Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wysokie obciążenie systemu - wysokie obciążenie CPU,pamięci i dysku

wanio18 26 Lut 2016 19:48 2055 11
  • Pomocny post
    #2 26 Lut 2016 19:52
    Kolobos
    Spec od komputerów

    Masz zainfekowany system.

    Wymagane sa logi z FRST, a nie OTL.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zamiesc w zalaczniku logi z FRST (Frst.txt oraz Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • Pomocny post
    #4 26 Lut 2016 20:37
    Kolobos
    Spec od komputerów

    Ten falszywy chinski antywirus dosc ciezko usunac.

    Odinstaluj:
    Adobe Reader 9, zmien na najnowsza wersje AR lub Foxit: http://ninite.com/foxit/
    SpyHunter 4

    Uruchom system w trybie awaryjnym.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {D023DCF2-5304-4A00-89C1-6CC0DFF7FE93} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-19] (Enigma Software Group USA, LLC.)
    AlternateDataStreams: C:\Users\PEPE\Downloads\RStudio__7934_il310339.exe:typelib
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    (RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [Uniblue RegistryBooster 2009] => c:\program files (x86)\uniblue\registrybooster\StartRegistryBooster.exe
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c22a5-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c232a-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {64701b3b-391a-11e4-be82-201a066efcde} - "F:\setup.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {a5f5db3f-a451-11e3-be73-201a066efcde} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {a5f5dbaf-a451-11e3-be73-201a066efcde} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {a5f5def2-a451-11e3-be73-201a066efcde} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {c9c81f52-cc41-11e5-bec5-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {c9c81fe0-cc41-11e5-bec5-a4db30723af2} - "E:\AutoRun.exe"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMGCShellExt64.dll Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-31] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicy-x32: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Hosts:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duba.com/?un_449343_3345
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://smartsputnik.ru/?ri=1&uid=0f62657b27f61f3319e887a990af21aa&q={searchTerms}
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duba.com/?un_449343_3345
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://smartsputnik.ru/?ri=1&uid=0f62657b27f61f3319e887a990af21aa&q={searchTerms}
    URLSearchHook: [S-1-5-21-1931349674-2083586476-2277994081-1001] UWAGA => Brak domyślnego URLSearchHook
    URLSearchHook: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=0f62657b27f61f3319e887a990af21aa&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> {00AA70FC-9F34-42A8-BD5E-65403D57A56A} URL =
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=0f62657b27f61f3319e887a990af21aa&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://smartsputnik.ru/?ri=1&uid=0f62657b27f61f3319e887a990af21aa&q=
    SearchScopes: HKU\S-1-5-21-1931349674-2083586476-2277994081-1001 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat => Brak pliku
    FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&...uid=wdcxwd10jpvx-22jc3t0_wd-wxd1e63nklz7nklz7
    FF DefaultSearchEngine: yoursearching
    FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=...uid=wdcxwd10jpvx-22jc3t0_wd-wxd1e63nklz7nklz7
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\npQMExtensionsMozilla.dll [Brak pliku]
    FF SearchPlugin: C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\searchplugins\istartpageing.xml [2016-02-22]
    FF SearchPlugin: C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\searchplugins\yoursearching.xml [2016-02-23]
    FF Extension: FirefixTab - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\1456205996_xpi [2016-02-23] [Brak podpisu cyfrowego]
    FF Extension: FirefixTab - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\deskCutv2@gmail.com [2016-02-22] [Brak podpisu cyfrowego]
    FF Extension: TSearch - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-02-22] [Brak podpisu cyfrowego]
    FF Extension: Quick Searcher - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-02-22] [Brak podpisu cyfrowego]
