Powolne

[Nokum 0]

Witam, zwracam się z prośbą o sprawdzenie LOGa OTL, gdyż komputer znacznie wolniej pracuje. Przeczuwam, że jest zainfekowany. I jeszcze pojawił się taki problem :jeszcze wczoraj dysk pracował normalnie, a teraz gdy próbuje otworzyć dysk D to wyskakuje komunikat "Dysk nie jest sformatowany" Mógłbym jakoś odzyskać dane z owego dysku? ;>

 

OTL : http://wklej.to/ijzxd

 

EXTRAS : http://wklej.to/oKel3

[filutka78 11]

1) Odinstaluj:

"istartsurf uninstall" = istartsurf uninstall

"WindowsMangerProtect" = WindowsMangerProtect20.0.0.722

 

2) Użyj >Adw-cleaner

najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.

Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

 

3) Użyj >USBFix (aby pobrać kliknij na "Telecharger")

Kliknij w nim na: CLEAN.

Daj raport z tego usuwania.

 

4) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL

[2014-09-03 01:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect

[2014-09-03 01:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices

[2014-08-24 10:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Search Settings

[2014-08-24 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SearchMe

[2014-11-27 15:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Pay-By-Ads

[2014-09-23 17:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\istartsurf

[2014-11-07 07:25:45 | 000,000,135 | RHS- | C] () -- C:\Documents and Settings\Administrator\autorun.inf

[2014-11-05 12:04:42 | 000,049,152 | RHS- | C] () -- C:\Documents and Settings\Administrator\qktier.scr

[2014-11-27 02:32:30 | 000,055,816 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}t.sys

[2014-11-27 15:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Pay-By-Ads

[2014-11-27 14:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar

[2014-11-27 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Hold Page

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O4 - HKU\S-1-5-21-1275210071-2052111302-1606980848-500..\Run: [Yahoo! Search] C:\Documents and Settings\Administrator\Dane aplikacji\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe (Pay By Ads LTD)

[2014-11-27 15:03:19 | 000,001,147 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\neua55sn.default\searchplugins\dsrlte.xml

[2014-09-03 01:33:14 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\neua55sn.default\extensions\faststartff@gmail.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\faststartff@gmail.com: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\neua55sn.default\extensions\faststartff@gmail.com [2014-09-03 01:33:14 | 000,000,000 | ---D | M]

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..keyword.URL: "http://rts.dsrlte.com/?q="

FF - prefs.js..browser.startup.homepage: "http://rts.dsrlte.com?affID=na"

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\..\SearchScopes\{E8A0A72B-0462-481D-BDEC-98CC6C2D78B5}: "URL" = http://rts.dsrlte.com/?affID=na&q={searchTerms}

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\..\URLSearchHook: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - No CLSID value found

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\..\SearchScopes,DefaultScope = {E8A0A72B-0462-481D-BDEC-98CC6C2D78B5}

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC

IE - HKU\S-1-5-21-1275210071-2052111302-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na

IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1409704393&from=smt&uid=MaxtorX5T040H4_T4J4F7YC&q={searchTerms}

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\10310FCD3.sys -- (4F9759079FA5A1B8)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\B7F613E15.sys -- (4F88EC308A523238)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\7B644AAEA.sys -- (4F88AEDE273BB8B8)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\3FD04253.sys -- (4F88ADD5F48481B8)

DRV - [2014-11-27 02:32:30 | 000,055,816 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}t.sys -- ({f0087990-17d0-4537-ad91-6a7a9c5c1b37}t)

DRV - [2014-08-30 08:46:36 | 000,055,056 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}t.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}t)

SRV - File not found [Auto | Stopped] -- C:\Program Files\ClearThink\bin\utilClearThink.exe -- (Util ClearThink)

SRV - File not found [Auto | Stopped] -- C:\Program Files\ClearThink\updateClearThink.exe -- (Update ClearThink)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)

SRV - [2014-11-27 14:56:06 | 000,526,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Hold Page\bin\utilHoldPage.exe -- (Util Hold Page)

SRV - [2014-11-27 14:21:58 | 000,526,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Hold Page\updateHoldPage.exe -- (Update Hold Page)

SRV - [2014-09-03 01:35:39 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices\PluginService.exe -- (IePluginServices)

SRV - [2014-09-03 01:35:29 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)

SRV - [2014-07-28 12:09:40 | 000,811,384 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

MOD - [2014-07-16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files\SupTab\Loader32.exe

MOD - [2014-11-27 14:56:06 | 000,526,064 | ---- | M] () -- C:\Program Files\Hold Page\bin\utilHoldPage.exe

MOD - [2014-11-27 14:21:58 | 000,526,064 | ---- | M] () -- C:\Program Files\Hold Page\updateHoldPage.exe

MOD - [2014-11-27 11:31:22 | 000,098,544 | ---- | M] () -- C:\Program Files\Hold Page\bin\HoldPage.BrowserAdapter.exe

MOD - [2014-11-27 02:32:28 | 000,296,176 | ---- | M] () -- C:\Program Files\Hold Page\bin\HoldPage.PurBrowse.exe

MOD - [2014-09-03 01:35:40 | 000,023,944 | ---- | M] () -- C:\Program Files\SupTab\WindowsSupportDll32.dll

 

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

 

:Commands

[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.

Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

========================================================

 

Error - 2014-11-27 10:09:07 | Computer Name = SPEED2 | Source = Disk | ID = 262151

Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

http://www.fixitpc.pl/topic/5553-blad-sterownik-wykryl-blad-kontrolera-na-deviceharddiskxdrx-i-jego-interpretacja/

Możesz założyć temat np. na http://www.fixitpc.pl/forum/43-hardware/

 

F.