Vista wolno się ładuje na 4gb ram i 2.8 procek

Dla specjalistów Bezpieczeństwo
#1

Daje loga bo to jest niemożliwe wręcz :? Na początku jak burza, z ręką na stoperze szybciej od XP… Ale coś sie ‘popsiuło’ xD

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:19:55, on 2008-11-25

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Adam\Downloads\deimos-client-0.57.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\SigXC\SigX.exe

C:\Program Files\Brandon Paddock\Start++\Start++.exe

C:\Program Files\CountYourTime\collector.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\java.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\mmc.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\mmc.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [The Deimos Project] "C:\Users\Adam\Downloads\deimos-client-0.57.exe"

O4 - HKCU\..\Run: [SigXC] C:\Program Files\SigXC\SigX.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Start++] "C:\Program Files\Brandon Paddock\Start++\Start++.exe" /startup

O4 - HKCU\..\Run: [CountYourTime] C:\Program Files\CountYourTime\collector.exe -autostarted

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe

O4 - Global Startup: OGameAutomizer.exe - Shortcut.lnk = Adam\Documents\OGameAutomizer2\OGameAutomizer.exe

O4 - Global Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll

O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\IE Source\iesource.dll,-3 - {6FEE3A08-8E69-4c75-A307-00A74FC01DFD} - C:\Program Files\IE Source\iesource.dll (HKCU)

O9 - Extra 'Tools' menuitem: IE Source - Vew HTML source - {6FEE3A08-8E69-4c75-A307-00A74FC01DFD} - C:\Program Files\IE Source\iesource.dll (HKCU)

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll

O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll

O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe


--

End of file - 10317 bytes
#2

fix w hijackthis

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

#3

http://wklej.org/id/22007/

Ale co do

Są to potrzebne mi na co dzień aplikacje więc nie usuwałem. Ale

Dlaczego te? Zrobiłem wg. instrukcji ale przecież to konsola ATI, aplikacja do sterowania jackami i Norton? Czy to po prostu nie zabuży działania systemu?

#4

Nie, te czynniki można wyłączyć, fakt że sa usuwane z autouruchamiania nie świadczy że sa usuwane z systemu

W logu nic nie widzę

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

lub

Dr.WEB CureIt!

#5

Generalnie rzecz biorąc pomogły te porady, jednak najlepszym na Viste remedium jest installka Server 2008 z aero bez wielu animacji - to spowalniało znacznie system :slight_smile: Pozdrawiam :wink: