VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=155972

Stránka 1 z 2

kontrola logu

Napsal: 23 kvě 2019 18:13
od Trejsi91
Dobrý den,
známý mi nechal notebook, abych mu ho odvirovala.
Počítač byl neskutečně zasekaný, nebylo skoro možné na něm nic udělat.
Použila jsem Adwcleaner a 220 virů odstranila. Počítač se chová trochu lépe, ale stále se seká.

Prosím o kontrolu logu.

Děkuji za pomoc

Re: kontrola logu

Napsal: 23 kvě 2019 18:53
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: kontrola logu

Napsal: 23 kvě 2019 19:51
od Trejsi91
psala, že toto už proběhlo. posílám tedy nynější i předchozí

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-23-2019
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [25537 octets] - [23/05/2019 18:19:04]
AdwCleaner[C00].txt - [21754 octets] - [23/05/2019 18:22:19]
AdwCleaner[S01].txt - [1374 octets] - [23/05/2019 20:38:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########







# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-25.2 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-23-2019
# Duration: 00:01:29
# OS: Windows 10 Home
# Cleaned: 220
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Partner
Deleted C:\Users\Guest\AppData\LocalLow\AskToolbar
Deleted C:\ProgramData\AskPartnerNetwork
Deleted C:\Program Files (x86)\AskPartnerNetwork
Deleted C:\Users\Guest\AppData\Local\AskPartnerNetwork
Deleted C:\Users\Standa\AppData\Local\AskPartnerNetwork
Deleted C:\ProgramData\IBUpdaterService
Deleted C:\Program Files (x86)\Inbox Toolbar
Deleted C:\Program Files (x86)\VNT
Deleted C:\Users\Guest\AppData\Local\VNT
Deleted C:\Users\Standa\AppData\Local\VNT
Deleted C:\Users\Standa\AppData\Roaming\SpeedAnalysis3
Deleted C:\Program Files (x86)\Speed Analysis 3
Deleted C:\Users\Standa\AppData\Roaming\7go
Deleted C:\Program Files (x86)\7Go Games
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Deleted C:\Program Files (x86)\SiteRanker
Deleted C:\Users\Guest\AppData\LocalLow\SiteRanker
Deleted C:\Users\saras\AppData\LocalLow\SiteRanker
Deleted C:\Users\Standa\AppData\LocalLow\SiteRanker
Deleted C:\Program Files (x86)\PC Performer
Deleted C:\Users\saras\AppData\Roaming\Performersoft
Deleted C:\Users\Standa\AppData\Roaming\Performersoft
Deleted C:\ProgramData\apn
Deleted C:\Users\Standa\AppData\Local\apn

***** [ Files ] *****

Deleted C:\Users\Standa\AppData\Roaming\speedanalysis.ico
Deleted C:\Windows\System32\roboot64.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\PC Performer_DEFAULT.job
Deleted C:\Windows\System32\Tasks\PC Performer_DEFAULT
Deleted C:\Windows\Tasks\PC Performer_UPDATES.job
Deleted C:\Windows\System32\Tasks\PC Performer_UPDATES
Deleted C:\Windows\System32\Tasks\PC Performer

