProgramData\tfqhwwj.dss (Корпорация Майкрософт)
HKLM\...\Policies\Explorer\Run: [38085] - C:\ProgramData\mskddt.exe [615222 2009-07-14] ( ())
C:\ProgramData\mskddt.exe
C:\ProgramData\tfqhwwj.dss
C:\ProgramData\jwwhqft.pss
C:\ProgramData\jwwhqft.fvv
C:\ProgramData\vttbfrmq.bxx
C:\ProgramData\qmrfbttv.dss
C:\ProgramData\vttbfrmq.pss
C:\ProgramData\vttbfrmq.fvv
C:\ProgramData\9rjwiod4.bxx
C:\ProgramData\4doiwjr9.dss
C:\ProgramData\9rjwiod4.pss
C:\ProgramData\9rjwiod4.fvv
C:\ProgramData\jwwhqft.reg
C:\ProgramData\jwwhqft.bxx
C:\ProgramData\4doiwjr9.dss
C:\ProgramData\9rjwiod4.bxx
C:\ProgramData\9rjwiod4.fvv
C:\ProgramData\9rjwiod4.pss
C:\ProgramData\dx504EBD57.dat
C:\ProgramData\dx504F1E13.dat
C:\ProgramData\dx50F4F5D7.dat
C:\ProgramData\jwwhqft.bxxPlik zapisz pod nazwą fixlist.txt. Umieść obok narzędzia FRST.
2. Uruchom FRST, wskaż mu Windows 7 jako system do naprawy, wybierz opcję Fix. Powstanie plik fixlog.txt.
3) Do Notatnika wklej:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\ 00,6c,00,6c,00,00,00
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).4) Użyj >>RogueKiller (aby pobrać kliknij na obrazek x64 po Lien de téléchargement :)
Kliknij w nim SCAN, a po wyszukaniu szkodliwych rzeczy kliknij DELETE. Pokaż oba raporty z niego.5) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).
6) Zrób nowe logi z FRST.
jessi
-
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
[2013-11-23 08:35:12 | 069,554,284 | -HS- | C] () -- C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
O4 - Startup: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [iTunesHelper] wscript.exe //B "C:\Users\UKASZ~1\AppData\Local\Temp\iTunesHelper.vbe" File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O2 - BHO: (no name) - {AD2CA38D-7CDB-8FD9-0332-080E0E309D23} - No CLSID value found.
[2013-03-30 20:14:29 | 000,000,000 | ---D | M] (Breowse2savue) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\26wno0h7.default\extensions\iaedxuui@hjjieo.com
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
:Files
H:\iTunesHelper.vbe
H:\*.lnk
iTunesHelper.vbe /alldrives
attrib /d /s -s -h H:\* /C
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.Zrób nowy log z USBFix LISTING.
jessi
-
W takim razie zaraz dodam także naprawę drugiej usługi ..
Do Notatnika wklej:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Zapora systemu Windows/Udostępnianie połączenia internetowego" "DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\ 6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 "DependOnGroup"=hex(7):00,00 "ObjectName"="LocalSystem" "Description"="Zapewnia usługi translacji adresów sieciowych, adresowania, rozpoznawania nazw i/lub blokowania dostępu intruzów wszystkim komputerom w sieci domowej lub biurowej." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:0000042e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.Zrób log z FSS.
jessi
-
Niestety, usługi dalej są zniszczone ...
muszę chwilę pomyśleć, co z tym zrobić ...
Spróbujemy ręcznie odbudować jedną usługę:
Otwórz Notatnik i wklej w nim:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Centrum zabezpieczeń" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\ 6d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="LocalSystem" "Description"="Monitoruje ustawienia zabezpieczeń i konfiguracje systemu." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\ 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000] "Service"="wscsvc" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000020 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="Centrum zabezpieczeń" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000\Control] "ActiveService"="wscsvc"
Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG na dysku C:\
Plik uruchom (dwuklik i OK).(poniższe nieaktualne)
Pobierz z linka >http://technet.microsoft.com/pl-pl/sysinternals/bb897553%28en-us%29.aspxpakunek PsTools zawierający m.in. narzędzie PsExec. Rozpakuj ściągnięty zip i skopiuj plik psexec.exe do folderu C:\WINDOWS\system32.
Następnie START > URUCHOM > cmd i wpisz komendę:
psexec -s -d REG IMPORT C:\FIX.REG
Zresetuj system i zrób nowy log z "Farbar Service Scanner" dla potwierdzenia wykonania zadania.jessi
-
Ja nie widzę przyczyny tego problemu, więc musisz czekać na @Picasso.
Miała pomagać już od poniedziałku, ale chyba nie czuje się jeszcze na tyle zdrowa, by móc pomagać.
Po prostu zaglądaj raz dziennie do swego tematu, by zobaczyć, czy @Picasso już odpowiedziała, czy nie.Masz też inny problem:
Error: (11/27/2013 11:44:56 AM) (Source: Ntfs) (User: ) Description: Struktura systemu plików na dysku jest uszkodzona i nie nadaje się do użytku. Uruchom narzędzie chkdsk na woluminie \Device\HarddiskVolumeShadowCopy2.Ale to już chyba nie do tego działu Forum.
jessi
-
Ale nie wykonałeś zalecenia @muzyk75, dotyczącego użycia Service Repair.
Kliknij prawym na pliku ServicesRepair i wybierz Uruchom jako administrator.
Potem zrestartuj komputer (jeśli nie było restartu).
Zrób nowy log z FSS.
jessi
-
W nowych logach nie widzę niczego do usuwania.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
jessi
-
@izik888
załóż swój własny temat.
Dodatkowo, oprócz wymaganych logów, daj tam log z >USBFix
Kliknij w nim na: LISTING.
jessi
-
Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\DiVapton\updateDiVapton.exe -- (Update DiVapton)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adyi00lz)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8hc0q7o)
[2013-11-07 21:43:42 | 000,007,216 | ---- | M] () (No name found) -- C:\Users\Paweł\AppData\Roaming\mozilla\firefox\profiles\f1gqkqe4.default\extensions\firefox@divapton.biz.xpi
O2 - BHO: (DiVapton) - {3bf42771-1b8a-4910-b3dc-eb330e40020a} - C:\Program Files\DiVapton\DiVaptonbho.dll File not found
[2013-11-09 23:58:05 | 000,000,000 | ---D | C] -- C:\Users\Paweł\AppData\Local\cache
[2013-11-09 23:58:03 | 000,000,000 | ---D | C] -- C:\Users\Paweł\Documents\Mobogenie
[2013-11-09 23:58:03 | 000,000,000 | ---D | C] -- C:\Users\Paweł\AppData\Local\Mobogenie
[2013-11-09 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2013-11-08 17:19:48 | 000,000,000 | ---D | C] -- C:\Users\Paweł\AppData\Roaming\dosearches
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft]
"SPONSORS"="DISABLE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94D1F967-2F31-4C36-A79B-EF3E7492BD21}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C720EC19-33C9-4968-8302-F7FC698E0E7B]
:Commands
[emptytemp]
Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline lub Online)jessi
-
1) Do Notatnika wklej:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=-
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).2) Otwórz Notatnik i wklej w nim:
C:\Documents and Settings\e\Ustawienia lokalne\Dane aplikacji\cache
C:\Documents and Settings\e\Ustawienia lokalne\Dane aplikacji\Mobogenie
C:\Documents and Settings\e\daemonprocess.txt
C:\Documents and Settings\e\Moje dokumenty\Mobogenie
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
C:\Documents and Settings\e\Ustawienia lokalne\Temp\sfamcc00001.dll
C:\Documents and Settings\e\Ustawienia lokalne\Temp\sfareca00001.dll
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-2139871995-1417001333-1004Core.job => C:\Documents and Settings\e\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-2139871995-1417001333-1004UA.job => C:\Documents and Settings\e\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
C:\WINDOWS\system32\Drivers\avgtpx86.sys
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.Daj go.
3) Zrób nowe logi FRST.
Napisz, czy sytuacja się poprawiła?
jessi
-
-
W nowym logu znajdzie się jeszcze coś do kosmetycznego usuwania, zwłaszcza z Google Chrome, ale to już nie jest takie pilne, więc zostawiam to dla @Picasso, gdy już zacznie pomagać po wyzdrowieniu.
jessi
-
Otwórz Notatnik i wklej w nim:
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [x]
S3 RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [x]
S3 s3chipid; \??\C:\DOCUME~1\e\USTAWI~1\Temp\s3chipid.sys [x]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-11] (AVG Technologies)
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes"
Reg: reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes"
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes"
Reg: reg delete "HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes"
Reg: reg delete "HKEY_USERS\S-1-5-21-436374069-2139871995-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\Backup.Old.DefaultScope" /f
CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File
Reg: reg add "HKLN\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f
SearchScopes: HKLM - Backup.Old.DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\MoboGenie
C:\Documents and Settings\Dominika\Ustawienia lokalne\Dane aplikacji\MoboGenie
C:\Documents and Settings\Dominika\daemonprocess.txt
C:\Documents and Settings\Radek\daemonprocess.txt
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
C:\Program Files\AVG Secure Search
C:\Documents and Settings\e\Ustawienia lokalne\Temp\ntdll_dump.dll
C:\Documents and Settings\e\Ustawienia lokalne\Temp\sfamcc00001.dll
C:\Documents and Settings\e\Ustawienia lokalne\Temp\sfareca00001.dll
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{27D719B3-2BBE-4F4E-97B0-8D5ECD1A6C7F}.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{2DBFDC55-5054-4747-9423-A9E201457429}.exe
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.Zrób nowe logi FRST.
jessi
-
Przejmuję chwilowo temat - uzgodnione z @muzyk75.
Po użyciu ESET Service Repair (kliknij prawym na pliku ServicesRepair i wybierz Uruchom jako administrator), wykonuj po kolei moje zalecenia:
1. Otwórz Notatnik i wklej w nim:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\ 00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00 "DisplayName"="Usługi IPSEC" "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,54,00,63,00,70,00,\ 69,00,70,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,00,00 "DependOnGroup"=hex(7):00,00 "ObjectName"="LocalSystem" "Description"="Zarządza zasadami zabezpieczeń IP i uruchamia sterownik ISAKMP/Oakley (IKE) i sterownik zabezpieczeń IP." "PolstoreDllRegisterVersion"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Enum] "0"="Root\\LEGACY_POLICYAGENT\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Routing i dostęp zdalny" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,00,00 "DependOnGroup"=hex(7):4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,00,00 "ObjectName"="LocalSystem" "Description"="Oferuje usługi routingu firmom w środowiskach sieci lokalnych i rozległych." @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers] "ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}" "DisplayName"="Księgowanie usługi RADIUS" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00 "ProviderTypeGUID"="{76560D80-2BFD-11d2-9539-3078302C2030}" "VendorName"="Microsoft" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="" "DisplayName"="Księgowanie systemu Windows" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\ 70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 "ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}" "VendorName"="Microsoft" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers] "ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}" "DisplayName"="Uwierzytelnianie usługi RADIUS" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,72,00,61,00,64,00,2e,00,64,00,6c,00,6c,00,00,00 "VendorName"="Microsoft" "ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="" "DisplayName"="Uwierzytelnianie systemu Windows" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\ 70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 "VendorName"="Microsoft" "ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager] "DllPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,\ 00,70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces] "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0] "InterfaceName"="Sprzężenie zwrotne" "Type"=dword:00000005 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1] "InterfaceName"="Wewnętrzny" "Type"=dword:00000004 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2] "InterfaceName"="{8BE61CC0-E394-4310-A592-FED02D84FD4E}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters] "RouterType"=dword:00000001 "ServerFlags"=dword:00802702 "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6d,00,70,00,72,00,64,00,69,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AppleTalk] "EnableIn"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip] "AllowClientIpAddresses"=dword:00000000 "AllowNetworkAccess"=dword:00000001 "EnableIn"=dword:00000001 "IpAddress"="0.0.0.0" "IpMask"="0.0.0.0" "UseDhcpAddressing"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip\StaticAddressPool] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip\StaticAddressPool\0] "From"=dword:00000000 "To"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipx] "EnableIn"=dword:00000001 "AcceptRemoteNodeNumber"=dword:00000001 "AllowNetworkAccess"=dword:00000001 "AutoWanNetAllocation"=dword:00000001 "FirstWanNet"=dword:00000000 "GlobalWanNet"=dword:00000001 "LastWanNet"=dword:00000000 "WanNetPoolSize"=dword:000003e8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf] "EnableIn"=dword:00000001 "AllowNetworkAccess"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance] "Open"="OpenRasPerformanceData" "Close"="CloseRasPerformanceData" "Collect"="CollectRasPerformanceData" "Library"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,\ 00,61,00,73,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "Last Counter"=dword:00000804 "Last Help"=dword:00000805 "First Counter"=dword:000007de "First Help"=dword:000007df "WbemAdapFileSignature"=hex:01,88,e5,06,07,8c,88,44,d4,76,d0,a7,86,ec,e9,f9 "WbemAdapFileTime"=hex:00,24,53,21,c2,9e,c8,01 "WbemAdapFileSize"=dword:00003000 "WbemAdapStatus"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy] "ProductDir"="C:\\WINDOWS\\system32\\IAS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01] @="IAS.ProxyPolicyEnforcer" "Requests"="0 1 2" "Responses"="0 1 2 3 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02] @="IAS.NTSamNames" "Providers"="1" "Requests"="0" "Responses"="0 1 3" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03] @="IAS.BaseCampHost" "Requests"="0 1" "Responses"="0 1 2 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04] @="IAS.RadiusProxy" "Providers"="2" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05] @="IAS.NTSamAuthentication" "Providers"="1" "Requests"="0" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06] @="IAS.AccountValidation" "Providers"="1" "Requests"="0" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07] @="IAS.PolicyEnforcer" "Providers"="1" "Requests"="0" "Responses"="0 1 3" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08] @="IAS.NTSamPerUser" "Providers"="1" "Requests"="0" "Responses"="0 1 3" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09] @="IAS.EAP" "Providers"="1" "Requests"="0 2" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10] @="IAS.URHandler" "Providers"="0 1" "Requests"="0 2" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11] @="IAS.ChangePassword" "Providers"="1" "Requests"="0" "Responses"="0 1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12] @="IAS.AuthorizationHost" "Requests"="0 1 2" "Responses"="0 1 2 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13] @="IAS.Accounting" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14] @="IAS.MSChapErrorReporter" "Providers"="0 1" "Requests"="0" "Responses"="2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers] "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip] "ProtocolId"=dword:00000021 "GlobalInfo"=hex:01,00,00,00,80,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\ 01,00,00,00,30,00,00,00,06,00,ff,ff,3c,00,00,00,01,00,00,00,38,00,00,00,00,\ 00,00,00,00,00,00,00,01,00,00,00,07,00,00,00,02,00,00,00,01,00,00,00,03,00,\ 00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\ 00,07,00,00,00,0d,00,00,00,6e,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00 "DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG
Uruchom plik przez dwuklik, potwierdź import do rejestru.
2. Zresetuj system. Zrób nowy log z Farbar Service Scanner.
jessi
-
1. Odinstaluj: Bundled software uninstaller, Wsys Control 10.2.1.2634
2. Użyj AdwCleaner. Nnajpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner[s1].txt
Potem czekaj, aż @Picasso powróci do pomagania po wyzdrowieniu.
jessi
-
Czym najlepiej usunąć trojany. Wydaje mi się, że na tym komputerze jakieś są. Znalazł je StopZilla.
Ja jakoś nie mam zaufania do StopZilla.
Zresztą @Picasso też nie, bo napisała:
StopZilla i SpyHunter to programy wątpliwej reputacji.Gdzie i co wykrywa?
Brak nowego logu z FRST.
jessi
-
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
Sprawdziłam u siebie: w ogóle nie mam takiej wartości.
Usuniemy to na wszelki wypadek:
Otwórz Notatnik i wklej w nim:
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj go.
Zrób nowy log z FRST.
(przy okazji sprawdź, czy "Program Files" jest dalej ukryty?)
jessi
-
C:\ProgramData\obtf504 - tego już nie ma.-H-- | C] () -- C:\ProgramData\obtf504
H = hidden, czyli może jest, bo ma atrybut "ukryty"
jessi
-
C:\Users\wangzhisong
Czy to Twoja nazwa użytkownika?
