Zamulony komputer

Dla specjalistów Bezpieczeństwo
#1

komputer jest dziwnie zamulony, otwiera się jakieś 3 minuty :frowning: daje logi z otl

 

otl - http://wklej.org/id/1396397/

 

extras - http://wklej.org/id/1396398/

#2

Odinstaluj pdfforge Toolbar v1.0,MediaBar.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

#3

log z usuwania AdwCleanerem - http://wklej.org/id/1396524/

reszta zaraz.

 

edit:

FRST - http://wklej.org/id/1396536/

Addition - http://wklej.org/id/1396535/

#4

Otwórz Notatnik i wklej:

Task: {2C8E4918-9BB2-4F1D-B68A-BA1B81B45BFE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-9153780-1574911002-847303337-1000UA = C:\Users\pl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07] (Facebook Inc.)
Task: {8BC291A4-8E6B-4CB9-AD76-97B23B041412} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-9153780-1574911002-847303337-1000Core = C:\Users\pl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-9153780-1574911002-847303337-1000Core.job = C:\Users\pl\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-9153780-1574911002-847303337-1000UA.job = C:\Users\pl\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {2557945f-7b6b-11dd-96e7-0015c58155f3} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {316a0706-8a8a-11e2-82f7-0015c58155f3} - G:\AutoRun.exe
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {4e8fe317-d82c-11dd-8754-0015c58155f3} - SA26XX_Installer.exe
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {7bc40deb-581a-11e2-81e6-00a0c6000000} - F:\AutoRun.exe /s
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {c6f35d0f-f000-11df-95c2-0015c58155f3} - rwhkne.cmd
HKU\S-1-5-21-9153780-1574911002-847303337-1000\...\MountPoints2: {dbe4c9a4-9b60-11dd-9981-0015c58155f3} - setup.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {93EAD6AC-309A-44E1-B015-E1D77DB72F1F} URL = http://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8type=971163p={searchTerms}
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 massfilter_lte; \\C:\Windows\system32\drivers\massfilter_lte.sys [X]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]
2014-06-19 20:29 - 2014-06-19 20:31 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

http://wklej.org/id/1397002/ - fixlog

 

coś jeszcze?