Błąd regsvr32 podczas uruchamiania systemu

sebastian403 · 18 Grudzień 2014 20:16

Witam, od pewnego czasu wyskakują mi dwa błędy regsvr32, proszę o pomoc podaje logi, oraz okna które wyskakują w załaczniku.

FRST - http://wklej.org/id/1562123/

Addition - http://wklej.org/id/1562125/

Zauwarzyłem również, że podczas uruchomienia mignie jakiś czarny ekran cmd jakby coś się uruchomiło.

Czy znalazł by się ktoś kto mógłby coś wyczytać z logów?

Atis · 18 Grudzień 2014 22:54

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-21-2462157174-1386198728-2849644501-1000\...\Run: [Ujfmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Studio\AppData\Local\Ornsics\opendsc.dll
HKU\S-1-5-21-2462157174-1386198728-2849644501-1000\...\Run: [YnvPack] => regsvr32.exe C:\Users\Studio\AppData\Local\YnvPack\sdlvyhxk.dll <===== ATTENTION
HKU\S-1-5-21-2462157174-1386198728-2849644501-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2462157174-1386198728-2849644501-1000\...\Policies\Explorer: [Run] "C:\Users\Studio\AppData\Roaming\Microsoft\Windows\IEUpdate\DeviceProperties.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2462157174-1386198728-2849644501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2462157174-1386198728-2849644501-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={34CF7F3C-C72E-4528-9AC5-CB1525AD9466}&mid=4a20cf87276047d0bf69057438e0d81f-d025bfa3fef10e89ce7b215d704757213ed6decf&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-12 16:00:13&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Extension: Network - C:\Users\Studio\AppData\Roaming\Mozilla\Firefox\Profiles\vdf1r3f7.default-1347450012506\Extensions\{208BC81F-89B7-8922-635F-EF670188DA4E} [2014-11-27]
CHR Extension: (Network) - C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-11-27]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Studio\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\Studio\AppData\Roaming\uniq
C:\Users\Studio\AppData\Roaming\Orpizan
C:\Users\Studio\AppData\Roaming\Wuetbi
C:\ProgramData\@system3.att
C:\ProgramData\Doctor Web
C:\Users\Studio\Doctor Web
C:\Users\Studio\AppData\Roaming\麽鎒駓覜
C:\Users\Studio\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Studio\AppData\Local\YnvPack
C:\Users\Studio\AppData\Local\Ornsics
 C:\Windows\system32\Drivers\etc\hosts.txt
Task: {15E5CEA4-EAFC-4469-9FF7-D5B956B3D1AE} - System32\Tasks\{5C78959C-BAF8-416F-9D4B-A0A6F0AB767E} => pcalua.exe -a C:\Users\Studio\Desktop\Image-Line.Groove.Machine.STANDALONE.VSTi.v1.0.1.FULL-ASSiGN\setup.exe -d C:\Users\Studio\Desktop\Image-Line.Groove.Machine.STANDALONE.VSTi.v1.0.1.FULL-ASSiGN
Task: {1B1173E6-23A2-4974-923C-375DBC1B6569} - System32\Tasks\{486B224B-10D1-453F-86BE-633D658C7CC1} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {1E105177-3195-4C06-BF18-AC0AF598C33B} - System32\Tasks\{397E4A2A-3ABE-4A92-BF81-DDA7F93ED417} => pcalua.exe -a "C:\Users\Studio\Downloads\Atomic Email Hunter\Atomic Email Hunter.exe" -d "C:\Users\Studio\Downloads\Atomic Email Hunter"
Task: {296C81A0-56BF-4B18-A69E-6791ECAEBFFD} - System32\Tasks\{574C6F8E-8647-458A-8B3A-6AD502B372DF} => pcalua.exe -a "C:\Users\Studio\Downloads\Microsoft Office 2007 PL\office 2007\setup.exe" -d "C:\Users\Studio\Downloads\Microsoft Office 2007 PL\office 2007"
Task: {3D6B3708-B1BE-4D2C-B5DF-E315F5F8B774} - System32\Tasks\{179F53DC-ACB0-40C5-922B-66B50598D386} => pcalua.exe -a C:\Users\Studio\Desktop\Trilogy\setup.exe -d C:\Users\Studio\Desktop\Trilogy
Task: {41A50A76-2590-4F19-B0DD-E4C08B4EBBEC} - System32\Tasks\{7EB210C6-3D72-4EEC-A824-42EFD655D899} => pcalua.exe -a C:\Users\Studio\Desktop\iZotope_Nectar_Setup_v1_00.exe -d C:\Users\Studio\Desktop
Task: {48648FEE-9EB3-49F5-8EE6-2A90588CC814} - \Security Center Update - 2851235707 No Task File <==== ATTENTION
Task: {6D4862A8-2174-427C-9AFB-079BACE8772E} - System32\Tasks\{779A59E5-E9F8-4723-80F5-36B7EAA6680B} => pcalua.exe -a C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_pol_web.exe
Task: {77902690-B5F6-4CD8-8B06-3063C994EDD4} - \Security Center Update - 2937854189 No Task File <==== ATTENTION
Task: {78F926A6-206E-4908-BD1F-C72B38ABB037} - System32\Tasks\{B5D0ABD5-B132-401F-81AD-668F9C8E8831} => pcalua.exe -a "C:\Program Files (x86)\BOSSAFX\Uninstall.exe"
Task: {8C4091F5-0A72-47CC-8A9C-FA9272B39B0E} - System32\Tasks\{45F98883-0177-4B6B-816E-F6DB86D2FFE6} => pcalua.exe -a C:\Users\Studio\Desktop\googlemon.exe -d C:\Users\Studio\Desktop
Task: {95EE2D5C-22DB-4580-8ED6-05FC025C672F} - System32\Tasks\{A96D787C-C9B6-49CE-B669-19A8359608FF} => pcalua.exe -a "C:\Users\Studio\Desktop\Easy SIS Creator.exe" -d C:\Users\Studio\Desktop
Task: {CD40FD64-38E8-46DA-9E59-9065187EDEC6} - System32\Tasks\{EDC7785E-219F-4E10-8907-9773DCF48547} => pcalua.exe -a C:\Users\Studio\Desktop\Yamaha.Final.Master.VST.v1.0.1\Setup.exe -d C:\Users\Studio\Desktop\Yamaha.Final.Master.VST.v1.0.1
Task: {D67169B1-6FFA-4011-9D14-D03EE7A1488D} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {DE0E224C-58A4-4185-B563-145A7A2CEFCB} - System32\Tasks\{972272A0-491C-4671-923C-87395C925239} => pcalua.exe -a C:\Users\Studio\Desktop\ASIO4ALL_2_10_English.exe -d C:\Users\Studio\Desktop
Task: {F18629ED-F877-4B90-986A-E4AA94E755B1} - System32\Tasks\{C6F3F6AD-328D-492E-AC7D-4A62B7E1EEBA} => pcalua.exe -a "C:\Program Files (x86)\Master\EasyClicker\Uninstal.exe" -d "C:\Program Files (x86)\Master\EasyClicker"
Task: {FE31D092-6DAA-4C33-8E08-565C35449E9C} - System32\Tasks\{983544B5-4EA1-4923-9ECA-04B48D96840C} => pcalua.exe -a "C:\Users\Studio\Desktop\iZotope Nectar v1.0 VST DX RTAS By Adrian Dennis\iZotope_Nectar_Setup_v1_00.exe" -d "C:\Users\Studio\Desktop\iZotope Nectar v1.0 VST DX RTAS By Adrian Dennis"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

sebastian403 · 19 Grudzień 2014 22:21

fixlog - http://wklej.org/id/1562950/

frst - http://wklej.org/id/1562952/

coś jeszcze do poprawki?

Atis · 19 Grudzień 2014 22:38

C:\Users\Studio\AppData\Roaming\麽鎒駓覜

Sprawdź ten ukryty folder, bo w raporcie widać jakieś krzaki.

http://windows.microsoft.com/pl-pl/windows/show-hidden-files#show-hidden-files=windows-7

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

C:\ProgramData\@system.temp
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj:

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Java 7 Update 71

Zainstaluj:

Flash Player 16.0.0.235 Plugin

Flash Player 16.0.0.235 ActiveX

Java 8 Update 25

sebastian403 · 21 Grudzień 2014 14:37

Dziękuje bardzo, problem rozwiązany.