Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej:
:OTL
@Alternate Data Stream - 1370 bytes -> C:\ProgramData\Microsoft:2R8ALQpNetVMVTF7JKO
@Alternate Data Stream - 1353 bytes -> C:\ProgramData\Microsoft:XoyFb5V5e5Y7w3HUBLbzzN
@Alternate Data Stream - 1334 bytes -> C:\Program Files\Common Files\System:HbgZcouLHx23wbB0gKgqFvdHeY
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E2FD3A86
@Alternate Data Stream - 1322 bytes -> C:\ProgramData\Microsoft:G566AYIfAXHcZqgEe4jU2VbCGtC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:638E6F6B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2F81CA2A
@Alternate Data Stream - 1266 bytes -> C:\ProgramData\Microsoft:8W4OkxAAXEZWNBUXb6MuWGyd8Qj
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1B7B8F31
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A73B0434
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DBD3ED65
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9A95B25B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2BE9FEFC
[2013-08-19 09:34:15 | 000,001,206 | ---- | C] () -- C:\Windows\SysWow64\20130819093415.torrent
[2013-08-19 09:34:15 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\20130819093415.torrent.filelist
[2013-08-12 00:45:42 | 000,001,206 | ---- | M] () -- C:\Windows\SysWow64\20130821194539.torrent
[2013-08-12 00:45:42 | 000,001,206 | ---- | M] () -- C:\Windows\SysWow64\20130819093415.torrent
[2013-08-21 19:45:39 | 000,000,118 | ---- | M] () -- C:\Windows\SysWow64\20130821194539.torrent.filelist
[2013-08-10 02:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl
[2013-08-12 21:55:02 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17e5942d-51a0-11de-ba62-001d60edd2ba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{26a55002-1770-11d6-aef9-001d60edd2ba}\Shell - "" = Autorun
O33 - MountPoints2\{26a55002-1770-11d6-aef9-001d60edd2ba}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\{32a1dbfe-a909-11df-9e7b-6cf049e6aa95}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL teaYoeW.Exe
O33 - MountPoints2\{39a58019-585c-11de-b342-001d60edd2ba}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O33 - MountPoints2\{69f355bf-bbd3-11df-a2cc-6cf049e6aa95}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{b869452d-2a8c-11de-80c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b869452d-2a8c-11de-80c5-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.yandex.ru/?clid=193834
CHR - plugin: Windows Presentation Foundation (Enabled) = t:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: SEOquake = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0\
CHR - Extension: Dokumenty Google = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search Tool = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpeeepmahhfjiediknjejcmcfmjcjdck\1.0.2_0\
CHR - Extension: Adblock Plus = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: Szukaj w Google = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SEO SERP Workbench = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl\1.0_0\
CHR - Extension: avast! Online Security = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Allegro.pl = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\liakokokgkngijngmfigcpooecchpbaj\1.0_0\
CHR - Extension: Skype Click to Call = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Lavasoft NewTab = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.10_0\
CHR - Extension: SEO SERP = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg\0.14.5_0\
CHR - Extension: Gmail = \Users\Maciekk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
:Commands
[emptytemp]
Kliknij Wykonaj skrypt daj log z usuwania
- Sprawdź co jest w tym katalogu, bo on mi się nie podoba:
C:\XELDZ
Przeskanuj również system programem Malwarebytes'Anti-Malware, wrzuć logi po przeskanowaniu.
Teraz zauważyłem, że ten ostatni boot_1 wygląda trochę inaczej...bo obciążenie procesora trwa krócej...za to dysk potem jest obciążony na max'a. A najbardziej czasochłonny proces to c:\$Mft.
Podejrzewam że może być to jakiś wirus, przeskanuj system tym co podałem powyżej.
Użytkownik Qauke edytował ten post 23 08 2013 - 09:16