Proszę o sprawdzenie loga komputer strasznie "muli"

Dla specjalistów Bezpieczeństwo
#1

Od tygodnia komputer strasznie wolno chodzi cały czas słychać pracujący dysk nawet jak żadne programy nie są uruchomione. Z góry dzięki za pomoc

 

OTL: http://wklej.org/id/1708895/

Extras: http://wklej.org/id/1708897/

#2

Obowiązują raporty FRST http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowi%C4%85zkowy-t478727/

#3

FRST http://wklej.org/id/1709253/

Adition http://wklej.org/id/1709254/

shortcut http://wklej.org/id/1709255/

#4

Odinstaluj Minecraft Packages,PDF Writer Packages,Softonic for Windows,Spybot - Search & Destroy,SweetIM for Messenger 3.7,Update Manager for SweetPacks 1.1.Otwórz notatnik systemowy i wklej:

Task: {299C22E6-C567-4B8D-95D9-3C7A5F3F9966} - \PC Performer_DEFAULT No Task File ==== ATTENTION
Task: {30EDB830-0460-44E2-BCDA-76FF17EF02C6} - \PC Performer_UPDATES No Task File ==== ATTENTION
Task: {3218F3D6-3F66-4420-A792-7B349C2C0A97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files\Spybot - Search Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {470929F4-DF22-437F-9A4F-5D6A9A074F65} - System32\Tasks\DefaultCheck = c:\Users\All Users\dtdata\R002.exe [2014-11-15] () ==== ATTENTION
Task: {7F96A88A-8C0A-4A81-80CB-FD711266CBA6} - System32\Tasks\{9BE84538-3938-496A-935E-16BCBC08F819} = Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
Task: {802E7A87-C2A6-4E3A-A20B-61929B72229D} - System32\Tasks\Norton Security Scan for Użytkownik = C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe
Task: {8C384F08-99E0-43F6-9B93-E4716E3C8216} - System32\Tasks\DefaultReg = c:\Users\All Users\dtdata\R001.exe ==== ATTENTION
Task: {92B9FE61-7D6F-4B8C-A0A2-0C9231138668} - System32\Tasks\Default2Check = c:\Users\All Users\dtdata\R003.exe [2014-12-03] () ==== ATTENTION
Task: {9DCBC76E-8ACF-4B9D-BAFD-BA8D6757E439} - System32\Tasks\RunAsStdUser = C:\Program Files\Desk 365\desk365.exe ==== ATTENTION
Task: {AB7C2F43-5C62-45F7-92C5-3604B571B82E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files\Spybot - Search Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {ACC431F4-4F95-4AC9-8D51-F7E95120FD3E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files\Spybot - Search Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {AE2E2466-4A83-4AF1-B38E-884F8D451476} - \plushd8.1-codedownloader No Task File ==== ATTENTION
Task: {BBA3E584-6A91-45F2-9F01-28D2809ECE2A} - System32\Tasks\{AAE52D99-769D-49EB-A67A-137D0A93009C} = Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
Task: {CC953AA6-3E76-44D3-9371-C93A792EE891} - \AmiUpdXp No Task File ==== ATTENTION
Task: {E6235EF8-C0DD-4649-BC99-956465072C23} - \BitGuard No Task File ==== ATTENTION
Task: {F2BBC593-BA36-4FA2-B149-8002AB28D819} - System32\Tasks\QtraxPlayer = 485019980.portal.qtrax.com
HKLM\...\Run: [Chew7Hale] = C:\Windows\System32\hale.exe [2169856 2012-05-08] ()
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [tuto4pc_pl_6] = [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1563812671-696970581-683584743-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {4A7F29EB-6AF2-4630-EBC0-0E5F4579C6FD} URL = http://search.sweetim.com/search.asp?src=6crg=3.1010000st=12q={searchTerms}barid={BCCD53DB-D1CB-11E1-B0E7-1C6F659E01F5}
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - {4AB2DD0E-221B-4639-98AF-343EC1D5AFA7} URL = http://www.mysearchresults.com/search?c=3513t=07q={searchTerms}
SearchScopes: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - {4AFF5033-9BCB-4C71-B0D5-40BA39EFD626} URL = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}SearchSource=4cc=r=43
Toolbar: HKU\S-1-5-21-1563812671-696970581-683584743-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\l4jog5en.default\searchplugins\BrowserDefender.xml [2013-07-11]
FF SearchPlugin: C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\l4jog5en.default\searchplugins\mngr.xml [2013-05-31]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\22apple.xml [2013-01-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2013-07-11]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml [2014-04-01]
CHR StartupUrls: Default - "hxxp://www.search.ask.com/?tpid=ORJ-SPEo=APN11412pf=V7trgb=CRp2=%5EBBK%5EOSJ000%5EYY%5EPLgct=hpapn_ptnrs=BBKapn_dtid=%5EOSJ000%5EYY%5EPLapn_dbr=cr_35.0.1916.153apn_uid=61F55310-70BD-4F5E-952D-9ED09266A6FEitbv=12.15.1.20doi=2014-07-16psv=pt=tb", "hxxp://www.doko-search.com/?babsrc=HP_ss_wls_mib2mntrId=C0B51C6F659E01F5affID=121963tsp=4940"
CHR Extension: (No Name) - C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-05-08]
CHR Extension: (No Name) - C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hefdopkjddeacfpjlhnnikdibknmdepg [2015-05-08]
CHR Extension: (No Name) - C:\Users\Użytkownik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2015-05-08]
S2 SDScannerService; C:\Program Files\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
2015-05-08 19:34 - 2015-05-08 19:57 - 00000000 ____ D () C:\AdwCleaner
2013-12-18 15:54 - 2013-12-18 16:04 - 49940480 _____ () C:\Program Files\GUT8C7.tmp
2014-05-12 20:44 - 2014-05-12 20:44 - 6103040 _____ () C:\Program Files\GUTAF92.tmp
2015-04-03 08:42 - 2015-04-03 08:42 - 0000000 ____ H () C:\Users\Użytkownik\AppData\Local\BIT5A01.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

