Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Hp, Windows Vista - Długo się uruchamia; bardzo się muli

11 Lip 2013 20:26 4410 9
  • Moderator - Komputery Serwis
    Wykonaj skanowanie przy pomocy Malwarebytes-"pełne skanowanie".
    Zamieść logi.
    Następnie czyszczenie rejestru CCleaner-em.
    Daj screena z Crystal Disk Info.
  • Spec od komputerów
    Jeden antywirus wystarczy, nie trzeba instalowac paru.

    Odinstaluj:
    BrowserDefender
    Complitly
    Ask Toolbar
    SweetIM Toolbar for Internet Explorer 4.2
    SweetIM for Messenger 3.6
    avast! Free Antivirus
    AVG Security Toolbar
    Claro toolbar
    DAEMON Tools Toolbar
    Delta toolbar
    Wise Registry Cleaner 7.71
    WinZipper, do pakowania/rozpakowywania mozesz uzyc darmowego 7-Zip:
    http://downloads.sourceforge.net/sevenzip/7z920.msi

    W przyszlosci uwazaj przy instalacji i nie instaluj dodatkow typu paski (toolbar), wyszukiwarki itp. Zawsze trzeba wybierac instalacje zaawansowana i sprawdzac co dokladnie sie instaluje.

    Uzyj AdwCleaner, opcja Delete.

    Zrob skan przy pomocy mbam.

    Po wykonaniu daj nowy log z OTL ze skanowania.
  • Poziom 8  
    Dziekuje wszystkie wskazówki!!! Zrobiłam pełne skanowanie poniżej wklejam logi. Wyczyściłam rejestr CCleaner-em, odinstalowałam podane programy i zanmierzam robić następne wskazówki. W międzyczasie mam jednak pytanie czy mam usunąć tylko zaznaczone przez mbam wirusy czy reszte też(sreean1).
  • Spec od komputerów
    Prosilem o nowy log z OTL. Usun to co wykryl mbam.
  • Spec od komputerów
    Dlaczego nie uzylas AdwCleaner, opcja Delete? Czy tym razem mozesz go uzyc PRZED wykonaniem skryptu?

    Do tego nadal widze w logu Avast.

    Odinstaluj:
    Google Toolbar
    Avast

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2013-07-10 17:16:35 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eSafeSvc.exe
    PRC - [2013-06-27 01:59:19 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013-06-27 01:59:18 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    PRC - [2012-06-21 02:43:29 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe
    SRV - [2013-07-10 17:16:35 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eSafeSvc.exe -- (WsysSvc)
    SRV - [2013-06-27 01:59:18 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2626277
    IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={BC87040D-00EF-11E1-9F02-001B2485682B}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=28FE001A73A82909&affID=119357&tsp=4931
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GL&apn_dtid=&apn_uid=D3456F62-AF63-4CAD-A1EC-AF60E16A3EA1&apn_sauid=D5BC03DF-FE26-46EA-8C10-2DCA6319DDB1
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A5A69AB4-C0CE-44A7-9962-7B5316A12293}&mid=16cc3ef02e1347d0a1b4d152626181d8-db280a75647bb48f9fad4af51c73168cc9bba499&lang=pl&ds=xn011&pr=sa&d=2012-09-06 12:52:16&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2626277
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={BC87040D-00EF-11E1-9F02-001B2485682B}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
    [2013-06-07 22:14:48 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\swafju3w.default\Extensions\addon@dealplyshopping.com
    [2013-07-02 23:24:41 | 000,006,505 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\babylon.xml
    [2013-04-11 02:45:21 | 000,001,300 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\claro.xml
    [2013-07-02 23:25:21 | 000,001,294 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\delta.xml
    [2008-01-26 23:56:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013-05-20 17:59:09 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2013-07-10 17:01:34 | 000,000,733 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
    O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
    O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funw...-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.5.1)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
    [2013-07-10 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\WinZipper
    [2013-07-10 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
    [2013-07-10 17:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
    [2013-07-10 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Desk 365
    [2013-07-10 17:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Desk 365
    [2013-07-10 16:59:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\eIntaller
    [2013-07-02 23:25:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I
    [2013-07-12 17:41:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2013-07-12 17:41:46 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Kxgd.job
    [2013-07-02 23:25:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I
    [2011-12-03 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Babylon
    [2013-06-07 22:16:37 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DealPly
    [2013-07-10 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Desk 365
    [2013-07-10 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\eIntaller
    [2013-04-11 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\File Scout
    [2013-01-01 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenCandy
    [2008-03-12 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking
    [2013-04-12 22:47:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PerformerSoft
    [2007-10-16 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WhenU
    [2012-06-21 02:43:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\YourFileDownloader

    :Files
    C:\Users\Anna\AppData\Local\Temp*.html

    :Commands
    [emptytemp]


    Po wykonaniu daj nowy log z OTL.
  • Poziom 8  
    Jesteś poprostu geniuszem komuterowym!!! AdwCleane nie użyłam bo za bardzo nie wiedziałam jak, ale już sie poprawiłam:) A jeśli chodzi o avast to go usunęłam ale nie uruchomiłam ponownie kompa i pewnie dlatego był widoczny. Teraz wykonałam wszystko krok po kroku według Twoich poleceń:)
  • Pomocny post
    Spec od komputerów
    Uzyj: http://www.avast.com/pl-pl/uninstall-utility

    Wykonaj skrypt w OTL:

    :OTL
    DRV - [2013-06-27 01:59:24 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013-03-07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
    [2013-07-11 13:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㔰䄭䍂䕄䙆䑅䉃絁
    [2013-07-12 18:36:59 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini


    Po wykonaniu wybierz w OTL Sprzatanie i to wszystko.
  • Poziom 8  
    Komp chodzi teraz dużo, dużo szybciej, choć uruchamia się nadal długo. Dzieki wielkie Ci za Twoją fachową pomoc i cierpliwość:), pozdrawiam i życzę WSZYSTKIEGO DOBREGO!