Mogę mieć jakąś "infekcję"?


(system) #1

Witam, 

posiadam Windows 7 64-bitowy. Niejednokrotnie mi się zdarzało, że niechciane oprogramowania mi się instalowały przy okazji pobierania jakichś programów (np. w wyszukiwarce czy pasku zadań), itd., ale zawsze udawało mi się tego "pozbywać". Jednak martwię się, bo ostatnio czyściłam laptopa z powodu częstego przegrzewania się. Jedynie w tym mi pomogło, bo zdarza się, że komputer strasznie wolno działa, a dbam o niego. Robię skany Avastem, używam CCleanera. 

Czy da się jakoś sprawdzić czy i co jest nie tak z komputerem? Wcale taki stary nie jest. Posiadam go 2 lata. 


(Acorus) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/


(system) #3

Dziękuję. :wink:

=====

  1. Addition: http://www.wklej.org/id/1741975/

  2. FRST: http://www.wklej.org/id/1741977/

  3. Shortcut: http://www.wklej.org/id/1741978/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {05C1EAFA-7AEB-4171-8860-B3362C6073BA} - System32\Tasks\SPBIW_UpdateTask_Time_3134303835383633342d785b233457414a45415a506c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {104531BC-172E-4AAE-AB88-2243925AF5DF} - System32\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7 => C:\Program Files (x86)\iWebar\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7.exe <==== ATTENTION
Task: {1050292C-2C16-4F98-ADA6-23129631E482} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-18] (globalUpdate) <==== ATTENTION
Task: {429947A1-951C-482D-BE3A-602A3A3043DF} - System32\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6 => C:\Program Files (x86)\iWebar\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6.exe <==== ATTENTION
Task: {453E0B31-C7BA-493C-9809-69772E4721F1} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-06-18] (Goobzo) <==== ATTENTION
Task: {CC270545-B262-46A2-82E0-492C84C4BAFB} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-18] (globalUpdate) <==== ATTENTION
Task: C:\Windows\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6.job => C:\Program Files (x86)\iWebar\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7.job => C:\Program Files (x86)\iWebar\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3196533233-3310026838-381695646-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3196533233-3310026838-381695646-1000] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-18] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-18] (globalUpdate) [File not signed] <==== ATTENTION
S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-06-18] ()
R2 SPDRIVER_1.42.1.1987; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1987\jsdrv.sys [52376 2015-06-18] ()
S3 WinRing0_1_2_0; \\C:\Program Files (x86)\KarmimyPL\PCAnalyzer.sys [X]
2015-06-18 20:12 - 2015-06-18 20:12 - 00000000 __SHD C:\found.004
2015-06-18 20:05 - 2015-06-19 13:18 - 00005832 _____ C:\Windows\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6.job
2015-06-18 20:05 - 2015-06-19 10:40 - 00005488 _____ C:\Windows\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7.job
2015-06-18 20:05 - 2015-06-19 10:40 - 00000898 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-18 20:05 - 2015-06-18 20:33 - 00000000 ____ D C:\Program Files (x86)\iWebar
2015-06-18 20:05 - 2015-06-18 20:14 - 00000902 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-18 20:05 - 2015-06-18 20:05 - 00008860 _____ C:\Windows\System32\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-6
2015-06-18 20:05 - 2015-06-18 20:05 - 00008518 _____ C:\Windows\System32\Tasks\6ed7a8f6-7fb0-4197-b220-c1fdc7290e31-7
2015-06-18 20:05 - 2015-06-18 20:05 - 00003900 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-06-18 20:05 - 2015-06-18 20:05 - 00003646 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-06-18 20:05 - 2015-06-18 20:05 - 00000000 ____ D C:\Users\Paula\AppData\Local\globalUpdate
2015-06-18 20:05 - 2015-06-18 20:05 - 00000000 ____ D C:\Program Files (x86)\globalUpdate
2015-06-18 20:05 - 2015-06-18 20:05 - 00000000 ____ D C:\Program Files (x86)\a4356950-3caf-476e-9f0e-92c8fbcdda96
2015-06-18 20:04 - 2015-06-18 20:42 - 00000000 ____ D C:\Program Files (x86)\ShopperPro
2015-06-18 20:04 - 2015-06-18 20:29 - 00000000 ____ D C:\Program Files\Common Files\ShopperPro
2015-06-18 20:04 - 2015-06-18 20:04 - 00004246 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3134303835383633342d785b233457414a45415a506c
2015-06-18 20:04 - 2015-06-18 20:04 - 00003580 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-06-18 20:04 - 2015-06-18 20:04 - 00003280 _____ C:\Windows\System32\Tasks\Chromium
2015-06-18 20:04 - 2015-06-18 20:04 - 00000000 ____ D C:\ProgramData\ShopperPro
2015-06-18 19:57 - 2015-06-18 20:34 - 00000000 ____ D C:\Program Files (x86)\YouTube Accelerator
2015-06-18 19:57 - 2015-06-18 19:57 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2015-06-18 19:51 - 2015-06-18 19:51 - 00000000 ____ D C:\Users\Paula\AppData\Local\CrashRpt
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/


(system) #5

Dzięki. Wydaje mi się, że lepiej już chodzi. Można zamknąć temat. :slight_smile:


(Acorus) #6

Skasuj folder C:\FRST