VIRY.CZ

Zpomalení PC, repra začaly "bzučet", "policejní stránka", nejdou aktualizace ...

Ahoj

Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

Zdravím ... je to v přílohách

priloha

Ak nepouzivas, odporucam odinstalovat Seznam Software (Seznam Listicka).

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Scan (Skenovanie) a pockaj na dokoncenie
• Klikni na Clean (Cistenie) a potvrd kliknutim na OK
• AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
• Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

nemůžu najít Seznam Listicka

OK, nevadi, odstranime to manualne. Pokracuj AdwCleanerom.

# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 27 18:54:17 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\SysNative\drivers\swdumon.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: 0116tbUpdateInfo


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4046 B] - [2018/3/12 16:8:51]
C:/AdwCleaner/AdwCleaner[S0].txt - [4412 B] - [2018/3/12 16:6:30]
C:/AdwCleaner/AdwCleaner[S1].txt - [1273 B] - [2018/3/27 18:51:16]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Poprosim o nove logy z FRST (tlacitko Scan).

protokoly ze scanu

druhý

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  CMD: sc config "wuauserv" start= auto
  CMD: net stop "wuauserv"
  C:\Windows\SoftwareDistribution
  
  HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
  HKU\S-1-5-21-3906847832-624395647-125247106-1001\...\Policies\Explorer: [] 
  IFEO\averiepg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\avertv.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\cnmnsst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\draftsight.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\images2pdf.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\javaws.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\nkmc2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\pdfarchitect3installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
  HKU\S-1-5-21-3906847832-624395647-125247106-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
  S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
  Task: {0ACCA1DE-9805-49EE-B0F9-7B78F5D35061} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
  Task: {94F80313-B6D0-4591-A025-7E9AB29CDB2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
  Task: {EA8236DA-2AC0-47BE-BFEE-C9A5FCCD1722} - System32\Tasks\{3EE45164-5804-4ABD-9534-79C9F45755CF} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Uživatel\Desktop\DraftSight_HotFix_2017R3.exe -d C:\Users\Uživatel\Desktop
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
  HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
  C:\Program Files (x86)\Seznam.cz
  C:\Users\Uživatel\AppData\Roaming\Seznam.cz
  
  Hosts:
  EmptyTemp:
  End

• Klikni na Subor a potom na Ulozit
• Vpravo dole vyber kodovanie Unicode
• Subor uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Uživatel (27-03-2018 23:54:36) Run:2
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available Profiles: Uživatel & Veselsky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

CMD: sc config "wuauserv" start= auto
CMD: net stop "wuauserv"
C:\Windows\SoftwareDistribution

HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3906847832-624395647-125247106-1001\...\Policies\Explorer: []
IFEO\averiepg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\avertv.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cnmnsst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\draftsight.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\images2pdf.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javaws.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\nkmc2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdfarchitect3installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
HKU\S-1-5-21-3906847832-624395647-125247106-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
Task: {0ACCA1DE-9805-49EE-B0F9-7B78F5D35061} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {94F80313-B6D0-4591-A025-7E9AB29CDB2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA8236DA-2AC0-47BE-BFEE-C9A5FCCD1722} - System32\Tasks\{3EE45164-5804-4ABD-9534-79C9F45755CF} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Uživatel\Desktop\DraftSight_HotFix_2017R3.exe -d C:\Users\Uživatel\Desktop
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
C:\Program Files (x86)\Seznam.cz
C:\Users\Uživatel\AppData\Roaming\Seznam.cz

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= sc config "wuauserv" start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= net stop "wuauserv" =========

Zastavov nˇ slu§by Windows Update.
Slu§ba Windows Update byla ŁspŘçnŘ zastavena.


========= End of CMD: =========

C:\Windows\SoftwareDistribution => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully
"HKU\S-1-5-21-3906847832-624395647-125247106-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\averiepg.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avertv.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cnmnsst.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cnqmmain.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\draftsight.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iastorui.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\images2pdf.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javacpl.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javaw.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javaws.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nkmc2.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pdfarchitect3installer.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setup.exe" => removed successfully
"HKU\S-1-5-21-3906847832-624395647-125247106-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMProtection" => removed successfully
MBAMProtection => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ACCA1DE-9805-49EE-B0F9-7B78F5D35061}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACCA1DE-9805-49EE-B0F9-7B78F5D35061}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F80313-B6D0-4591-A025-7E9AB29CDB2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F80313-B6D0-4591-A025-7E9AB29CDB2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA8236DA-2AC0-47BE-BFEE-C9A5FCCD1722}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8236DA-2AC0-47BE-BFEE-C9A5FCCD1722}" => removed successfully
C:\WINDOWS\System32\Tasks\{3EE45164-5804-4ABD-9534-79C9F45755CF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3EE45164-5804-4ABD-9534-79C9F45755CF}" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\seznam-listicka-distribuce" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => not found
C:\Program Files (x86)\Seznam.cz => moved successfully
C:\Users\Uživatel\AppData\Roaming\Seznam.cz => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47504389 B
Java, Flash, Steam htmlcache => 2805 B
Windows/system/drivers => 17188452 B
Edge => 0 B
Chrome => 0 B
Firefox => 385072682 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 17954 B
NetworkService => 0 B
Uživatel => 102902260 B
Veselsky => 1769393 B

RecycleBin => 762760623 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:55:23 ====

Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy? Tie aktualizacie funguju? Ak nie, aky error to pise?

vypadá to, že PC se zrychlilo

Ještě vyzkouším aktualizaci WIN10 na 1709>>> to mi nešlo ... resp. malé aktualizace KB se instalovaly, velká na 1709 po restartu při aktualizaci se vracela na původní verzi ...