Samoczynne włączanie się "Menadżera zadań"

malmor · 26 Kwiecień 2015 22:17

Problem:

Atis · 26 Kwiecień 2015 22:28

Zapisując Fixlist ustaw kodowanie na UTF-8

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-21-2789345261-3260578610-3778401061-1001\...\Run: [nvxasync] => C:\Users\Hubert\AppData\Roaming\nvxasync\nvxasync.exe [153822720 2015-04-19] ()
HKU\S-1-5-21-2789345261-3260578610-3778401061-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [153822720 2015-04-19] () <==== ATTENTION 
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicyUsers\S-1-5-21-2789345261-3260578610-3778401061-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400797970&from=exp&uid=WDCXWD7500BPKT-75PK4T0_WD-WXS1E32RJDWHRJDWH&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2789345261-3260578610-3778401061-1001 -> {677FDC71-B855-4613-B6AA-F4C859744313} URL = 
SearchScopes: HKU\S-1-5-21-2789345261-3260578610-3778401061-1001 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
U3 fxldipog; \??\C:\Users\Hubert\AppData\Local\Temp\fxldipog.sys [X]
2015-04-24 19:06 - 2015-04-24 19:06 - 00014232 ____ R () C:\Windows\SysWOW64\sh4native.exe
2015-04-25 00:34 - 2015-04-25 00:34 - 00003246 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-04-24 19:07 - 2015-04-24 19:07 - 00000000 ____ D () C:\Users\Hubert\AppData\Roaming\ParetoLogic
2015-04-24 19:07 - 2015-04-24 19:58 - 00000000 ____ D () C:\ProgramData\ParetoLogic
2015-04-19 15:44 - 2015-04-23 18:58 - 00000080 _____ () C:\Users\Hubert\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-19 15:37 - 2015-04-19 15:39 - 00000000 _RSHD () C:\Users\Hubert\AppData\Roaming\nvxasync
2015-04-19 15:37 - 2015-04-19 15:38 - 00000000 _RSHD () C:\ProgramData\nvxasync
2015-04-19 15:37 - 2015-04-19 15:37 - 00000000 ____ D () C:\Users\Hubert\AppData\Roaming\chportu
2015-04-25 16:01 - 2013-04-30 00:04 - 00052119 _____ () C:\spyhunter.fix
2015-04-24 19:07 - 2015-04-24 19:48 - 0000115 _____ () C:\Users\Hubert\AppData\Roaming\LogFile.txt
Task: {24B867F8-4CD5-4481-8FCC-985C3C3D6F61} - System32\Tasks\SpyHunter4Startup => Z:\Tymczasowe (!)\SpyHunter 4.18.9 Portable\SpyHunter4.exe [2015-04-24] (Enigma Software Group USA, LLC.)
Task: {29EDB2C9-E3C2-4DE1-B7B0-F8934F4A9184} - System32\Tasks\{1C6673F7-DB7A-4C9F-8EAD-68D7046DDB8D} => pcalua.exe -a "Z:\Tymczasowe (!)\The Sims 3 - World Adventures Expansion\# Crack\Crack 3\Sims3_1.2.7.00002_from_1.0.631.00002.exe" -d "Z:\Tymczasowe (!)\The Sims 3 - World Adventures Expansion\# Crack\Crack 3"
Task: {63C803B3-A8A8-4FA9-B70C-BD60AE4DF66E} - System32\Tasks\{C1EABEEA-5A1B-4F48-B69C-AFBE4038DEE9} => pcalua.exe -a "Z:\Tymczasowe (!)\HoI II\Dodatki\grafiki do HoI 2 Doomsday\SKIF_HoI2_DD_PL.exe" -d "Z:\Tymczasowe (!)\HoI II\Dodatki\grafiki do HoI 2 Doomsday"
Task: {7FC162E0-C43A-4742-BB46-AE2DBE3AC025} - System32\Tasks\{41DF5F59-6361-48DC-9685-3B1EAB138F5E} => pcalua.exe -a D:\eFilmLt.exe -d D:\
Task: {80754003-3746-4EEE-9478-F28102C0CE01} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {B25CCBF9-8F3C-4459-ADD2-921B8FE70E11} - System32\Tasks\{D60661DA-7A03-40A6-A729-98807BC1F93E} => pcalua.exe -a "C:\Program Files (x86)\iSafe\uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2013"
Task: {B25D19A6-1433-4EB4-B3B8-6A4DE64BDB40} - System32\Tasks\{D7E0ED76-08EE-4C1F-A89A-BEA387888E61} => pcalua.exe -a C:\Users\Hubert\Desktop\wwp_vista_win7_fix_v1.4.exe -d C:\Users\Hubert\Desktop
Task: {B912C438-7AF9-437A-907F-901E3BDEC6C4} - System32\Tasks\{ECB3A8AC-C646-48A8-99F2-97C90AF37963} => Firefox.exe http://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsBing
Task: {E2A3901F-11C4-4095-AA83-15B05A988942} - System32\Tasks\{ADEF9779-B7C7-4F62-BF5C-175527CB501B} => pcalua.exe -a C:\Users\Hubert\Desktop\Nero.9.Portable.g3n\NeroPortable\NeroBurningROMPortable.exe -d C:\Users\Hubert\Desktop\Nero.9.Portable.g3n\NeroPortable
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52101451.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52101451.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

malmor · 27 Kwiecień 2015 00:10

Wszystko chodzi, wstawiam logi:

Fixlog - (…)
Po skanowaniu - (…)

Dziękuje za pomoc!

Atis · 27 Kwiecień 2015 00:23

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2789345261-3260578610-3778401061-1001 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = 
2015-04-27 00:04 - 2015-04-27 00:05 - 00000000 ____ D () C:\AdwCleaner
2015-04-24 01:53 - 2015-04-25 17:44 - 00000000 ____ D () C:\rsit
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj:

Adobe Reader X

Java 7 Update 51

Java 7 Update 67

Java 8 Update 25

Zainstaluj:

Adobe Reader XI 11.0.10

Java 8 Update 45

malmor · 27 Kwiecień 2015 01:04

Wszystko zrobione zgodnie z zaleceniami. Malwarebytes Anti-Malware na początku wykrył 4 pliki, po wyleczeniu zrobiłem ponowne skanowanie i wyszło czyste.

Jeszcze raz dziękuje za pomoc.