Powolne działanie systemu

Dla specjalistów Bezpieczeństwo
#1

Jak w temacie, bardzo proszę o sprawdzenie logów.

 

http://www.wklej.org/id/1742619/

 

http://www.wklej.org/id/1742620/

 

http://www.wklej.org/id/1742621/

#2

Odinstaluj Avast Free Antivirus.Otwórz notatnik systemowy i wklej:

Task: {512EDA3F-9C33-4991-AC8D-0E3BE0389102} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1138515197-3825771476-3911260129-1000UA = C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-19] (Facebook Inc.)
Task: {E7BDC24A-76CE-4187-AD4B-C88B48E31EF5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1138515197-3825771476-3911260129-1000Core = C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-19] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1138515197-3825771476-3911260129-1000Core.job = C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1138515197-3825771476-3911260129-1000UA.job = C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [QuickTime Task] = D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1138515197-3825771476-3911260129-1000\...\Run: [Facebook Update] = C:\Users\Natalia\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-19] (Facebook Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1433497152z=145fc5cdd1c8f127c3dbd65g7zecec3z0t8mdg4w0ofrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1433497152z=145fc5cdd1c8f127c3dbd65g7zecec3z0t8mdg4w0ofrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1433497152z=145fc5cdd1c8f127c3dbd65g7zecec3z0t8mdg4w0ofrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1433497152z=145fc5cdd1c8f127c3dbd65g7zecec3z0t8mdg4w0ofrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
HKU\S-1-5-21-1138515197-3825771476-3911260129-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
HKU\S-1-5-21-1138515197-3825771476-3911260129-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKU\S-1-5-21-1138515197-3825771476-3911260129-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267
HKU\S-1-5-21-1138515197-3825771476-3911260129-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
SearchScopes: HKU\S-1-5-21-1138515197-3825771476-3911260129-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
SearchScopes: HKU\S-1-5-21-1138515197-3825771476-3911260129-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267ts=1433497216type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1138515197-3825771476-3911260129-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267ts=1433497216type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1138515197-3825771476-3911260129-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1433497187z=7ce639bc5d58fd015d6c8dcgezec2c6z7t4mbgdb4mfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267q={searchTerms}
SearchScopes: HKU\S-1-5-21-1138515197-3825771476-3911260129-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500BEVS-26UST0_WD-WXEX08V0J2670J267ts=1433497216type=defaultq={searchTerms}
BHO-x32: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-03] (Thinknice Co. Limited)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\zherdrth.default\extensions\sweetsearch@gmail.com
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-03] (XTab system)
S2 Update Framed Display; "C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe" [X]
S3 Tosrfcom; No ImagePath
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-23] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-09] (StdLib)
S3 ALSysIO; \\C:\Users\Natalia\AppData\Local\Temp\ALSysIO64.sys [X]
2015-06-05 11:40 - 2015-06-05 11:40 - 00000000 ____ D C:\ProgramData\IHProtectUpDate
2015-06-05 11:40 - 2015-06-05 11:40 - 00000000 ____ D C:\Program Files (x86)\MiuiTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.