***** [ Registry ] *****

Deleted HKU\S-1-5-18\Software\24x7HELP
Deleted HKU\.DEFAULT\Software\24x7HELP
Deleted HKU\S-1-5-18\Software\AskPartnerNetwork
Deleted HKCU\Software\AskPartnerNetwork
Deleted HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted HKLM\Software\Wow6432Node\AskPartnerNetwork
Deleted HKLM\Software\AskPartnerNetwork
Deleted HKCU\Software\PERFORMERSOFT
Deleted HKLM\Software\Wow6432Node\PERFORMERSOFT
Deleted HKCU\Software\filescout
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SiteRanker
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|SiteRanker
Deleted HKU\S-1-5-18\Software\VNT
Deleted HKCU\Software\VNT
Deleted HKU\.DEFAULT\Software\VNT
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2206289839-3769606496-711628206-1000\Software\Speed Analysis 3
Deleted HKCU\Software\SiteRanker
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost64.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\ScriptHost.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Deleted HKLM\Software\Wow6432Node\Classes\AppID\ButtonSite.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Deleted HKLM\Software\Wow6432Node\Classes\AppID\AddonsFramework.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Deleted HKLM\Software\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Deleted HKLM\Software\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Deleted HKLM\Software\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Deleted HKLM\Software\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Deleted HKLM\Software\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Deleted HKLM\Software\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Deleted HKLM\Software\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{D88E0FD9-31EB-48EF-BC89-35EBCE0E813C}
Deleted HKLM\Software\Classes\TypeLib\{D88E0FD9-31EB-48EF-BC89-35EBCE0E813C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Deleted HKLM\Software\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Deleted HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Deleted HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Deleted HKLM\Software\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Deleted HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Deleted HKLM\Software\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{ACE0D5AB-50C8-4052-BD02-977569E56291}
Deleted HKLM\Software\Classes\CLSID\{ACE0D5AB-50C8-4052-BD02-977569E56291}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Deleted HKLM\Software\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Deleted HKLM\Software\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Deleted HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A09B0156-EFCE-46B4-9118-BC270EA654C1}
Deleted HKLM\Software\Classes\TypeLib\{A09B0156-EFCE-46B4-9118-BC270EA654C1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Deleted HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Deleted HKLM\Software\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Deleted HKLM\Software\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Deleted HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Deleted HKLM\Software\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Deleted HKLM\Software\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{58B849FB-ECBE-4F1B-BEE0-2DC418CF68F7}
Deleted HKLM\Software\Classes\CLSID\{58B849FB-ECBE-4F1B-BEE0-2DC418CF68F7}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Deleted HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Deleted HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Deleted HKLM\Software\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Deleted HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Deleted HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Deleted HKLM\Software\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Deleted HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{24F3378A-5B52-491F-AD90-88D583C42C77}
Deleted HKLM\Software\Classes\CLSID\{24F3378A-5B52-491F-AD90-88D583C42C77}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Deleted HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Deleted HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{15998F3C-BBA9-476D-8FC2-09BE9E3B8751}
Deleted HKLM\Software\Classes\TypeLib\{15998F3C-BBA9-476D-8FC2-09BE9E3B8751}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Deleted HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{0771C34F-730F-4535-AD4C-37B74D27188E}
Deleted HKLM\Software\Classes\TypeLib\{0771C34F-730F-4535-AD4C-37B74D27188E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Deleted HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Deleted HKLM\Software\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKCU\Software\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BC32944D-F31E-46B0-B4D6-375B7395F1DA}
Deleted HKLM\Software\Classes\Prod.cap
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73D8D75D-121A-4169-9ACC-75F1B0B28336}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73D8D75D-121A-4169-9ACC-75F1B0B28336}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F268C4C8-1404-49B3-85B1-920E06146ADC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F268C4C8-1404-49B3-85B1-920E06146ADC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A636BD21-7D51-4CBB-9ADD-7F50AE431453}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer

***** [ Chromium (and derivatives) ] *****

Deleted gjajpkikblccgefaibcafkfbanllpefi
Deleted nkjddnjnldjjnbjahcinkhkchijbjcmn
Deleted mbmpjbkgemhgalmeiigcdljkccfcafoj

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [25537 octets] - [23/05/2019 18:19:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: kontrola logu

Napsal: 23 kvě 2019 20:06
od Rudy
OK. Dejte nové logy FRST+Addition.

Re: kontrola logu

Napsal: 23 kvě 2019 20:16
od Trejsi91
posílám v příloze

Re: kontrola logu

Napsal: 23 kvě 2019 21:06
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\Program Files\Bonjour
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Oracle America, Inc. -> Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2206289839-3769606496-711628206-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {16BE7DCD-E484-48E3-A589-F362D435110D} - System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {1DB2A3AE-C3D1-48E8-96C5-714109DE553C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {21B779EB-B1C1-4F84-97FB-2EDA7EAF78D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {29A89918-1BEE-42E0-BB86-04D209792208} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {29C086B1-2303-47A3-A41E-FE037D585F40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {2BEF8533-4977-4D91-97F5-24D7627FBCB1} - System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826} => C:\windows\system32\pcalua.exe -a C:\Users\Standa\Downloads\IN1CHP36WW5.exe -d C:\Users\Standa\Download
Task: {469FAC2D-85C0-4DF5-B767-EA5EFA3998AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {4FDB25C3-4769-4993-8918-E5FE6BEA9655} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {532CEB31-7037-48CF-8D4E-4F054C14192F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {55890D9A-0ADF-4C57-87C5-E4C965939250} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5C9F0ACF-4AC4-41CE-81BC-5ED53D711A31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {73F3A9A7-639C-4965-92BE-2A5B9124172A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {823A6B4B-7F7C-4EB1-8CAD-7755AA4BEF30} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8AC7ACB6-E108-413E-AC86-F37DCA80FCFA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9B2D6FA2-4074-45B5-84C0-3F9B956944EE} - System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E} => C:\windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {A48C3BBC-6AC0-473B-9AB3-8F1E26C6E162} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {D05BB781-0332-412E-B4AA-3815BE859124} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5C1A365-47A3-4062-9517-DB76E6801D7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E7F97ADD-6348-4525-9E8B-69614718E3B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EEAE6C68-D156-49F1-A266-0A22D75E409A} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {F0318D16-D766-4880-863A-7F3492B3BDDE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FADDF71C-588F-4574-B107-8ED7184C8F17} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB07D9F2-B63A-4F1E-A2B1-6745941B73B3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {41545534-2D56-3743-00A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {41545534-2D56-3743-00A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2206289839-3769606496-711628206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?tpid=ATU4-V7C&o= ... earchTerms}
CHR HKLM\...\Chrome\Extension: [nkjddnjnldjjnbjahcinkhkchijbjcmn] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7C\CRX\ToolbarCR.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901}
C:\WINDOWS\System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E}
C:\WINDOWS\System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826}
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: kontrola logu

Napsal: 24 kvě 2019 14:20
od Trejsi91
Po restartu se začali v levé dolní obrazovce objevovat oznámení z google chrome. Myslím, že to může být důvod sekání.


Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Standa (24-05-2019 14:56:03) Run:1
Running from C:\Users\Standa\Desktop
Loaded Profiles: Standa (Available Profiles: Standa & saras & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Program Files\Bonjour
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Oracle America, Inc. -> Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2206289839-3769606496-711628206-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {16BE7DCD-E484-48E3-A589-F362D435110D} - System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {1DB2A3AE-C3D1-48E8-96C5-714109DE553C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {21B779EB-B1C1-4F84-97FB-2EDA7EAF78D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {29A89918-1BEE-42E0-BB86-04D209792208} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {29C086B1-2303-47A3-A41E-FE037D585F40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {2BEF8533-4977-4D91-97F5-24D7627FBCB1} - System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826} => C:\windows\system32\pcalua.exe -a C:\Users\Standa\Downloads\IN1CHP36WW5.exe -d C:\Users\Standa\Download
Task: {469FAC2D-85C0-4DF5-B767-EA5EFA3998AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {4FDB25C3-4769-4993-8918-E5FE6BEA9655} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {532CEB31-7037-48CF-8D4E-4F054C14192F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {55890D9A-0ADF-4C57-87C5-E4C965939250} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5C9F0ACF-4AC4-41CE-81BC-5ED53D711A31} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {73F3A9A7-639C-4965-92BE-2A5B9124172A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {823A6B4B-7F7C-4EB1-8CAD-7755AA4BEF30} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8AC7ACB6-E108-413E-AC86-F37DCA80FCFA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9B2D6FA2-4074-45B5-84C0-3F9B956944EE} - System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E} => C:\windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {A48C3BBC-6AC0-473B-9AB3-8F1E26C6E162} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc -> Google Inc.)
Task: {D05BB781-0332-412E-B4AA-3815BE859124} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5C1A365-47A3-4062-9517-DB76E6801D7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E7F97ADD-6348-4525-9E8B-69614718E3B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EEAE6C68-D156-49F1-A266-0A22D75E409A} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {F0318D16-D766-4880-863A-7F3492B3BDDE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FADDF71C-588F-4574-B107-8ED7184C8F17} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB07D9F2-B63A-4F1E-A2B1-6745941B73B3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {41545534-2D56-3743-00A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {41545534-2D56-3743-00A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2206289839-3769606496-711628206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?tpid=ATU4 ... =&crxv=&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [nkjddnjnldjjnbjahcinkhkchijbjcmn] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7C\CRX\ToolbarCR.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901}
C:\WINDOWS\System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E}
C:\WINDOWS\System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826}
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\Software\Classes\CLSID\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKU\S-1-5-21-2206289839-3769606496-711628206-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16BE7DCD-E484-48E3-A589-F362D435110D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16BE7DCD-E484-48E3-A589-F362D435110D}" => removed successfully
C:\WINDOWS\System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB2A3AE-C3D1-48E8-96C5-714109DE553C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB2A3AE-C3D1-48E8-96C5-714109DE553C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21B779EB-B1C1-4F84-97FB-2EDA7EAF78D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B779EB-B1C1-4F84-97FB-2EDA7EAF78D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29A89918-1BEE-42E0-BB86-04D209792208}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29A89918-1BEE-42E0-BB86-04D209792208}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29C086B1-2303-47A3-A41E-FE037D585F40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29C086B1-2303-47A3-A41E-FE037D585F40}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BEF8533-4977-4D91-97F5-24D7627FBCB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEF8533-4977-4D91-97F5-24D7627FBCB1}" => removed successfully
C:\WINDOWS\System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{469FAC2D-85C0-4DF5-B767-EA5EFA3998AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469FAC2D-85C0-4DF5-B767-EA5EFA3998AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FDB25C3-4769-4993-8918-E5FE6BEA9655}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FDB25C3-4769-4993-8918-E5FE6BEA9655}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{532CEB31-7037-48CF-8D4E-4F054C14192F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{532CEB31-7037-48CF-8D4E-4F054C14192F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55890D9A-0ADF-4C57-87C5-E4C965939250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55890D9A-0ADF-4C57-87C5-E4C965939250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C9F0ACF-4AC4-41CE-81BC-5ED53D711A31}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9F0ACF-4AC4-41CE-81BC-5ED53D711A31}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73F3A9A7-639C-4965-92BE-2A5B9124172A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F3A9A7-639C-4965-92BE-2A5B9124172A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{823A6B4B-7F7C-4EB1-8CAD-7755AA4BEF30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{823A6B4B-7F7C-4EB1-8CAD-7755AA4BEF30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AC7ACB6-E108-413E-AC86-F37DCA80FCFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AC7ACB6-E108-413E-AC86-F37DCA80FCFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B2D6FA2-4074-45B5-84C0-3F9B956944EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B2D6FA2-4074-45B5-84C0-3F9B956944EE}" => removed successfully
C:\WINDOWS\System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A48C3BBC-6AC0-473B-9AB3-8F1E26C6E162}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48C3BBC-6AC0-473B-9AB3-8F1E26C6E162}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D05BB781-0332-412E-B4AA-3815BE859124}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D05BB781-0332-412E-B4AA-3815BE859124}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5C1A365-47A3-4062-9517-DB76E6801D7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5C1A365-47A3-4062-9517-DB76E6801D7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7F97ADD-6348-4525-9E8B-69614718E3B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7F97ADD-6348-4525-9E8B-69614718E3B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEAE6C68-D156-49F1-A266-0A22D75E409A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEAE6C68-D156-49F1-A266-0A22D75E409A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0318D16-D766-4880-863A-7F3492B3BDDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0318D16-D766-4880-863A-7F3492B3BDDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FADDF71C-588F-4574-B107-8ED7184C8F17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FADDF71C-588F-4574-B107-8ED7184C8F17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB07D9F2-B63A-4F1E-A2B1-6745941B73B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB07D9F2-B63A-4F1E-A2B1-6745941B73B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41545534-2D56-3743-00A7-7A786E7484D7}" => removed successfully
HKLM\Software\Classes\CLSID\{41545534-2D56-3743-00A7-7A786E7484D7} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41545534-2D56-3743-00A7-7A786E7484D7}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{41545534-2D56-3743-00A7-7A786E7484D7} => not found
"HKU\S-1-5-21-2206289839-3769606496-711628206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"Chrome DefaultSearchURL" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nkjddnjnldjjnbjahcinkhkchijbjcmn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"C:\WINDOWS\System32\Tasks\{CE7B2CA1-CA9A-4BD8-B3C2-152D8C82C901}" => not found
"C:\WINDOWS\System32\Tasks\{63BE2D33-7254-4549-B4ED-AA96DF7FFB0E}" => not found
"C:\WINDOWS\System32\Tasks\{989DF8B8-8E6B-4C6F-BAC7-16816A4C8826}" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 155240427 B
Java, Flash, Steam htmlcache => 1345 B
Windows/system/drivers => 167900 B
Edge => 2877989 B
Chrome => 425310172 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 35660 B
LocalService => 0 B
NetworkService => 80908 B
NetworkService => 0 B
Standa => 92027638 B
saras => 30217081 B
Guest => 598115 B
DefaultAppPool => 6656 B

RecycleBin => 7392910 B
EmptyTemp: => 690.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:58:33 ====

Re: kontrola logu

Napsal: 24 kvě 2019 14:28
od Rudy
Smazáno. Nastala nějaká změna?

Re: kontrola logu

Napsal: 24 kvě 2019 14:31
od Trejsi91
Po restartu se začali v levé dolní obrazovce objevovat oznámení z google chrome. Myslím, že to může být důvod sekání.

Re: kontrola logu

Napsal: 24 kvě 2019 15:58
od Rudy
OK, vyčistíme prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: kontrola logu

Napsal: 26 kvě 2019 07:08
od Trejsi91
Bud č. 1 se mi nepovedl.
3h tam byl bod "ask for reboot" a jelikož bylo ve startu v nabídce pouze aktualizovat a restartovat, myslela jsem že z důvodu aktualizace to nejde. Restartovala jsem to tedy ručně a od té doby po spuštění se zobrazuje toto okno.
Výstřižek.PNG
Výstřižek.PNG (3.93 KiB) Zobrazeno 1760 x
Nevím zda je log někde na C uložen?
A zda pokračovat v bodu 2 nebo ten první nějak opakovat?

Re: kontrola logu

Napsal: 26 kvě 2019 10:07
od Rudy
Zkuste ty utility spustit v nouz. režimu.

Re: kontrola logu

Napsal: 26 kvě 2019 11:37
od Trejsi91
== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Users\saras\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\saras\AppData\Local\AVAST Software\APM\sarasFfl2.dat" not found
"C:\Users\saras\AppData\Local\AVAST Software\APM\saras\kv_pam.db" not found
"C:\Users\Standa\AppData\Local\AVAST Software\APM\Standa\kv_pam.db" not found
"C:\Users\saras\AppData\Local\AVAST Software" not found
"C:\Users\Standa\AppData\Local\AVAST Software" not found
"C:\Users\Standa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge" deleted
"C:\Users\Standa\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp" not found

==== EOF on ne 26.05.2019 at 12:13:51,46 ======================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Standa (Administrator) on ne 26.05.2019 at 12:21:40,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\Standa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjajpkikblccgefaibcafkfbanllpefi (Folder)
Successfully deleted: C:\Users\Standa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mbmpjbkgemhgalmeiigcdljkccfcafoj (Folder)
Successfully deleted: C:\WINDOWS\s.bat (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BAEBED8-A3DE-45FF-8B2F-5622535AB215} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 26.05.2019 at 12:28:13,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: kontrola logu

Napsal: 26 kvě 2019 13:32
od Rudy
OK. Změnilo se něco nyní?

Re: kontrola logu

Napsal: 26 kvě 2019 14:05
od Trejsi91
reklamy se již nezobrazují. Chvíli po startu běžel disk na 100 % (ve správci úloh), ale koukám že po nějaké době to kleslo.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz