Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Podejrzenie infekcji, spowolniona praca komputera

lolek2417 30 Paź 2014 17:59 756 2
  • #2 30 Paź 2014 18:17
    Acorus 20
    Spec od komputerów

    Odinstaluj Browser Configuration Utility.Otwórz Notatnik i wklej:

    Cytat:
    Task: {142A4778-B4B1-447A-90B4-E83A906FFF37} - System32\Tasks\At1 => cmd.exe /c del /F /Q "D:\vancouver 2010 no cd crack download.exe" <==== ATTENTION
    Task: {AD0CA114-58A8-41B0-BAF6-53981FFF7DB9} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\At1.job => D:\vancouver 2010 no cd crack download.exe
    HKLM-x32\...\Run: [] => [X]
    AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
    URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    URLSearchHook: HKCU - (No Name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - No File
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&q={searchTerms}
    SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKLM-x32 - {D31E486C-8263-4A73-91DA-FE668143897E} URL = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
    SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=NRO&o=101913&src=crm&q={searchTerms}&locale=en_US
    SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
    SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKCU - {BFCB0035-7056-4a36-A5CD-7F50538174D0} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
    SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
    FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m0if9nje.default\searchplugins\babylon1.xml
    FF Extension: DVDVideoSoftTB Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m0if9nje.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-04-16]
    FF Extension: GoPhotoIt - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m0if9nje.default\Extensions\gophoto@gophoto.it.xpi [2012-07-29]
    FF Extension: Torntv - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m0if9nje.default\Extensions\torntv@torntv.com.xpi [2013-01-20]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.crx []
    CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx []
    CHR HKLM-x32\...\Chrome\Extension: [kngjfmklipimnkegmcilmbhchklgjgfl] - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngjfmklipimnkegmcilmbhchklgjgfl.crx [2013-01-20]
    CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2013-01-20]
    S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
    U3 ai5b8yb8; No ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
    S3 PCAMp50a64; System32\Drivers\PCAMp50a64.sys [X]
    S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2014-10-29 20:12 - 2014-10-29 20:13 - 00000000 ____D () C:\AdwCleaner
    C:\Windows\Tasks\At1.job
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.

    0