Zawieszający i strasznie wolno chodzący komputer

Iro23 · 9 Kwiecień 2015 11:10

Witam

Na komputerze od około tygodnia nie da się praktycznie nic działać. Co chwilę się zawiesza a jesli chodzi to tak wolno że szkoda słów.Komputer nie jest mój tylko znajomego.Proszę o pomoc

FRST http://wklej.to/GUS6p

Addition http://wklej.to/Ucf29

Atis · 9 Kwiecień 2015 11:48

W panelu sterowania odinstaluj:"

Baidu PC Faster

Bundled software uninstaller

Shopping Helper Smartbar

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2451978189-1825011687-1387039772-1000\...\Run: [PriceMeterW] => "C:\Users\Mariusz\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2451978189-1825011687-1387039772-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65519;https=127.0.0.1:65519;
FF Extension: saveron - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\10Rjbzw@5.net [2014-10-28]
FF Extension: SAlEsChecKer - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\eoe.dosjg@orbw-dpis.com [2014-07-03]
FF Extension: Fast Start - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\faststartff@gmail.com [2014-11-30]
FF Extension: CoolSaleCoupon - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\MS@U.edu [2014-11-12]
FF Extension: AippotoU - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\ovx5xdw@iewmzkhih.com [2014-08-20]
FF Extension: saferwebo - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\pjctgas@wvjjzpuooui.edu [2014-07-29]
FF Extension: less2pay - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\Us0@PQV.net [2014-10-26]
FF Extension: dealster - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\y@4M0vo.edu [2014-11-28]
FF Extension: Weebsaver - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\yoeuwdeuii@ueiq.co.uk [2014-10-13]
FF Extension: deaLPeuaek - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\zmgcvf@aueyd.edu [2014-09-02]
FF Extension: Shopping Helper Smartbar - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\Extensions\{aa2c5915-818d-553c-9337-d39a9324477f} [2014-07-03]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\e8xqy1ce.default\extensions\faststartff@gmail.com
CHR Extension: (iLivid) - C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-03-03]
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
S2 Update Klip Pal; "C:\Program Files\Klip Pal\updateKlipPal.exe" [X]
S2 Update LinkiDoo; "C:\Program Files\LinkiDoo\updateLinkiDoo.exe" [X]
S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
R2 buuoujqmrk32; C:\Program Files\003\buuoujqmrk32.exe [541696 2014-05-07] () [File not signed]
C:\Program Files\003S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVEX15.SYS [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [51792 2014-11-19] (NetFilterSDK.com)
C:\Windows\System32\drivers\netfilter.sys
2015-04-07 17:11 - 2014-12-07 11:45 - 00000000 ____ D () C:\Program Files\CouponArific
2015-02-10 22:26 - 2015-02-10 22:40 - 0000208 _____ () C:\Users\Mariusz\AppData\Roaming\wklnhst.dat
2014-03-01 23:10 - 2014-03-01 03:09 - 1122552 _____ (AnyProtect.com) C:\Users\Mariusz\AppData\Local\AnyProtectScannerSetup.exe
2015-03-26 18:40 - 2015-04-07 05:40 - 0007944 _____ () C:\Users\Mariusz\AppData\Local\d3d9caps.dat
2014-12-03 20:33 - 2014-12-03 20:33 - 0022528 _____ () C:\Users\Mariusz\AppData\Local\dsisetup28980462.exe
2015-01-17 01:58 - 2015-03-04 17:47 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2015-01-15 18:48 - 2015-04-09 11:23 - 0000112 _____ () C:\ProgramData\R4v4d38f.dat
2014-10-22 13:53 - 2014-10-22 13:53 - 0000000 _____ () C:\ProgramData\spds90.txt
2014-12-03 20:33 - 2014-12-03 20:33 - 0000010 _____ () C:\Users\Mariusz\AppData\Local\DSI.DAT
2014-03-01 22:58 - 2014-03-01 22:59 - 0001278 _____ () C:\Users\Mariusz\AppData\Roaming\Bubble Dock.boostrap.log
2014-03-01 22:58 - 2014-03-01 22:59 - 0013118 _____ () C:\Users\Mariusz\AppData\Roaming\Bubble Dock.installation.log
Task: {037D08EA-76C0-4404-B47F-54D2953DB643} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {07AEA197-60B0-4441-97FD-044C1E946C18} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {0895C019-17B4-4BB0-A969-998441A1AD7E} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {26720FEA-2CCF-4FD3-A07F-7BADA759E905} - System32\Tasks\pricemetertask => C:\Users\Mariusz\AppData\Local\PriceMeter\pricemeter.exe <==== ATTENTION
Task: {2AF921DD-AC8C-49C7-A408-0F4994EAA865} - System32\Tasks\Baidu PC Faster Update => C:\Program Files\PC Faster\5.1.0.0\Updater.exe [2015-02-10] (Baidu Inc.)
Task: {84F7B46C-547D-4DB7-8283-DB6034F38CB4} - System32\Tasks\{B3F13E38-4BC6-42E9-B8C8-63C73FF98148} => Firefox.exe http://ui.skype.com/ui/0/6.13.0.104/pl/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {8E54ED4C-6D37-4632-93BD-536025082CBA} - System32\Tasks\PriceMeterUpdater => C:\Users\Mariusz\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {BC6B78F9-80C9-4A6E-A531-8D7448B862A8} - System32\Tasks\pricemeterwatcher => C:\Users\Mariusz\AppData\Local\PriceMeter\pricemeterw.exe <==== ATTENTION
Task: {BF697161-258B-47D0-9599-53C5F0CE5548} - System32\Tasks\pricemeterdownloader => C:\Users\Mariusz\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {C68FF673-1646-4454-AE65-54129A31D49A} - System32\Tasks\PennyBee => C:\Users\Mariusz\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C9EED7C5-6E6B-4F14-940C-3BC38F714B5F} - System32\Tasks\Baidu PC Faster Service => C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [2015-02-25] (Baidu Inc.)
Task: {DFACCD68-5225-4D42-928F-F40CCA71F96B} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Mariusz\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Mariusz\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Iro23 · 9 Kwiecień 2015 17:07

Raport z usuwania http://wklej.to/qprdR

FRST http://wklej.to/CGlaR

Atis · 9 Kwiecień 2015 22:28

Przestań instalować szkodliwe programy. Odinstaluj CouponArific.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrV02rKF3ywAX2IwrVZmeeDUxqHUFu1W3Uo1UsqfO6lwlVSCv-Dvhql6aTxUBe190uL3Q2Rmn3YAfHKnV0Xzp3oKYbU6oxE6gyecz8cEMHyYUz56Rm73SQZYCClMMH_qyg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrV02rKF3ywAX2IwrVZmeeDUxqHUFu1W3Uo1UsqfO6lwlVSCv-Dvhql6aTxUBe190uL7kIUMBYrAyeOSZRgYHgjiSE_JMIZdX9t2qbnQBTw4Puc9LzA3G4jdXFMrXVCY3Q,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrV02rKF3ywAX2IwrVZmeeDUxqHUFu1W3Uo1UsqfO6lwlVSCv-Dvhql6aTxUBe190uL7kIUMBYrAyeOSZRgYHgjiSE_JMIZdX9t2qbnQBTw4Puc9LzA3G4jdXFMrXVCY3Q,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65519;https=127.0.0.1:65519;
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrV02rKF3ywAX2IwrVZmeeDUxqHUFu1W3Uo1UsqfO6lwlVSCv-Dvhql6aTxUBe190uL7kIUMBYrAyeOSZRgYHgjiSE_JMIZdX9t2qbnQBTw4Puc9LzA3G4jdXFMrXVCY3Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Ask Search) - C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-04-09]
S2 CouponArificService; C:\Program Files\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie.exe [150528 2014-09-29] () [File not signed]
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-04-01] (Baidu, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\NAVENG.SYS [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [X]
2015-04-09 17:42 - 2015-04-09 17:42 - 00000000 ____ D () C:\Program Files\CouponArific
2015-04-09 17:18 - 2015-04-09 17:23 - 00000000 ____ D () C:\AdwCleaner
2015-04-09 17:01 - 2015-04-09 17:01 - 00000000 ____ D () C:\Users\Public\Documents\PC Faster
2015-04-01 05:03 - 2015-01-17 01:58 - 00046440 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
C:\Users\Public\AlexaNSISPlugin.7688.dll
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Iro23 · 9 Kwiecień 2015 23:20

Nic nie instalowałem i nie instaluje. CoupoArific nie był widoczny w programach do odinstalowania tylko w folderze na dysku C (skad go usunałem).

Raport z usuwania http://wklej.to/1aOT4

FRST http://wklej.to/1Q5Qf

Atis · 9 Kwiecień 2015 23:38

Zmień stronę startową w Chrome i usuń ask.com: KLIK

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

C:\Users\Mariusz\AppData\Roaming\wklnhst.dat
C:\Users\Mariusz\Documents\fixlist.txt
C:\Program Files\35556262-902E-49AE-8622-66E14F1F041C
RemoveProxy:
DeleteQuarantine:

Uruchom FRST i kliknij Fix.Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 16 ActiveX

Adobe Flash Player 16 NPAPI

Java 8 Update 25

Zainstaluj:

Flash Player 17.0.0.134 Plugin

Flash Player 17.0.0.134 ActiveX

Java 8 Update 40