Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Problem przy włączaniu komputera

UnSpec 25 Lis 2016 19:17 582 8
  • #1 25 Lis 2016 19:17
    UnSpec
    Poziom 5  

    Witam. Mianowicie mam problem od pewnego czasu, gdyż komputer spowalnia swoją pracę,gdy jestem w panelu do logowania. Wyskakują mi 3 błędy i folder z folderami prawdopodobnie od rejestru. Pomoże ktoś?

    0 8
  • Pomocny post
    #2 25 Lis 2016 19:19
    Kolobos
    Spec od komputerów

    Masz zainfekowany system.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zamiesc w zalaczniku logi z FRST (Frst.txt oraz Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • Pomocny post
    #4 25 Lis 2016 20:36
    Kolobos
    Spec od komputerów

    Odinstaluj: McAfee Security Scan Plus

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {82B0C28B-3A8B-4F65-9ED1-15BBD3C430E2} - System32\Tasks\MarcinAlveolateSalariesV2 => Rundll32.exe BivouackedUnedifying.dll,main 7 1 <==== UWAGA
    Task: {E9D6C459-A5F9-4A46-91F7-3233E8CD2007} - System32\Tasks\SessionAgent => C:\windows\gdp32.exe [2016-08-06] ()
    Task: {FBB3ED48-17E4-4B35-AFC1-47A1982BD0B0} - System32\Tasks\doenlcaddo => C:\Windows\system32\config\systemprofile\AppData\Local\Fixsoft [Argument = /t 6652 5647] <==== UWAGA
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    HKU\.DEFAULT\Software\Classes\a91aebb: "C:\Windows\system32\mshta.exe" "javascript:ofT6Ps="R";lV43=new ActiveXObject("WScript.Shell");khys8="2jV5";AVP1Q=lV43.RegRead("HKCU\\software\\dhdwm\\fjdlnljmf");L4trm="x";eval(AVP1Q);Y79zNQ="z";" <===== UWAGA
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
    HKLM-x32\...\Run: [IWJsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Aqdbworks\pfhdetzd.dll
    HKLM-x32\...\Run: [UTDmedia] => regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\UTDmedia\gnsbuqkk.dll <===== UWAGA




