Pomalý počítač - (pro Rudyho)

Zpráva

josebor · #1 Příspěvek od **josebor** » 20 lis 2016 21:16

Dobrý den, začal se mi zpomalovat PC, nepřehrává video, aplikace se sekají a nefungují jak by měly. Provedl jsem kontrolu adwercleanerem bez úspěchu, provedl jsem obnovení a také bez úspěchu. Prosím tedy o radu jak postupovat dál. Děkuji.

#2 Příspěvek od **Rudy** » 20 lis 2016 21:25

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

josebor · #3 Příspěvek od **josebor** » 20 lis 2016 21:36

Vkládám Log, doufám, že ten správný:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Katka (administrator) on PC-HOME (20-11-2016 20:41:32)
Running from C:\Users\Josef\Downloads
Loaded Profiles: Katka (Available Profiles: Katka & Josef_2)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8465112 2015-09-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-12-18] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\...\MountPoints2: {daae22a3-4e13-11e5-8257-806e6f6e6963} - "H:\Start.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk [2016-10-11]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk [2016-10-11]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44EAFB1C-6875-461D-94CE-74DF844623A0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.cz/
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> {79DA758C-4DF8-4F97-B692-B367CAEC6955} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {79DA758C-4DF8-4F97-B692-B367CAEC6955} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3807577951-3362449284-1083311904-1001 -> DefaultScope {3411C9AE-7BB3-43FC-9DF8-AFB4CB1A0F5F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3807577951-3362449284-1083311904-1001 -> {3411C9AE-7BB3-43FC-9DF8-AFB4CB1A0F5F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3807577951-3362449284-1083311904-1001 -> {79DA758C-4DF8-4F97-B692-B367CAEC6955} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [112640 2014-07-31] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-24] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-09-20] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\windows\system32\drivers\amdacpksd.sys [280264 2016-03-26] (Advanced Micro Devices)
S0 amdkmafd; C:\windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-09-23] (Symantec Corporation)
R1 ccSet_NS; C:\windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-09-22] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVia64.sys [1012440 2016-09-23] (Symantec Corporation)
R3 SRTSP; C:\windows\system32\drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S0 SymELAM; C:\windows\System32\drivers\NSx64\1608000.032\SymELAM.sys [24192 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-11-20] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\windows\system32\drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 20:41 - 2016-11-20 20:41 - 00013153 _____ C:\Users\Josef\Downloads\FRST.txt
2016-11-20 20:41 - 2016-11-20 20:41 - 00000000 ____D C:\FRST
2016-11-20 20:40 - 2016-11-20 20:40 - 02412544 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2016-11-20 18:47 - 2016-11-20 18:47 - 00000000 ____D C:\windows\System32\Tasks\Norton Security
2016-11-20 18:44 - 2016-11-20 18:44 - 00100592 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-11-20 18:44 - 2016-11-20 18:44 - 00008319 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-11-20 18:44 - 2016-11-20 18:44 - 00002407 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-11-20 18:43 - 2016-11-20 18:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-11-20 18:43 - 2016-11-20 18:44 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-11-20 18:37 - 2016-11-20 18:58 - 00000000 ____D C:\windows\System32\Tasks\Norton Remove and Reinstall
2016-11-12 16:10 - 2016-11-12 16:10 - 07009280 _____ C:\Users\Josef\Downloads\PODZIM_13_a_h.pps
2016-11-09 15:25 - 2016-11-09 15:25 - 00000000 ____D C:\Users\Josef\Nová složka
2016-11-08 18:12 - 2016-11-08 18:12 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-11-07 16:44 - 2016-11-07 16:44 - 00946273 _____ C:\Users\Josef\Downloads\TH_20161001-20161031.pdf
2016-10-31 22:32 - 2016-10-31 22:37 - 442338076 _____ C:\Users\Josef\Downloads\zasilka-LEKKVVFI2NVKHW6Y.zip
2016-10-31 22:18 - 2016-10-31 22:29 - 879954884 _____ C:\Users\Josef\Downloads\zasilka-LEYIW4778BY5ZY63.zip
2016-10-30 20:57 - 2016-11-20 18:44 - 00003216 _____ C:\windows\System32\Tasks\Norton WSC Integration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 20:26 - 2016-04-06 16:01 - 00003162 _____ C:\windows\System32\Tasks\HPCeeScheduleForKatka
2016-11-20 20:26 - 2016-04-06 16:01 - 00000348 _____ C:\windows\Tasks\HPCeeScheduleForKatka.job
2016-11-20 19:05 - 2016-03-26 15:55 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-11-20 18:53 - 2015-08-31 04:41 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3807577951-3362449284-1083311904-1001
2016-11-20 18:47 - 2015-02-23 17:16 - 00723190 _____ C:\windows\system32\perfh005.dat
2016-11-20 18:47 - 2015-02-23 17:16 - 00166518 _____ C:\windows\system32\perfc005.dat
2016-11-20 18:47 - 2014-03-18 16:32 - 01745372 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-20 18:47 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-11-20 18:44 - 2016-10-11 10:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-11-20 18:44 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-11-20 18:43 - 2015-08-31 05:43 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-20 18:43 - 2015-08-31 05:38 - 00000000 ____D C:\ProgramData\Norton
2016-11-20 18:42 - 2015-02-23 08:30 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-11-20 18:42 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-20 18:42 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-11-20 18:27 - 2015-08-31 04:35 - 00000000 ____D C:\Users\Josef
2016-11-20 18:21 - 2016-10-11 10:14 - 00000000 ____D C:\windows\system32\Drivers\NSx64
2016-11-20 18:21 - 2016-03-26 14:49 - 00000000 ____D C:\Users\Josef_2
2016-11-20 18:21 - 2015-02-23 08:48 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard
2016-11-20 18:18 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-20 18:15 - 2015-08-31 17:47 - 00000000 ____D C:\Users\Josef\AppData\Roaming\Skype
2016-11-20 18:15 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration
2016-11-20 18:14 - 2016-05-14 17:40 - 00000000 ____D C:\AdwCleaner
2016-11-20 18:00 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-10-24 13:57 - 2016-03-28 14:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-24 13:57 - 2015-08-31 17:47 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-03-27 20:02 - 2016-03-27 20:02 - 0003584 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-01 14:43 - 2015-09-01 14:43 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Josef\AppData\Local\Temp\Extract.exe
C:\Users\Josef\AppData\Local\Temp\Foxit PhantomPDF Updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-13 17:27

