Skocz do zawartości
michalprog

Komputer działa wolno, internet i pliki z dysku wolno się ładują

Rekomendowane odpowiedzi

Dzień dobry.

 

Piszę w imieniu koleżanki. Na jej komputerze internet działa wolno. Widać to zarówno, po szybkości ładowania stron internetowych, jak i podczas przeglądania plików na dysku. Uruchamianie programów też jest problematyczne. Dodatkowo system Windows jest po litewsku-angielsku. Proszę o analizę logów i o pomoc.

 

Pozdrawiam.

Michał

Addition.txt

FRST.txt

Shortcut.txt

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

1) Są dwa czynne antywirusy - pozbądź się jednego z nich:

Do usuwania AVG służy AVG Remover - https://www.avg.com/pl-pl/utilities

Do usuwania Avast służy Avast Uninstall Utility - http://www.avast.com/uninstall-utility

 

2) Spróbuj odinstalować te program

Plus-HD-9.6 (HKLM-x32\...\Plus-HD-9.6) (Version: 1.34.5.12 - Plus HD) <==== ATTENTION

sweet-page uninstaller (HKLM-x32\...\sweet-page uninstaller) (Version:  - sweet-page) <==== ATTENTION

MySearch App (HKLM-x32\...\{41444150-2D43-3300-76A7-A758B70C2D01}) (Version: 12.45.1.4248 - APN, LLC)

 

3) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

RemoveDirectory: C:\Program Files (x86)\dress4u
RemoveDirectory: C:\Program Files (x86)\Plus-HD-9.6
RemoveDirectory: C:\Program Files (x86)\globalUpdate
C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu.exe
Task: {0D3E4617-4031-47CD-925A-C7FCB04ED60E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0D3E602D-90EF-4FFD-95A8-E4B3172CA8DF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0FBC1D74-FBED-4BC9-A02D-D8ABE1511DB4} - System32\Tasks\dress4u_notification_service => C:\Program Files (x86)\dress4u\dress4u_notification_service.exe <==== ATTENTION
Task: {11A77B2F-F6ED-45E1-960B-20211C810AEE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {42BD02B7-9BB0-4BB8-99D1-C69092932E8C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {59746F91-AFCB-4341-ADE3-809BA8539E4D} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-5 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-5.exe <==== ATTENTION
Task: {5E9C1209-F1F7-4BEA-A104-69104B252892} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-28988410-767054531-3856019114-1001 -> No File <==== ATTENTION
Task: {6063B86A-8447-4C67-862A-8253A811047F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {60C08B58-6D3C-444F-9427-3FEAB92A13BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63C1D158-4553-4379-8721-C46917D02185} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-4 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-4.exe <==== ATTENTION
Task: {659F820E-842F-40A4-AEA6-203D2B427F44} - System32\Tasks\dress4u_updating_service => C:\Program Files (x86)\dress4u\dress4u_updating_service.exe <==== ATTENTION
Task: {679D0B9E-4048-49AC-B32E-F58ADC615FDF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {82ECE8DC-E040-4F89-BF1F-93A150795696} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-2 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-2.exe <==== ATTENTION
Task: {878F2AA0-5B53-4EE1-8291-ED689CCFAD4A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8FFBC5A2-D176-44CF-8971-C081E74F5250} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-1 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exe <==== ATTENTION
Task: {A59238E4-7792-48AA-8E18-0DA784FBA046} - System32\Tasks\NEToMyx0kg1YfuIGF7Hgxflu => C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu.exe <==== ATTENTION
Task: {A7075B9E-4B9D-4373-82E6-03CD7C501B44} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-7 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-nova.exe <==== ATTENTION
Task: {AC511A6B-67CD-43D1-943E-0C1569C724B4} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B2C3F329-08E6-4CFE-9969-AB2FE8E1DC68} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B515C5A8-45CE-49DF-8F3D-01802EBACBB7} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-6 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-novainstaller.exe <==== ATTENTION
Task: {B5B35F83-2B11-4A8F-BDD9-974EC1DE0FC0} - System32\Tasks\a3bb1f37-ca48-4005-9c57-de3ec606553c-3 => C:\Program Files (x86)\Plus-HD-9.6\a3bb1f37-ca48-4005-9c57-de3ec606553c-3.exe <==== ATTENTION
Task: {C20AA499-408C-45CC-AF86-92EDC324FA37} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C5576A15-AE7B-497F-9406-0F802AB77B1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C76AC3B6-D168-46BB-B777-2256F713D78F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DD2C90EE-8630-411B-85AE-0DEA06D6A449} - \WPD\SqmUpload_S-1-5-21-28988410-767054531-3856019114-1001 -> No File <==== ATTENTION
Task: {E7F8A9EE-72C5-4503-9EE0-59E0C12C327D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509
ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509
ShortcutWithArgument: C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms}
SearchScopes: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms}
SearchScopes: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> {AF26673D-50DF-4B07-A7B8-38F69978E197} URL = hxxp://www.search-results.com/web?tpid=ADAP-C3&o=APN11416&pf=V7&p2=%5EBBO%5Eaaa329%5ECM%5EPL&gct=&itbv=12.36.1.2797&apn_uid=09A74240-E042-425F-8B27-8332207981B4&apn_ptnrs=^BBO&apn_dtid=%5Eaaa329%5ECM%5EPL&apn_dbr=microsoftedge.exe_6_20.10240.16384.0&doi=2015-11-11&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: No Name -> {11111111-1111-1111-1111-110511731104} -> No File
BHO: No Name -> {41444150-2D43-3300-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {11111111-1111-1111-1111-110511731104} -> No File
Toolbar: HKU\S-1-5-21-28988410-767054531-3856019114-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509","hxxps://mysearch.avg.com?cid={9817EB78-0DE5-4AD8-BB44-0EC4C37BD679}&mid=6b4392828c0247d29d3ca5996d25b26f-f90455a7890cb15dbd53e8604eb62147c651cb13&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 08:58:21&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={9817EB78-0DE5-4AD8-BB44-0EC4C37BD679}&mid=6b4392828c0247d29d3ca5996d25b26f-f90455a7890cb15dbd53e8604eb62147c651cb13&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 08:58:21&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR NewTab: Default ->  Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://www.sweet-page.com/web/?type=ds&ts=1401263650&from=sof&uid=WDCXWD5000LPVX-80V0TT0_WD-WX41A23U7509U7509&q={searchTerms}
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Extension: (dress4u) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhacemfmaapnkiehojbhmclmdnhjhfn [2015-04-02]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
2015-03-31 10:14 - 2015-03-31 10:14 - 000005655 _____ () C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxf
2015-03-31 10:14 - 2015-03-31 10:14 - 000005655 _____ () C:\Users\Agata\AppData\Roaming\NEToMyx0kg1YfuIGF7Hgxflu
C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software\Opera.lnk
HOSTS:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

 

4) Użyj Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbiór-narzędzi-usuwających/?tab=comments#comment-172741

najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk OCZYŚĆ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

 

5) Zrób nowe logi FRST.

 

jessi

 

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...