Wirus, spowolnienie systemu


(Agusia273) #1

Shortcut

http://www.wklej.org/id/1711964/

 

Addition

http://www.wklej.org/id/1711962/

 

FRST

http://www.wklej.org/id/1711961/

 

Co zrobić, krok po kroku?


(Acorus) #2

Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-507921405-861567501-682003330-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 - C:\WINDOWS\system32\msxml4.dll No File
HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16859136 2007-12-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [LanguageShortcut] = C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685query={searchTerms}invocationType=tb50-ie-winamp-chromesbox-en-ustb_uuid=20120207182509734tb_oid=07-02-2012tb_mrud=07-02-2012
SearchScopes: HKU\S-1-5-21-507921405-861567501-682003330-1003 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Toolbar: HKU\S-1-5-21-507921405-861567501-682003330-1003 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=0624D2FC-E8C2-439E-9B8A-C9A8A39AC4ECn=781a9d9cp2=^XN^xdm246^YYA^plsi=CH_WEAT_INTL_POL_45
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwdptb=0624D2FC-E8C2-439E-9B8A-C9A8A39AC4ECn=781a9d9cind=2015010204p2=^XN^xdm246^YYA^plsi=CH_WEAT_INTL_POL_45searchfor=
FF SearchPlugin: C:\Documents and Settings\Asus\Dane aplikacji\Mozilla\Firefox\Profiles\f3jsoy51.default\searchplugins\ask-web-search.xml [2015-01-02]
FF SearchPlugin: C:\Documents and Settings\Asus\Dane aplikacji\Mozilla\Firefox\Profiles\f3jsoy51.default\searchplugins\askcom.xml [2012-05-27]
FF SearchPlugin: C:\Documents and Settings\Asus\Dane aplikacji\Mozilla\Firefox\Profiles\f3jsoy51.default\searchplugins\MyStart Search.xml [2009-11-15]
CHR StartupUrls: Default - "hxxp://home.sweetim.com/?crg=3.1010000st=10barid={E1CAC3CA-BBC6-11E1-AFE8-001E8C52A815}"
CHR Plugin: (Java(TM) Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
S3 ASNDIS5; \\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 EverestDriver; \\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]
S4 IntelIde; No ImagePath
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 smserial; system32\DRIVERS\smserial.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U1 WS2IFSL; No ImagePath
2015-05-14 23:03 - 2015-05-14 23:03 - 00000000 ____ D () C:\Documents and Settings\Asus\Pulpit\FRST-OlderVersion
C:\Documents and Settings\Asus\DSC0121.EXE
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Agusia273) #3

Acorus

http://www.wklej.org/id/1712261/

dobrze?


(Acorus) #4

Pokaż nowy log z FRST bez Addition.


(Agusia273) #5

FRST

http://www.wklej.org/id/1712306/


(Acorus) #6

Otwórz notatnik systemowy i wklej:

CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-05-15 13:45 - 2015-05-15 13:49 - 00000000 ____ D () C:\AdwCleaner
C:\Documents and Settings\Asus\DSC0121.EXE
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Agusia273) #7

Fixlog

http://www.wklej.org/id/1712337/

 

FRST

http://www.wklej.org/id/1712339/


(Acorus) #8

Skasuj folder C:\FRST


(Agusia273) #9

 Skasowane.Czy jest jeszcze następna fixlista żeby system zaczął chodzić płynniej?


(Acorus) #10

Już nie.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/


(IPSEN) #11

Mogę Ci sprawdzić system  pod kątem aktywnego w tle oprogramowania

Uruchom autoruns  -http://technet.micro…s/autoruns-po skończonym skanie-File>save>plik-AutoRuns.arn- umieść na -http://sendfile.pl/- na forum podaj linka


(Agusia273) #12

http://sendfile.pl/pokaz/352857—0Mwj.html


(IPSEN) #13

Uruchom autoruns


(Agusia273) #14

W Autoruns jest zaznaczone Hide Empty Locations i Hide Windows Entries, to może to odznaczyć i wtedy wykonać skan?

 

Co zaznaczyc w CCleanerze żeby nie pousuwać nic ważnego?

 

http://sendfile.pl/pokaz/353269—JwZk.html - To są Print Screeny z Avasta, CCleanera i Autoruns i logi z Malwarebytes i Adwcleaner.

 

Najnowsze FRST http://www.wklej.org/id/1713147/

Addition http://www.wklej.org/id/1713150/

Shortcut http://www.wklej.org/id/1713152/


(IPSEN) #15

Jak system działa po odznaczeniu?


(Agusia273) #16

Może ktoś sprawdzić te screeny i logi z postu 14? Plus http://sendfile.pl/pokaz/354240—jZuw.html


(system) #17

Odinstaluj (usuń) Babylon Plugin z Google Chrome oraz jakieś “resztki” antywira ESET (vide msconfig i C:/Program Files/ESET), jeśli używasz stale Avasta.