Witam,
zauważyłem, że wentylator ciągle chodzi i bateria szybko siada, patrze w procesy, a tam drugi explorer.exe który ciągle zużywa 50% procesora i po zamknięciu procesu automatycznie się włącza, próbowałem różne skany ale nic nie wykrywają, wydaje mi się, że może być to jakaś infekcja, miałem ostatnio dwa przypadki przy których mogłem coś złapać, pousuwałem wszystko co dałem radę ale mogło coś zostać,
proszę o sprawdzenie raportów z OTL:
Pobierz Farbar Recovery Scan Tool 64-Bit Version
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKLM\...\Run: [svchost] => regsvr32 /s "C:\Temp:10AF3ECB.dat"
HKU\S-1-5-21-2596120523-84357467-156198323-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-2596120523-84357467-156198323-1000\...\Run: [svchost] => regsvr32 /s "C:\Temp:10AF3ECB.dat"
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
C:\Program Files (x86)\Settings Manager
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\kamil i Ola\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.4.0.crx [2011-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lbkcehacngmiaiieaicloemllhdhobko] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha864\ch\WebexpEnhancedV1alpha864.crx [2014-05-31]
S2 SystemkService2; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [X]
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
C:\Users\kamil i Ola\AppData\Roaming\systweak
C:\Windows\system32\roboot64.exe
C:\Windows\system32\explorer.exe
C:\Temp
C:\Users\kamil i Ola\AppData\Local\Temp\*.exe
C:\Users\kamil i Ola\AppData\Local\Temp\*.dll
Task: {09E2E5D7-8F8D-4A86-8B00-A673A5F48EFF} - System32\Tasks\e-pity2013_kwiecien => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {0E2BD426-FDCE-4060-A952-6DFBEE7A5CD4} - System32\Tasks\{69561F7B-05B0-4A57-B6DE-798961CE0543} => E:\pobrane\photoshop cs5\keygen.exe
Task: {0EAE0BF3-F64B-4FD5-BD70-491DAD6DFEFF} - System32\Tasks\{DCC0541F-C147-4B62-A5DC-7B953C8843C3} => E:\pobrane\photoshop cs5\keygen.exe
Task: {136700A1-7EAC-4FAD-9688-B3E3003D5AC5} - System32\Tasks\{54980CE5-CB49-4AD7-BE97-8878FE2A68B6} => E:\pobrane\photoshop cs5\keygen.exe
Task: {17D45545-7D43-4A06-805C-444F3A358915} - System32\Tasks\{8591E75F-37B9-4FE2-91C1-31B8B2427B26} => D:\Gry\css\Counter Strike Source 2010\hl2.exe
Task: {2C286B2C-EDD0-4EA1-8689-577600A56B38} - System32\Tasks\{68DFE839-84A6-460C-84B0-CB14220B757E} => D:\Gry\S3 po zmroku\Game\Bin\Sims3Launcher.exe
Task: {33ACC6B5-8C33-4855-BAAD-D12D20F2A5CC} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {38FF2BFE-3058-497E-B065-034252A33B79} - System32\Tasks\{DAEBA27B-F5D8-46EC-AA8E-B5C0FE57D18E} => E:\pobrane\photoshop cs5\keygen.exe
Task: {3BB523B0-3D0D-441C-836F-0BB0AB64C134} - \AmiUpdXp No Task File <==== ATTENTION
Task: {4F8E9472-A1E4-4215-93B8-169108C9B6BC} - System32\Tasks\{21B0E7D5-DF74-4DF7-B776-5763CAE7350C} => D:\Gry\Anno 1701\Anno1701.exe
Task: {71699DBD-3147-4D26-BD69-01A1AA7DD36D} - System32\Tasks\{0BB459F3-7902-4F8D-A2D6-DBECC4CCF3F4} => E:\pobrane\photoshop cs5\keygen.exe
Task: {72C573DF-9D20-4E7C-8406-2A99BD630A0C} - System32\Tasks\{DD81D29B-ECF2-4B35-A957-DD514AE23060} => E:\pobrane\photoshop cs5\keygen.exe
Task: {8AC333E6-13BD-46D8-B696-64BC4566A25E} - System32\Tasks\{959681D7-36A9-43E1-9FB4-C8805FA23FF4} => D:\Gry\Anno 1701\Anno1701.exe
Task: {8D7C75A8-4F98-42B7-B988-2D4081D4438D} - System32\Tasks\{7EE31B33-20CC-4DCE-AB27-BB6C16C9C0B7} => E:\pobrane\photoshop cs5\keygen.exe
Task: {8F4B0B2F-4971-4CE1-B7E8-3DC4DABAFFCA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{6F7C7B9D-5514-4B9B-A266-9CF798FF9CEE}.exe
Task: {9542799C-365B-4844-AF92-9CF13AE1C70C} - System32\Tasks\{3A207A95-F04D-41F2-8D7C-97C72F3E134D} => D:\Gry\Anno 1701\Anno1701.exe
Task: {97C6213B-AA61-433A-9350-44839F89D62E} - System32\Tasks\e-pity2013_styczen => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {9D75662B-B074-42E8-AFC3-5AF4E41F0F34} - System32\Tasks\{EF0CA62E-BCD9-4703-AC6D-8CA889BC5EC6} => D:\Gry\Risen 2 Dark Waters\system\Risen2.exe
Task: {C53DA2E3-3E18-448B-90CB-2AADE23CDAB7} - System32\Tasks\Launch HTC Sync Loader => D:\Programy\HTC sync\htcUPCTLoader.exe
Task: {D3599CB5-F2B0-438D-A50A-D69964FDEFA4} - System32\Tasks\{52916F64-343E-45AD-BE2B-947E2497350E} => D:\Gry\Sims 3\Game\Bin\TS3.exe
Task: {E10BDB8B-BB9E-4DD5-A7F1-E422E77AEC74} - System32\Tasks\{71F5BC42-7EE0-4908-A084-F076F949A7AF} => D:\Gry\Anno 1701\Anno1701.exe
Task: {E40F059B-3091-4034-9B33-3FCD15F19D52} - System32\Tasks\{C639BCF9-38CC-404A-B8B0-16A7D8787D97} => D:\Gry\Sims 3\Game\Bin\TS3.exe
Task: {E77D3549-9802-4D51-8B41-20213A02CF82} - System32\Tasks\{FB931043-DF82-4253-85CD-CD886104753D} => D:\Gry\Anno 1701\Anno1701.exe
Task: {FC44400B-58D1-41A5-A736-79A0A4B6AE42} - System32\Tasks\{15089C6C-EEBA-4044-BDB6-C3881933964F} => D:\Gry\sims3\Game\Bin\TS3.exe
Task: {FF11D1CC-D0C1-4FB6-9DB2-DD9F5C29A3C8} - System32\Tasks\{961162EB-DF3E-4565-96A3-3F30D236087A} => E:\pobrane\photoshop cs5\keygen.exe
Task: {FF1E14EA-9746-4684-804A-C8449F94E619} - \BitGuard No Task File <==== ATTENTION
AlternateDataStreams: C:\Temp:10AF3ECB.dat
AlternateDataStreams: C:\Temp:list3
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:pidG
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
Reboot:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKLM\...\Run: [svchost] => regsvr32 /s "C:\Temp:10AF3ECB.dat"
HKU\S-1-5-21-2596120523-84357467-156198323-1000\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-2596120523-84357467-156198323-1000\...\Run: [svchost] => regsvr32 /s "C:\Temp:10AF3ECB.dat"
S3 AVG Security Toolbar Service; D:\Programy\AVg\Toolbar\ToolbarBroker.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
C:\Temp
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Skasuj folder C:\FRST i C:\AdwCleaner
Pobierz TFC - Temp File Cleaner Uruchom TFC i kliknij Start.
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Odinstaluj:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Java 7 Update 45
Java 6 Update 22
Java 6 Update 30
JavaFX 2.1.0
Microsoft Silverlight
Zainstaluj:
Flash Player 13.0.0.214 Internet Explorer i Plugin-based browsers
Service Pack 1 x64 (903.2 MB)
Ok, wszystko zrobione,
wiesz skąd się wziął problem? jakieś ekstra zalecenia?
Podobno to jest nowy wirus z Facebooka, więc uważaj w jakie linki klikasz:
Wielkie dzięki za poświęcony czas i rozwiązanie problemu
pozdrawiam