    HKU\S-1-5-21-3028288542-831441661-1844810163-1000\...\Run: [IWJsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marcin\AppData\Local\Aqdbworks\nsZPlay54.dll
    HKU\S-1-5-21-3028288542-831441661-1844810163-1000\...\Run: [UTDmedia] => regsvr32.exe C:\Users\Marcin\AppData\Local\UTDmedia\DnetHid.dll <===== UWAGA
    HKU\S-1-5-21-3028288542-831441661-1844810163-1000\...\MountPoints2: {51d2653c-5a13-11e6-88f9-d8cb8a3f0ef0} - F:\setup.exe
    HKU\S-1-5-21-3028288542-831441661-1844810163-1000\...\MountPoints2: {f46f29f4-517f-11e6-af1a-d8cb8a3f0ef0} - F:\setup.exe
    HKU\S-1-5-18\...\Run: [dsqcxb] => rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\dsqcxb.dll",dsqcxb <===== UWAGA
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-16] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Affenpinscher\Subtough.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Affenpinscher\Jobtech.dll => Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-04]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
    FF Extension: (MSASR Locale Handler Class (2052)) - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\z0zm7xns.default\Extensions\{B587C0EA-9099-6F5A-0936-59B2191263B3} [2016-08-07] [Brak podpisu cyfrowego]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    2016-11-25 18:59 - 2016-11-25 19:06 - 00000000 ____D C:\AdwCleaner
    2016-11-25 20:07 - 2016-09-25 12:29 - 00000000 ____D C:\Users\Marcin\AppData\Local\abd5e28
    2016-11-25 20:07 - 2016-08-07 10:16 - 00000000 ____D C:\Users\Marcin\AppData\Local\Aqdbworks
    2016-11-25 16:38 - 2016-08-07 10:16 - 00000000 ____D C:\Users\Marcin\AppData\Local\UTDmedia
    2016-11-04 17:43 - 2016-08-25 16:15 - 00001976 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-11-04 17:42 - 2016-09-01 16:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-09-25 12:46 - 2016-09-25 12:46 - 2930984 _____ () C:\Program Files\Common Files\2x51w1ct.exe
    2016-08-11 15:56 - 2016-08-11 15:56 - 2949659 _____ () C:\Program Files\Common Files\rv5infw4.exe
    2016-06-17 07:54 - 2016-06-17 07:54 - 0000929 _____ () C:\Users\Marcin\AppData\Roaming\10.gif
    2016-06-17 07:54 - 2016-06-17 07:54 - 0000922 _____ () C:\Users\Marcin\AppData\Roaming\3BSYBS1-DCSA_Alerts_05242015040017.xml
    2016-08-30 13:10 - 2016-08-30 13:10 - 0006414 _____ () C:\Users\Marcin\AppData\Roaming\adc.hc
    2016-06-17 07:54 - 2016-06-17 07:54 - 0001224 _____ () C:\Users\Marcin\AppData\Roaming\Adelaide
    2016-06-17 07:54 - 2016-06-17 07:54 - 0004707 _____ () C:\Users\Marcin\AppData\Roaming\Adobe-Japan1-6
    1993-10-05 08:00 - 1993-10-05 08:00 - 0003271 _____ () C:\Users\Marcin\AppData\Roaming\Aflatoxin.yxR
    2016-04-29 16:47 - 2016-04-29 16:47 - 6494208 _____ () C:\Users\Marcin\AppData\Roaming\agent.dat
    2016-08-30 13:10 - 2016-08-30 13:10 - 0007658 _____ () C:\Users\Marcin\AppData\Roaming\akd.kdsg
    2016-06-17 07:54 - 2016-06-17 07:54 - 0000952 _____ () C:\Users\Marcin\AppData\Roaming\annotate.toc.xml
    2016-08-21 18:59 - 2016-08-21 18:59 - 0002980 _____ () C:\Users\Marcin\AppData\Roaming\Antineutron.w
    2009-10-16 08:00 - 2009-10-16 08:00 - 0049761 _____ () C:\Users\Marcin\AppData\Roaming\Auricula.tg5
    2016-08-30 13:10 - 2016-08-30 13:10 - 0008464 _____ () C:\Users\Marcin\AppData\Roaming\b.ea