ok juz działam

#6

Pokaż nowe logi z FRST.

#7

http://wklej.org/id/1709498/

http://wklej.org/id/1709499/

http://wklej.org/id/1709500/

#8

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [Chew7Hale] = C:\Windows\System32\hale.exe [2169856 2012-05-08] ()
2015-05-11 18:13 - 2015-05-12 13:11 - 00000000 ____ D () C:\Program Files\Spybot - Search Destroy 2
2015-05-11 18:13 - 2015-05-12 13:05 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2015-05-11 18:12 - 2015-05-11 18:12 - 00305664 _____ (Secure By Design Inc.) C:\Users\Użytkownik\Downloads\Ninite AVG Spybot 2 Installer.exe
2015-05-08 19:58 - 2015-05-08 20:34 - 00000000 ____ D () C:\Qoobox
2015-05-11 19:21 - 2013-06-24 15:48 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\PDF Writer Packages
2015-05-11 17:53 - 2013-02-01 16:14 - 00000000 ____ D () C:\Program Files\tuto4pc_pl_6
2015-05-11 17:52 - 2013-03-03 12:12 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Local\Torpedo
2015-05-08 18:36 - 2014-02-14 17:56 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\DigitalSites
2015-05-08 18:36 - 2014-02-07 15:53 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\FunmoodsChat
2015-05-08 18:36 - 2013-07-11 14:58 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Local\iLivid
2015-05-08 18:36 - 2013-06-24 15:47 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\DSite
2015-05-08 18:36 - 2013-01-25 17:05 - 00000000 ____ D () C:\Program Files\Common Files\337
2015-05-08 18:36 - 2012-11-21 19:28 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Local\tuto4pc_pl_1
2015-05-08 18:36 - 2012-10-12 08:24 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\PerformerSoft
2015-05-08 18:14 - 2013-07-11 15:06 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Local\Torch
2015-05-08 18:13 - 2013-07-11 14:50 - 00000000 ____ D () C:\Users\Użytkownik\AppData\Roaming\Systweak

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#9

zrobione nowe logi

http://wklej.org/id/1709557/

http://wklej.org/id/1709571/

http://wklej.org/id/1709572/

#10

Wykonaj w trybie awaryjnym.Otwórz notatnik systemowy i wklej:

CloseProcesses:
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2012-05-08] ()

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#11

zrobione

http://wklej.org/id/1709712/

http://wklej.org/id/1709713/

http://wklej.org/id/1709714/

#12

Skasuj folder C:\FRST.

#13

nie moge usunąć tego foderu nawet w trybie awaryjnym rzekomo nie mam uprawnień do wprowadzania zmian w tym folderze a jestem na koncie administratora z reszta tylko takie mam dziwna sprawa co dalej z tym??

#14

Otwórz notatnik systemowy i wklej:

 

DeleteQuarantine:

 

 

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#15

usunięte

http://wklej.org/id/1709945/

http://wklej.org/id/1709946/

http://wklej.org/id/1709948/