Zawieszanie komputera, podejrzenie wirusa

[kasiamilion]

Witam !

Kolega poprosil mnie o rozwiazanie problemu z komputerem stacjonarnym.
System sie zawiesza, dziala wolno, podejrzenie wirusa.

Podczas pracy Internet Explorer strony zamarzaja, dzialaja wolno, przywieszaja sie uniemoziwiajac wpisanie frazy np YT.

Komputer stacjonarny
Athlon AMD II X2  2,7 Ghz
Ram 2,0 Gb
System: Windows 7 64 bit

 

Ponizej logi.

 

Dziekuje.

Addition.txt

Extras.Txt

FRST.txt

OTL.Txt

[picasso]

Owszem, jest adware (przede wszystkim Webexp Enhanced) i nie wykluczone, że tworzy problemy. Alejest też stary Avast. Od razu będą usuwać szczątki Firefox i Google Chrome. Przeprowadź następujące akcje:

 

1. Otwórz Notatnik i wklej w nim:

 

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120118160449620&tb_oid=18-01-2012&tb_mrud=18-01-2012
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120118160449620&tb_oid=18-01-2012&tb_mrud=18-01-2012
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=F60D5DDC-B0C1-40FD-A883-0D914B66EFF6&apn_sauid=908A4698-7473-4E9B-B92D-BBA7C1403E9A
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119828&tt=gc_&babsrc=SP_ss&mntrId=1E34008EF2751C5A
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=F60D5DDC-B0C1-40FD-A883-0D914B66EFF6&apn_sauid=908A4698-7473-4E9B-B92D-BBA7C1403E9A
SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e3437550000000000009444527cbd0b&tlver=1.4.19.19&affID=17160
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {EA7DE890-7026-4544-8DAA-BE70D1009E57} URL = http://comprendo.info/search?query={searchTerms}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120118160449620&tb_oid=18-01-2012&tb_mrud=18-01-2012
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Webexp Enhanced - {f345b0ab-9b1a-4b78-b212-9f87ffd1d595} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha952\ie\WebexpEnhancedV1alpha952.dll ()
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Task: {20839C14-04F4-46E3-8A5B-D4916E7A8D96} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2018663396-3959975864-1223747117-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {43722F2C-A280-41FD-B08F-0323C7628BE6} - System32\Tasks\AmiUpdXp => C:\Users\mlody.mlody-HP\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.)
Task: {68556564-CE7C-4B3D-9927-D9B0CFC4D666} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2018663396-3959975864-1223747117-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6E6F6561-7AF3-4C57-A02D-1174EA853182} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E2D3A848-943E-4AEA-9B9F-891D5AA134D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\mlody.mlody-HP\AppData\Local\SwvUpdater\Updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\...\Run: [FullScreen] - C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [Nokia FastStart] - "C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Run: [badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.30.1002\Badoo.Desktop.exe
S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]
C:\Firefox
C:\Program Files (x86)\mozilla firefox
C:\Users\mlody.mlody-HP\AppData\Local\Google
C:\Users\mlody.mlody-HP\AppData\Roaming\_MDLogs
C:\Users\mlody.mlody-HP\AppData\Roaming\Babylon
C:\Users\mlody.mlody-HP\AppData\Roaming\mozilla
C:\Users\Public\AlexaNSISPlugin.14656.dll
Reg: reg delete HKCU\Software\Classes\.exe /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks /v {E54729E8-BB3D-4270-9D49-7389EA579090} /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktop /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktopChanges /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System /v HideFastUserSwitching /f
Reg: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" /f
Reg: reg delete "HKCU\Software\Policies\Microsoft\Internet Explorer" /f
Reg: reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer" /f
Reg: reg delete "HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer" /f
Reg: reg delete "HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer" /f

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt.

 

2. Przez Panel sterowania odinstaluj Magic Desktop (EasyBits), PricePeep for Internet Explorer, Software Version Updater, Webexp Enhanced, Yahoo! Detect oraz wszystkie stare Java™ 6 i przeterminowany Avast. OpenOffice.org 3.3 musi być po prostu zaktualizowany, by współpracować z najnowszą Java. Jeśli będzie problem z deinstalacją Java, skorzystaj z alternatywnych deinstalatorów: KLIK.

 

3. Uruchom to narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście Google Update Helper > Dalej.

 

4. Uruchom AdwCleaner. Zastosuj Szukaj, a po tym Usuń. Powstanie folder C:\AdwCleaner z raportem z usuwania.

 

5. Uruchom TFC - Temp Cleaner.

 

6. Zrób nowy skan FRST (bez Addition). Dołącz plik fixlog.txt i log AdwCleaner. Wypowiedz się czy są jakieś zmiany.

 

 

 

.