Kilka procesów explorer.exe

Od kilku dni avast monituje że wykrył zagrożenie URL:Mal  w procesie C:\Windows\Explorer.EXE, komputer  wolno się uruchamia i pożera 100% CPU i  menedżer zadań wyświetla kilka procesów (czasami jest 9 i więcej)

 

Zrzut ekranu  http://ifotos.pl/z/wpqhxwp

   

OTL Extras  http://wklej.org/id/1522282/

 

OTL              http://wklej.org/id/1522283/

 

FRST            http://wklej.org/id/1522582/

 

Proszę o sprawdzenie  logów

Brak loga Addition .txt

Brakujący log   Addition .txt   http://wklej.org/id/1522625/

Odinstaluj Spybot - Search & Destroy.Otwórz Notatnik i wklej:

Task: {5A17A2B8-DA6D-4AE6-92ED-0C0A09DC15FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files\Spybot - Search amp; Destroy 2\SDScan.exe
Task: {82BFE7D3-4893-4B27-B4C8-91809145F248} - \Driver Booster SkipUAC (Marek) No Task File ==== ATTENTION
Task: {9F194F1A-8707-4884-898B-B97EAE1FA471} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files\Spybot - Search amp; Destroy 2\SDImmunize.exe
Task: {C56ADF2C-9D2B-4099-B662-173D8C5B1AFD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files\Spybot - Search amp; Destroy 2\SDUpdate.exe
HKU\S-1-5-21-2492854410-2888858846-3585127220-1000\...\Run: [YwzwPack] = regsvr32.exe C:\Users\Marek\AppData\Local\YwzwPack\LanServices.dll ===== ATTENTION
HKU\S-1-5-21-2492854410-2888858846-3585127220-1000\...\Run: [RegisterIEPKEYs] = "C:\Users\Marek\AppData\Roaming\Microsoft\Windows\IEUpdate\RegisterIEPKEYs.exe"
HKU\S-1-5-21-2492854410-2888858846-3585127220-1000\...\Policies\Explorer: [Run] "C:\Users\Marek\AppData\Roaming\Microsoft\Windows\IEUpdate\RegisterIEPKEYs.exe"
HKU\S-1-5-21-2492854410-2888858846-3585127220-1000\...\Command Processor: "C:\Users\Marek\AppData\Roaming\Microsoft\Windows\IEUpdate\RegisterIEPKEYs.exe" ===== ATTENTION!
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegisterIEPKEYs.lnk
ShortcutTarget: RegisterIEPKEYs.lnk - C:\Users\Marek\AppData\Roaming\Microsoft\Windows\IEUpdate\RegisterIEPKEYs.exe (No File)
BootExecute: autocheck autochk * sdnclean.exeaswBoot.exe /M:20eb15d20 /dir:C:\Program
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-2492854410-2888858846-3585127220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=ctid=CT3326235octid=EB_ORIGINAL_CTIDISID=MC9693818-A35B-4D10-9A28-B048CC563C19SearchSource=58CUI=UM=6UP=SP01EC0187-8A31-4297-A332-EBF6B597556Dq={searchTerms}SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=ctid=CT3326235octid=EB_ORIGINAL_CTIDISID=MC9693818-A35B-4D10-9A28-B048CC563C19SearchSource=58CUI=UM=6UP=SP01EC0187-8A31-4297-A332-EBF6B597556Dq={searchTerms}SSPV=
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=ctid=CT3326235octid=EB_ORIGINAL_CTIDISID=MC9693818-A35B-4D10-9A28-B048CC563C19SearchSource=55CUI=UM=6UP=SP01EC0187-8A31-4297-A332-EBF6B597556DSSPV=
FF SearchPlugin: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\nzjw6ayy.default\searchplugins\trovi-search.xml
CHR StartupUrls: Default - "hxxp://www.trovi.com/?gd=ctid=CT3326235octid=EB_ORIGINAL_CTIDISID=MC9693818-A35B-4D10-9A28-B048CC563C19SearchSource=55CUI=UM=6UP=SP01EC0187-8A31-4297-A332-EBF6B597556DSSPV="
CHR DefaultSuggestURL: Default - http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
S2 SDScannerService; C:\Program Files\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 catchme; \\C:\Users\Marek\AppData\Local\Temp\catchme.sys [X]
2014-11-12 11:02 - 2014-11-12 11:02 - 00002095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-SD Start Center.lnk
2014-11-12 11:02 - 2014-11-12 11:02 - 00002083 _____ () C:\Users\Public\Desktop\Spybot-SD Start Center.lnk
2014-11-12 11:02 - 2014-11-12 11:02 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search Destroy 2
2014-11-12 11:01 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-11-12 10:55 - 2014-11-12 10:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Marek\Downloads\spybot-2.4.exe
2014-11-09 16:04 - 2014-11-10 08:56 - 00000000 ____ D () C:\Users\Marek\AppData\Roaming\Systweak
2014-11-09 16:04 - 2014-08-05 19:14 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-10-30 08:55 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-30 08:55 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-30 08:55 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-30 08:55 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-30 08:55 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-30 08:55 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-30 08:55 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-30 08:55 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-30 08:54 - 2014-11-14 11:19 - 00000000 ____ D () C:\Qoobox
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Log   z  fixa    http://wklej.org/id/1523666/

Skasuj folder C:\FRST.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

WYkonałem skanowanie  Malwarebytes Anti-Malware ale log gdzieś zniknął inie moge znaleść. Usunieta zostały dwa grożne pliki. 

Avast dalej szaleje i explorer.Exe jest kilka (7)

Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl