Wolne działanie komputera, długi start

mtsach22 · 7 Grudzień 2014 09:21

Dzień dobry,

Od wczoraj komputer zdecydowanie wolniej działa, także jeśli chodzi o uruchamianie systemu (3 minuty zamiast 30 sekund).

Przy takich operacjach jak, kopiowanie plików i usuwanie zawartości kosza, występują 5-6 sekundowe zawieszki. Zanim będzie działał hardware’owo/zdecyduję się formata, proszę o sprawdzenie logów.

Defragmentacja oraz skanowanie programem Malwarebytes’ Anti-Malware nie przyniosły żadnych skutków.

Pozdrawiam,

mtsach22

OTL :

http://www.wklej.org/id/1550307/

Extras :

http://www.wklej.org/id/1550309/

FRST :

http://www.wklej.org/id/1550317/

Addition :

http://www.wklej.org/id/1550318/

krzych5610 · 7 Grudzień 2014 11:24

Otwórz systemowy notatnik i wklej:

CloseProcesses: HKU\S-1-5-21-507921405-813497703-1801674531-1003…\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF HKU\S-1-5-21-507921405-813497703-1801674531-1003…\Policies\Explorer: [] HKU\S-1-5-21-507921405-813497703-1801674531-1003…\MountPoints2: {67ae2262-dd8a-11e3-9c99-001fd094d5cd} - F:\LGAutoRun.exe HKU\S-1-5-21-507921405-813497703-1801674531-1003…\MountPoints2: {c9634e9d-135f-11e1-900b-001fd094d5cd} - E:\Autorun.exe HKU\S-1-5-21-507921405-813497703-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: “” <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File S2 qfvzfmf; C:\WINDOWS\system32\irykk.dll [X] S4 IntelIde; No ImagePath S2 SNTIE; system32\DRIVERS\sntie.sys [X] U1 WS2IFSL; No ImagePath NETSVC: qfvzfmf -> C:\WINDOWS\system32\irykk.dll ==> No File 2014-12-07 09:58 - 2011-08-27 12:56 - 00000000 ____D () C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temp 2014-12-07 09:37 - 2008-04-15 13:00 - 00200312 _____ () C:\WINDOWS\system32\perfh015.dat 2014-12-07 09:37 - 2008-04-15 13:00 - 00055120 _____ () C:\WINDOWS\system32\perfc015.dat 2014-12-07 09:32 - 2014-07-11 21:55 - 00000204 _____ () C:\WINDOWS\Tasks\AutoKMS.job 2014-12-07 09:32 - 2011-08-27 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-06 23:05 - 2013-09-05 17:11 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-813497703-1801674531-1003UA.job 2014-12-06 22:55 - 2014-07-11 21:55 - 00000204 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job 2014-12-01 09:05 - 2013-09-05 17:11 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-813497703-1801674531-1003Core.job C:\Documents and Settings\Mateusz\leioquz.exe CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-507921405-813497703-1801674531-1003_Classes\CLSID{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-813497703-1801674531-1003Core.job => C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-813497703-1801674531-1003UA.job => C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe emptytemp: Zapisz jako fixlist.txt, umieść obok skanera FRST. Uruchom FRST i wykonaj polecenie FIX. Po restarcie pokaż fixlog.txt i aktualny raport FRST.

mtsach22 · 7 Grudzień 2014 11:51

Fixlog :

http://www.wklej.org/id/1550433/

FRST :

http://www.wklej.org/id/1550435/

Addition :

http://www.wklej.org/id/1550436/

Po restarcie wymuszonym przez FRST komputer ponownie uruchamiał się 3 minuty (mam na myśli wyświetlanie się ekranu z niebieskim “wężykiem” w XP)

Program Malwarebytes’ Anti-Malware wykrywa następujące zagrożenia. Nie wiem, czy mogę tak to usunąć:

http://wklej.org/id/1550512/

krzych5610 · 7 Grudzień 2014 14:07

To co znalazł Malwarebytes’ Anti-Malware jest do usunięcia.

Pobierz na pulpit AdwCleaner - https://toolslib.net/downloads/viewdownload/1-adwcleaner/ , po uruchomieniu wykonaj polecenia szukaj i usuń.

Po restarcie uruchom ponownie FRST. Pokaż aktualne raporty FRST i Addition.

Te co wstawiłeś jako skany 2, to kopia skanów wersji 1.

mtsach22 · 7 Grudzień 2014 16:27

Przepraszam za zamieszanie. Wszystkie wskazane operacje zostały przeprowadzone. Poniżej najświeższe logi

FRST :

http://wklej.org/id/1550777/

Addition :

http://wklej.org/id/1550781/

krzych5610 · 8 Grudzień 2014 12:36

Otwórz systemowy notatnik i wkej:

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2014-12-07 15:14 - 2014-12-07 15:25 - 00000000 ____D () C:\AdwCleaner 2014-12-07 12:35 - 2014-12-07 17:22 - 00000000 ____D () C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temp 2014-12-07 12:35 - 2014-12-07 17:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temp\sqlite3.dll AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF MSCONFIG\startupreg: home => wscript.exe //B “C:\DOCUME~1\Mateusz\USTAWI~1\Temp\home.vbe” MSCONFIG\startupreg: htyyluh => C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\ghkqse.exe emptytemp: Zapisz jako fixlist.txt, umieść obok skanera FRST. Uruchom FRST i wykonaj polecenie FIX. Po restarcie usuń ręcznie folder C:\FRST, usuń raporty. Uruchom ponownie AdwCleaner i wykonaj polecenie odinstaluj. Wykonaj czyszczenie za pomocą Wise Registry Cleaner 8.26(wszystkie wersje) - http://www.dobreprogramy.pl/Wise-Registry-Cleaner,Program,Windows,13347.html i Wise Disk Cleaner 8.36 - (wszystkie wersje) - http://www.dobreprogramy.pl/Wise-Disk-Cleaner,Program,Windows,13346.html Wykonaj aktualizację IE do wersji 8. Odinataluj jave 6. Masz już Jave 7.