Stránka 1 z 1
spomalenie NTB
Napsal: 16 bře 2015 18:09
od paulus33
Zdravím páni. Poprosím o kontrolu logu môjho NTB. NTB sa po spustení OS chová úplne normálne, po chvíli akokeby sa "zahltil" a systém stratí plynulosť. Pohyby myškou sú trhané, prehrávač hudby seká reprodukciu hudby a podobne. Pôvodne som myslel, že to spôsobili piatkové aktualizácie MS, aspoň to tak vvyzeralo... Preto som použil možnosť obnovenia NTB do stavu z minulého týždňa, na chvíľu sa NTB choval normálne, ale potom sa situácia zopakovala. Ide o NTB ACER ASPIRE E17. V NTB mám jediný hacknutý program, všetko ostatné je legálne.
Vopred vďaka.
NEVIEM TU VLOŽIŤ ZÍSKANÝ LOG, VYSKAKUJE MI HLÁŠKA: Vaše zpráva obsahuje 519083 znaků. Maximální povolený počet znaků je 100000.
PRETO HO PRIKLADÁM AKO PRÍLOHU PRÍSPEVKU. V ĎALŠOM PRÍSPEVKU PRILOŽÍM TEN DRUHÝ SÚBOR...
Re: spomalenie NTB
Napsal: 16 bře 2015 18:10
od paulus33
PRIKLADÁM DRUHÝ SÚBOR, ĎAKUJEM.
Re: spomalenie NTB
Napsal: 16 bře 2015 18:16
od Rudy
Zdravím!
Spusťte nejprve tutu utilitu:
Re: spomalenie NTB
Napsal: 16 bře 2015 19:27
od paulus33
# AdwCleaner v4.112 - Logfile created 16/03/2015 at 19:21:44
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Pavol - PALI-ACER
# Running from : C:\Users\Pavol\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : vToolbarUpdater18.3.0
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\dk88he9i.default\Extensions\Avg@toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.1 (x86 sk)
[dk88he9i.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [3896 bytes] - [16/03/2015 19:08:03]
AdwCleaner[R1].txt - [3955 bytes] - [16/03/2015 19:16:48]
AdwCleaner[S0].txt - [3858 bytes] - [16/03/2015 19:21:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3917 bytes] ##########
Re: spomalenie NTB
Napsal: 16 bře 2015 20:18
od Rudy
Dejte nový log FRST.
Re: spomalenie NTB
Napsal: 16 bře 2015 20:38
od paulus33
Opäť hláška:
Vaše zpráva obsahuje 517041 znaků. Maximální povolený počet znaků je 100000.
Re: spomalenie NTB
Napsal: 16 bře 2015 20:53
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2015-02-26] (Sun Microsystems, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-626006024-4099096605-4270097203-1001 -> {CEAB4B51-FD6C-476E-B105-BA9215352FE6} URL =
C:\Users\Pavol\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: spomalenie NTB
Napsal: 16 bře 2015 21:01
od paulus33
nech sa páči:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Pavol at 2015-03-16 20:57:57 Run:1
Running from C:\Users\Pavol\Desktop
Loaded Profiles: Pavol (Available profiles: Pavol)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2015-02-26] (Sun Microsystems, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-626006024-4099096605-4270097203-1001 -> {CEAB4B51-FD6C-476E-B105-BA9215352FE6} URL =
C:\Users\Pavol\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-626006024-4099096605-4270097203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEAB4B51-FD6C-476E-B105-BA9215352FE6}" => Key deleted successfully.
HKCR\CLSID\{CEAB4B51-FD6C-476E-B105-BA9215352FE6} => Key not found.
"C:\Users\Pavol\AppData\Local\Temp" directory move:
Could not move "C:\Users\Pavol\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-16 21:00:47)<=
C:\Users\Pavol\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 21:00:47 ====
Re: spomalenie NTB
Napsal: 16 bře 2015 21:54
od Rudy
Smazáno. Nastala nějaká změna?
Re: spomalenie NTB
Napsal: 16 bře 2015 22:51
od paulus33
skúsim a zajtra poreferujem... ono to po reštarte chvíľu trvá, kým sa to prejaví.
Ešte ma napadlo, kde som to mohol chytiť? Je to ani nie mesačný NTB. Na porno stránky nechodím, veci sťahujem z ulozto, stiahnito, fastshare cez predplatené účty a to je tak všetko...
Zatiaľ vrelá vďaka.
Re: spomalenie NTB
Napsal: 17 bře 2015 18:52
od Rudy
Jsou to převážně AdWary (programy, které nejsou skutečnými viry, nicméně otravují a zatěžují systém). Anitivir je nechytá, není to vir. Nemáte zač!
Re: spomalenie NTB
Napsal: 17 bře 2015 20:47
od paulus33
a čo odporúčate na boj s nimi? Prevenciu?
Re: spomalenie NTB
Napsal: 17 bře 2015 21:42
od Rudy
Superantispyware:
http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ . Jelikož žádná taková ochrana není 100%, také obezřetné chování na internetu.
Re: spomalenie NTB
Napsal: 21 bře 2015 09:02
od paulus33
Vyzera, ze uz je to ok. Akurat som pri to cisteni prisiel o "Pokki Start Menu", ale aj tak som ho nepouzival...
Dakujem pekne za pomoc.
Re: spomalenie NTB
Napsal: 21 bře 2015 11:09
od Rudy
Nemáte zač!