System Windows 7 znacząco zwolnił

Nicramek17 · 6 Luty 2015 08:15

Witam,

Ostatnio zauważyłem, że system zwolnił, przypadkowo zainstalowały się Toolbary do Chrome.

Poniżej wklejam logi:

FRST: http://wklej.org/id/1626229/

Addition: http://wklej.org/id/1626230/

Dziękuję za pomoc.

Acorus · 6 Luty 2015 09:01

Odinstaluj uunisaless.Otwórz notatnik systemowy i wklej:

Task: {4618FFB4-C627-49FB-A054-AE9E557709B5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2609482228-1103846838-3593312344-1000Core = C:\Users\Katarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-02] (Facebook Inc.)
Task: {C812DCB2-B68C-4D16-92F5-BCAB6183A56E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2609482228-1103846838-3593312344-1000UA = C:\Users\Katarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-02] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2609482228-1103846838-3593312344-1000Core.job = C:\Users\Katarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2609482228-1103846838-3593312344-1000UA.job = C:\Users\Katarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2609482228-1103846838-3593312344-1000\...\Run: [Facebook Update] = C:\Users\Katarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-02] (Facebook Inc.)
Startup: C:\Users\Katarzyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Revenge S04E13 HDTV x264-LOL [eztv].lnk
ShortcutTarget: Revenge S04E13 HDTV x264-LOL [eztv].lnk - C:\ProgramData\{ae39c815-04b5-bf1a-ae39-9c81504b2054}\Revenge S04E13 HDTV x264-LOL [eztv].exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
HKU\S-1-5-21-2609482228-1103846838-3593312344-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
HKU\S-1-5-21-2609482228-1103846838-3593312344-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
SearchScopes: HKU\S-1-5-21-2609482228-1103846838-3593312344-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
SearchScopes: HKU\S-1-5-21-2609482228-1103846838-3593312344-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCXq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hpts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
FF Extension: uunisaless - C:\Users\Katarzyna\AppData\Roaming\Mozilla\Firefox\Profiles\0dqc2bcf.default\Extensions\j@aC.net [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Katarzyna\AppData\Roaming\Mozilla\Firefox\Profiles\0dqc2bcf.default\extensions\fftoolbar2014@etech.com
CHR Extension: (uunisaless) - C:\ProgramData\kkkffclhmfhapdkoijfgeobadcmookgi\ [2013-07-16]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=scts=1421872151from=wpcuid=HitachiXHTS547550A9E384_J2160051H43KTCH43KTCX
S3 ASUSProcObsrv; \\F:\I386\AsPrOb64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-21 21:31 - 2015-01-21 21:32 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-21 21:27 - 2015-01-21 21:27 - 00000000 ____ D () C:\ProgramData\1397584161717686803
2015-01-21 21:27 - 2015-01-21 21:27 - 00000000 ____ D () C:\Program Files (x86)\uunisaless
2015-01-21 21:26 - 2015-01-21 21:32 - 00000000 ____ D () C:\ProgramData\{ae39c815-04b5-bf1a-ae39-9c81504b2054}
2015-01-21 21:26 - 2015-01-21 21:27 - 00000000 ____ D () C:\ProgramData\kkkffclhmfhapdkoijfgeobadcmookgi
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.