Norton Safe Web Lite (Version: 1.2.0.7)Norton Security Scan (Version: 3.0.0.103)
Jeśli nie zainstalowałeś tego świadomie, to odinstaluj. Masz przecież już Avasta.
Otwórz Notatnik i wklej w nim:
C:\Users\admin\AppData\Local\Temp\SHSetup.exeC:\Users\admin\AppData\Local\Temp\uninst1.exe
C:\Program Files\Mobogenie
C:\Users\admin\AppData\Local\Mobogenie
C:\Users\wangzhisong\AppData\Local\Mobogenie
C:\Users\admin\Documents\Mobogenie
C:\Users\admin\AppData\Local\cache
C:\Users\admin\daemonprocess.txt
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
CHR Plugin: (Vividas Player Plugin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_0\npVividasPlayer.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\npbrowserext.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll No File
CHR Plugin: (Unity Player) - C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\
Toolbar: HKLM - No Name - !{07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - Norton Safe Web Lite - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.
Daj go.
Zrób nowy log z FRST.
Logi wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adresy z paska adresów).
jessi
-
JOTTI/VIRUSTOTAL - raczej nie, bo nie kojarzę co to jest...
Pisałam o tym w swoim pierwszym poście (post nr 2 tematu), w punkcie nr 4.
jessi
-
TAK.
C:\ProgramData\obtf504
C:\Windows\System32\gecfysod.dllczy sprawdzałeś te na JOTTI/VIRUSTOTAL?
jessi
-
@Picasso już chyba za kilka dni zacznie pomagać po chorobie.
1) Odinstaluj:
AVG Security Toolbar (Version: 17.0.1.12)
Claro Chrome Toolbar (Version: 1.0.0.2)
Claro LTD toolbarMy Web Search (Cursor Mania)
Softonic toolbar on IE and Chrome
SweetPacks Toolbar for Internet Explorer 4.4 (Version: 4.4.0001)
TUTO4PC
PC Performer (Version: 11.10)
2) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner[s1].txt3) Otwórz Notatnik i wklej w nim:
Task: {4C3EEB62-9FD2-4A56-B0AE-752A6B8E29D6} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe [2012-03-14] (PerformerSoft LLC)
Task: {50E7E080-C4B9-4F1E-885F-245553DDE0E4} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe [2012-03-14] (PerformerSoft LLC)
C:\Program Files\PC Performer
Task: {7D91D70B-E794-4FF2-A38A-2CA519FD04A8} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-01-24] ()
C:\Program Files\Ask.com
Task: {98AADB21-D28B-4EF8-866B-177C523C87B7} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: {ADAAFB7C-0D42-4860-B6BE-487380BDD1EC} - System32\Tasks\DealPly => C:\Users\admin\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-10] () <==== ATTENTION
C:\Users\admin\AppData\Roaming\DealPly
Task: {E88EB846-9125-4BBB-8B58-E0404520385B} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe [2012-03-14] (PerformerSoft LLC)
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe
C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
C:\Program Files\Common Files\AVG Secure Search
HKLM\...\Run: [] - [x]
HKLM\...\Run: [DATAMNGR] - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-12-06] (Bandoo Media, inc)
HKLM\...\Run: [sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [MyWebSearch Email Plugin] - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2012-04-29] (MyWebSearch.com)
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\SweetIM\Communicator
C:\Program Files\MyWebSearch
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-10-09] ()
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] - C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [34336 2012-04-29] (MyWebSearch.com)
HKCU\...\Run: [MyWebSearch Email Plugin] - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2012-04-29] (MyWebSearch.com)
C:\Program Files\AVG Secure Search
AppInit_DLLs: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll [ 2012-12-06] ()
C:\ProgramData\BrowserProtect
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/home?affID=117242&tt=5012_4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
URLSearchHook: HKLM - (No Name) - {87d5d709-40f2-48a7-8f47-7bb821af70ab} - No File
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {87d5d709-40f2-48a7-8f47-7bb821af70ab} - No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
URLSearchHook: HKCU - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844291&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844291&type=default&q={searchTerms}
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCchr999&ptnrS=ZCchr999&ptb=2G0PefBOLM9xQX.la6q_tg&ind=2012103103&n=77ee41bf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2907651
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={BD11CD54-21AE-4AF2-B9B2-1CF6F558B3FE}
SearchScopes: HKCU - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCchr999&ptnrS=ZCchr999&ptb=2G0PefBOLM9xQX.la6q_tg&ind=2012103103&n=77ee41bf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=117242&tt=5012_4&babsrc=SP_def&mntrId=b49261420000000000000016447c4e30
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=F4&apn_dtid=YYYYYYYYPL&apn_uid=1b8a0a2f-16e4-4b4b-bc24-01190fc4ae4b&apn_sauid=2C40D226-364A-4086-9CCE-FA8687A94DF0
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844291&type=default&q={searchTerms}
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCchr999&ptnrS=ZCchr999&ptb=2G0PefBOLM9xQX.la6q_tg&ind=2012103103&n=77ee41bf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E1D046EC-9780-41F7-8DFE-7BC25652C258}&mid=af9b7773ddee4392aaf825f336cd1d7e-744ac32d8c739ed98ab7bcb0933793199a321991&lang=pl&ds=ax011&pr=&d=2013-01-05 19:00:12&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2907651
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8svwotJB&i=26
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={BD11CD54-21AE-4AF2-B9B2-1CF6F558B3FE}
BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
BHO: bflix Class - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\bflix.dll (bflix)
BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: No Name - {336D0C35-8A85-403a-B9D2-65C292C39087} - No File
BHO: ADDICT-THING Class - {4889F191-B666-47C4-A7A2-E4FDD63345B5} - C:\ProgramData\ADDICT-THING\bhoclass.dll ()
BHO: No Name - {87d5d709-40f2-48a7-8f47-7bb821af70ab} - No File
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
Toolbar: HKLM - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
F NewTab: hxxp://www.qvo6.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=nt&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
FF DefaultSearchEngine: ST-Polska2 Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: ST-Polska2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN29374157781035464&ctid=CT2907651&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2907651&SearchSource=2&CUI=UN29374157781035464&UM=cor&q=
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\st-polska2-customized-web-search.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Foxit PDF Creator Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\Extensions\toolbar@ask.com
FF Extension: ST-Polska2 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qttlp4t1.default\Extensions\{87d5d709-40f2-48a7-8f47-7bb821af70ab}
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\1.bin
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
CHR Extension: (Claro Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0
CHR Extension: (DealPly) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
CHR Extension: (Bflix extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp\1.0_0
CHR Extension: (AVG Security Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
CHR HKLM\...\Chrome\Extension: [dcillohgikpecbmgioknapdpcjofaafl] - C:\Users\admin\AppData\Roaming\Claro\claro.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx
C:\Program Files\Web Assistant
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files\BFlix\BFlix.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS541616J9SA00_SB2482GJJUTE3HJUTE3HX&ts=1381844290
R2 MyWebSearchService; C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2012-04-29] (MyWebSearch.com)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-09] (AVG Secure Search)
S0 szkgfs; system32\drivers\szkgfs.sys [x]
Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.4) Zrób nowe logi z FRST.
jessi
-
W nowych logach nie widzę już niczego podejrzanego.
SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = SearchScopes: HKCU - {FB883CC3-3451-4F43-90A3-A806376724AF} URL = BHO: No Name - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No FileOczyścimy to:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
O2 - BHO: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}]
:Commands
[emptytemp]Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Log z Crystal Disk info - pozostawiam do oceny @Belfegor'a.
Niektóre narzędzia już możemy usunąć:
Rogue Killer - usuń ręcznie.
ESET Service Repair - usuń ręcznie.
FSS, FRST, OTL - na razie zostaną, może @Picasso jeszcze coś zaleci, jak tu kiedyś zajrzy (nie wiem, kiedy)
jessi
Polizja. Ukash - Nowa wersja?
w Dział pomocy doraźnej
Opublikowano
od punktu 3 (włącznie) wszystko już w Normalnym Trybie.
jessi