    2016-06-17 07:53 - 2016-06-17 07:53 - 0001824 _____ () C:\Users\Marcin\AppData\Roaming\BitFrequency.mm
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000524 _____ () C:\Users\Marcin\AppData\Roaming\Bl 430 493 557.ADO
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000524 _____ () C:\Users\Marcin\AppData\Roaming\Bl CG10 WmG3 CG1.ADO
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000772 _____ () C:\Users\Marcin\AppData\Roaming\Black - White.act
    2016-09-07 21:46 - 2016-09-07 21:46 - 0151552 _____ (Intel Corporation) C:\Users\Marcin\AppData\Roaming\Blowfish.dll
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000524 _____ () C:\Users\Marcin\AppData\Roaming\BMY sepia 1.ADO
    2016-08-21 11:51 - 2016-08-21 11:51 - 0000250 _____ () C:\Users\Marcin\AppData\Roaming\bolide.vay
    2012-10-02 08:00 - 2012-10-02 08:00 - 0148141 _____ () C:\Users\Marcin\AppData\Roaming\Bulletin.q
    2016-06-17 07:53 - 2016-06-17 07:53 - 0004776 _____ () C:\Users\Marcin\AppData\Roaming\burn_in.png
    2008-11-19 09:00 - 2008-11-19 09:00 - 0145188 _____ () C:\Users\Marcin\AppData\Roaming\Bustard.BzM
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000594 _____ () C:\Users\Marcin\AppData\Roaming\but-rewind.png
    2016-06-17 07:53 - 2016-06-17 07:53 - 0001044 _____ () C:\Users\Marcin\AppData\Roaming\Canary
    2016-06-17 07:53 - 2016-06-17 07:53 - 0001017 _____ () C:\Users\Marcin\AppData\Roaming\chunk.toc.xml
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000189 _____ () C:\Users\Marcin\AppData\Roaming\cpu.xml
    2014-11-29 15:40 - 2014-11-29 15:40 - 0010134 _____ () C:\Users\Marcin\AppData\Roaming\d.grua
    2014-11-29 15:40 - 2014-11-29 15:40 - 0010134 _____ () C:\Users\Marcin\AppData\Roaming\dea.ko
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000144 _____ () C:\Users\Marcin\AppData\Roaming\desc_da_DK.txt
    2014-05-02 08:00 - 2014-05-02 08:00 - 0132397 _____ () C:\Users\Marcin\AppData\Roaming\Despond.2
    2014-11-29 15:40 - 2014-11-29 15:40 - 0029926 _____ () C:\Users\Marcin\AppData\Roaming\drijnall.gsf
    2016-08-25 23:13 - 2016-08-25 23:13 - 0012193 _____ () C:\Users\Marcin\AppData\Roaming\eiuxgxes.qrac
    2016-06-17 07:53 - 2016-06-17 07:53 - 0001555 _____ () C:\Users\Marcin\AppData\Roaming\EmbeddingExampleXML2FO.png
    2016-08-30 13:10 - 2016-08-30 13:10 - 0011975 _____ () C:\Users\Marcin\AppData\Roaming\eositfko.xoi
    2016-06-17 07:53 - 2016-06-17 07:53 - 0001236 _____ () C:\Users\Marcin\AppData\Roaming\error_report.png
    1987-02-11 09:00 - 1987-02-11 09:00 - 0049692 _____ () C:\Users\Marcin\AppData\Roaming\Expeditor.J
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000588 _____ () C:\Users\Marcin\AppData\Roaming\Fiji
    2014-11-29 15:40 - 2014-11-29 15:40 - 0015086 _____ () C:\Users\Marcin\AppData\Roaming\fn.gooj
    2014-11-29 15:40 - 2014-11-29 15:40 - 0000766 _____ () C:\Users\Marcin\AppData\Roaming\fod.cv
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000027 _____ () C:\Users\Marcin\AppData\Roaming\GMT+8
    2016-06-17 07:53 - 2016-06-17 07:53 - 0000027 _____ () C:\Users\Marcin\AppData\Roaming\GMT-10
    2016-06-17 07:52 - 2016-06-17 07:52 - 0000510 _____ () C:\Users\Marcin\AppData\Roaming\goURL_lr_photoshop_en.csv
    2016-06-17 07:52 - 2016-06-17 07:52 - 0001903 _____ () C:\Users\Marcin\AppData\Roaming\Graph.mi
    2016-10-14 18:44 - 2016-10-14 18:44 - 0061782 _____ () C:\Users\Marcin\AppData\Roaming\gunters.qkv
    2016-08-30 13:10 - 2016-08-30 13:10 - 0008516 _____ () C:\Users\Marcin\AppData\Roaming\hew.jch
    2016-08-30 13:10 - 2016-08-30 13:10 - 0007788 _____ () C:\Users\Marcin\AppData\Roaming\ibanqhm.esw
    2016-04-29 16:46 - 2016-04-29 16:46 - 0127488 _____ () C:\Users\Marcin\AppData\Roaming\Installer.dat
    2014-11-29 15:40 - 2014-11-29 15:40 - 0002862 _____ () C:\Users\Marcin\AppData\Roaming\jun.cbfs
    2016-10-15 09:32 - 2016-10-15 09:32 - 0062329 _____ () C:\Users\Marcin\AppData\Roaming\KnopAnesthesiology.R
    2016-08-20 19:32 - 2016-08-20 19:32 - 0003885 _____ () C:\Users\Marcin\AppData\Roaming\KremlinFiddlewood.Y
    2016-08-30 13:10 - 2016-08-30 13:10 - 0006419 _____ () C:\Users\Marcin\AppData\Roaming\lmuowk.kdtk
    2016-04-29 16:47 - 2016-04-29 16:47 - 0018432 _____ () C:\Users\Marcin\AppData\Roaming\Main.dat
    2016-10-14 18:44 - 2016-10-14 18:44 - 0000547 _____ () C:\Users\Marcin\AppData\Roaming\methamphetamine.swz
    2016-08-30 13:10 - 2016-08-30 13:10 - 0006419 _____ () C:\Users\Marcin\AppData\Roaming\n.qm
    2016-08-21 22:19 - 2016-08-21 22:19 - 0049672 _____ () C:\Users\Marcin\AppData\Roaming\opoweeai.drh
    2016-08-20 17:04 - 2016-08-20 17:04 - 0003635 _____ () C:\Users\Marcin\AppData\Roaming\pangolin.xtx
    2016-08-30 13:10 - 2016-08-30 13:10 - 0008516 _____ () C:\Users\Marcin\AppData\Roaming\pitxll.ti
    2016-08-21 11:51 - 2016-08-21 11:51 - 0002730 _____ () C:\Users\Marcin\AppData\Roaming\prophages.xpx
    2016-08-25 23:13 - 2016-08-25 23:13 - 0049672 _____ () C:\Users\Marcin\AppData\Roaming\qtgthgyk.ua
    2016-08-21 22:19 - 2016-08-21 22:19 - 0009994 _____ () C:\Users\Marcin\AppData\Roaming\rowgleru
    2009-09-20 08:00 - 2009-09-20 08:00 - 0003125 _____ () C:\Users\Marcin\AppData\Roaming\ShoranJour.zcY
    2016-04-29 16:47 - 2016-04-29 16:46 - 0934400 _____ () C:\Users\Marcin\AppData\Roaming\Touchstring.exe
    2014-11-29 15:40 - 2014-11-29 15:40 - 0000326 _____ () C:\Users\Marcin\AppData\Roaming\uesdiww.ikdu
    2016-08-20 17:04 - 2016-08-20 17:04 - 0000250 _____ () C:\Users\Marcin\AppData\Roaming\vetches.zhh
    2016-05-11 15:47 - 2016-08-01 08:57 - 0000109 _____ () C:\Users\Marcin\AppData\Roaming\WB.CFG
    2016-08-30 13:10 - 2016-08-30 13:10 - 0007525 _____ () C:\Users\Marcin\AppData\Roaming\whjbgrj.ft
    2016-08-30 13:10 - 2016-08-30 13:10 - 0049672 _____ () C:\Users\Marcin\AppData\Roaming\xdgpubln.pp
    2016-08-30 13:10 - 2016-08-30 13:10 - 0007551 _____ () C:\Users\Marcin\AppData\Roaming\ycqrhkjh.utfm
    2014-11-29 15:40 - 2014-11-29 15:40 - 0000766 _____ () C:\Users\Marcin\AppData\Roaming\yojnvw.bcto
    2014-11-29 15:40 - 2014-11-29 15:40 - 0007886 _____ () C:\Users\Marcin\AppData\Roaming\yvpc.yf
    2014-05-20 17:35 - 2014-05-20 17:35 - 0016958 _____ () C:\Users\Marcin\AppData\Local\egbtsrn.kfry
    2014-11-29 15:40 - 2014-11-29 15:40 - 0010134 _____ () C:\Users\Marcin\AppData\Local\h.meh
    2016-09-24 10:58 - 2016-09-24 10:58 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • Pomocny post
    #6 26 Lis 2016 10:08
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #8 26 Lis 2016 10:45
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #9 26 Lis 2016 11:15
    UnSpec
    Poziom 5  

    Dzięki wielkie. Duże piwo dla ciebie ;)

    0