Prosba o pomoc

[RichardTU]

Dobrý den, chtěl bych Vás poprosit o radu ohledně souboru SECOH-QAD.exe, který mi zřejmě způsobuje modrou smrt ve win 8.1. Na Vašem fóru jsem našel podobný problém, ale trošku tápu ve vyřešení. Zde je odkaz na již vyřešený problém: http://forum.viry.cz/viewtopic.php?f=13 ... =secoh+qad Zkoušel jsem ho odstranit např. trojan removerem nebo přeinstalací systému, ale pořád to nejde. Když jdu podle Vašeho návodu, tak nevím jak vytvořit tento text:
Start
C:\ProgramData\nvxasync
HKU\S-1-5-21-3000397284-3468275991-3139848333-1001\...\Run: [nvxasync] => C:\Users\Zuzana\AppData\Roaming\nvxasync\nvxasync.exe [76677632 2015-01-31] ()
HKU\S-1-5-21-3000397284-3468275991-3139848333-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\nvxasync.exe [76677632 2015-01-31] () <==== ATTENTION
HKU\S-1-5-21-3000397284-3468275991-3139848333-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
C:\Program Files\KMSpico
Task: {A2E6AF92-A27E-48C6-9213-2231E259B7DF} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance No Task File <==== ATTENTION
Task: {B52678AC-2956-4ED2-B81A-721734D69791} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {CC7E9366-CF26-4DC9-A66C-3EAB252649E1} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan No Task File <==== ATTENTION
Task: {E288921A-4336-4DEA-A1A6-6F3E6A856E5C} - \Microsoft\Windows\Windows Defender\Windows Defender Verification No Task File <==== ATTENTION
Task: {F67C3C3C-2EE9-498E-A0D8-AA09F8787FB1} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Zuzana\OneDrive:ms-properties
End

protože to je vytvořené na konkrétní PC. Proto bych Vás chtěl poprosit o pomoc při vyřešení tohoto problému. Děkuji

[vyosek]

Zdravim

fixlisty se tvori primo pro dany pocitac, je pro kazdy jiny

Takze dejtelog z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a my jej rozlustime a vymyslime fixlist

[RichardTU]

Protože se text ze souboru FRST nevejde do příspěvku, tak jsem ho zabalil jako přílohu.

[vyosek]

Odinstalujte Trojan Remover

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
  HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
  
  2015-02-07 11:27 - 2015-02-07 11:27 - 00009834 _____ () C:\Users\Richard\Desktop\FRST.txt
  2015-02-07 11:14 - 2015-02-07 11:15 - 00112640 _____ (forum.viry.cz) C:\Users\Richard\Desktop\FRSTLauncher.exe
  2015-02-07 10:49 - 2015-02-07 10:49 - 00001383 _____ () C:\Users\Richard\Desktop\fixlist.txt
  2015-02-07 10:45 - 2015-02-07 10:46 - 00000251 _____ () C:\Users\Richard\Desktop\Search.txt
  2015-02-07 10:07 - 2015-02-07 10:07 - 00001028 _____ () C:\Users\Richard\Desktop\AdwCleaner[S2].txt
  2015-02-06 23:47 - 2015-02-06 23:47 - 00001725 _____ () C:\Users\Richard\Desktop\AdwCleaner[S0].txt
  2015-02-06 23:40 - 2015-02-07 10:04 - 00000000 ____D () C:\AdwCleaner
  2015-02-06 23:40 - 2015-02-06 23:40 - 02112512 _____ () C:\Users\Richard\Desktop\adwcleaner_4.110.exe
  2015-02-06 23:30 - 2015-02-06 23:30 - 00001121 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
  2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\Users\Richard\Documents\Simply Super Software
  2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Simply Super Software
  2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\TEMP
  2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
  2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\Licenses
  2015-02-06 23:29 - 2015-02-06 23:30 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
  2015-02-06 23:29 - 2015-02-06 23:29 - 00000000 ____D () C:\ProgramData\Simply Super Software
  
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[RichardTU]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Richard at 2015-02-07 13:31:26 Run:1
Running from C:\Users\Richard\Desktop
Loaded Profiles: Richard (Available profiles: Richard)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

2015-02-07 11:27 - 2015-02-07 11:27 - 00009834 _____ () C:\Users\Richard\Desktop\FRST.txt
2015-02-07 11:14 - 2015-02-07 11:15 - 00112640 _____ (forum.viry.cz) C:\Users\Richard\Desktop\FRSTLauncher.exe
2015-02-07 10:49 - 2015-02-07 10:49 - 00001383 _____ () C:\Users\Richard\Desktop\fixlist.txt
2015-02-07 10:45 - 2015-02-07 10:46 - 00000251 _____ () C:\Users\Richard\Desktop\Search.txt
2015-02-07 10:07 - 2015-02-07 10:07 - 00001028 _____ () C:\Users\Richard\Desktop\AdwCleaner[S2].txt
2015-02-06 23:47 - 2015-02-06 23:47 - 00001725 _____ () C:\Users\Richard\Desktop\AdwCleaner[S0].txt
2015-02-06 23:40 - 2015-02-07 10:04 - 00000000 ____D () C:\AdwCleaner
2015-02-06 23:40 - 2015-02-06 23:40 - 02112512 _____ () C:\Users\Richard\Desktop\adwcleaner_4.110.exe
2015-02-06 23:30 - 2015-02-06 23:30 - 00001121 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\Users\Richard\Documents\Simply Super Software
2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Simply Super Software
2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-06 23:30 - 2015-02-06 23:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-06 23:29 - 2015-02-06 23:30 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-02-06 23:29 - 2015-02-06 23:29 - 00000000 ____D () C:\ProgramData\Simply Super Software

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value not found.
C:\Users\Richard\Desktop\FRST.txt => Moved successfully.
C:\Users\Richard\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Richard\Desktop\fixlist.txt => Moved successfully.


The system needed a reboot.

==== End of Fixlog 13:31:33 ====

[RichardTU]

Můžu se optat na Váš názor na výsledky? Mám takové podezření, že by to mohlo být hardwarem. Díky

[vyosek]

Mrknete do slozky c:\windows\minidump a pokud tam jsou nejake soubory, tak je zabalte a nekam nahrajte