VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Spomalený a zavirený notebook

https://forum.viry.cz:443/viewtopic.php?t=155529

Stránka 1 z 2

Spomalený a zavirený notebook

Napsal: 08 úno 2019 19:26
od Tomas1995
Mám taký problém z notebookom je strašne pomalý predtým mal po zapnutí HDD 100% zaťaženie dal som tam firewall tak sa to dalo do normálu aj sken s adware cleanerom našlo vela virusov dole posielam log ale určite je tam viacej vírusov poprosil by som pozrieť log z FRST v prílohe dakujem.
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 01 15:27:35 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-27-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.AdvancedSystemCare, AdvancedSystemCareService11


***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\admin\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\admin\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare


***** [ Files ] *****

PUP.Optional.AdvancedSystemCare, C:\Windows\SysNative\REGISTRYDEFRAGBOOTTIME.EXE
PUP.Optional.Reimage, C:\Windows\Reimage.ini


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.AdvancedSystemCare, ASC11_PerformanceMonitor


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Reimage, [Key] - HKLM\SOFTWARE\Reimage
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-2397709541-1446653467-129089873-1001\Software\Reimage
PUP.Optional.Reimage, [Key] - HKCU\Software\Reimage


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 20:04
od Rudy
Nálezy ADW smažte, restartujte. Pak otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\Windows\Temp\is-66V0U.tmp\spybotsd2-SDLicense-websitev4.tmp
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {9b3d36dd-9b2d-11e8-93ca-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {a3980c04-1f2c-11e9-93d7-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {b49d41b8-a0a3-11e8-93cc-485ab62abf18} - "G:\Install.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {f654b7bd-8a3f-11e8-93c8-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE15
SearchScopes: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE15
Edge HomeButtonPage: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> hxxps://www.yandex.ru/?win=312&clid=2278150
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20173620.xml [2017-12-20]
C:\Users\admin\AppData\Local\Yandex
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File)
Task: {D1F47632-EC37-4B4D-9D34-9BAD10931FC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc -> Google Inc.)
Task: {87FFA081-8779-4BA5-B060-1CDCC800634E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc -> Google Inc.)

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 20:22
od Tomas1995
Stále je pomaly hlavne štart systému.
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by admin (08-02-2019 20:15:34) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Windows\Temp\is-66V0U.tmp\spybotsd2-SDLicense-websitev4.tmp
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {9b3d36dd-9b2d-11e8-93ca-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {a3980c04-1f2c-11e9-93d7-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {b49d41b8-a0a3-11e8-93cc-485ab62abf18} - "G:\Install.exe"
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\...\MountPoints2: {f654b7bd-8a3f-11e8-93c8-485ab62abf18} - "D:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE15
SearchScopes: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE15
Edge HomeButtonPage: HKU\S-1-5-21-2397709541-1446653467-129089873-1001 -> hxxps://www.yandex.ru/?win=312&clid=2278150
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20173620.xml [2017-12-20]
C:\Users\admin\AppData\Local\Yandex
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File)
Task: {D1F47632-EC37-4B4D-9D34-9BAD10931FC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc -> Google Inc.)
Task: {87FFA081-8779-4BA5-B060-1CDCC800634E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-27] (Google Inc -> Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\Temp\is-66V0U.tmp\spybotsd2-SDLicense-websitev4.tmp => moved successfully
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b3d36dd-9b2d-11e8-93ca-485ab62abf18} => removed successfully
HKLM\Software\Classes\CLSID\{9b3d36dd-9b2d-11e8-93ca-485ab62abf18} => not found
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3980c04-1f2c-11e9-93d7-485ab62abf18} => removed successfully
HKLM\Software\Classes\CLSID\{a3980c04-1f2c-11e9-93d7-485ab62abf18} => not found
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b49d41b8-a0a3-11e8-93cc-485ab62abf18} => removed successfully
HKLM\Software\Classes\CLSID\{b49d41b8-a0a3-11e8-93cc-485ab62abf18} => not found
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f654b7bd-8a3f-11e8-93c8-485ab62abf18} => removed successfully
HKLM\Software\Classes\CLSID\{f654b7bd-8a3f-11e8-93c8-485ab62abf18} => not found
"HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2397709541-1446653467-129089873-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2397709541-1446653467-129089873-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => removed successfully
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20173620.xml => moved successfully
C:\Users\admin\AppData\Local\Yandex => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1F47632-EC37-4B4D-9D34-9BAD10931FC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1F47632-EC37-4B4D-9D34-9BAD10931FC5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FFA081-8779-4BA5-B060-1CDCC800634E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FFA081-8779-4BA5-B060-1CDCC800634E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95801452 B
Java, Flash, Steam htmlcache => 1066 B
Windows/system/drivers => 143576499 B
Edge => 90109 B
Chrome => 40530505 B
Firefox => 20674871 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 2708 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
admin => 38695523 B

RecycleBin => 0 B
EmptyTemp: => 331.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:16:22 ====

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 20:56
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 20:59
od Diallix
https://forum.viry.cz/viewtopic.php?f=30&t=155524

Oba pocitce su vase? :?: :?:

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 21:30
od Tomas1995
Rudy-Nenašlo nič ale skenoval som ho týmto programom strašne dávno a vtedy našlo veľa vírusov ale dal som ich zmazať.
Diallx-Ano obidva počítače sú moje.
Malwarebytes
http://www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 8. 2. 2019
Čas skenovania: 21:19
Súbor denníka: e0dfd114-2bde-11e9-aedd-a0d3c160c3f9.json

-Údaje o softvéri-
Verzia: 3.7.1.2839
Verzia súčastí: 1.0.538
Aktualizovať verziu balíka: 1.0.9180
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 17134.523)
Procesor: x64
Systém súborov: NTFS
Používateľ: DESKTOP-UIGEGLF\admin

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 288750
Zistené hrozby: 0
Hrozby umiestnené do karantény: 0
Uplynulý čas: 3 min, 33 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 0
(Nezistili sa nijaké škodlivé položky)

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 21:59
od Rudy
Ok. Přes příkazový řádek příkazem msconfig spusťte konfigurační okno Windpws. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech ne-microsoftích položek (kromě ovladačů a bezpečnostního sw). Nastavení uložte a restartujte.

Re: Spomalený a zavirený notebook

Napsal: 08 úno 2019 22:30
od Tomas1995
Spravil som to a posielam screenshot či tie služby avastu sú v poriadku ked tam majú "%1!s!" v nadpise.

Obrázek

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 00:15
od Tomas1995
Toto som zistil pri nečinosťi s PC nič som nerobil a HDD je zatažený na 100% asi tam bude ešte virus.

Obrázek

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 11:23
od Rudy
Zkuste Avast přeinstalovat. Někdy to může způsobovat nezdařená aktualizace.

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 12:49
od Tomas1995
Dal som ho odinštalovať aj tak ma 100% ale na inej službe.Posielam nový log z FRST v prílohe.

Obrázek

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 14:58
od Tomas1995
Ešte posielam čo som našiel ked som zapol Process Exploer.

Obrázek

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 15:43
od Rudy
Na zkoušku vypněte aut. aktualizace systému a zkontrolujte, zda se stav změnil k lepšímu, případně použijte tento návod: https://translate.google.com/translate? ... rev=search .

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 17:54
od Tomas1995
Dobre skusím to ale mohli by ste my pozrieť ten log z FRST ešte raz dakujem.

Re: Spomalený a zavirený notebook

Napsal: 09 úno 2019 18:04
od Rudy
Mohu, ale musel byste dát nové logy FRST+Addition.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz