VIRY.CZ

Dobrý den,
mám dost často v poslední době v mém notebooku spuštěný větrák a procesor osciluje v zátěži 8 až 25 %, ač nic náročného v tu chvíli nedělám, možná to nebude problém, ale raději bych Vás poprosil o preventivní kontrolu. Přikládám oba logy v zipu.

Děkuji za pomoc.

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Scan (Skenovanie) a pockaj na dokoncenie
Klikni na Clean (Cistenie) a potvrd kliknutim na OK
AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

clean nikde nevidím ale koukam ze v logu asi nic není:

# AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 27 05:40:21 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 01-26-2018.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1812 B] - [2017/12/2 0:39:38]
C:/AdwCleaner/AdwCleaner[S0].txt - [1741 B] - [2017/12/2 0:33:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Scan sa po dokonceni zmeni na Clean, ale to uz zrejme prebehlo, kedze je tam aj log z cistenia.

Poprosim o novy log z FRST.

aha ... vůbec jsem si nevšimnul, přikládám log (v archivu, byl dlouhý)

Mas tam vela automaticky spustanych programov po starte, odporucam povypinat tie, ktore nepotrebujes, cez Spravcu uloh (Ctrl+Shift+Esc) -> karta Spustenie. Tieto programy su stale spustene v pozadi a mozu tak zatazovat PC ako pises.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\E43CD04FAA8B
File: C:\Program Files (x86)\a_c_by_3o5.exe
File: C:\Program Files (x86)\sc.exe

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]

SearchScopes: HKU\S-1-5-21-732140370-2414468103-320680840-1003 -> DefaultScope {F053DF97-ADA5-4795-964C-3C08B2F0479B} URL = 
SearchScopes: HKU\S-1-5-21-732140370-2414468103-320680840-1003 -> {2010AF6E-CC7D-46AE-87FD-B38C5099627F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]

CHR StartupUrls: ChromeDefaultData -> "chrome://history/","hxxp://www.2-remove-virus.com/cz/qtipr-com-odstranit/","hxxp://www.pc-threat.com/cz/jak-odstranit-qtipr-com/","hxxp://www.4-cybersecurity.com/cz/jak-odstranit-qtipr-com/","hxxp://pc-help.cnews.cz/viewtopic.php?t=176359","hxxp://www.mobilmania.cz/"

S3 dbx; system32\DRIVERS\dbx.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
S0 vsock; \SystemRoot\system32\DRIVERS\vsock.sys [X]

2018-01-24 23:32 - 2018-01-24 23:32 - 032260096 _____ C:\Users\Y\Downloads\Unconfirmed 592618.crdownload
2018-01-10 09:47 - 2018-01-10 09:47 - 000000040 ____H C:\E43CD04FAA8B
2017-09-19 21:20 - 2017-09-19 21:20 - 049648097 _____ () C:\Program Files (x86)\a_c_by_3o5.exe
2017-10-24 20:42 - 2017-10-24 20:42 - 000070656 _____ () C:\Program Files (x86)\sc.exe

CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

Task: {0C2CFFB2-DE37-4344-9097-2235ACE110D1} - \GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA -> No File <==== ATTENTION
Task: {18F32394-5420-4B37-8EA2-887E4B0D4C07} - \GoogleUpdateTaskMachineUA1d04227ec0368d4 -> No File <==== ATTENTION
Task: {2F7FD1C9-2948-4FAF-993C-835849365F0E} - \GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:19EBF0D8 [322]
AlternateDataStreams: C:\ProgramData\TEMP:296515B3 [352]
AlternateDataStreams: C:\ProgramData\TEMP:DC9AE426 [175]
AlternateDataStreams: C:\ProgramData\TEMP:EC14014D [201]

HKLM\...\.scr: ZWCAD.SCR.2017 =>  <==== ATTENTION

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Y (29-01-2018 20:16:30) Run:2
Running from C:\Users\Y\Desktop
Loaded Profiles: Y (Available Profiles: Y & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\E43CD04FAA8B
File: C:\Program Files (x86)\a_c_by_3o5.exe
File: C:\Program Files (x86)\sc.exe

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]

SearchScopes: HKU\S-1-5-21-732140370-2414468103-320680840-1003 -> DefaultScope {F053DF97-ADA5-4795-964C-3C08B2F0479B} URL =
SearchScopes: HKU\S-1-5-21-732140370-2414468103-320680840-1003 -> {2010AF6E-CC7D-46AE-87FD-B38C5099627F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]

CHR StartupUrls: ChromeDefaultData -> "chrome://history/","hxxp://www.2-remove-virus.com/cz/qtipr-com-ods ... lmania.cz/"

S3 dbx; system32\DRIVERS\dbx.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
S0 vsock; \SystemRoot\system32\DRIVERS\vsock.sys [X]

2018-01-24 23:32 - 2018-01-24 23:32 - 032260096 _____ C:\Users\Y\Downloads\Unconfirmed 592618.crdownload
2018-01-10 09:47 - 2018-01-10 09:47 - 000000040 ____H C:\E43CD04FAA8B
2017-09-19 21:20 - 2017-09-19 21:20 - 049648097 _____ () C:\Program Files (x86)\a_c_by_3o5.exe
2017-10-24 20:42 - 2017-10-24 20:42 - 000070656 _____ () C:\Program Files (x86)\sc.exe

CustomCLSID: HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Y\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Task: {0C2CFFB2-DE37-4344-9097-2235ACE110D1} - \GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA -> No File <==== ATTENTION
Task: {18F32394-5420-4B37-8EA2-887E4B0D4C07} - \GoogleUpdateTaskMachineUA1d04227ec0368d4 -> No File <==== ATTENTION
Task: {2F7FD1C9-2948-4FAF-993C-835849365F0E} - \GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:19EBF0D8 [322]
AlternateDataStreams: C:\ProgramData\TEMP:296515B3 [352]
AlternateDataStreams: C:\ProgramData\TEMP:DC9AE426 [175]
AlternateDataStreams: C:\ProgramData\TEMP:EC14014D [201]

HKLM\...\.scr: ZWCAD.SCR.2017 => <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\E43CD04FAA8B ========================

C:\E43CD04FAA8B => File

====== End of Folder: ======

========================= File: C:\Program Files (x86)\a_c_by_3o5.exe ========================

C:\Program Files (x86)\a_c_by_3o5.exe
File not signed
MD5: 1AAE2B60DD1D591532327D45450608CB
Creation and modification date: 2017-09-19 21:20 - 2017-09-19 21:20
Size: 049648097
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

========================= File: C:\Program Files (x86)\sc.exe ========================

C:\Program Files (x86)\sc.exe
File not signed
MD5: 4440A3CD49745297B2236E6FF4678E20
Creation and modification date: 2017-10-24 20:42 - 2017-10-24 20:42
Size: 000070656
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/fbfca38 ... 516005375/

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => removed successfully
"HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2010AF6E-CC7D-46AE-87FD-B38C5099627F}" => removed successfully
HKLM\Software\Classes\CLSID\{2010AF6E-CC7D-46AE-87FD-B38C5099627F} => key not found
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
dbx => service removed successfully
"HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removed successfully
nvvad_WaveExtensible => service removed successfully
"HKLM\System\CurrentControlSet\Services\nvvhci" => removed successfully
nvvhci => service removed successfully
"HKLM\System\CurrentControlSet\Services\vsock" => removed successfully
vsock => service removed successfully
C:\Users\Y\Downloads\Unconfirmed 592618.crdownload => moved successfully
C:\E43CD04FAA8B => moved successfully
C:\Program Files (x86)\a_c_by_3o5.exe => moved successfully
C:\Program Files (x86)\sc.exe => moved successfully
"HKU\S-1-5-21-732140370-2414468103-320680840-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C2CFFB2-DE37-4344-9097-2235ACE110D1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C2CFFB2-DE37-4344-9097-2235ACE110D1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18F32394-5420-4B37-8EA2-887E4B0D4C07}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18F32394-5420-4B37-8EA2-887E4B0D4C07}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d04227ec0368d4" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7FD1C9-2948-4FAF-993C-835849365F0E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7FD1C9-2948-4FAF-993C-835849365F0E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-732140370-2414468103-320680840-1003Core" => removed successfully
C:\ProgramData\TEMP => ":19EBF0D8" ADS removed successfully
C:\ProgramData\TEMP => ":296515B3" ADS removed successfully
C:\ProgramData\TEMP => ":DC9AE426" ADS removed successfully
C:\ProgramData\TEMP => ":EC14014D" ADS removed successfully
HKLM\Software\Classes\.scr\\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47801496 B
Java, Flash, Steam htmlcache => 49938991 B
Windows/system/drivers => 1523502251 B
Edge => 277447935 B
Chrome => 37695444 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 65602 B
NetworkService => 0 B
Y => 406284999 B
DefaultAppPool => 0 B

