pomalejší ntb

[darkane]

Dobrý den
Prosím o kontrolu logu. Ntb je neustále něčím zaměstnáván, objevují se nežádoucí reklamy a někdy se sám zavře prohlížeč firefox.
Děkuji

[altrok]

Zdravim

Odinstalujte Seznam Software

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[darkane]

seznam software odinstelován
zde log z AdwCleaner v4.106



# AdwCleaner v4.106 - Report created 07/01/2015 at 11:58:57
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : darkane - DARKANE
# Running from : C:\Users\darka_000\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Media Saver
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\Media Saver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Saver
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[9yz2pq69.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14ab1e273e307f1432e4e38e26ba1509");
[9yz2pq69.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[9yz2pq69.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95

[C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8498 octets] - [07/01/2015 11:50:04]
AdwCleaner[R1].txt - [4770 octets] - [07/01/2015 11:52:50]
AdwCleaner[R2].txt - [4830 octets] - [07/01/2015 11:57:39]
AdwCleaner[S0].txt - [4014 octets] - [07/01/2015 11:52:06]
AdwCleaner[S1].txt - [3365 octets] - [07/01/2015 11:58:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3425 octets] ##########

[altrok]

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[darkane]

log FRST.txt, i Addition.txt v příloze

[altrok]

Odinstalujte SpyHunter - jeho ucinnost je velice diskutabilni a nektere zdroje ho radi mezi tzv. rogue anti-spyware.

Taky prozatim varuju pred bezpecnostnimi riziky pri pouzivani prohlizece od Seznamu, ktery zatim ani zdaleka neni na (bezpecnostni) urovni rozsirenejsich prohlizecu.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
  HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
  HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
  HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\...\Run: [AdobeBridge] => [X]
  ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
  ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
  ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
  BootExecute: autocheck autochk * sh4native Sh4Removal
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-2802680610-4246973846-2910803817-1002 -> {78FDCB90-1064-4681-B14C-6678967791AE} URL = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
  
  FF Extension: downintabmaxmax - C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\downintab@max.max [2015-01-07]
  FF Extension: jid1eMhaOaq3SPBFDgjetpack - C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack [2015-01-07]
  
  CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
  CHR DefaultSuggestURL: Default -> http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
  CHR Extension: (ejihekcemjghahmoofljdfbgkocndmem) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejihekcemjghahmoofljdfbgkocndmem [2015-01-07]
  CHR Extension: (mihcahmgecmbnbcchbopgniflfhgnkff) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-07]
  
  R2 Update Service for Media Saver; C:\Program Files (x86)\Media Saver\Basement\ExtensionUpdaterService.exe [136200 2014-12-05] ()
  C:\Program Files (x86)\Media Saver
  S3 esgiguard; D:\down\PROG\SpyHunter-4.18.9.-4384\SpyHunter\esgiguard.sys [16432 2014-10-24] (Enigma Software Group USA, LLC.)
  D:\down\PROG\SpyHunter-4.18.9.-4384\SpyHunter
  S1 agcnnlxt; \??\C:\WINDOWS\system32\drivers\agcnnlxt.sys [X]
  
  2015-01-07 17:00 - 2015-01-07 17:01 - 00017386 _____ () C:\Users\darka_000\Desktop\FRST.txt
  2015-01-07 16:57 - 2015-01-07 16:57 - 00029696 _____ () C:\Users\darka_000\AppData\Local\MSGBOX.EXE
  2015-01-07 16:57 - 2015-01-07 16:57 - 00015327 _____ () C:\Users\darka_000\Desktop\LM.bat
  2015-01-07 16:56 - 2015-01-07 16:56 - 00112640 _____ (forum.viry.cz) C:\Users\darka_000\Desktop\FRSTLauncher.exe
  2015-01-07 10:47 - 2015-01-07 11:58 - 00000000 ____D () C:\AdwCleaner
  2015-01-07 10:47 - 2015-01-07 10:49 - 00000000 ____D () C:\rsit
  2015-01-07 10:47 - 2015-01-07 10:47 - 00000000 ____D () C:\Program Files\trend micro
  2015-01-07 10:46 - 2015-01-07 10:46 - 02173952 _____ () C:\Users\darka_000\Desktop\adwcleaner_4.106.exe
  2015-01-07 10:46 - 2013-10-31 09:59 - 00935175 _____ () C:\Users\darka_000\Desktop\RSITx64.exe
  
  CMD: del C:\Users\darka_000\AppData\Roaming\*.exe
  Task: {636179E9-6485-4F66-A73F-45AE685BAA1C} - System32\Tasks\SpyHunter4Startup => C:\Users\darka_000\Desktop\SpyHunter-4.18.9.-4384\SpyHunter\SpyHunter4.exe
  Task: {64ADB6A3-FF64-46E6-9292-FAE76B3036EF} - System32\Tasks\HKU => C:\Users\darka_000\AppData\Roaming\HKU.exe [2015-01-04] (HDQ-1.2cV04.01) <==== ATTENTION
  Task: {7CB9FCB2-1C87-4803-BCD2-D33691A3476A} - System32\Tasks\ICBWRJZE => C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe [2015-01-04] (HDQ-1.2cV04.01) <==== ATTENTION
  Task: {9F3358BA-311C-47F1-A176-D93D7CF26D6A} - System32\Tasks\MRKNPH => C:\Users\darka_000\AppData\Roaming\MRKNPH.exe [2015-01-03] (joep) <==== ATTENTION
  Task: {DEE24C02-D594-4387-8273-875B7A2AB58F} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
  Task: {F28597A9-FB82-41DF-94C3-3B5BC677A8D7} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
  Task: {F395750F-9419-4396-906B-D8F6DEBBCF1D} - System32\Tasks\{BEBBD547-0110-43F5-A41A-156D98E375B2} => pcalua.exe -a C:\Users\darka_000\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=smt
  Task: {F832BB81-330B-4777-88EA-BF6C1F08C973} - System32\Tasks\{98BA54AA-7E02-4274-9F74-6B81B029BF49} => pcalua.exe -a C:\Users\darka_000\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp
  Task: {FE8FBB7F-BA8F-4964-8FEF-0A7535C1017E} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-11-20] ()
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\HKU.job => C:\Users\darka_000\AppData\Roaming\HKU.exe <==== ATTENTION
  Task: C:\WINDOWS\Tasks\ICBWRJZE.job => C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe <==== ATTENTION
  Task: C:\WINDOWS\Tasks\MRKNPH.job => C:\Users\darka_000\AppData\Roaming\MRKNPH.exe <==== ATTENTION
  
  C:\Users\darka_000\AppData\Roaming\HKU.exe
  C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe
  C:\Users\darka_000\AppData\Roaming\MRKNPH.exe
  C:\Users\darka_000\AppData\Roaming\omiga-plus
  C:\Users\darka_000\AppData\Roaming\webssearches
  C:\WINDOWS\AutoKMS\AutoKMS.exe
  Hosts:
  EmptyTemp:
  End
  

[darkane]

Vše potřebné provedu zítra ráno. Momentálně nemám přístup k ntb.
zatím moc děkuji

[altrok]

Oukej... mate tam bordela fakt pozehnane, takze se bojim, aby se mezitim jeste nerozmnozil... aplikujte fixlist (vlozte obsah fixlogu) a pak dejte jeste jeden aktualni log z FRST (staci bez FRSTLauncheru) - opet frst.txt i addition.txt

[darkane]

Spyhunter a prohlížeč Seznamu jsou odinstalovány.
V příloze fixlog a nový FRST a Addition. Už nyní je znát jasné zlepšení.
Díky

[altrok]

Je tam cosik noveho, takze jeste docistime.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
  CHR DefaultSuggestURL: Default -> http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
  CHR Extension: (okadibdjfemgnhjiembecghcbfknbfhg) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-08]
  S2 MSLSService; C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe [X]
  2015-01-08 07:37 - 2015-01-08 07:39 - 00013322 _____ () C:\Users\darka_000\Desktop\FRST.txt
  2015-01-08 07:34 - 2014-11-20 12:42 - 00000000 ____D () C:\WINDOWS\AutoKMS
  AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
  AlternateDataStreams: C:\ProgramData\Temp:56E2E879
  Hosts:
  EmptyTemp:
  End
  

[darkane]

zde jest nový fixlog



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by darkane at 2015-01-08 15:38:23 Run:2
Running from C:\Users\darka_000\Desktop
Loaded Profile: darkane (Available profiles: UpdatusUser & darkane & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
CHR Extension: (okadibdjfemgnhjiembecghcbfknbfhg) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-08]
S2 MSLSService; C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe [X]
2015-01-08 07:37 - 2015-01-08 07:39 - 00013322 _____ () C:\Users\darka_000\Desktop\FRST.txt
2015-01-08 07:34 - 2014-11-20 12:42 - 00000000 ____D () C:\WINDOWS\AutoKMS
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg => Moved successfully.
MSLSService => Service deleted successfully.
C:\Users\darka_000\Desktop\FRST.txt => Moved successfully.
C:\WINDOWS\AutoKMS => Moved successfully.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 60.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:38:27 ====

[altrok]

Vyborne, ted je dle logu cisto.

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[darkane]

super, uklizeno a vše zatím co jsem stihl je OK
Mám jen malý dotázek. Používal jsem jen Windows Defenders. Mám přidat třeba avast, který jsem již také používal? A nějaký Spyware?
mockrát děkuji

[altrok]

Antiviry se nikdy nepridavaji (dva jsou horsi nez jeden), ale s vymenou avastu > Defender souhlasim. avast Vam i ve free verzi poskytne kompletni ochranu, takze zadny dalsi anti-spy produkt neni nutny. Jednou tydne PC procistete pomoci CCleaneru a jednou za mesic je mozne tam jen preventivne pustit MBAM (na konci instalace vyhodte zatrzitko u trial 30 denni ochrany v realnem case, kterou nepotrebujete - MBAM pouzijete jako jednorazovy skener). S pripadnymi nalezy se nas klidne obratte a poradime


Nemate zac, rad jsem pomohl


Mejte se a treba zase nekdy