Samoistne ruchy kursora i kliknięcia

Poniat · 18 Lipiec 2014 21:05

Witam!

Atis · 19 Lipiec 2014 21:22

W panelu sterowania odinstaluj:

Contextual Tool Extrafind

Freecorder Toolbar

Media Finder 1.0.9.24

NCDownloader

Optimizer Pro v3.0

Softonic toolbar on IE and Chrome

Yontoo 1.10.02

YourFileDownloader

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Poniat · 20 Lipiec 2014 00:39

Zrobione, nowa wklejka:

Atis · 20 Lipiec 2014 09:02

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue 
HKU\S-1-5-21-3910783364-3385862667-686991200-1001\...\Run: [Internet] => 1 
HKU\S-1-5-21-3910783364-3385862667-686991200-1001\...\Run: [DANT] => [X]
HKU\S-1-5-21-3910783364-3385862667-686991200-1001\...\Policies\Explorer\DisallowRun: [1] WmiPrvSE.exe
HKU\S-1-5-21-3910783364-3385862667-686991200-1001\...\Policies\Explorer: [DisallowRun] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=;ftp=;https=;
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/newtab?utm_source=b&ch=bnl&uid=ST3320620AS_6QF239L6XXXX6QF239L6&reg=1363381313
URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=931354&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://yandex.ru/yandsearch?clid=931354&text={searchTerms}
SearchScopes: HKCU - {3D41F773-C2A2-4541-8F58-DF94FA1311D3} URL = http://search.yahoo.com/search?ei=utf-8&FR=chr-vmn&type=oovooyach&q={searchTerms}
SearchScopes: HKCU - {7DA5D1BD-2BDF-48D7-B2E4-423C1C563699} URL = http://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {D3C5835D-3838-4B53-A247-8CAE701B1318} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - {FE324CF3-E537-4227-B5AC-945FE2D29D77} URL = http://websearch.ask.com/redirect?client=ie&tb=STT&o=102866&src=crm&q={searchTerms}&locale=&apn_ptnrs=5N&apn_dtid=YYYYYYYYPL&apn_uid=7DF9D039-0DA2-4D71-A06A-ADF9C2D246E5&apn_sauid=65C5DC8B-D5BC-4857-946D-9C09BBC5EAFD&
BHO: No Name -> {1ABEA228-93B3-1380-FAD7-BC6002085B6B} -> No File
BHO: No Name -> {1B2967A9-ED9D-61A3-B91B-ACB54B875EB4} -> No File
BHO: No Name -> {E7A09E5F-4571-39C1-FF97-0F7EACF165BA} -> No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-8087-36EE87E26986} - No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchdesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\22apple.xml
FF SearchPlugin: C:\Users\Jadwiga\AppData\Roaming\Mozilla\Firefox\Profiles\y3up15ip.default\searchplugins\ybqs-yandex.xml
FF Extension: YoTubeeRAdsReMuov - C:\Users\Jadwiga\AppData\Roaming\Mozilla\Firefox\Profiles\y3up15ip.default\Extensions\yi03i6@bn-va.co.uk [2014-04-17]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.22apple.com/?utm_source=b&utm_medium=bnl&ref=bnl&uid=ST3320620AS_6QF239L6XXXX6QF239L6&reg=1363380812
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (YoTubeeRAdsReMuov) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcehpgpcbflfhjnodflccjlffccnlajc [2014-02-28]
CHR Extension: (No Name) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2011-05-20]
CHR Extension: (No Name) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgabeonglcehbpanfijkdncnldfipbj [2013-12-30]
CHR Extension: (No Name) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl [2012-11-11]
CHR Extension: (No Name) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai [2012-05-21]
CHR Extension: (No Name) - C:\Users\Jadwiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-06-17]
CHR Extension: (RandomPrIce) - C:\ProgramData\kcigedpmfpgnlnddfninccbnfgcbcigd\ [2011-12-09]
CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx [2011-12-09]
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - \User Data\Default\Extensions\novo_price_comparison.crx [2011-12-09]
C:\Program Files (x86)\StartSearch plugin
S1 as6eio; \SystemRoot\System32\drivers\as6eio.sys [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 GGSAFERDriver; \??\D:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
C:\AdwCleaner
C:\ProgramData\VKSaver
C:\ProgramData\kcigedpmfpgnlnddfninccbnfgcbcigd
C:\ProgramData\nvUnsupRes.dat
C:\Program Files (x86)\Common Files\AOL
Task: {0183B11F-C611-43AF-B82C-93E99803A02A} - System32\Tasks\{4CA39538-8E1C-47BF-A462-8ECF13A52036} => D:\sims2\AutoRun.exe
Task: {15772391-E4DF-4CE7-823B-D91220ED134F} - System32\Tasks\{CE0D2D3A-88F9-4668-ADCB-D3E27BC47870} => D:\sims2\AutoRun.exe
Task: {1657CAB0-1A4A-42F8-A658-F569FC979AF4} - System32\Tasks\{4E853BBE-D544-4252-A3A9-529BD8C8F424} => D:\sims2\AutoRun.exe
Task: {80D2191A-B00D-48F0-AEB3-D645327A6F14} - System32\Tasks\VKSaverUpdate => C:\ProgramData\VKSaver\VKSaver.exe
Task: {8DDA4842-2199-44C3-9D26-6CB2D6CA084E} - System32\Tasks\VKSaver => C:\ProgramData\VKSaver\VKSaver.exe
Task: {15BE4E90-F6AA-4565-8A85-C5CCFCF25C79} - System32\Tasks\AdobeAAMUpdater-1.0-Jadwiga-PC-Jadwiga => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A78EB597-9906-41CE-855F-EB056FE9985B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910783364-3385862667-686991200-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-03-30] (RealNetworks, Inc.)
Task: {B9DBE4C2-00FE-4FBC-A552-D75B4059A65B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910783364-3385862667-686991200-1001.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910783364-3385862667-686991200-1006.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_Jadwiga.job => C:\Users\Jadwiga\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_Mateusz.job => C:\Users\Mateusz\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe
Task: {DBEF93B4-F5BC-4F8D-9A01-AB6088829B16} - System32\Tasks\{777CFF51-7AB9-49B2-A26A-FB4EB9E04040} => D:\sims2\AutoRun.exe
Task: {F4488D08-5D0E-49E3-A58F-7FBAC08937BB} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\Overwolf Updater Task.job => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: C:\Windows\Tasks\Upd Inst-S-3154705231.job => c:\programdata\worldappit\upd inst\Upd Inst.exe
Task: C:\Windows\Tasks\YourFile Update.job => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\vToolbarUpdater10.2.0" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\vToolbarUpdater14.2.0" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^20Dollars2Surf.lnk" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCdownloader.lnk" /f
C:\Windows\pss\20Dollars2Surf.lnk.CommonStartup
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browsers Protector" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CheckRun22apple_uninstaller" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egui" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ExpressFiles" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Freecorder FLV Service" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_JULY_P1" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VKSaver" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
CMD: del /f /s /q %TEMP%\*.*

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Poniat · 20 Lipiec 2014 11:53

Fixlog:

http://wklej.org/id/1421160/

FRST:

http://wklej.org/id/1421171/

Atis · 20 Lipiec 2014 13:46

Skasuj folder C:\FRST

Odinstaluj:

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

J2SE Runtime Environment 5.0 Update 9

Java 7 Update 45

Java SE Development Kit 7 Update 11

Java 6 Update 33

Java 7 Update 5

JavaFX 2.1.1

Zainstaluj:

Java 7 Update 65

Flash Player 14.0.0.145 Internet Explorer i Plugin-based browsers

Service Pack 1

Internet Explorer 11

Poniat · 21 Lipiec 2014 10:48

Po 2.5 h instalacji sp1 pc stwierdził że mu nie wyszła konfiguracja i wycofywuje wszystkie zmiany, mieli tak już 9 godzin i końca nie widać… Mogę to jakoś przerwać?

@EDIT: po niecałych 12 w końcu skończył… ERROR_INSTALL_FAILURE, zobaczym co mi troubleshooting Microshitu powie

@EDIT2: Pierwszy problem rozwiązany, no to czas na kolejny -.- PATH_NOT_FOUND (0x80070003), użyłem narzędzia do naprawy plików systemowych (sfc /scannow) i dalej to samo, do CBS.log nie mam dostępu pomimo korzystania z konta admina i nadania uprawnień dostępu do pliku z poziomu tego konta.