RecycleBin => 2886840 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:18:54 ====

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
File: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD
VirusTotal: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD
VirusTotal: C:\FRST\Quarantine\C\Program Files (x86)\a_c_by_3o5.exe.xBAD
CMD: dir "C:\Program Files (x86)"
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Pockaj na dokoncenie
Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Y (30-01-2018 10:41:51) Run:3
Running from C:\Users\Y\Desktop
Loaded Profiles: Y (Available Profiles: Y & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
File: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD
VirusTotal: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD
VirusTotal: C:\FRST\Quarantine\C\Program Files (x86)\a_c_by_3o5.exe.xBAD
CMD: dir "C:\Program Files (x86)"
End
*****************

========================= File: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD ========================

C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD
File not signed
MD5: 2839759333F664324E0DC45E8D811314
Creation and modification date: 2018-01-10 09:47 - 2018-01-10 09:47
Size: 000000040
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

VirusTotal: C:\FRST\Quarantine\C\E43CD04FAA8B.xBAD => https://www.virustotal.com/file/3725182 ... 517305311/
VirusTotal: C:\FRST\Quarantine\C\Program Files (x86)\a_c_by_3o5.exe.xBAD => (3) Error

========= dir "C:\Program Files (x86)" =========

Volume in drive C is Windows7_OS
Volume Serial Number is 2A5A-65CD

Directory of C:\Program Files (x86)

29.01.2018 20:17 <DIR> .
29.01.2018 20:17 <DIR> ..
06.09.2017 23:45 <DIR> 3Dconnexion
26.05.2016 23:07 <DIR> ABBYY FineReader 12
03.01.2018 17:16 <DIR> ABBYY FineReader 14
22.06.2015 07:34 <DIR> Actual Window Manager
10.01.2018 09:45 <DIR> Adobe
10.01.2018 11:20 <DIR> Aide PDF to DWG Converter
29.05.2017 23:12 <DIR> AlcorMicro
10.12.2015 14:36 <DIR> AlcorMicroData
23.03.2017 14:38 <DIR> Anti-Malware
03.02.2016 22:24 <DIR> AOMEI Backupper
27.06.2017 19:44 <DIR> Autodesk
22.08.2015 20:38 <DIR> AVerMedia
21.11.2015 12:43 <DIR> BIMobject
26.01.2018 15:14 <DIR> BIMTECH
23.12.2016 00:22 <DIR> BinarySense
18.08.2017 09:15 <DIR> BlueStacks
18.08.2017 21:06 <DIR> Bonjour
03.09.2017 05:30 <DIR> Boris FX, Inc
14.11.2017 08:32 <DIR> Cadimage Installer
31.05.2017 07:01 <DIR> ClientSetup
21.10.2015 00:48 <DIR> ClockworkMod
26.01.2018 02:34 <DIR> CodeMeter
22.01.2018 08:48 <DIR> Common Files
02.01.2018 14:17 <DIR> CS13Dock
09.12.2013 20:13 <DIR> CyberLink
25.08.2016 02:11 <DIR> DesignCAD 3D Max 2016 x64 Setup Files
27.11.2017 23:58 <DIR> DesignCAD 3D Max 2018 x64 Setup Files
05.06.2014 12:05 <DIR> DesignCAD 3D Max 23.0
23.09.2014 20:58 <DIR> DesignCAD 3D Max 24.0
30.07.2015 09:36 <DIR> DesignCAD 3D MAX 25 64-bit
07.11.2015 17:20 <DIR> Digiarty
24.01.2018 04:26 <DIR> Dropbox
30.08.2017 22:13 <DIR> EaseUS
24.01.2018 23:26 <DIR> Epic Games
29.03.2016 11:00 <DIR> FinalWire
17.04.2015 20:55 <DIR> Free Font Renamer
18.12.2014 14:38 <DIR> Futuremark
24.08.2017 07:15 <DIR> Google
08.09.2016 10:53 <DIR> GRAPHISOFT
03.11.2014 19:19 <DIR> gs
23.12.2016 00:16 <DIR> HD Tune Pro
01.10.2015 06:45 <DIR> IMSIDesign
09.12.2013 19:43 <DIR> Integrated Camera
16.01.2018 16:30 <DIR> Intel
05.01.2018 03:30 <DIR> Internet Explorer
06.04.2017 16:42 <DIR> Isoplotec
30.10.2017 07:59 <DIR> Java
03.02.2015 14:08 <DIR> KeePass Password Safe 2
16.07.2014 16:44 <DIR> KONICA MINOLTA
07.11.2016 14:20 <DIR> KROSplus
02.01.2018 13:53 <DIR> Lenovo
02.09.2015 11:00 <DIR> Lenovo Registration
06.09.2017 23:45 <DIR> Logitech
24.10.2017 07:44 <DIR> ManicTime
24.09.2017 10:53 <DIR> MetaGeek
22.01.2018 08:47 <DIR> Microsoft Office
14.06.2017 16:09 <DIR> Microsoft Silverlight
18.12.2017 22:04 <DIR> Microsoft.NET
12.04.2017 17:45 <DIR> MSBuild
13.02.2015 16:25 <DIR> MSXML 4.0
05.10.2017 14:01 <DIR> Nikon
24.10.2017 20:34 3˙916 node.xml
01.12.2015 10:41 <DIR> Nokia
26.12.2017 16:39 <DIR> NVIDIA Corporation
29.05.2017 23:55 <DIR> O2Micro
16.10.2015 15:46 <DIR> OBS
23.09.2014 08:20 <DIR> OpenOffice 4
26.01.2018 20:10 <DIR> Opera developer
08.06.2017 06:48 <DIR> Origin
01.12.2015 10:41 <DIR> PC Connectivity Solution
06.10.2015 00:36 <DIR> PDF Architect 2
01.03.2016 18:51 <DIR> PDF Architect 4
03.11.2014 19:21 <DIR> PlotSoft
07.06.2014 17:05 <DIR> PowerMenu
23.06.2017 00:26 <DIR> Proton Technologies
29.05.2017 23:12 <DIR> Realtek
12.04.2017 17:45 <DIR> Reference Assemblies
11.12.2014 15:29 <DIR> Rene.E Laboratory
28.06.2016 18:09 <DIR> Samsung
12.09.2015 23:19 <DIR> SecondLifeViewer
07.06.2014 19:48 <DIR> SIGMA
05.06.2014 12:36 <DIR> SketchUp
08.09.2017 07:14 <DIR> Skype
25.07.2016 09:49 <DIR> SmartSense
28.06.2014 17:53 <DIR> Splashtop
25.01.2018 00:10 <DIR> Steam
09.12.2013 20:14 <DIR> SugarSync
19.04.2017 16:39 <DIR> SunplusIT Integrated Camera
09.12.2013 20:17 <DIR> SymSilent
14.11.2016 10:12 <DIR> System Explorer
29.01.2018 21:10 <DIR> TC UP
26.01.2018 03:45 <DIR> TeamViewer
05.02.2017 12:30 <DIR> ThinkPad
21.06.2017 18:43 <DIR> TomTom HOME 2
09.11.2015 12:23 <DIR> TomTom International B.V
28.07.2014 20:07 <DIR> VideoLAN
05.10.2017 15:50 <DIR> VirtualTablet Server
18.08.2017 21:33 <DIR> VMware
26.12.2017 16:39 <DIR> VulkanRT
29.08.2017 21:35 <DIR> WarThunder
05.06.2014 12:46 <DIR> WIBU-SYSTEMS
05.06.2014 12:46 <DIR> WIBUKEY
12.07.2017 01:15 <DIR> Windows Defender
12.09.2017 20:12 <DIR> Windows Mail
13.12.2017 13:38 <DIR> Windows Media Player
18.03.2017 22:03 <DIR> Windows Multimedia Platform
14.11.2017 00:58 <DIR> Windows NT
15.11.2017 21:37 <DIR> Windows Photo Viewer
18.03.2017 22:03 <DIR> Windows Portable Devices
19.12.2014 02:23 <DIR> Windows Repair File Association
18.03.2017 22:03 <DIR> WindowsPowerShell
06.05.2017 22:13 <DIR> WinSCP
05.06.2014 10:32 <DIR> X-Rite
1 File(s) 3˙916 bytes
114 Dir(s) 32˙959˙037˙440 bytes free

========= End of CMD: =========

==== End of Fixlog 10:42:28 ====

Urob sken vsetkych diskov v PC cez MBAM podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=29&t=144868

Dopredu nic neodstranuj (obcas ma falosne detekcie), zatial iba vloz vysledny log.

.. mam jen jeden disk takze jsme dal hned skenovat:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/30/18
Scan Time: 3:40 PM
Log File: 8558add2-05cb-11e8-ad57-5c514f9252d8.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3822
License: Trial

-System Information-
OS: Windows 10 (Build 15063.877)
CPU: x64
File System: NTFS
User: Y-THINK\Y

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424669
Threats Detected: 22
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.UCBrowser, HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\UCBrowser, No Action By User, [1284], [403633],1.0.3822
PUP.Optional.UCBrowser, HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\UCBrowserPID, No Action By User, [1284], [403634],1.0.3822
PUP.Optional.UCBrowser, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\UCBrowser, No Action By User, [1284], [403633],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\UCBrowser, No Action By User, [1284], [463314],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\UCBrowser, No Action By User, [1284], [407411],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\UCBrowserPID, No Action By User, [1284], [407412],1.0.3822
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BD4F9AE-84BE-493E-A6B3-6946956464A9}, No Action By User, [253], [182770],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\UCBrowser, No Action By User, [1284], [463314],1.0.3822

Registry Value: 6
PUP.Optional.Kuaizip, HKU\S-1-5-21-732140370-2414468103-320680840-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.bin\OPENWITHPROGIDS|KUAIZIPMOUNT.BIN, No Action By User, [1091], [392706],1.0.3822
PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC SPEEDUP SERVICE DEACTIVATOR.JOB, No Action By User, [1020], [484530],1.0.3822
PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC SPEEDUP SERVICE DEACTIVATOR.JOB.FP, No Action By User, [1020], [484530],1.0.3822
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BD4F9AE-84BE-493E-A6B3-6946956464A9}|PATH, No Action By User, [253], [182770],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|UCBROWSER, No Action By User, [1284], [463315],1.0.3822
PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|UCBROWSER, No Action By User, [1284], [463315],1.0.3822

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{F0847AE0-465A-4D7B-A555-AABB43B550F0}, No Action By User, [498], [398586],1.0.3822
Adware.OnlineIO, C:\WINDOWS\INSTALLER\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, No Action By User, [8025], [414815],1.0.3822

File: 6
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{F0847AE0-465A-4D7B-A555-AABB43B550F0}, No Action By User, [498], [398594],1.0.3822
Adware.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, No Action By User, [8025], [414818],1.0.3822
PUP.Optional.OnlineIO, C:\Windows\Installer\{F0847AE0-465A-4D7B-A555-AABB43B550F0}\online.exe, No Action By User, [498], [398586],1.0.3822
PUP.Optional.OnlineIO, C:\Windows\Installer\{F0847AE0-465A-4D7B-A555-AABB43B550F0}\SystemFoldermsiexec.exe, No Action By User, [498], [398586],1.0.3822
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\online.exe, No Action By User, [8025], [414815],1.0.3822
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\SystemFoldermsiexec.exe, No Action By User, [8025], [414815],1.0.3822

Physical Sector: 0
(No malicious items detected)

(end)

Vsetky najdene polozky nechaj zmazat.

Su este nejake problemy s PC?

Udělal jsme znovu sken a dal do karantény. Ale zdá se mi že se to možná i o trochu zhoršilo .. ale možná nejsem úplně objektivní. Každopádně měsíc zpět jsem určitě tyto problémy neřešil, teď po startu mi to v system exploreru jde do vyšší zátěže i myš se mi na chvíli zpomalila - rozfázovala). Restartoval jsem preventivně tak 3x. Posílám v archivu náhled na system explorer. Napadl mě ještě ten problem s procesory intelu, co se teď řeší (ale nevím jestli ho mám vůbec nainstalovaný), párkrát jsem měl v poslední době modrou obrazovku (což dříve také nebylo), ale zase změna oproti původnímu stavu byla v tom že od nového roku mám nově dock na notebook a zapojené 2 monitory (2x 1600*1200 + nb 2880*1440). Tak nevím jestli toto také nemá vliv.

přikládám slíbenou přílohu

Urob v MBAM uplny sken systemoveho disku

Otvor MBAM a vlavo klikni na "Skenovat"
Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
Vlavo oznac moznost "Vyhladavat rootkity" a vpravo oznac vsetky disky v PC
Pockaj na dokoncenie
Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
Obsah tohto suboru sem skopiruj

VIRY.CZ

procesor je v zátěži ač by dle mě neměl být

procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být

Re: procesor je v zátěži ač by dle mě neměl být