VIRY.CZ

Dobrý den

Chtěl bych Vás požádat o kontrolu logu. NTB dlouho startuje a disk je vytížený na 100% a nekdy i CPU. Za pomoc Předem Děkuji.

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-22-2021
# Duration: 00:00:40
# OS: Windows 10 Home
# Cleaned: 29
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE0B53B9-DBAD-4A4D-A90A-4415752AE45F}
Deleted Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Task C:\Windows\System32\Tasks\MIRAGEAGENT
Deleted Preinstalled.LenovoEasyCamera Folder C:\Program Files (x86)\USB CAMERA
Deleted Preinstalled.LenovoEasyCamera Folder C:\Program Files (x86)\VIMICRO\LENOVO EASYCAMERA
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|331BigDog
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|331BigDog
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}
Deleted Preinstalled.LenovoEnergyManagement Folder C:\Program Files (x86)\LENOVO\ENERGY MANAGEMENT
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Energy Management
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|EnergyUtility
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Energy Management
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|EnergyUtility
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D0956C11-0F60-43FE-99AD-524E833471BB}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GShortCut
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoYouCam File C:\Users\Public\Desktop\Lenovo YouCam.lnk
Deleted Preinstalled.LenovoYouCam Folder C:\Program Files (x86)\LENOVO\YOUCAM
Deleted Preinstalled.LenovoYouCam Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\YOUCAM
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|YouCam Mirage
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|YouCam Tray
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|YouCam Mirage
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|YouCam Tray


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5037 octets] - [22/04/2021 09:54:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Dejte nové logy FRST+Addition.

Nové logy

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin HKU\S-1-5-21-765697036-1757503579-3624756556-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKU\S-1-5-21-765697036-1757503579-3624756556-1002 -> DefaultScope {3B2DE77A-EA8D-4CC5-B169-01A96C417F24} URL =
SearchScopes: HKU\S-1-5-21-765697036-1757503579-3624756556-1002 -> {3B2DE77A-EA8D-4CC5-B169-01A96C417F24} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKU\S-1-5-21-765697036-1757503579-3624756556-1001\Control Panel\Desktop\\Wallpaper ->
FirewallRules: [{57F1927B-3767-4230-BC3A-F364AF7757F8}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe => No File
FirewallRules: [{E552F22C-1152-4507-8220-7092BAA45F9F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Květa (22-04-2021 17:25:31) Run:1
Running from C:\Users\Květa\Desktop
Loaded Profiles: UpdatusUser & Květa
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin HKU\S-1-5-21-765697036-1757503579-3624756556-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKU\S-1-5-21-765697036-1757503579-3624756556-1002 -> DefaultScope {3B2DE77A-EA8D-4CC5-B169-01A96C417F24} URL =
SearchScopes: HKU\S-1-5-21-765697036-1757503579-3624756556-1002 -> {3B2DE77A-EA8D-4CC5-B169-01A96C417F24} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKU\S-1-5-21-765697036-1757503579-3624756556-1001\Control Panel\Desktop\\Wallpaper ->
FirewallRules: [{57F1927B-3767-4230-BC3A-F364AF7757F8}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe => No File
FirewallRules: [{E552F22C-1152-4507-8220-7092BAA45F9F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-765697036-1757503579-3624756556-1002\Software\MozillaPlugins\intel.com/AppUp => removed successfully
"C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll" => not found
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => removed successfully
HKLM\Software\Classes\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => removed successfully
HKLM\Software\Classes\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => removed successfully
HKLM\Software\Classes\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => removed successfully
HKLM\Software\Classes\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SugarSync => removed successfully
HKLM\Software\Classes\CLSID\{305BC11B-5175-492B-B569-866547FCDA40} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\S-1-5-21-765697036-1757503579-3624756556-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-765697036-1757503579-3624756556-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B2DE77A-EA8D-4CC5-B169-01A96C417F24} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-765697036-1757503579-3624756556-1001\Control Panel\Desktop\\Wallpaper -> => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57F1927B-3767-4230-BC3A-F364AF7757F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E552F22C-1152-4507-8220-7092BAA45F9F}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12750596 B
Java, Flash, Steam htmlcache => 638 B
Windows/system/drivers => 267003611 B
Edge => 0 B
Chrome => 684852 B
Firefox => 65611433 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 50572 B
NetworkService => 50572 B
UpdatusUser => 50572 B
Květa => 41018291 B

RecycleBin => 2496198 B
EmptyTemp: => 377.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:26:01 ====

Smazáno. Nastala nějaká změna?

Ano, NTB je o poznání rychlejší ale i tak je pořád hodně pomalý a HDD je stále na 100%

Podívejte se do správce úloh a zjistěte, která aplikace, či proces toto zatížení způsobuje.

Ve správci bohužel všechny procesy vypadají že jsou Ok.

Ale když si člověk počká cca 10 min tak to spadne do rozumných mezí. O tom jsem si před tím mohl nechat tak zdát.

Vidím, že žádný proces nevybočuje z normélu. Na ztkoušku vypněte antivir a aut aktualizace systému, restartujte a zjistěte, zda se něco změnilo.

Malý vliv má vypnutí aut. aktualizací ale nic zásadního.

Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Program ZOEK jsem musel bohužel několikrát přerušit, protože se vždy zasekl u kontroly doplňků u firefoxu. Nakonec jsem přišel na to, že je nainstalovaná stará nefunkční 64 bit verze v adresaři pro 32 btitové programy - program files (x86) (nevím proč, kdy a jak) a navíc nejde odebrat (odinstalovat). Po mnoha pokusech se mi jí podařilo odebrat pomocí staré 32 bitové verze, která tuhle přeinstalovala... Proto bude log ze ZOEK v několika fragmenech. Každopádně po celé procedůře začaly w10 nybíhat zase o trochu rychleji, ale po startu (při přihlášení) zase naběhne HDD na 100%