Sprote~1.dll - Zły Obraz

DanielVv · 8 Sierpień 2014 14:31

Witam

Atis · 8 Sierpień 2014 14:42

http://forum.dobreprogramy.pl/nowy-log-obowiązkowy-farbar-recovery-scan-tool-t478727/

DanielVv · 8 Sierpień 2014 14:48

Rozumiem, że mam wstawić loga?

Atis · 8 Sierpień 2014 14:51

Tak.

Log FRST.txt i Addition.txt na wklej.org i podaj link.

DanielVv · 8 Sierpień 2014 14:58

Addition - http://wklej.org/id/1435541/

Atis · 8 Sierpień 2014 15:04

W panelu sterowania odinstaluj:

Akamai NetSession Interface

Bundled software uninstaller

FixMyRegistry

Optimizer Pro v3.1

Qtrax Player

Rich Media Player

SafeSaver 1.74

Update Manager for SweetPacks 1.1

Rich Media Player

WinZipper

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

DanielVv · 8 Sierpień 2014 15:57

http://wklej.org/id/1435569/
Zauważyłem, że nie ma już błędu.

Atis · 8 Sierpień 2014 16:13

Dlaczego nie użyłeś opcji Usuń w AdwCleaner?

DanielVv · 8 Sierpień 2014 16:15

Próbowałem, ale przy samym końcu pisało, że program przestał działać.

Atis · 8 Sierpień 2014 16:28

Użyj AdwCleaner w trybie awaryjnym.

Po uruchomieniu komputera naciskaj klawisz F8 i wybierz tryb awaryjny.

http://support.kaspersky.com/pl/general/various/493#q1

DanielVv · 8 Sierpień 2014 16:43

Nadal to samo.

Atis · 8 Sierpień 2014 18:40

Niewiarygodne, że można mieć taki śmietnik.

Świetny pomysł żeby szkodliwe programy odznaczać w msconfig.

Trzeba było wykonać pełne skanowanie Malwarebytes i wszystko usunąć, bo ten program powinien coś wykryć.

Resetowanie ustawień przeglądarki Chrome

Przywracanie domyślnych ustawień Firefox

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-874901815-2283055968-3899633735-1000\...\Run: [Windows Update] => C:\ProgramData\Windows\Windows Update\winupdate.lnk [1507 2013-06-09] ()
C:\ProgramData\Windows
HKU\S-1-5-21-874901815-2283055968-3899633735-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2054776 2014-06-03] ()
C:\Program Files\SmartTweak
AppInit_DLLs: c:\progra~1\safesa~1\sprote~1.dll => c:\progra~1\safesa~1\sprote~1.dll File Not Found
GroupPolicyUsers\S-1-5-21-874901815-2283055968-3899633735-1002\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9250315AS_5VC0N8ESXXXX5VC0N8ES&ts=1393505787&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388683006&from=wpm0102&uid=ST9250315AS_5VC0N8ESXXXX5VC0N8ES&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {4A181177-52DF-440A-A083-A67155F69424} URL = 
SearchScopes: HKCU - {C548323E-26C9-484A-A969-8A23C9674F47} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=847320&p={searchTerms}
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
S4 CacheBoost Service; C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe [187120 2008-03-09] (Systweak Inc)
C:\Program Files\Systweak
S4 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
C:\ProgramData\BrowserDefender
S3 ASUSProcObsrv; \??\E:\I386\AsProcOb.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WinRing0_1_2_0; \??\D:\Programy\RGB\Driver\WinRing0.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [X]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\AdwCleaner
C:\ProgramData\PC1Data
C:\Program Files\Optimizer Pro
C:\Users\Daniel\Desktop\SpeedUpMyComputer.lnk
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
C:\ProgramData\IePluginServices
C:\ProgramData\IePluginService
C:\Users\Daniel\AppData\Roaming\SupTab
C:\Program Files\SupTab
C:\Users\Daniel\AppData\Roaming\newnext.me
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
C:\Users\Daniel\AppData\Local\FilesFrog Update Checker
C:\ProgramData\eSafe
C:\Users\Daniel\AppData\Roaming\Delta
C:\ProgramData\ssafe saveu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
C:\Users\Daniel\AppData\Local\genienext
C:\Program Files\McAfee Security Scan
CustomCLSID: HKU\S-1-5-21-874901815-2283055968-3899633735-1000_Classes\CLSID\{15ea6566-467f-42ae-85d7-0ef80306cbdc}\localserver32 -> C:\Users\Daniel\AppData\Local\Temp\{8b1670c8-dc4a-4ed4-974b-81737a23826b}\IDriver.NonElevated.exe No (the data entry has 5 more characters).
Task: {0462A679-437F-4458-BB78-9E3863383AC7} - System32\Tasks\{291E1DC0-9BC3-415E-BE6E-C710F0BCBF92} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
Task: {21BBA472-74A4-4E77-999D-68FE03DF2DAF} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {510EA932-8B20-46D9-8AAF-F10A232F09DF} - System32\Tasks\WinThruster_UPDATES => C:\Program Files\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {59A304AF-DB48-4B58-B82F-EF92E6D657C3} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe [2014-04-30] (Megaify Software Co., Ltd.)
Task: {89ADF1D2-FA0F-46F4-9552-63F288F4FB8A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4B44331E-CFE9-431E-A495-5DDCDC8BDFF0}.exe
Task: {91E6B3AE-B9EA-46C1-84AE-8A94B823CF31} - \EPUpdater No Task File <==== ATTENTION
Task: {A666F4A0-8701-4359-B4BF-FC4692A5C3FC} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {B6D9608A-324F-4DAB-BC2C-5713CFF6E07B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{660020C9-EB6A-4A06-9AB0-905CFC4836A8}.exe
Task: {BFF9DE94-AAC6-473D-B920-1A4AB8DB78B5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => D:\Programy\RGB\AutoUpdate.exe
Task: {C1CB2CDF-EB11-4A6C-8627-A74E350EA439} - System32\Tasks\{4D12C3E5-B0D4-40FE-A30E-78B935D526DE} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {E11203DA-5CF4-4969-8496-F280D41DD7EB} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{660020C9-EB6A-4A06-9AB0-905CFC4836A8}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4B44331E-CFE9-431E-A495-5DDCDC8BDFF0}.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-874901815-2283055968-3899633735-1000Core.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-874901815-2283055968-3899633735-1000UA.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files\WinThruster\WinThruster.exe
Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files\WinThruster\WinThruster.exe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BrowserDefendert" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CacheBoost Service" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\RelevantKnowledge" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CacheBoost" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixMyRegistry" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLV Player" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lollipop" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDP" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator" /f
CMD: del /f /s /q %TEMP%\*.*

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

DanielVv · 8 Sierpień 2014 22:06

Skanowałem już system Malwarebytes.

Atis · 8 Sierpień 2014 23:33

Przecież nic nie zostało wykonane, bo wkleiłeś bez ukośników w ścieżkach.

DanielVv · 9 Sierpień 2014 19:07

Wklejam i ukośniki same znikają.

Atis · 9 Sierpień 2014 22:48

Miałeś wkleić do systemowego notatnika.

http://sendfile.pl/262111/FRST.zip