Uproszczony chiński jako drugi język klawiatury - niewiadomo skąd


(Gzplus59oj) #1

Oto zagadka:


(Atis) #2

Nie widać infekcji. Odinstaluj Spybot - Search and Destroy.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3063686766-2274601068-349923162-1000\...\Run: [DIMPobieranie aktualizacji...1371248923524] => "c:\Program Files\Corel\CorelDRAW Graphics Suite X6\PHOTO-PAINT\DIM.exe" "c:\programdata\corel\downloads\540240626_210010\1371248923524\dim_params.xml" -Launch=3 -uibase="c:\users\mrowa\appdata\roamin (the data entry has 60 more characters).
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-3063686766-2274601068-349923162-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 ALSysIO; \??\C:\Users\Mrowa\AppData\Local\Temp\ALSysIO64.sys [X]
2014-06-16 14:50 - 2014-06-16 14:50 - 0000032 RSHOT () C:\Users\Mrowa\AppData\Local\t70rc.dat
C:\Users\Mrowa\test.exe
Task: {024F9895-AF8C-4189-9C60-789C35225F4C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {62027F66-8D16-4600-A166-D2C2FC5B541A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {86E4529D-F5D4-4BAB-9A6F-63950134B062} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {97DBC292-CCD5-4755-B93D-C63FB976727F} - System32\Tasks\{1F54D2D5-D105-4249-844A-C0D738A4ABA0} => pcalua.exe -a C:\Users\Mrowa\Downloads\rmclock_235_bin.exe -d C:\Users\Mrowa\Downloads
Task: {A100C742-8B86-43F7-AB04-34E91D2E6612} - System32\Tasks\{8EA66726-FDC9-465C-BE8E-38C223E18648} => C:\Users\Mrowa\Downloads\winfract-20.04p12\winfract-20.04p12\WINFRACT.EXE
Task: {A86E5EE5-5298-44D9-A52F-E5C4DE039D6A} - System32\Tasks\{A3981F0D-D744-49D3-AE9E-EBA3E209C5C2} => C:\Users\Mrowa\Downloads\winfract-20.04p12\winfract-20.04p12\WINFRACT.EXE
Task: {D58747E9-1036-4D26-BC2E-F3333A6AA39F} - System32\Tasks\{28582C6D-E536-4329-B232-2DE0FE600E83} => C:\Users\Mrowa\Downloads\winfract-20.04p12\winfract-20.04p12\WINFRACT.EXE
Task: {D93AF299-FA82-4206-B360-A26732D5D56A} - System32\Tasks\{847A2C99-7126-4D43-85FF-C8DF44432E52} => pcalua.exe -a C:\Users\Mrowa\Downloads\cayp21ww.exe -d C:\Users\Mrowa\Downloads
Task: {DA12C443-6A9C-4C9E-BF9B-8EB5D632FAAF} - System32\Tasks\CrystalDiskInfo => C:\instalki\CrystalDiskInfo5_4_2\DiskInfo.exe [2013-03-06] (Crystal Dew World)
Task: {DDA3B87A-8467-46BF-9A54-BA2C059FFA82} - System32\Tasks\{938F36B5-9AB2-498B-8D29-F5FD1F607396} => pcalua.exe -a C:\Windows\SysWOW64\PenTablet.cpl
Task: {E40A6701-9AC0-4E78-BAC3-47A556D42DA5} - System32\Tasks\{BD0DA7D8-D36D-4E27-9CFA-1E0FF93788EA} => C:\Users\Mrowa\Downloads\winfract-20.04p12\winfract-20.04p12\WINFRACT.EXE
EmptyTemp:

Uruchom FRST i kliknij Fix. Później skasuj folder C:\FRST


(Gzplus59oj) #3

Zrobiłam ten manewr, co teraz?