Avast oszalał

[Myszor]

Witam. Jestem u kuzynki i włączyłem internet. Avast krzyczy już na stronie szybkiego wybierania, że są wirusy, robaki i wszystko możliwe.  xWięc proszę Was o pomoc w pousuwaniu tego świństwa z komputera Windows x64 bit

GMER.txt

OTL.Txt

Extras.Txt

Addition.txt

FRST.txt

Shortcut.txt

[picasso]

W systemie jest sporo instalacji adware. Działania wstępne:

 

1. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R1 {9642e31c-2703-4a31-ba45-9e8dfb693e38}w64; C:\Windows\System32\drivers\{9642e31c-2703-4a31-ba45-9e8dfb693e38}w64.sys [48776 2014-11-13] (StdLib)
R1 {98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}Gw64; C:\Windows\System32\drivers\{98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}Gw64.sys [48776 2014-11-10] (StdLib)
R1 {98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}w64; C:\Windows\System32\drivers\{98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}w64.sys [48776 2014-11-11] (StdLib)
R1 {c0b542ce-0b43-4536-9ff3-886eaf9fb44c}w64; C:\Windows\System32\drivers\{c0b542ce-0b43-4536-9ff3-886eaf9fb44c}w64.sys [48776 2014-11-16] (StdLib)
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3111880 2014-11-10] ()
R2 MaintainerSvc6.89.573444; C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe [123632 2014-12-31] ()
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\...\Run: [LiveSupport] => C:\Program Files (x86)\LiveSupport\LiveSupport.exe [1005056 2014-03-18] (PC Utilities Software Limited)
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\...\Run: [AppsHat] => C:\Users\Alicja\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Task: {0AD9B6CE-CA74-4AAA-8E88-BFA68F837D4B} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5.exe [2014-11-10] (Lid) 
Task: {2005EB40-6176-47A3-B33F-8E4ED3C0DFF5} - System32\Tasks\EPUpdater => C:\Users\Alicja\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] () 
Task: {21E778B8-0B4C-4B70-B100-8F6342A8E7AF} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-1 => C:\Program Files (x86)\App Lid\App Lid-codedownloader.exe [2014-11-10] (Lid) 
Task: {3161B302-59A5-416B-A961-AC9F3E298F3A} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-6 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-6.exe 
Task: {45889809-98A4-491C-8EE3-2F9FCE7619B3} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-2 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-2.exe [2014-11-10] (Lid) 
Task: {46C8B80F-87F3-4AB0-938E-8231EA680717} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-11 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-11.exe [2014-11-10] (Lid) 
Task: {4EC5A881-5069-41AA-9DA9-E1A746E2CC0C} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-7 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-7.exe [2014-11-10] (Lid) 
Task: {55E0D972-3C14-48C3-A59D-0CB89562CC9E} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5_user => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5.exe [2014-11-10] (Lid) 
Task: {8544F44C-9390-4863-98FE-02601E867F5A} - System32\Tasks\5a3baa7d-4f12-48f9-9ffc-c694880ae479 => C:\Program Files (x86)\App Lid\5a3baa7d-4f12-48f9-9ffc-c694880ae479.exe 
Task: {BBC84B7A-069C-49EF-A1D9-7AE5E64C2472} - System32\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-4 => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-4.exe [2014-11-10] (Lid) 
Task: {DC077C5C-2A88-4714-8E65-18C85300D730} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) 
Task: {DFAF8E2C-E583-4AAE-B3DB-1C6A4BA0C952} - System32\Tasks\8efda629-3ad5-4743-b000-193b5697f1d7 => C:\Program Files (x86)\App Lid\8efda629-3ad5-4743-b000-193b5697f1d7.exe 
Task: {EDEF2A7B-D278-4D74-8719-5B54B822A217} - System32\Tasks\FoxTab => C:\Users\Alicja\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () 
Task: {F2821868-356B-44CF-916F-350E1A911276} - System32\Tasks\BitGuard => Sc.exe start BitGuard 
Task: C:\Windows\Tasks\5a3baa7d-4f12-48f9-9ffc-c694880ae479.job => C:\Program Files (x86)\App Lid\5a3baa7d-4f12-48f9-9ffc-c694880ae479.exe 