    CHR Extension: (Niegrzeczny kolegium dni) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkmegbgmemcihfklalgkfiokbnhemie [2014-04-27]
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275184 2016-02-22] (RayDl)
    S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-19] (Enigma Software Group USA, LLC.)
    S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe" -r [X]
    S2 SPS; C:\Windows\SysWOW64\SearchProtectService.exe [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-19] ()
    S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-02-23] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [128312 2016-02-23] (Tencent Technology(Shenzhen) Company Limited)
    S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-02-23] (电脑管家)
    S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys [X]
    S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [X]
    S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys [X]
    S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
    S1 {0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64; system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64.sys [X]
    S1 {1f1a6417-232f-4d66-b329-9186268a4e91}w64; system32\drivers\{1f1a6417-232f-4d66-b329-9186268a4e91}w64.sys [X]
    S1 {3578bab3-f189-4578-b860-1ee0580e735d}w64; system32\drivers\{3578bab3-f189-4578-b860-1ee0580e735d}w64.sys [X]
    S1 {38fc16c9-a7b4-4377-b565-cc5a76f2c89f}w64; system32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}w64.sys [X]
    S1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}w64; system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64.sys [X]
    S1 {44b76908-31ad-4fdd-90ce-abbdbb78f175}w64; system32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}w64.sys [X]
    S1 {45df5bc0-27fc-482b-88e9-68b0812c4d00}w64; system32\drivers\{45df5bc0-27fc-482b-88e9-68b0812c4d00}w64.sys [X]
    S1 {58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w64; system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w64.sys [X]
    S1 {6191cc23-5db4-4079-aaac-546c45b08af1}w64; system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys [X]
    S1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [X]
    S1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w64; system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w64.sys [X]
    S1 {75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64; system32\drivers\{75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64.sys [X]
    S1 {9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64; system32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64.sys [X]
    S1 {a00759f4-8f6e-4f04-880d-18a7306588c3}w64; system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}w64.sys [X]
    S1 {a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64; system32\drivers\{a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64.sys [X]
    S1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}w64; system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys [X]
    S1 {d025c1f1-c366-4b43-8131-ad1c8300487b}w64; system32\drivers\{d025c1f1-c366-4b43-8131-ad1c8300487b}w64.sys [X]
    S1 {de9a8c18-3a6f-4bd8-ac1b-b4f6ec7d51eb}w64; system32\drivers\{de9a8c18-3a6f-4bd8-ac1b-b4f6ec7d51eb}w64.sys [X]
    S1 {df8d93ab-56ab-414d-b711-87b0e2749bbd}w64; system32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64.sys [X]
    S1 {eb00a2af-f43a-4114-8049-3fd98517b465}w64; system32\drivers\{eb00a2af-f43a-4114-8049-3fd98517b465}w64.sys [X]
    S1 {ee0f3b24-27a7-4a51-ac79-5baa51d5b24e}w64; system32\drivers\{ee0f3b24-27a7-4a51-ac79-5baa51d5b24e}w64.sys [X]
    S1 {f0f5249d-53cc-459a-8755-4cd64b179fb4}w64; system32\drivers\{f0f5249d-53cc-459a-8755-4cd64b179fb4}w64.sys [X]
    S1 {f916f162-d4e9-413b-95d2-589769dc98ff}w64; system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}w64.sys [X]
    2016-02-26 19:37 - 2016-02-26 19:37 - 00075202 _____ C:\Users\PEPE\Downloads\Extras1.Txt
    2016-02-26 19:36 - 2016-02-26 19:36 - 00136700 _____ C:\Users\PEPE\Downloads\OTL1.Txt
    2016-02-26 19:36 - 2016-02-26 19:36 - 00136700 _____ C:\Users\PEPE\Downloads\OTL.Txt
    2016-02-26 19:36 - 2016-02-26 19:36 - 00075202 _____ C:\Users\PEPE\Downloads\Extras.Txt
    2016-02-26 19:24 - 2016-02-26 19:24 - 00575488 _____ (OldTimer Tools) C:\Users\PEPE\Downloads\OTL_3.2.17.3.exe
    2016-02-25 21:51 - 2016-02-25 21:51 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\Uniblue
    2016-02-25 21:49 - 2016-02-25 21:52 - 00000000 ____D C:\Program Files\Przyspiesz Komputer
    2016-02-25 21:49 - 2016-02-25 21:49 - 01448439 _____ C:\Users\PEPE\Downloads\przyspieszkomputer.rar
    2016-02-25 21:49 - 2016-02-25 21:49 - 00000000 ____D C:\Users\PEPE\Downloads\przyspieszkomputer
    2016-02-25 21:48 - 2016-02-25 21:49 - 01678112 _____ (Uniblue Systems ) C:\Users\PEPE\Downloads\registrybooster.exe
    2016-02-25 21:48 - 2016-02-25 21:48 - 00000042 _____ C:\Users\PEPE\Downloads\Registry Booster key.txt
    2016-02-25 21:41 - 2016-02-25 21:48 - 00000000 ____D C:\Program Files (x86)\Przyspiesz
    2016-02-25 21:40 - 2016-02-25 21:41 - 04921344 _____ (Przyspiesz.pl ) C:\Users\PEPE\Downloads\setup_przyspiesz_ndw777hqu.exe
    2016-02-25 21:33 - 2016-02-25 21:33 - 00001001 _____ C:\Users\Public\Desktop\PcSpeedTest.lnk
    2016-02-25 21:33 - 2016-02-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PcSpeedTest
    2016-02-25 21:31 - 2016-02-25 21:31 - 04343696 _____ (PcSpeedTest ) C:\Users\PEPE\Downloads\PC speed test.exe
    2016-02-25 21:29 - 2016-02-25 21:29 - 00000324 _____ C:\Users\PEPE\Downloads\pc_speed_test_kod_.txt
    2016-02-25 21:27 - 2016-02-25 21:27 - 00000332 _____ C:\Users\PEPE\Downloads\kod_do_pc_speed_test.txt
    2016-02-25 21:26 - 2016-02-25 21:26 - 00007798 _____ C:\Users\PEPE\Downloads\pc komputer speed test.pdf
    2016-02-25 21:25 - 2016-02-25 21:25 - 00000162 _____ C:\Users\PEPE\Downloads\kod do pc speed test.txt
    2016-02-25 21:23 - 2016-02-25 21:23 - 00000355 _____ C:\Users\PEPE\Downloads\pc komputer speed test.txt
    2016-02-25 21:12 - 2016-02-25 21:12 - 00000000 ____D C:\Users\PEPE\Documents\System Report
    2016-02-25 21:12 - 2016-02-25 21:12 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\FreshDiagnose
    2016-02-25 21:10 - 2016-02-25 21:11 - 02231742 _____ ( ) C:\Users\PEPE\Downloads\diagnose.exe
    2016-02-23 06:42 - 2016-02-23 06:42 - 00128312 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
    2016-02-23 06:42 - 2016-02-23 06:42 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-02-23 06:42 - 2016-02-23 06:42 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-02-22 22:41 - 2016-02-22 23:17 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-02-22 22:40 - 2016-02-22 23:12 - 00000000 ____D C:\Program Files\SpaceSoundPro
    2016-02-22 22:39 - 2016-02-22 22:39 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-02-22 22:38 - 2016-02-22 23:10 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT美化大师
    2016-02-22 22:38 - 2016-02-22 23:10 - 00000000 ____D C:\Users\PEPE\AppData\Local\PPTAssist
    2016-02-22 22:38 - 2016-02-22 22:38 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\pptassist
    2016-02-22 22:38 - 2016-02-22 22:38 - 00000000 ____D C:\ProgramData\kingsoft
    2016-02-22 22:37 - 2016-02-23 08:36 - 00000000 ____D C:\ProgramData\Tencent
    2016-02-22 22:37 - 2016-02-22 23:13 - 00000000 ____D C:\Program Files (x86)\ppt
    2016-02-22 22:34 - 2016-02-22 22:34 - 00000000 ____D C:\Users\PEPE\AppData\Local\UCBrowser
    2016-02-22 22:33 - 2016-02-22 22:34 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-02-22 22:29 - 2016-02-22 23:11 - 00000000 ____D C:\Users\PEPE\AppData\Local\0912D8A5-1456180151-E311-99C8-201A066EFCDE
    2016-02-22 22:27 - 2016-02-22 23:14 - 00000000 ____D C:\Program Files (x86)\0912D8A5-1456176429-E311-99C8-201A066EFCDE
    2016-02-22 22:25 - 2016-02-23 06:40 - 00000000 ____D C:\Program Files (x86)\RayDld
    2016-02-22 22:24 - 2016-02-22 23:12 - 00000000 ____D C:\Program Files (x86)\Torrent Search
    2016-02-22 22:24 - 2016-02-22 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free VPN
    2016-02-22 22:24 - 2016-02-22 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdBlocker
    2016-02-22 22:24 - 2016-02-22 22:24 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdBlocker
    2016-02-11 02:19 - 2016-02-11 02:24 - 333323875 _____ C:\Users\PEPE\Downloads\Game.rar
    2021-10-21 14:36 - 2013-10-22 22:55 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
    2021-10-04 08:34 - 2013-10-22 22:55 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
    EmptyTemp:
    Reboot:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Ps. Lepiej juz nie sciagaj tych pirackich programow, crackow itp, jak widac nie wychodzi Ci to najlepiej.

