Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

ntb problem

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#16 Příspěvek od Hraczka »

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by David (22-03-2021 22:03:32) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager

HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {a0a810ce-1622-11eb-bb84-485b39405249} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {f6176fa3-6eec-11eb-9131-485b39405249} - F:\HiSuiteDownLoader.exe
BootExecute:
Task: {0744203E-A33F-4CB1-A507-D4C585BE9FF5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe
Task: {54331C3E-2EE5-4711-9C94-D82EA93D5983} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {5F112118-EAEF-4B1C-BE89-FB6A776DA1BF} - System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
2021-03-16 22:44 - 2021-03-16 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-03-16 22:22 - 2021-03-16 22:55 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 6738
Average :
Sum : 43906062313
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"="2592000"
"GlobalFlag"="0"
"HeapDeCommitFreeBlockThreshold"="0"
"HeapDeCommitTotalFreeThreshold"="0"
"HeapSegmentCommit"="0"
"HeapSegmentReserve"="0"
"ProcessorControl"="2"
"ResourceTimeoutCount"="648000"
"BootExecute"=""
"ExcludeFromKnownDlls"="*"
"ObjectDirectories"="\Windows*\RPC Control"
"ProtectionMode"="1"
"NumberOfInitialSessions"="2"
"SetupExecute"="*"
"AutoChkTimeout"="5"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache]
"AppCompatCache"="ee0fdcba0004000078000000a2180500410300003a4c0000140000000000000076030000c80200006734000000000000d9f50400b3220000760c000076080000c43f000000000000020000000000000000000000100000001a000000af33000000000000 (the data entry has 412520 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]
"BackupCount"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices]
"AUX"="\DosDevices\COM1"
"MAILSLOT"="\Device\MailSlot"
"NUL"="\Device\Null"
"PIPE"="\Device\NamedPipe"
"PRN"="\DosDevices\LPT1"
"UNC"="\Device\Mup"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"Path"="C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsP (the data entry has 15 more characters)."
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="AMD64"
"TEMP"="%SystemRoot%\TEMP"
"TMP"="%SystemRoot%\TEMP"
"USERNAME"="SYSTEM"
"windir"="%SystemRoot%"
"PSModulePath"="%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"
"NUMBER_OF_PROCESSORS"="2"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 23 Stepping 10, GenuineIntel"
"PROCESSOR_REVISION"="170a"
"ESET_OPTIONS"=" (the data entry has 311 more characters)."
"VBOX_HWVIRTEX_IGNORE_SVM_IN_USE"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]
"AdditionalCriticalWorkerThreads"="0"
"AdditionalDelayedWorkerThreads"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System]
"AllowRemoteDASD"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"ObUnsecureGlobalNames"="netfxcustomperfcounters.1.0*SharedPerfIPCBlock*Cor_Private_IPCBlock*Cor_Public_IPCBlock_"
"obcaseinsensitive"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
"clbcatq"="clbcatq.dll"
"ole32"="ole32.dll"
"advapi32"="advapi32.dll"
"COMDLG32"="COMDLG32.dll"
"DllDirectory"="%SystemRoot%\system32"
"DllDirectory32"="%SystemRoot%\syswow64"
"gdi32"="gdi32.dll"
"IERTUTIL"="IERTUTIL.dll"
"IMAGEHLP"="IMAGEHLP.dll"
"IMM32"="IMM32.dll"
"kernel32"="kernel32.dll"
"LPK"="LPK.dll"
"MSCTF"="MSCTF.dll"
"MSVCRT"="MSVCRT.dll"
"NORMALIZ"="NORMALIZ.dll"
"NSI"="NSI.dll"
"OLEAUT32"="OLEAUT32.dll"
"PSAPI"="PSAPI.DLL"
"rpcrt4"="rpcrt4.dll"
"sechost"="sechost.dll"
"Setupapi"="Setupapi.dll"
"SHELL32"="SHELL32.dll"
"SHLWAPI"="SHLWAPI.dll"
"URLMON"="URLMON.dll"
"user32"="user32.dll"
"USP10"="USP10.dll"
"WININET"="WININET.dll"
"WLDAP32"="WLDAP32.dll"
"WS2_32"="WS2_32.dll"
"DifxApi"="difxapi.dll"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"="0"
"NonPagedPoolQuota"="0"
"NonPagedPoolSize"="0"
"PagedPoolQuota"="0"
"PagedPoolSize"="0"
"SecondLevelDataCache"="0"
"SessionPoolSize"="4"
"SessionViewSize"="48"
"SystemPages"="0"
"PagingFiles"="?:\pagefile.sys"
"PhysicalAddressExtension"="1"
"IoPageLockLimit"="134217728"
"DisablePagingExecutive"="1"
"LargeSystemCache"="0"
"ExistingPageFiles"="\??\C:\pagefile.sys"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"BootId"="416"
"BaseTime"="623182761"
"EnableSuperfetch"="3"
"EnablePrefetcher"="2"
"EnableBootTrace"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\StoreParameters]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"AcPolicy"="010000000600000003000000000000000200000003000000000000000200000001000000000000000100000018f5060002000000010000000000000000000000320000000200000004000000020000000100000034003700000000000300000001000000 (the data entry has 264 more characters)."
"DcPolicy"="0100000006000000030000000000000002000000030000000000000002000000010000000000000001000000310038000200000000000000000000002c010000320330000400000004000000020000000100000000009019840300000300000001000000 (the data entry has 264 more characters)."
"AcProcessorPolicy"="01000000000000000000000003000000a0860100a0860100a08601002832000002000000a0860100a0860100a0860100283c000003000000a0860100a0860100a08601002850000001000000"
"DcProcessorPolicy"="01000000030000000000000003000000a0860100a0860100a08601000a14000002000000a0860100a0860100a08601001428000003000000a0860100a0860100a08601001446000001000000"
"PowerSettingProfile"="0"
"SystemPowerPolicy"="010000000200000000000000000000000200000000000000000000000200000000000000000000000100000000000000020000000000000000000000000000005a0000000400000004000000010000000100000000000000000000000100000000000000 (the data entry has 264 more characters)."
"HiberCopyBytes"="0000000000000000"
"HiberElapsedTime"="0"
"HiberIoTime"="0"
"HiberInitTime"="0"
"HiberCopyTime"="0"
"HiberPagesWritten"="0"
"HiberPagesProcessed"="0"
"HiberDumpCount"="0"
"HiberFileRuns"="0"
"HiberReadTime"="0"
"HiberResumeAppTime"="0"
"HiberCompressTime"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
""="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug*Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=wins (the data entry has 90 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP]
"seed"="1193057078"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-PRCRFTFJWDC296]
"SigningHashData"="9f81d29e9cc3c2def99455cbe3e377466e99dae0225d4d05adfdc2dbb37f85717fabaf6f7232fcb696dcf71d04b1c8d37bfbb3930b11cfb2"

=== End of ExportKey ===
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a810ce-1622-11eb-bb84-485b39405249} => removed successfully
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6176fa3-6eec-11eb-9131-485b39405249} => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0744203E-A33F-4CB1-A507-D4C585BE9FF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0744203E-A33F-4CB1-A507-D4C585BE9FF5}" => removed successfully
C:\Windows\System32\Tasks\McAfee\DAD.Execute.Updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\DAD.Execute.Updates" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54331C3E-2EE5-4711-9C94-D82EA93D5983}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54331C3E-2EE5-4711-9C94-D82EA93D5983}" => removed successfully
C:\Windows\System32\Tasks\WiseCleaner\WRCSkipUAC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F112118-EAEF-4B1C-BE89-FB6A776DA1BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F112118-EAEF-4B1C-BE89-FB6A776DA1BF}" => removed successfully
C:\Windows\System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{969383CA-78D7-48AC-8B00-C36A6A3B82B7}" => removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
aspnet_state => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully
C:\Windows\system32\Tasks\McAfee => moved successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13205556 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5169955 B
Edge => 0 B
Firefox => 275161896 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 606457 B
systemprofile32 => 606585 B
LocalService => 606585 B
NetworkService => 624779 B
David => 934069438 B
Classic .NET AppPool => 934069438 B
DefaultAppPool => 934069438 B

RecycleBin => 131045549 B
EmptyTemp: => 3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:08:10 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#17 Příspěvek od Conder »

:arrow: Ako to vyzera s PC? Su nejake problemy?

:arrow: Plocha ma cca 40 GB, co je prilis vela. Odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#18 Příspěvek od Hraczka »

Díky, hlavní problém s antivirem je vyřešen. Díky za pomoc a rady :-D

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#19 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch: :arrow: A odporucal by som este (viacmenej "preventivne") tento krok:

:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Skopiruj a spusti prikaz:

    Kód: Vybrat vše

    DISM.exe /Online /Cleanup-image /Restorehealth
  • Po dokonceni skopiruj a spusti druhy prikaz:

    Kód: Vybrat vše

    sfc /scannow
  • Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt
  • Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
  • Restartuj PC
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#20 Příspěvek od Hraczka »

# DelFix v1.013 - Logfile created 26/03/2021 at 21:40:30
# Updated 17/04/2016 by Xplode
# Username : David - DAVID-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#21 Příspěvek od Hraczka »

Spustil jsem cmd jako správce a zadal:

Kód: Vybrat vše

DISM.exe /Online /Cleanup-image /Restorehealth
a stalo se i toto :
1.JPG
1.JPG (49.24 KiB) Zobrazeno 792 x

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#22 Příspěvek od Hraczka »

sfc-dism.rar
(5.82 KiB) Staženo 49 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#23 Příspěvek od Conder »

Tak toto vyzera OK, pozabudol som, ze je to Windows 7, kde je funkcny len ten druhy prikaz (sfc /scannow).

Ak uz teda nie su s PC ziadne problemy, tak to by bolo vsetko :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#24 Příspěvek od Hraczka »

Díky :D

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#25 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)

:arrow: Este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět