Wiele wirusów niepoprawne działanie laptopa


(Piterm9l) #1

Lekko opiszę laptop chodzi jakby cały czas miał 100% ramu i cpu wzięte grzeje się często przegrzewa

Addition

http://www.wklej.org/id/1623612/

FRST

http://www.wklej.org/id/1623613/

Shortcut

http://www.wklej.org/id/1623614/

 

Avast Skan z uruchomienia - nie jestem w stanie go dokończyć przegrzanie następnie wyłączenie kompa

 

Niżej screen nie da się tego usunąć i innych też nie podobnie jak ten w appdata

 

Proszę o pomoc.

post-273405-0-33079500-1423050350_thumb.


(Acorus) #2

Odinstaluj Foxtab,Pokki.Otwórz notatnik systemowy i wklej:

Task: {2C3D8FCD-B904-4FB5-8DF6-E026FA1B41CE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1426906811-1819398103-3528196884-1001Core = C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-18] (Facebook Inc.)
Task: {AAABBABB-C9D7-4DF3-86C2-FE0BB73DD1A1} - System32\Tasks\DealPly = C:\Users\HP\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: {BD7895E7-4E63-45E9-836D-40065C3F84D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1426906811-1819398103-3528196884-1001UA = C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-18] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426906811-1819398103-3528196884-1001Core.job = C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426906811-1819398103-3528196884-1001UA.job = C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [tuto4pc_pl_8] = [X]
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-1426906811-1819398103-3528196884-1001\...\Run: [Facebook Update] = C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-18] (Facebook Inc.)
HKU\S-1-5-21-1426906811-1819398103-3528196884-1001\...\Run: [Pokki] = "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1426906811-1819398103-3528196884-1001\...\RunOnce: [Application Restart #1] = C:\Users\HP\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phi (the data entry has 534 more characters).
HKU\S-1-5-21-1426906811-1819398103-3528196884-1001\...\RunOnce: [Application Restart #0] = C:\Users\HP\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phi (the data entry has 534 more characters).
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM - {53C594BD-5FB5-4C07-B2F2-2BAD58D640EB} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=101systemid=488v=a13277-384apn_uid=3141894418634645apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM-x32 - {53C594BD-5FB5-4C07-B2F2-2BAD58D640EB} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=101systemid=488v=a13277-384apn_uid=3141894418634645apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.uri.pl/search.php?i=ychbq={searchTerms}
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.uri.pl/search.php?i=ychbq={searchTerms}
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}affID=119357babsrc=SP_ssmntrId=E2E020107A6DD37A
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {53C594BD-5FB5-4C07-B2F2-2BAD58D640EB} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=101systemid=488v=a13277-384apn_uid=3141894418634645apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - {decabc4f-3db2-4891-8ea8-481dd7f8a09c} URL = http://search.uri.pl/search.php?i=ychbq={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-1426906811-1819398103-3528196884-1001 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Uri.pl
FF Homepage: hxxp://uri.pl/?i=ychb
FF Keyword.URL: hxxp://search.uri.pl/search.php?i=ychbq=
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aswbzfbw.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Search - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aswbzfbw.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1666} [2013-09-21]
FF Extension: Foxtab Speed Dial - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aswbzfbw.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]
FF HKU\S-1-5-21-1426906811-1819398103-3528196884-1001\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files (x86)\Lyrmix\FF
CHR HomePage: Default - hxxp://www.search.ask.com/?o=APN11459gct=hpd=488-101v=a13277-384t=4
CHR StartupUrls: Default - "hxxp://www.search.ask.com/?o=APN11459gct=hpd=488-101v=a13277-384t=4"
CHR DefaultSearchURL: Default - http://dts.search.ask.com/sr?src=crbgct=dsappid=101systemid=488v=a13277-384apn_uid=3141894418634645apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [jofdlbdmefjogcipddjnblinigmpagoj] - C:\Program Files (x86)\Lyrmix\Chrome.crx [Not Found]
2013-11-10 16:39 - 2014-12-14 02:50 - 0000005 _____ () C:\Program Files (x86)\is.dat
2013-11-10 16:39 - 2013-11-10 16:39 - 0016384 _____ () C:\Program Files (x86)\uik.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Piterm9l) #3

Wszystko zrobione polecane jest zrobić coś jeszcze ?

Z góry dziękuje


(Acorus) #4

Skasuj folder C:\FRST

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe


(Piterm9l) #5

Zrobione prócz skanu 5 minuta skanowanie systemu plików. Pytanie zostawić avasta usunąć po tym malwarebytes ? Czy coś jeszcze ?


(Acorus) #6

Antywirus powinien zostać.Malwarebytes coś znalazł?


(Piterm9l) #7

4 wirusy usunięte na ten moment jakies nieznaczące śmieci. Więc wielkie dzięki