Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Hp, Windows Vista - Długo się uruchamia; bardzo się muli

andzka2009 11 Lip 2013 20:26 4272 9
  • #1 11 Lip 2013 20:26
    andzka2009
    Poziom 8  

    Objawy jak w temacie. Zrobiłam skanowanie OTL i bardzo proszę o sprawdzenie raportów i porady i wskazówki co z tym zrobić bo jestem z tego całkowicie zielona

    0 9
  • CControls
  • #2 11 Lip 2013 20:51
    RADU23
    Moderator - Komputery Serwis

    Wykonaj skanowanie przy pomocy Malwarebytes-"pełne skanowanie".
    Zamieść logi.
    Następnie czyszczenie rejestru CCleaner-em.
    Daj screena z Crystal Disk Info.

    0
  • #3 11 Lip 2013 20:55
    Kolobos
    Spec od komputerów

    Jeden antywirus wystarczy, nie trzeba instalowac paru.

    Odinstaluj:
    BrowserDefender
    Complitly
    Ask Toolbar
    SweetIM Toolbar for Internet Explorer 4.2
    SweetIM for Messenger 3.6
    avast! Free Antivirus
    AVG Security Toolbar
    Claro toolbar
    DAEMON Tools Toolbar
    Delta toolbar
    Wise Registry Cleaner 7.71
    WinZipper, do pakowania/rozpakowywania mozesz uzyc darmowego 7-Zip:
    http://downloads.sourceforge.net/sevenzip/7z920.msi

    W przyszlosci uwazaj przy instalacji i nie instaluj dodatkow typu paski (toolbar), wyszukiwarki itp. Zawsze trzeba wybierac instalacje zaawansowana i sprawdzac co dokladnie sie instaluje.

    Uzyj AdwCleaner, opcja Delete.

    Zrob skan przy pomocy mbam.

    Po wykonaniu daj nowy log z OTL ze skanowania.

    0
  • CControls
  • #4 12 Lip 2013 15:17
    andzka2009
    Poziom 8  

    Dziekuje wszystkie wskazówki!!! Zrobiłam pełne skanowanie poniżej wklejam logi. Wyczyściłam rejestr CCleaner-em, odinstalowałam podane programy i zanmierzam robić następne wskazówki. W międzyczasie mam jednak pytanie czy mam usunąć tylko zaznaczone przez mbam wirusy czy reszte też(sreean1).

    0
  • #5 12 Lip 2013 15:30
    Kolobos
    Spec od komputerów

    Prosilem o nowy log z OTL. Usun to co wykryl mbam.

    0
  • #7 12 Lip 2013 19:33
    Kolobos
    Spec od komputerów

    Dlaczego nie uzylas AdwCleaner, opcja Delete? Czy tym razem mozesz go uzyc PRZED wykonaniem skryptu?

    Do tego nadal widze w logu Avast.

    Odinstaluj:
    Google Toolbar
    Avast

    Wykonaj skrypt w OTL:

    :OTL
    PRC - [2013-07-10 17:16:35 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eSafeSvc.exe
    PRC - [2013-06-27 01:59:19 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013-06-27 01:59:18 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    PRC - [2012-06-21 02:43:29 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe
    SRV - [2013-07-10 17:16:35 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eSafeSvc.exe -- (WsysSvc)
    SRV - [2013-06-27 01:59:18 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2626277




    IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={BC87040D-00EF-11E1-9F02-001B2485682B}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468469
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=28FE001A73A82909&affID=119357&tsp=4931
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GL&apn_dtid=&apn_uid=D3456F62-AF63-4CAD-A1EC-AF60E16A3EA1&apn_sauid=D5BC03DF-FE26-46EA-8C10-2DCA6319DDB1
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...=FUJITSUXMHW2120BH_NZ1DT7936VPU&ts=1373468493
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A5A69AB4-C0CE-44A7-9962-7B5316A12293}&mid=16cc3ef02e1347d0a1b4d152626181d8-db280a75647bb48f9fad4af51c73168cc9bba499&lang=pl&ds=xn011&pr=sa&d=2012-09-06 12:52:16&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2626277
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={BC87040D-00EF-11E1-9F02-001B2485682B}
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
    [2013-06-07 22:14:48 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\swafju3w.default\Extensions\addon@dealplyshopping.com
    [2013-07-02 23:24:41 | 000,006,505 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\babylon.xml
    [2013-04-11 02:45:21 | 000,001,300 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\claro.xml
    [2013-07-02 23:25:21 | 000,001,294 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\swafju3w.default\searchplugins\delta.xml
    [2008-01-26 23:56:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013-05-20 17:59:09 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2013-07-10 17:01:34 | 000,000,733 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
    O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
    O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-1984699078-1423458635-1123303403-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funw...-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.5.1)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
    [2013-07-10 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\WinZipper
    [2013-07-10 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
    [2013-07-10 17:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
    [2013-07-10 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Desk 365
    [2013-07-10 17:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Desk 365
    [2013-07-10 16:59:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\eIntaller
    [2013-07-02 23:25:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I
    [2013-07-12 17:41:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2013-07-12 17:41:46 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Kxgd.job
    [2013-07-02 23:25:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I
    [2011-12-03 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Babylon
    [2013-06-07 22:16:37 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DealPly
    [2013-07-10 17:14:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Desk 365
    [2013-07-10 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\eIntaller
    [2013-04-11 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\File Scout
    [2013-01-01 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\OpenCandy
    [2008-03-12 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PeerNetworking
    [2013-04-12 22:47:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PerformerSoft
    [2007-10-16 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WhenU
    [2012-06-21 02:43:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\YourFileDownloader

    :Files
    C:\Users\Anna\AppData\Local\Temp*.html

    :Commands
    [emptytemp]


    Po wykonaniu daj nowy log z OTL.

    0
  • #8 12 Lip 2013 21:10
    andzka2009
    Poziom 8  

    Jesteś poprostu geniuszem komuterowym!!! AdwCleane nie użyłam bo za bardzo nie wiedziałam jak, ale już sie poprawiłam:) A jeśli chodzi o avast to go usunęłam ale nie uruchomiłam ponownie kompa i pewnie dlatego był widoczny. Teraz wykonałam wszystko krok po kroku według Twoich poleceń:)

    0
  • Pomocny post
    #9 12 Lip 2013 23:11
    Kolobos
    Spec od komputerów

    Uzyj: http://www.avast.com/pl-pl/uninstall-utility

    Wykonaj skrypt w OTL:

    :OTL
    DRV - [2013-06-27 01:59:24 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013-03-07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
    [2013-07-11 13:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㔰䄭䍂䕄䙆䑅䉃絁
    [2013-07-12 18:36:59 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini


    Po wykonaniu wybierz w OTL Sprzatanie i to wszystko.

    0
  • #10 14 Lip 2013 18:13
    andzka2009
    Poziom 8  

    Komp chodzi teraz dużo, dużo szybciej, choć uruchamia się nadal długo. Dzieki wielkie Ci za Twoją fachową pomoc i cierpliwość:), pozdrawiam i życzę WSZYSTKIEGO DOBREGO!

    0