spomalenie NTB

[paulus33]

Zdravím páni. Poprosím o kontrolu logu môjho NTB. NTB sa po spustení OS chová úplne normálne, po chvíli akokeby sa "zahltil" a systém stratí plynulosť. Pohyby myškou sú trhané, prehrávač hudby seká reprodukciu hudby a podobne. Pôvodne som myslel, že to spôsobili piatkové aktualizácie MS, aspoň to tak vvyzeralo... Preto som použil možnosť obnovenia NTB do stavu z minulého týždňa, na chvíľu sa NTB choval normálne, ale potom sa situácia zopakovala. Ide o NTB ACER ASPIRE E17. V NTB mám jediný hacknutý program, všetko ostatné je legálne.
Vopred vďaka.

NEVIEM TU VLOŽIŤ ZÍSKANÝ LOG, VYSKAKUJE MI HLÁŠKA: Vaše zpráva obsahuje 519083 znaků. Maximální povolený počet znaků je 100000.

PRETO HO PRIKLADÁM AKO PRÍLOHU PRÍSPEVKU. V ĎALŠOM PRÍSPEVKU PRILOŽÍM TEN DRUHÝ SÚBOR...

[paulus33]

PRIKLADÁM DRUHÝ SÚBOR, ĎAKUJEM.

[Rudy]

Zdravím!
Spusťte nejprve tutu utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[paulus33]

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 19:21:44
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Pavol - PALI-ACER
# Running from : C:\Users\Pavol\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\dk88he9i.default\Extensions\Avg@toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 sk)

[dk88he9i.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [3896 bytes] - [16/03/2015 19:08:03]
AdwCleaner[R1].txt - [3955 bytes] - [16/03/2015 19:16:48]
AdwCleaner[S0].txt - [3858 bytes] - [16/03/2015 19:21:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3917 bytes] ##########

[Rudy]

Dejte nový log FRST.

[paulus33]

Opäť hláška:
Vaše zpráva obsahuje 517041 znaků. Maximální povolený počet znaků je 100000.

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2015-02-26] (Sun Microsystems, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-626006024-4099096605-4270097203-1001 -> {CEAB4B51-FD6C-476E-B105-BA9215352FE6} URL =
C:\Users\Pavol\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[paulus33]

nech sa páči:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Pavol at 2015-03-16 20:57:57 Run:1
Running from C:\Users\Pavol\Desktop
Loaded Profiles: Pavol (Available profiles: Pavol)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2015-02-26] (Sun Microsystems, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-626006024-4099096605-4270097203-1001 -> {CEAB4B51-FD6C-476E-B105-BA9215352FE6} URL =
C:\Users\Pavol\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-626006024-4099096605-4270097203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEAB4B51-FD6C-476E-B105-BA9215352FE6}" => Key deleted successfully.
HKCR\CLSID\{CEAB4B51-FD6C-476E-B105-BA9215352FE6} => Key not found.

"C:\Users\Pavol\AppData\Local\Temp" directory move:

Could not move "C:\Users\Pavol\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-16 21:00:47)<=

C:\Users\Pavol\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 21:00:47 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[paulus33]

skúsim a zajtra poreferujem... ono to po reštarte chvíľu trvá, kým sa to prejaví.
Ešte ma napadlo, kde som to mohol chytiť? Je to ani nie mesačný NTB. Na porno stránky nechodím, veci sťahujem z ulozto, stiahnito, fastshare cez predplatené účty a to je tak všetko...
Zatiaľ vrelá vďaka.

[Rudy]

Jsou to převážně AdWary (programy, které nejsou skutečnými viry, nicméně otravují a zatěžují systém). Anitivir je nechytá, není to vir. Nemáte zač!

[paulus33]

a čo odporúčate na boj s nimi? Prevenciu?

[Rudy]

Superantispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ . Jelikož žádná taková ochrana není 100%, také obezřetné chování na internetu.

[paulus33]

Vyzera, ze uz je to ok. Akurat som pri to cisteni prisiel o "Pokki Start Menu", ale aj tak som ho nepouzival...
Dakujem pekne za pomoc.

[Rudy]

Nemáte zač!