==================== End of FRST.txt ============================

#4 Příspěvek od **Rudy** » 20 lis 2016 22:00

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\...\MountPoints2: {daae22a3-4e13-11e5-8257-806e6f6e6963} - "H:\Start.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Josef\AppData\Local\Temp
KLM\...\.scr: AutoCADScriptFile => C:\windows\NOTEPAD.EXE "%1" <===== ATTENTION

EmptyTemp:
End

Uložte do C:\Users\Josef\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

josebor · #5 Příspěvek od **josebor** » 20 lis 2016 22:17

Posílám log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Katka (20-11-2016 22:10:41) Run:1
Running from C:\Users\Josef\Downloads
Loaded Profiles: Katka (Available Profiles: Katka & Josef_2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\...\MountPoints2: {daae22a3-4e13-11e5-8257-806e6f6e6963} - "H:\Start.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Josef\AppData\Local\Temp
KLM\...\.scr: AutoCADScriptFile => C:\windows\NOTEPAD.EXE "%1" <===== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daae22a3-4e13-11e5-8257-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{daae22a3-4e13-11e5-8257-806e6f6e6963} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKU\S-1-5-21-3807577951-3362449284-1083311904-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Josef\AppData\Local\Temp => moved successfully
KLM\...\.scr: AutoCADScriptFile => C:\windows\NOTEPAD.EXE "%1" <===== ATTENTION => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52416662 B
Java, Flash, Steam htmlcache => 22308 B
Windows/system/drivers => 1429907 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 263757 B
NetworkService => 8948 B
Josef => 7298603 B
Josef_2 => 30480 B

RecycleBin => 386931696 B
EmptyTemp: => 443.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:10:47 ====

#6 Příspěvek od **Rudy** » 20 lis 2016 22:25

Smazáno. Nastala nějaká změna?

josebor · #7 Příspěvek od **josebor** » 21 lis 2016 17:03

Dobrý den, PC startuje o něco rychleji, ale některá videa na internetu nepřehrává, místo toho se objeví hláška "error loading media:file could not be played". Na vedlejším PC přehrává totéž video bez problému. V Libre Office jdou aplikace stále pomalu.
Teď projíždím internet, přepínání mezi okny vázne.

#8 Příspěvek od **Rudy** » 21 lis 2016 18:25

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

josebor · #9 Příspěvek od **josebor** » 21 lis 2016 20:53

Vkládám log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21. 11. 2016
Čas skenování: 20:44
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.21.14
Databáze rootkitů: v2016.11.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Katka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 323378
Uplynulý čas: 6 min, 0 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#10 Příspěvek od **Rudy** » 21 lis 2016 21:14

Toto je OK, malware problém nezpůsobuje. Zkuste defragmentovat disk.

josebor · #11 Příspěvek od **josebor** » 24 lis 2016 15:52

Dobrý den, omlouvám prodlevu, byl jsem zaneprázdněn. Problém na internetu s videi zůstává, při prohlídce průzkumníka jsem zjistil soubory typu "~look. jméno souboru. ods#", když je smažu, při příštím otevření souboru se objeví znovu. Defragmentaci provádím pravidelně a byla na hodnotě 2%.

#12 Příspěvek od **Rudy** » 24 lis 2016 17:30

Některý z těch souborů otestujte na www.virustotal.com .

josebor · #13 Příspěvek od **josebor** » 26 lis 2016 17:46

Dobrý den, žádné viry nebyly v souborech, takže jsem obnovil bitovou kopii systémového disk a zatím je vše v pořádku. Děkuji za ochotu a je možno uzamknout tento thread.

josebor · #14 Příspěvek od **josebor** » 26 lis 2016 18:02

Ještě dotaz prosím. Objevil jsem soubory s příponou "*.url.vir" . Nevíte k čemu slouží, lze je vymazat? Cesta je "C:\AdwCleaner\FileQuarantine\C\Users\Josef\Favorites\NP "

#15 Příspěvek od **Rudy** » 26 lis 2016 18:58

Ano, to je karanténa ADW. Adresář bude smazán s odinstalací ADW.

VIRY.CZ

Pomalý počítač - (pro Rudyho)

Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)

Re: Pomalý počítač - (pro Rudyho)