Task: C:\Windows\Tasks\8efda629-3ad5-4743-b000-193b5697f1d7.job => C:\Program Files (x86)\App Lid\8efda629-3ad5-4743-b000-193b5697f1d7.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-1.job => C:\Program Files (x86)\App Lid\App Lid-codedownloader.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-11.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-11.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-2.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-2.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-4.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-4.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5_user.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-5.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-6.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-6.exe 
Task: C:\Windows\Tasks\ddc9ebde-354e-46c1-878c-1308dc9c8d67-7.job => C:\Program Files (x86)\App Lid\ddc9ebde-354e-46c1-878c-1308dc9c8d67-7.exe 
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Alicja\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE 
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.gazeta.pl/0,0.html?p156
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=C82C90004EBFF1DF&affID=125032&tsp=5027
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1595141464-2085024051-1102803764-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C82C90004EBFF1DF&affID=125032&tsp=5027
SearchScopes: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {11111111-1111-1111-1111-110611571143} -> No File
BHO: No Name -> {2ce74c72-e61e-4079-8381-49fd8c639620} -> No File
BHO: TiiciTaCoouupon -> {6255d6a8-06f5-4647-99ca-37c182a7b0c0} -> C:\ProgramData\TiiciTaCoouupon\iavTlt4rSIyVZF.x64.dll ()
BHO: TicToACouupon -> {d9bfad73-03e6-4972-8019-35d692b1a671} -> C:\ProgramData\TicToACouupon\S7u1n0o1I1P6LP.x64.dll ()
BHO-x32: No Name -> {11111111-1111-1111-1111-110611571143} -> No File
BHO-x32: No Name -> {2ce74c72-e61e-4079-8381-49fd8c639620} -> No File
BHO-x32: searchgol Helper Object -> {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} -> C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
BHO-x32: No Name -> {980b8a8f-ea0b-4c24-a2e9-70635e2502e9} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {00078E95-3A4A-4137-8DE7-2824908D1C17} - No File
CustomCLSID: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alicja\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alicja\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1595141464-2085024051-1102803764-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alicja\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
C:\ProgramData\5cb00965956dab33
C:\ProgramData\6678848579293784883
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
C:\Program Files (x86)\App Lid
C:\Program Files (x86)\Mozilla Firefox
C:\Users\Alicja\AppData\Local\foxtab_speeddial.crx
C:\Users\Alicja\AppData\Local\WebPlayer
C:\Users\Alicja\AppData\Roaming\BabSolution
C:\Users\Alicja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
C:\Users\Alicja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
C:\Users\Alicja\Downloads\setup*.exe
C:\Windows\System32\drivers\{9642e31c-2703-4a31-ba45-9e8dfb693e38}w64.sys
C:\Windows\System32\drivers\{98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}Gw64.sys
C:\Windows\System32\drivers\{98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}w64.sys
C:\Windows\System32\drivers\{c0b542ce-0b43-4536-9ff3-886eaf9fb44c}w64.sys
CMD: for /d %f in (C:\Users\Alicja\AppData\Local\{*}) do rd /s /q "%f"
Reg: reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Search" /f
Reg: reg delete HKCU\Software\Google\Chrome\Extensions /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

2. Przez Panel sterowania odinstaluj:

 

- Adware: AppsHat Mobile Apps, BitGuard, dealpeak, Foxtab, LiveSupport, LucKySHHoppper, Optimizer Pro v3.2, SalesChuecker, SaveItCoupons, saver box, Search-Gol Chrome Toolbar, TiiciTaCoouupon. Instalacja BitGuard jest uszkodzona, ale system powinien dać możliwość usunięcia wpisu z listy zainstalowanych.

- Stare wersje: Adobe AIR, Adobe Flash Player 15 ActiveX, Adobe Flash Player 15 Plugin, Adobe Reader X MUI, Bing Bar, Google Chrome, Java™ 6 Update 22 (64-bit), Java™ 6 Update 22. Przy deinstalacji Chrome zaznacz Usuń także dane przeglądarki.

 

3. W tle działa instalacja McAfee Site Advisor, która wygląda jak niepoprawnie odinstalowana (brak wejścia deinstalacyjnego). Zastosuj usuwacz McAfee Consumer Product Removal Tool.

 

4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt,