Wygląda na infekcje
Backdoorem Tofsee.F
W trybie awaryjnym z tego samego konta w własne opcje skanowania skrypt wklej i wykonaj:
Kod:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=FUJITSU_MHW2080BH_NZ2RT73299T2T73299T2X&ts=1351974216
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=FUJITSU_MHW2080BH_NZ2RT73299T2T73299T2X&ts=1351974216
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=FUJITSU_MHW2080BH_NZ2RT73299T2T73299T2X&ts=1351974216
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=vlt&from=vlt&uid=FUJITSU_MHW2080BH_NZ2RT73299T2T73299T2X&ts=1351974216
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:File not found
[2012-11-03 21:23:40 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
O4 - HKCU..\Run: []File not found
O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" File not found
O4 - HKCU..\Run: [MSConfig] C:\Users\Kicia\hhqpbnac.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
:Files
C:\Users\Kicia\hhqpbnac.exe
:Commands
[EMPTYTEMP]
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
i uruchom
AdwCleanerz opcji
Delete .
Przedstaw raport z wykonania
OTLi
AdwCleaner
Zainstaluj
[Aby zobaczyć linki, zarejestruj się tutaj]
do najnowszej wersji,lub ją odinstaluj jeśli nie używasz.
Zainstaluj jakieś darmowe oprogramowanie zabezpieczające,choćby
Avast 8