pomaly NTB

[jerabina]

Poprosím tě ještě o zbytek logů

[becza4]

omlouvam se, davam to sem, tak jak to postupne ziskavam

[becza4]

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Michaela on st 26.10.2016 at 22:04:50,07.
Microsoft Windows 10 Pro 10.0.14393 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michaela\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26.10.2016 22:09:11 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Cisco deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\PROGRA~2\Comms deleted successfully
C:\PROGRA~2\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\LocalLow deleted successfully
C:\Users\Michaela\AppData\Local\ActiveSync deleted successfully
C:\Users\Michaela\AppData\Local\GHISLER deleted successfully
C:\Users\Michaela\AppData\Local\NetworkTiles deleted successfully
C:\Users\Michaela\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Michaela\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\ATI Technologies not found
C:\Program Files\Cisco not found
C:\install.exe deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
"C:\Program Files\Windows Defender Advanced Threat Protection" deleted
"C:\Program Files\Windows Defender Advanced Threat Protection" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26.11.2015 16:50]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[24.05.2015 14:55]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24.05.2015 14:55]

Avast SafePrice - Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
https //www.google.es/search?q=jak+spr%C3%A1v - Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffhnloflmgaafeoclfkpnofndhljfj
Chrome Media Router - Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_productos.trovit.es_0.localstorage deleted successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_productos.trovit.es_0.localstorage-journal deleted successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF155bc65d.TMP will be reset at reboot
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\Michaela\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michaela\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12 folders=4 4621589 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Michaela\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF155bc65d.TMP" not found

==== EOF on st 26.10.2016 at 22:50:49,59 ======================

[becza4]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 0:43:32, on 27.10.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conhost.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\Michaela\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Michaela\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\Users\Michaela\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michaela\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1F99DA9489658ECAC906598B4C24B0BE] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Michaela\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Michaela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3902269504-2046281314-1892862652-1003\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-3902269504-2046281314-1892862652-1003\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NeroMediaHomeUser.4')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @oem6.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\WINDOWS\system32\BtwRSupportService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @oem13.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7188 bytes

[becza4]

tak pc se zda bejt rychlejsi, jen mi zmizeli ikony z plochy .... to ovsem mohl bejt nejakej zasah od my 4lety dcerky. Ta si mi k tomu sedla nekdy mezi skenovanim... Clovek by neveril kolik maji okna klavesovych zkratek ...

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Michaela\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Michaela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[becza4]

Tak jsem se konecne zase dostal k domacim PCs a pri scanu Sophosem jsem uprostred scanu dostal BSOD s hlaskou DPC Watchdog violation a PC se zrestartovalo .... ted jedu SOphos znovu, jak budu mit vysledky a log Delfixu tak napisu ..

[becza4]

# DelFix v1.013 - Logfile created 09/11/2016 at 18:44:02
# Updated 17/04/2016 by Xplode
# Username : Michaela - MICHAELA-PC
# Operating System : Windows 10 Pro (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Michaela\Desktop\AdwCleaner.exe
Deleted : C:\Users\Michaela\Desktop\JRT.exe
Deleted : C:\Users\Michaela\Desktop\JRT.txt
Deleted : C:\Users\Michaela\Desktop\RogueKiller.lnk
Deleted : C:\Users\Michaela\Desktop\zoek.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Michaela\Downloads\hijackthis old.log
Deleted : C:\Users\Michaela\Downloads\HijackThis.exe
Deleted : C:\Users\Michaela\Downloads\hijackthis.log
Deleted : C:\Users\Michaela\Downloads\RogueKiller (1).exe
Deleted : C:\Users\Michaela\Downloads\RogueKiller.exe
Deleted : C:\Users\Michaela\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #5 [JRT Pre-Junkware Removal | 10/24/2016 18:19:37]
Deleted : RP #7 [Installed Sophos Virus Removal Tool. | 10/26/2016 20:59:45]
Deleted : RP #8 [Windows Update | 11/09/2016 13:39:35]

New restore point created !

########## - EOF - ##########

[becza4]

Tak NTB vypada o dost sviznejsi ...