Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Analiza logów OTL, zamulanie PC

stoppaleniu 09 Lip 2016 16:57 378 5
  • #1 09 Lip 2016 16:57
    stoppaleniu
    Poziom 7  

    Witam wszystkich użytkowników. Od kliku dniu strasznie zamula mi komputer. W menadżerze zadań zużycie procesora utrzymuje się na poziomie 97-99 %. Podejrzewam że to wirus. Bardzo proszę osoby obeznane w temacie o podglądnięcie logów z OTL OTL.Txt Download (192.15 kB) i wskazówki co zrobić. Z góry dziękuję

    0 5
  • Pomocny post
    #4 09 Lip 2016 17:58
    krzychupar
    Poziom 40  

    Odinstaluj:
    Spybot - Search and Destroy

    Otwórz notatnik i wklej:
    CloseProcess:
    CustomCLSID: HKU\S-1-5-21-693157447-3044769785-797791620-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => Brak pliku
    CustomCLSID: HKU\S-1-5-21-693157447-3044769785-797791620-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-693157447-3044769785-797791620-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-693157447-3044769785-797791620-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\pl-PL\acadficn.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-693157447-3044769785-797791620-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Tomek-dom\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    Task: {049CC0B0-B071-4EB6-A14D-C49335A6E72E} - System32\Tasks\{323208ED-F600-DFFE-3663-094470232A88} => C:\Users\TOMEK-~1\AppData\Roaming\{32320~1\SyncTask.exe [2013-05-05] () <==== UWAGA
    Task: {07675D6C-F4FB-4B59-A917-5F0724AE2E5F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {0C6DA7D6-D8F0-4AD9-9BC1-AF9D667D04F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {4B9191A5-8E8F-47D5-9AA0-9F5F875EE1BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {543B3494-A094-402D-9CB7-64E5A8573817} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {856A4A49-F1C5-40E4-B5FD-D94884781B64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {7E45613B-BF50-4E32-B143-A49F83B2E2F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {9B8FAE93-8186-4304-9816-7F9CD4499023} - System32\Tasks\{333DA4AB-05B0-4D92-BC9B-F7D4091A9A77} => pcalua.exe -a F:\Pobrane\RAT_5_Mouse_7_0_45_2_x64_Software.exe -d F:\Pobrane
    Task: {A57C81B5-6D99-4E1F-8B13-BC717DA908F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {B1865D56-F2DF-4BE5-91E0-D73B96650EA8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {EB5F05E0-B253-4F8A-8084-6A7CAB890F7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)




    Task: {B2912851-9AED-4DD9-A6F2-B0EB5C14B79C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {B31580E9-44AD-4B0C-AC48-143BA44646FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {C3362C7A-5967-408C-B1B1-99FB2370CB39} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {E3657C7A-85DA-40D6-A46B-6D75BD8F5109} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {E71AB798-872B-4626-9DCC-0E126465152F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {EB292159-B7A2-4E44-88F2-1CB3C54F7C93} - System32\Tasks\AutoPico Daily Restart => C:\Users\TOMEK-~1\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== UWAGA
    Task: {F9C319A2-B79B-41F8-9AF1-95B63D0964C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\{323208ED-F600-DFFE-3663-094470232A88}.job => C:\Users\TOMEK-~1\AppData\Roaming\{32320~1\SyncTask.exe <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-693157447-3044769785-797791620-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-693157447-3044769785-797791620-1001\...\Policies\Explorer: []
    BootExecute: autocheck autochk * sdnclean64.exe
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    2016-07-09 17:05 - 2016-07-09 17:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-07-09 17:05 - 2016-07-09 17:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-07-09 17:05 - 2016-07-09 17:05 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-07-09 17:05 - 2016-07-09 17:05 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-07-09 17:05 - 2016-07-09 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-07-09 17:05 - 2016-07-09 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-05-11 16:52 - 2016-07-08 16:52 - 0000100 _____ () C:\Users\Tomek-dom\AppData\Roaming\WB.CFG
    2015-12-06 14:18 - 2015-12-06 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-03-30 17:50 - 2013-05-23 10:27 - 0001697 _____ () C:\ProgramData\CfGH0250.ini
    2016-03-30 17:50 - 2013-05-23 10:27 - 0001696 _____ () C:\ProgramData\CfGH0280.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
    2016-03-30 17:50 - 2010-06-29 09:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
    2016-03-30 17:50 - 2013-07-01 03:35 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
    2016-03-30 17:50 - 2009-02-24 08:27 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
    2016-03-30 17:50 - 2009-03-20 12:07 - 0000939 _____ () C:\ProgramData\CfSB1170.ini
    2016-03-30 17:50 - 2009-11-17 09:54 - 0002844 _____ () C:\ProgramData\cfSB1240.ini
    2016-03-30 17:50 - 2013-03-08 10:15 - 0002844 _____ () C:\ProgramData\cfSB1240A.ini
    2016-03-30 17:50 - 2010-06-23 08:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
    2016-03-30 17:50 - 2013-03-08 10:15 - 0003077 _____ () C:\ProgramData\cfSB1290A.ini
    2016-03-30 17:50 - 2010-11-26 05:07 - 0000806 _____ () C:\ProgramData\cfSB1300.ini
    2016-03-30 17:50 - 2013-07-01 03:35 - 0000806 _____ () C:\ProgramData\cfSB1300A.ini
    2016-03-30 17:50 - 2011-09-26 10:33 - 0000715 _____ () C:\ProgramData\CfSB1360.ini
    2016-03-30 17:50 - 2012-02-09 09:11 - 0000715 _____ () C:\ProgramData\CfSB1380.ini
    2016-03-30 17:50 - 2012-02-09 09:11 - 0000715 _____ () C:\ProgramData\CfSB1390.ini
    2016-03-30 17:50 - 2012-12-07 12:01 - 0000715 _____ () C:\ProgramData\CfSB1530.ini
    2016-03-30 17:50 - 2012-12-07 12:01 - 0000715 _____ () C:\ProgramData\CfSB1532.ini
    2016-04-03 10:52 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\cfSB1540.ini
    2016-03-30 17:50 - 2015-04-07 14:18 - 0002111 _____ () C:\ProgramData\cfSB1560.ini
    2016-02-29 16:53 - 2016-02-29 16:53 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    C:\Windows\Tasks\{323208ED-F600-DFFE-3663-094470232A88}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 09 Lip 2016 18:07
    stoppaleniu
    Poziom 7  

    Po restarcie komputera zużycie procesora w normie. Wygląda na to, że pomogło. Na wszelki wypadek wklejam jeszcze Fixlog.txt Fixlog.txt Download (20.77 kB) . Dziękuję za pomoc

    0
  • #6 09 Lip 2016 18:36
    krzychupar
    Poziom 40  

    Usuń folder C:\FRST i zamknij temat.

    0