Podejrzenie wirusów. Wolny komputer


(siemniaq) #1

Witam,

mój laptop zaczął ostatnio wolno chodzić. Proszę o sprawdzenie logów i pomoc.

FRST:
http://wklejto.pl/319539
Addition:
http://www.wklejto.pl/319540


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3DF9EEAB-5632-4FA5-A50B-348D92A6E688} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3258694807-492356629-3008687399-1001 -> {3DF9EEAB-5632-4FA5-A50B-348D92A6E688} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3258694807-492356629-3008687399-1001 -> {8BA3BB3D-BFED-41F3-807B-82018A36E5D3} URL = hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=C011PL1045D20160215&p={searchTerms}
BHO: Brak nazwy -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku
CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=C211PL1045D20160215&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-3258694807-492356629-3008687399-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footblue\Application\chrome.exe <==== UWAGA
R2 FootblueP; C:\ProgramData\Footblue\Footblue.exe [366464 2016-05-19] ()
S2 FootblueU; C:\Program Files (x86)\Footblue\Update\FootblueUpdate.exe [492416 2016-05-19] ()
2015-11-25 18:14 - 2016-01-08 12:43 - 000000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\Footblue
C:\Program Files (x86)\Footblue
HKU\S-1-5-21-3258694807-492356629-3008687399-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Footblue\Application\chrome.exe" "%1" <==== UWAGA
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> Brak pliku
ContextMenuHandlers1: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> Brak pliku
ContextMenuHandlers4: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} =>  -> Brak pliku
Task: {2BBE529B-0861-430A-A154-9B479AB4F8AE} - System32\Tasks\FootblueUpdateTaskMachineUA => C:\Program Files (x86)\Footblue\Update\FootblueUpdate.exe [2016-05-19] () <==== UWAGA
Task: {6DB5BCD6-6255-4E39-ADA7-883A4F4C69FD} - System32\Tasks\FootblueUpdateTaskMachineCore => C:\Program Files (x86)\Footblue\Update\FootblueUpdate.exe [2016-05-19] () <==== UWAGA
ShortcutWithArgument: C:\Users\Magda K\Desktop\Files\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1001018/MTE3NjYvLy8xMDAxMDE4/ --start-fullscreen
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.


(siemniaq) #3

Raport fixlog:
http://www.wklejto.pl/320664

Nowy FRST:
http://www.wklejto.pl/320665