Pomocy! Komputer działa wolno, często zawiesza.

[Ludzik]

Witam!
Proszę o sprawdzenie poniższych logów, komputer nie działa tak jak powinien. Częste 'zamrażanie' systemu, spowolnione działanie etc.

Addition.txt

FRST.txt

Shortcut.txt

OTL.Txt

Extras.Txt

[jessica]

 @Picasso teraz pomaga tylko 2-3 razy w miesiącu, czyli średnio co 12 dni.

https://www.fixitpc.pl/topic/23357-picasso/

Miała już być wczoraj wieczorem, ale ...?

 

1) Odinstaluj:

BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION

 

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

 

3) Otwórz Notatnik i wklej w nim:

 

HKLM\...\Run: [] => [X]
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
FF SearchPlugin: C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\delta.xml
FF SearchPlugin: C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\holasearch.xml
FF Extension: HolaSearch - C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\Extensions\ffxtlbr@holasearch.com [2013-06-11]
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}t; C:\WINDOWS\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}t.sys [55232 2014-06-16] (StdLib)
C:\WINDOWS\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}t.sys
C:\Documents and Settings\Właściciel\Application Data\Babylon
C:\Documents and Settings\All Users\Application Data\IBUpdaterService
C:\Documents and Settings\Właściciel\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\Właściciel\Application Data\BabSolution
C:\Documents and Settings\All Users\Application Data\BitGuard
C:\Documents and Settings\All Users\Application Data\Babylon
Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.
 

4) Zrób nowe logi z FRST - już bez Shortcut.

 

jessi

[Ludzik]

Dziękuję za tak szybką odpowiedź!

 

1) Odinstaluj:

BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION

Może to głupie pytanie, ale jak? Przeszukałem regedit i nie znalazlem takiego wpisu w rejestrze, w Dodaj/Usuń nie ma Bitguard`a.

 

Poniżej wkleiłem loga z AdwCleaner`a, w załącznikach nowe logi z FRST.

AdwCleaner:

 

# AdwCleaner v3.213 - Report created 25/06/2014 at 11:32:22
# Updated 23/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Właściciel - YOUR-17A6EC0835
# Running from : C:\Documents and Settings\Właściciel\Desktop\lukasz\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Update Greener Web

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Program Files\Greener Web
Folder Deleted : C:\Documents and Settings\Właściciel\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\AD ON Multimedia
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Właściciel\Start Menu\Programs\BitGuard
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\Extensions\ffxtlbr@holasearch.com
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@holasearch.com
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\BrowserDefender.xml
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\searchplugins\holasearch.xml
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\user.js
File Deleted : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\nts and Settings\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.holasearchesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.holasearchesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKCU\Software\5d6dfdeb46eed17
Key Deleted : HKLM\SOFTWARE\5d6dfdeb46eed17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58B41DCD-55B2-48EB-A55A-E330070FFC00}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58B41DCD-55B2-48EB-A55A-E330070FFC00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\holasearch LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v30.0 (pl)

[ File : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\gymd578x.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "2");
Line Deleted : user_pref("extensions.delta.cntry", "PL");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "E947B26DA55ECACB4A90279D20C88708");
Line Deleted : user_pref("extensions.delta.id", "60170b1f0000000000000013d3689942");
Line Deleted : user_pref("extensions.delta.instlDay", "15894");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.510:52:19");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.510:52:19");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=070713_9124&tsp=4937");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.holasearch.admin", false);
Line Deleted : user_pref("extensions.holasearch.aflt", "babsst");
Line Deleted : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Line Deleted : user_pref("extensions.holasearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.holasearch.bbDpng", "9");
Line Deleted : user_pref("extensions.holasearch.cntry", "PL");
Line Deleted : user_pref("extensions.holasearch.dfltLng", "en");
Line Deleted : user_pref("extensions.holasearch.excTlbr", false);
Line Deleted : user_pref("extensions.holasearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.holasearch.hdrMd5", "D7C8554CF9D40C78AFF592E5EB17E9F1");
Line Deleted : user_pref("extensions.holasearch.id", "60170b1f0000000000000013d3689942");
Line Deleted : user_pref("extensions.holasearch.instlDay", "15889");
Line Deleted : user_pref("extensions.holasearch.instlRef", "sst");
Line Deleted : user_pref("extensions.holasearch.lastVrsnTs", "1.8.16.1610:18:59");
Line Deleted : user_pref("extensions.holasearch.newTab", false);
Line Deleted : user_pref("extensions.holasearch.prdct", "holasearch");
Line Deleted : user_pref("extensions.holasearch.prtnrId", "holasearch");
Line Deleted : user_pref("extensions.holasearch.rvrt", "false");
Line Deleted : user_pref("extensions.holasearch.sg", "azb");
Line Deleted : user_pref("extensions.holasearch.smplGrp", "none");
Line Deleted : user_pref("extensions.holasearch.tlbrId", "base");
Line Deleted : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1610:18:59");
Line Deleted : user_pref("extensions.holasearch.vrsni", "1.8.16.16");

[ File : C:\Documents and Settings\Właściciel\Application Data\Mozilla\Firefox\Profiles\nts and Settings\prefs.js ]


*************************

AdwCleaner[R0].txt - [10479 octets] - [25/06/2014 11:29:27]
AdwCleaner[s0].txt - [10469 octets] - [25/06/2014 11:32:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10530 octets] ##########
 

 

 

 

Fixlog.txt

Addition.txt

FRST.txt

[jessica]

Może to głupie pytanie, ale jak? Przeszukałem regedit i nie znalazlem takiego wpisu w rejestrze, w Dodaj/Usuń nie ma Bitguard`a.

Było (to BitGuard):

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Adw-Cleaner już to usunął z listy programów.

 

W nowych logach nie widzę już niczego podejrzanego.

 

Jeśli @Picasso nie poda jeszcze jakichś zaleceń, to będziemy kończyć:

Otwórz Notatnik i wklej w nim:

 

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

 

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

 

Mam nadzieję, że to choć trochę poprawiło sytuację.

 

jesso

[Ludzik]

Bardzo dziękuję za pomoc!