    0
  • Pomocny post
    #6 26 Lut 2016 22:20
    Kolobos
    Spec od komputerów

    Wykonaj: https://support.google.com/chrome/answer/3296214?hl=pl

    Nowy Fixlist.txt dla FRST:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-26] ()
    URLSearchHook: [S-1-5-21-1931349674-2083586476-2277994081-1001] UWAGA => Brak domyślnego URLSearchHook
    CHR Extension: (Gry sportowe) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdmijhdmokdbgiipcnbgfhfcmdhfdjh [2014-04-27]
    CHR Extension: (Piękno nadmorskiego) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfagfeaicdfggfoggddgidceplpbjmfa [2014-04-27]
    CHR Extension: (Konkursu Top Model) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpmpjdnelalnbadepjbpofjonmpfopi [2014-04-27]
    CHR Extension: (Motocross kraju gorączka 3D) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Default\Extensions\plibbaagmbbohdcbpmdijacacgghagij [2014-04-27]
    2016-02-26 20:15 - 2016-02-26 21:30 - 00000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 02 Mar 2016 20:21
    wanio18
    Poziom 7  

    Nie wiem co znowu się stało :( Ale mam wysokie obciążenie pamięci i dysku przez host usługi system lokalny (ograniczony do sieci)

    0
  • #8 02 Mar 2016 20:54
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST + screen z Process Explorer (ze strony MS).

    0
  • #10 02 Mar 2016 21:51
    Kolobos
    Spec od komputerów

    W logach nie widac nic ciekawego.

    0
  • #12 14 Kwi 2016 19:02
    Kolobos
    Spec od komputerów

    Uruchom z prawami administratora C:\Program Files (x86)\MPC Cleaner\Uninstall.exe i odinstaluj ten szkodliwy program.

    Odinstaluj:
    qksee
    SpyHunter 4

    Fixlist.txt dla FRST:
    Task: {0883804F-36A1-40EB-85CE-8B3AB3B634B0} - System32\Tasks\{EDB0EE6C-8F2C-49AB-8713-4931CBC3CB9C} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
    Task: {25CF41E8-B1A6-441B-A2C1-45CDDFF62E3C} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== UWAGA
    Task: {2EDD2319-BB38-4409-869C-6BE102450BBE} - System32\Tasks\WinTsks => C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe [2016-04-09] ()
    Task: {5B86025B-323D-45F3-AB0C-F6B66A866AED} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\662810314F56B41A12B367A10AAF542A\Update\BrowserUpdate.exe [2016-04-08] (Tencent)
    ShortcutWithArgument: C:\Users\PEPE\Desktop\Piotr - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1458088638&a=1003081&src=sh&uuid=371c1edb-23d0-4cc6-b014-f3f7765b50e6"
    2016-04-12 08:42 - 2016-04-12 08:42 - 00177152 _____ () C:\Windows\svchost.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    () C:\Users\PEPE\AppData\Local\Temp\msupdate71\dwm.exe
    (tsvr.com) C:\Users\PEPE\AppData\Roaming\TSv\TSvr.exe
    (WFini LIMITED) C:\ProgramData\FwinpF\WFini.exe
    (Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
    (Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [aiko] => C:\Users\PEPE\AppData\Roaming\SexGameDevil\aiko.exe [85504 2013-09-18] ()
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\PEPE\AppData\Local\Temp\mdi064.dll,quardin <===== UWAGA
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\Run: [C10B33] => C:\Users\PEPE\AppData\Roaming\C10B33\317258.exe [227328 2016-03-05] ()
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c22a5-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {2b4c232a-dbe7-11e5-bed7-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {32e376ed-f676-11e5-bef4-a4db30723af2} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {64701b3b-391a-11e4-be82-201a066efcde} - "F:\SPE4.part1.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {98241df9-e92c-11e5-bee9-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\...\MountPoints2: {cddcbc3d-dccb-11e5-bedb-a4db30723af2} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1931349674-2083586476-2277994081-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\niceview.scr [466944 2016-03-04] ()
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    AutoConfigURL: [S-1-5-21-1931349674-2083586476-2277994081-1001] => hxxp://un-stop.net/wpad.dat?1593641aee7bc37f5c1cded1f155357d7699021
    ManualProxies: 0hxxp://un-stop.net/wpad.dat?1593641aee7bc37f5c1cded1f155357d7699021
    URLSearchHook: [S-1-5-21-1931349674-2083586476-2277994081-1001] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => Brak pliku
    BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => Brak pliku
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL Brak pliku
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - Brak pliku
    FF DefaultSearchEngine: Default
    FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0...BBAEURwIFIk0FA18DB0VXfWFoKB8fHHZCM1FzCE0FRFs=
    FF Extension: Quick Searcher - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-12] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{4bae00ce-0e8d-4bc3-9705-dbce6e6f426e}.xpi [2016-03-15] [Brak podpisu cyfrowego]
    FF Extension: Quick Searcher - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\xukvaz9a.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-12] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\PEPE\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{4bae00ce-0e8d-4bc3-9705-dbce6e6f426e}.xpi [2016-03-15] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => nie znaleziono
    CHR Extension: (Quick Searcher) - C:\Users\PEPE\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-04-12]
    S2 BugreportW; C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe [1622648 2016-04-09] ()
    R2 IhPul; C:\Users\PEPE\AppData\Roaming\TSv\TSvr.exe [359680 2016-04-13] (tsvr.com)
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-12] (DotC United Inc)
    R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [749680 2016-04-13] (Qksee Pvt Ltd.)
    R2 WdMan; C:\ProgramData\FwinpF\WFini.exe [582328 2016-04-13] (WFini LIMITED)
    U2 Windows; C:\Windows\svchost.exe [177152 2016-04-12] () [Brak podpisu cyfrowego]
    U2 Windows; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation)
    S2 WinSvces; C:\Program Files (x86)\WinSvces\WinSvces\WinSvces.exe [319432 2016-04-09] ()
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [705688 2016-04-13] (Winzipper Pvt Ltd.) <==== UWAGA
    S4 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
    S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-06-06] (Emsisoft GmbH)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-12] (DotC United Inc)
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-04-14 08:37 - 2016-04-14 08:37 - 00194718 _____ C:\Users\PEPE\Downloads\OTL.Txt
    2016-04-14 08:32 - 2016-04-14 08:32 - 00575488 _____ (OldTimer Tools) C:\Users\PEPE\Downloads\OTL_3.2.17.3.exe
    2016-04-14 07:44 - 2016-04-14 07:44 - 00001739 _____ C:\Users\Public\Desktop\qksee.lnk
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\qksee
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-04-14 07:44 - 2016-04-14 07:44 - 00000000 ____D C:\Program Files (x86)\qksee
    2016-04-14 07:43 - 2016-04-14 07:43 - 00015030 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\WinZiper
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\TSv
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\eCyber
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\ProgramData\FwinpF
    2016-04-14 07:43 - 2016-04-14 07:43 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    2016-04-12 08:43 - 2016-04-12 08:43 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-04-12 08:43 - 2016-04-12 08:43 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-12 08:42 - 2016-04-14 07:43 - 00000000 ____D C:\Program Files (x86)\SpeedSearchesbnd
    2016-04-12 08:42 - 2016-04-12 08:42 - 01308672 _____ C:\Windows\csrss.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00177152 _____ C:\Windows\svchost.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00114151 _____ C:\Users\PEPE\Downloads\Niepotwierdzony 816176.crdownload
    2016-04-12 08:42 - 2016-04-12 08:42 - 00073216 _____ C:\Windows\taskmgr.exe
    2016-04-12 08:42 - 2016-04-12 08:42 - 00028819 _____ C:\Windows\decred.cl
    2016-04-12 08:42 - 2016-04-12 08:42 - 00015126 _____ C:\Windows\System32\Tasks\WinTsks
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Windows\Azart
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Program Files (x86)\WinTsks
    2016-04-12 08:42 - 2016-04-12 08:42 - 00000000 ____D C:\Program Files (x86)\WinSvces
    2016-04-12 08:41 - 2016-04-12 08:41 - 03627672 _____ C:\Users\PEPE\Downloads\sex_glory_sensual_haunting_hacked_d_g_o.exe
    2016-03-18 22:45 - 2016-03-18 22:45 - 00001822 _____ C:\AdwCleaner[S1].txt
    2016-03-16 02:37 - 2016-03-16 02:37 - 00003056 _____ C:\Windows\System32\Tasks\LuckyBrowse
    2016-03-16 02:37 - 2016-03-16 02:37 - 00000000 ____D C:\Users\PEPE\AppData\Roaming\SimpleFiles
    2016-02-22 23:42 - 2016-02-22 23:42 - 0005120 _____ () C:\Users\PEPE\AppData\Roaming\GiftBag.db
    EmptyTemp:



    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0