W logu widac:
Error: (09/04/2023 06:23:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: Zainicjowanie bazy danych wykazu przez Usługi kryptograficzne nie powiodło się. Błąd: -2147418113 (0x8000ffff) : Katastrofalny błąd.
Blad ten moze powodowac wysokie obciazenie dysku. Pewnie ktoras z infekcji cos zepsula, do tego widac problem z podpisami plikow.
Czy ktorys z bootowalnych antgywirusow nie wykrya Viruta albo Sality? Eset, Kaspersky, Cureit?
Odinstaluj: Avast Cleanup Premium
Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
AlternateDataStreams: C:\Users\grzeg\Desktop\avast_free_antivirus_setup_online.exe:MBAM.Zone.Identifier [209]
AlternateDataStreams: C:\Users\grzeg\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [140]
AlternateDataStreams: C:\Users\grzeg\Downloads\avast_free_antivirus_setup_online.exe:MBAM.Zone.Identifier [209]
MSCONFIG\Services: CCleanerPerformanceOptimizerService => 2
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKU\S-1-5-21-1007877911-3557660348-619750474-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_81BB36531CC9A25E34E50F7F0D986BE9"
HKU\S-1-5-21-1007877911-3557660348-619750474-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B9EBB27DF024DCD190DA9B10443EB315"
HKU\S-1-5-21-1007877911-3557660348-619750474-1004\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DD1AC020EB6B0274B39EA3DBABEBA69C"
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4543384 2023-07-28] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1007877911-3557660348-619750474-1001\...\Run: [MicrosoftEdgeAutoLaunch_B9EBB27DF024DCD190DA9B10443EB315] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108328 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1007877911-3557660348-619750474-1004\...\Run: [MicrosoftEdgeAutoLaunch_DD1AC020EB6B0274B39EA3DBABEBA69C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108328 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Policies: C:\Users\ania0\NTUSER.pol: Ograniczenia <==== UWAGA
Policies: C:\Users\grzeg\NTUSER.pol: Ograniczenia <==== UWAGA
Policies: C:\Users\olaku\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {0F3196A8-8030-407C-9481-80DEBB8A46D7} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1007877911-3557660348-619750474-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2019-12-07] () [Brak podpisu cyfrowego]
Task: {5C7D7F2B-A6A8-43D1-954A-0BA9A3DEBB21} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1007877911-3557660348-619750474-1003 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2019-12-07] () [Brak podpisu cyfrowego]
Task: {44148DFF-7B1D-419D-9382-5B359AC33289} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1007877911-3557660348-619750474-1004 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2019-12-07] () [Brak podpisu cyfrowego]
Task: {CB1ECD31-A412-4D35-A852-57F7DB16D796} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4758936 2023-07-28] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (dane wartości zawierają 70 znaków więcej).
Task: {BF8DDB68-3928-4B49-896F-9AF830D93CFC} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7212952 2023-07-18] (Avast Software s.r.o. -> Avast Software)
Task: {1D6B872D-424B-408F-B814-A22DCDF2825A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (Brak pliku)
Task: {924DB68F-362B-4B31-B241-45739F7CAB59} - System32\Tasks\ehMfsXGPQYzifGCBGtr2 => C:\WINDOWS\system32\rundll32.exe [71680 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] -> "C:\Program Files (x86)\BCXVBmeJuZEyC\baXeayJ.dll",#1 <==== UWAGA
Task: {B12901B9-BF0A-4B3F-B3D6-A971E58A01CE} - System32\Tasks\Firefox Default Browser Agent BDB3C6573A319E62 => C:\Users\grzeg\AppData\Roaming\teivjgh (Brak pliku) <==== UWAGA
Task: {45938853-B830-44EF-8A4D-5A63836F5867} - System32\Tasks\OrdQiPiDFiKEiYJ2 => C:\WINDOWS\system32\rundll32.exe [71680 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] -> "C:\Program Files (x86)\OHmQsNdvU\SOXfVt.dll",#1 <==== UWAGA
Task: {A4787716-CBFE-4AC5-85E1-46773FAD7D7E} - System32\Tasks\pIkQxoXmkNQQFRoNt2 => C:\WINDOWS\system32\rundll32.exe [71680 2019-12-07] (Microsoft Corporation) [Brak podpisu cyfrowego] -> "C:\Program Files (x86)\StOEEhtDIhCHbrOqqmR\HuoxPdn.dll",#1 <==== UWAGA
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\Users\grzeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbilhfoibpnndjdfmbfanapdpmebbnl
CHR Extension: (Adblocker for Youtube™) - C:\Users\grzeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbilhfoibpnndjdfmbfanapdpmebbnl [2021-03-13] [UpdateUrl:hxxps://clients85.google.com/service/update2/crx] <==== UWAGA
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1007877911-3557660348-619750474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
S4 Backupper Service; "C:\Users\grzeg\Downloads\[FTUApps.com] - AOMEI Backupper Technician Plus v6.6.1 Portable\AOMEI Backupper Technician Plus.P\P-661ABTP\AOMEI Backupper Technician Plus 6.6.1\App\Backupper\ABService.exe" [X]
2023-09-04 14:44 - 2023-09-04 14:51 - 000000000 ____D C:\AdwCleaner
2023-09-03 19:59 - 2023-09-03 19:59 - 000000000 __SHD C:\found.000
2020-11-19 04:48 - 2020-11-19 04:48 - 000320202 ___SH () C:\Users\grzeg\AppData\Roaming\hcsteuv
2021-03-13 18:40 - 2021-03-13 18:40 - 000000000 _____ () C:\Users\grzeg\AppData\Roaming\unp249887364.tmp
Po wykonaniu aktualizuj system do najnowszej wersji:
https://www.microsoft.com/pl-pl/software-download/windows10%20 pod Windows lub w razie problemow z pendirve'a. To powinno wszystko naprawic o ile nie ma wirusa.