Win32Evo-gen [Susp], samo instalujące się programy, wyskakujące reklamy.

[Qubson]

Podczas instalacji ściągniętej z internetu aplikacji zainstalowałem coś więcej niż samą aplikację. Tak, wiem jak to brzmi. Po uruchomieniu przeglądarki po pewnym czasie instalują się programy np. AnyProtect, gamesdescop, smartweb. Deinstalacja tych programów nic nie daje bo po jakimś czasie znowu się instalują. Dodatkowo Avast co chwilę blokuje wirusy co się wcześniej nie działo (teraz zablokował około 30). Próbowałem adwcleaner v.4.113 i TFC ale to też nic nie daje. Proszę o pomoc.

Zalączam logi:

Addition.txt

FRST.txt

GMER.txt

Shortcut.txt

[jessica]

Az mi się wierzyć nie chce, że te logi były robione po użyciu Adw-Cleaner'a!

 

1) Odinstaluj:
 

AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION

istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION

 

2) Otwórz Notatnik i wklej w nim:

 

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0EB45812-50FB-4FFC-8854-1CB507722678} - System32\Tasks\{342D25EC-1B49-42FD-B7E9-7145692D888D} => pcalua.exe -a "C:\Users\Kuba\Desktop\​‌\HAC\Advanced RAR Password Recovery.exe" -d C:\Users\Kuba\Desktop\​‌\HAC
Task: {1D9B0FD1-BBA3-4994-950F-9E0766DA6A3E} - System32\Tasks\{60938517-7198-4632-B31E-627AFFB697CF} => pcalua.exe -a "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer\Millenaire Installer.exe" -d "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer"
Task: {30082EF5-A046-469C-BE97-47E3B72950FA} - System32\Tasks\Z9e8sf5IR => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe [2015-04-20] () <==== ATTENTION
Task: {7D2CD53F-E29D-4DA3-B6ED-CFBE3A304B54} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {84CDA21A-FC4D-4D67-BD6E-9FB819A12ECE} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe
Task: {97E3A1E2-848B-4157-9FB3-AE1E3FE0AAD5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {B6C853E8-B6AE-4AB9-BAE4-47F39EBA84B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {CFD06470-0D42-4E4E-B747-6796C31C59F9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe
Task: {E79B7989-60E0-46CA-9C28-B17F2801289C} - System32\Tasks\veVNOUyn6maUmgP => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe [2015-04-20] () <==== ATTENTION
Task: {F63B190E-97D4-40AA-83C1-B28C10BFE297} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {FD4D1BEE-24EA-48DA-9D6B-3A7B7CE13F07} - System32\Tasks\{C299A6C4-78B5-442E-BEF8-B6456F21055D} => pcalua.exe -a C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft\Minecraft_Beta_Cracked_v1.7.3.exe -d C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe <==== ATTENTION
Task: C:\Windows\Tasks\veVNOUyn6maUmgP.job => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Z9e8sf5IR.job => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe <==== ATTENTION
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-06 16:05 - 2015-07-06 16:05 - 00591360 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs
2015-07-06 16:46 - 2015-07-06 16:46 - 00165376 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp
2015-07-08 21:42 - 2015-07-08 11:03 - 03287696 _____ () C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe
C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876
C:\Program Files (x86)\gmsd_pl_005010025
C:\Program Files (x86)\MiuiTab
HKLM-x32\...\Run: [mbot_pl_11] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010023] => [X]
HKLM-x32\...\Run: [smartWeb] => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_pl_005010025] => C:\Program Files (x86)\gmsd_pl_005010025\gmsd_pl_005010025.exe [3988112 2015-07-08] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010025.exe] => C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe [3287696 2015-07-08] ()
Startup: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-08]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartsurf.xml [2015-07-08]
FF Extension: QuickSearch - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\Extensions\searchffv2@gmail.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\extensions\searchffv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 vicoqudu; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp [165376 2015-07-06] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-08] (DTools LIMITED) <==== ATTENTION
R2 tohohyko; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-08 21:44 - 2015-07-08 22:05 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-08 21:44 - 2015-07-08 21:45 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-08 21:44 - 2015-07-08 21:44 - 00001013 _____ C:\Users\Kuba\Desktop\AnyProtect.lnk
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-08 21:43 - 2015-07-08 21:44 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-07-08 21:43 - 2015-07-08 21:43 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsnCDB.tmp
2015-07-08 21:43 - 2015-07-08 21:43 - 00000000 __SHD C:\Users\Kuba\AppData\Roaming\AnyProtectEx
2015-07-08 21:42 - 2015-07-08 22:20 - 00000000 ____D C:\Users\Kuba\AppData\Local\gmsd_pl_005010025
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\istartsurf
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010025
2015-07-08 21:41 - 2015-07-08 21:41 - 00004040 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-07-08 21:41 - 2015-07-08 21:41 - 00000000 ____D C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-07 17:44 - 2015-07-07 17:44 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsc814E.tmp
2015-07-07 16:52 - 2015-07-07 16:52 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nss99FF.tmp
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\prleth.sys
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\hgfs.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\boost_interprocess
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

 

3) Zrób nowe logi FRST.

 

jessi

[Qubson]

Nowe logi FRST i fixlog.txt:

Addition.txt

Fixlog.txt

FRST.txt

Shortcut.txt

[jessica]

1) Odinstaluj

SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION

(jeśli pojawi się pytanie, czy tylko usunąć z listy - to zgódź się)

 

2) Otwórz Notatnik i wklej w nim:

 

Task: {5DE3451F-7FE6-4DD6-A1A6-CED5BA2E2C5E} - System32\Tasks\{74510947-0BD2-4A19-BE4A-6FD6CD48DE17} => pcalua.exe -a C:\Users\Kuba\Desktop\​‌\HAC\setup.exe -d C:\Users\Kuba\Desktop\​‌\HAC
Task: {C38C8713-6FC8-44D9-8DF5-BA81C879A347} - System32\Tasks\{CE30E140-EF1F-48F3-A446-84A1B8B3F896} => pcalua.exe -a D:\cda_menu.exe -d D:\
FF Plugin HKU\S-1-5-21-4210197690-3277502692-2936419266-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
C:\ProgramData\boost_interprocess
C:\Windows\Minidump\070815-19921-01.dmp
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

 

-------------------------

2009-09-04 18:00 - 2009-09-04 18:00 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1078954 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1397822 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0179125 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0133095 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0046002 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0695857 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1606031 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0195758 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab

 

Dziwne programy.

Ale nie ruszam ich, bo nie wiem, czy są potrzebne, czy nie.

 

jessi

[Qubson]

Nowy fixlog:

Fixlog.txt

[jessica]

Powinno być już OK.

 

Otwórz Notatnik i wklej w nim:

 

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

 

jessi

[Qubson]

Wszystko działa jak należy. Dzięki za pomoc!