swirusek

yhym, bedzie chwilka czasu?

Więc system ładował sie do pewnego momentu potem restart i wywalało narzędzie do naprawiania błędów systemu, kurcze właśnie nie zwróciłem uwagi co to był za błąd Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 Ran by boys at 2014-10-14 20:08:26 Run:3 Running from C:\Users\boys\Desktop\frst Loaded Profile: boys (Available profiles: boys) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: BootExecute: autocheck autochk * sdnclean64.exe ProxyServer: localhost:8080 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {CB3DA99F-EF9F-4969-99B0-F94383A2903D} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird S3 cpuz135; \??\C:\Users\boys\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X] Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe C:\ProgramData\TEMP DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\.EsetTrialReset DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartViewAgent EmptyTemp: ***************** Processes closed successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB3DA99F-EF9F-4969-99B0-F94383A2903D}" => Key deleted successfully. "HKCR\CLSID\{CB3DA99F-EF9F-4969-99B0-F94383A2903D}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. cpuz135 => Service deleted successfully. FreshIO => Service deleted successfully. C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => Moved successfully. "C:\ProgramData\TEMP" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\.EsetTrialReset => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartViewAgent => Key Deleted successfully. EmptyTemp: => Removed 50.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== A tutaj plik system http://przeklej.org/file/UzePvN/SYSTEM.zip

Witam, po wykonaniu wykonaniu ostatniego skryptu, system już nie wstał, musiałem przywracać go z punktu 3 dni do tyłu. Wiec wrzucam logi jeszcze raz. Addition.txt FRST.txt Shortcut.txt

Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01 Ran by boys at 2014-10-12 14:58:33 Run:1 Running from C:\Users\boys\Desktop\frst Loaded Profile: boys (Available profiles: boys) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: BootExecute: autocheck autochk * sdnclean64.exe ProxyServer: localhost:8080 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {CB3DA99F-EF9F-4969-99B0-F94383A2903D} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird S3 cpuz135; \??\C:\Users\boys\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X] Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe C:\ProgramData\TEMP DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\.EsetTrialReset DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartViewAgent EmptyTemp: ***************** Processes closed successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB3DA99F-EF9F-4969-99B0-F94383A2903D}" => Key deleted successfully. "HKCR\CLSID\{CB3DA99F-EF9F-4969-99B0-F94383A2903D}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. cpuz135 => Service deleted successfully. FreshIO => Service deleted successfully. C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => Moved successfully. C:\ProgramData\TEMP => Moved successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\.EsetTrialReset => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartViewAgent => Key Deleted successfully. EmptyTemp: => Removed 149.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Search.txt Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01 Ran by boys at 2014-10-12 15:05:30 Running from C:\Users\boys\Desktop\frst Boot Mode: Normal ================== Search Registry: "pctDS;pctEFA" =========== ===================== Search result for "pctDS" ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCTDS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCTDS\0000\Control] "ActiveService"="pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctDS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctDS\Enum] "0"="Root\LEGACY_PCTDS\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctEFA] "DependOnService"="FltMgr pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PCTDS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pctDS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pctEFA] "DependOnService"="FltMgr pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCTDS\0000\Control] "ActiveService"="pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctDS\Enum] "0"="Root\LEGACY_PCTDS\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctEFA] "DependOnService"="FltMgr pctDS" ===================== Search result for "pctEFA" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PCTools\CommonFiles\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCTEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCTEFA\0000\Control] "ActiveService"="pctEFA" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctEFA] "DependOnService"="FltMgr pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctEFA\Instances\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PCTEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pctEFA] "DependOnService"="FltMgr pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pctEFA\Instances\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCTEFA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCTEFA\0000\Control] "ActiveService"="pctEFA" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctEFA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctEFA] "DependOnService"="FltMgr pctDS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pctEFA\Instances\pctEFA] ====== End Of Search ======

Witam! Wczoraj wystąpił u mnie wyżej opisany problem na 2 komputerach i telefonie w tym samym czasie. Jest to strona z która mówi że za jakieś tam nielegalne działania musimy zapłacić grzywnę. Tknięty przeczuciem zmieniłem router na inny (był tp link, a teraz założyłem oryginalnego liveboxa) po czym przeskanowałem systemy antywirusem Avg, oraz jeden komputer Kasperskym wersją próbną, a drugi narzędziem eset online. Nic nie znalazło, a problem dalej występował mimo wymiany routera, używałem też programów ccleaner i odkurzacz przed zmianą routera nic to nie dało, natomiast po zmianie i użyciu ich ponownie problem nie występuje, podobnie z telefonem, zresetowałem przeglądarke do ustwaień fabrycznych i jest spokój. Czy wirus mógł sie znajdować w plikach tymczasowych i pamięci podręcznej przeglądarki i został usunięty przez te programy? Dla pewności dołączam raporty z OTL i FRST, chciałem jeszcze dorzucić Gmer'a ,ale wywala mi błąd że program przestał działać. Ściągałem go z różnych źródeł, wyłączałem zapore i antywirusa, nie mam też zainstalowanego deamona ani sterownika sptd bo miałem kiedyś podobny problem i wywaliłem je aby móc zrobić właśnie ten raport i potem tego nie instalowałem. Również nie ma on kluczy w rejestrze bo sprawdzałem, a mimo to nie działa, może ściągnąć starszą wersje? Dziękuje z góry za pomoc Addition.txt FRST.txt Shortcut.txt Extras.Txt OTL.Txt