Długie ładowanie systemu

[PolishCitizen]

Ostatnio po włączeniu komputera po pojawieniu się pulpitu z wszystkimi ikonami muszę odczekać minutę żeby włączyć przeglądarkę lub cokolwiek. Przed tym jeszcze pojawia się na chwilę komunikat, że zapora systemowa została wyłączona, po chwili sama się włącza i komunikat znika. Na dodatek wczoraj system wywalił mi błąd krytyczny i musiałem resetować kompa. Takiego błędu nie miałem od roku... Nie wiem czy to działalność wirusa ale chcę się upewnić więc zamieszczam logi.

[wojtas]

odinstaluj FreeSoundRecorder Toolbar
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-776561741-1417001333-1801674531-1004\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-776561741-1417001333-1801674531-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-1417001333-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-1417001333-1801674531-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2704262&SearchSource=2&q="
[2012-03-01 14:07:42 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\qplaycap.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sketchup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\stimon.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
[2012-03-07 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\PriceGong

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .


daj log z AdwCleaner ( opcja Search )

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

[PolishCitizen]

Niestety przy tej linijce OTL się zawiesił:

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2704262&SearchSource=2&q="

Zamieszczam log z AdwCleaner

[wojtas]

odpal OTL bez tej linijki (ewentualnie spróbuj w awaryjnym)

potem AdwCleaner z opcji Delete

i na koniec nowy log z OTl

[PolishCitizen]

Log z AdwCleaner oraz z OTLa po wykonaniu skryptu:

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-776561741-1417001333-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
File C:\Program Files\FreeSoundRecorder\prxtbFree.dll not found.
HKEY_USERS\S-1-5-21-776561741-1417001333-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-776561741-1417001333-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-776561741-1417001333-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\modules folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\META-INF folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\defaults folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\Mozilla\Firefox\Profiles\4qs71ujl.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpwucli.exe\ deleted successfully.
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javaw.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javaws.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\presentationhost.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qplaycap.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sketchup.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steam.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stimon.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Gr2eg0rz\Dane aplikacji\PriceGong folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gr2eg0rz
->Temp folder emptied: 30155245 bytes
->Temporary Internet Files folder emptied: 24306646 bytes
->Java cache emptied: 49684317 bytes
->FireFox cache emptied: 307409928 bytes
->Google Chrome cache emptied: 228705094 bytes
->Flash cache emptied: 4285 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 34282 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2708374 bytes
%systemroot%\System32 .tmp files removed: 1567268 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 605946 bytes

Total Files Cleaned = 615,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Gr2eg0rz
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.2 log created on 03102012_181520

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


PS
Dodam, że problem nadal występuje, muszę czekać po włączeniu systemu żeby cokolwiek odpalić ;/

[wojtas]

daj nowy log z OTL

[PolishCitizen]

OTL

[wojtas]

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


nic więcej nie widać.