Stránka 1 z 1

Pomalejší PC po návštěvě maminky:)

Napsal: 07 srp 2020 21:02
od Cimricek
Dobrý den,
jako první vám chci poděkovat za provoz fóra. Pomohli jste mně, a mojím známím zadarmo, mezitím co v opravárnách si účtují tisíce.
Dneska můj počítač využila moje maminka. Po převzetí mi oznámila o tom, že antivir byl šílenej a všiml jsem si pomalejšího výkonu.
Obávám se možných virů.
maminkaLogy.zip
(53.22 KiB) Staženo 70 x

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 08 srp 2020 04:00
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 08 srp 2020 09:17
od Cimricek
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-08-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\Users\Filip\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1905 octets] - [08/08/2020 10:14:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 08 srp 2020 19:01
od Conder
Poprosim o obidva nove logy z FRST.

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 09 srp 2020 14:30
od Cimricek
druheMaminkaLogy.zip
(52.75 KiB) Staženo 74 x

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 10 srp 2020 03:06
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
    ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
    ExportKey: HKLM\SOFTWARE\Policies\Google
    
    C:\ProgramData\KMSAuto
    SearchScopes: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180411__yaie&p={searchTerms}
    Toolbar: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2016-07-17] (MDL Forum, mod by Ratiborus) [File not signed]
    2020-08-09 15:19 - 2020-08-09 15:19 - 002296320 _____ (Farbar) C:\Users\Filip\Downloads\FRST64.exe.part
    2020-08-09 15:19 - 2020-08-09 15:19 - 000000000 _____ C:\Users\Filip\Downloads\FRST64.exe
    2020-08-08 10:50 - 2020-08-08 10:50 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
    AlternateDataStreams: C:\Users\Filip\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    AlternateDataStreams: C:\Users\Filip\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
    AlternateDataStreams: C:\Users\Filip\Data aplikací:b2471a6db8deb9681d22d6d26ae65e4b [394]
    AlternateDataStreams: C:\Users\Filip\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    AlternateDataStreams: C:\Users\Filip\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
    AlternateDataStreams: C:\Users\Filip\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394]
    AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [227]
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 14 srp 2020 07:58
od Cimricek
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by Filip (14-08-2020 08:55:37) Run:1
Running from C:\Users\Filip\Desktop
Loaded Profiles: Filip & OVRLibraryService &
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
ExportKey: HKLM\SOFTWARE\Policies\Google

C:\ProgramData\KMSAuto
SearchScopes: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180411__yaie&p={searchTerms}
Toolbar: HKU\S-1-5-21-3660142046-34373978-1671556906-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2016-07-17] (MDL Forum, mod by Ratiborus) [File not signed]
2020-08-09 15:19 - 2020-08-09 15:19 - 002296320 _____ (Farbar) C:\Users\Filip\Downloads\FRST64.exe.part
2020-08-09 15:19 - 2020-08-09 15:19 - 000000000 _____ C:\Users\Filip\Downloads\FRST64.exe
2020-08-08 10:50 - 2020-08-08 10:50 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Filip\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Filip\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Filip\Data aplikací:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Filip\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [227]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 175
Average :
Sum : 130663815
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe ========================

C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
File not signed
MD5: F0738E835E93D6735ADC9F90EFD0D78F
Creation and modification date: 2015-07-15 16:28 - 2015-07-15 16:28
Size: 000394752
Attributes: ----A
Company Name: Apple Inc.
Internal Name: mDNSResponder.exe
Original Name: mDNSResponder.exe
Product: Bonjour
Description: Bonjour Service
File Version: 3,0,0,10
Product Version: 3,0,0,10
Copyright: Copyright (C) 2003-2011 Apple Inc.
VirusTotal: https://www.virustotal.com/gui/file/095 ... 1592134626

====== End of File: ======

================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Mozilla\Firefox]
[HKLM\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"="1"

=== End of ExportKey ===
================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Google]
[HKLM\SOFTWARE\Policies\Google\Chrome]

=== End of ExportKey ===
C:\ProgramData\KMSAuto => moved successfully
HKU\S-1-5-21-3660142046-34373978-1671556906-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
"HKU\S-1-5-21-3660142046-34373978-1671556906-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\System\CurrentControlSet\Services\KMSEmulator => removed successfully
KMSEmulator => service removed successfully
C:\Users\Filip\Downloads\FRST64.exe.part => moved successfully
C:\Users\Filip\Downloads\FRST64.exe => moved successfully
C:\WINDOWS\system32\setup4.2.6.tmp => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\Users\Filip\Data aplikací => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\Filip\Data aplikací => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\Filip\Data aplikací => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS removed successfully
"C:\Users\Filip\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\Filip\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
"C:\Users\Filip\AppData\Roaming" => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS not found.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57277410 B
Java, Flash, Steam htmlcache => 735713356 B
Windows/system/drivers => 20394202 B
Edge => 25600 B
Chrome => 232972 B
Firefox => 1105881490 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 7168 B
systemprofile32 => 7168 B
LocalService => 29020 B
NetworkService => 29020 B
Filip => 80706485 B
OVRLibraryService => 80706485 B
MSSQL$SQLEXPRESS => 80706485 B

RecycleBin => 24070150 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:56:30 ====

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 15 srp 2020 23:54
od Conder
Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 17 srp 2020 09:41
od Cimricek
Mnohem rychlejší, díky moc !

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 17 srp 2020 22:02
od Conder
:arrow: Tak este upraceme po pouzitych nastrojoch:

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 19 srp 2020 18:27
od Polda18
Done. Uhm, pardon, špatný příspěvek :D :D

Kód: Vybrat vše

# DelFix v1.013 - Logfile created 19/08/2020 at 19:27:15
# Updated 17/04/2016 by Xplode
# Username : Marek Poláček - LAPTOP-I1NEAE7P
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Marek Poláček\Desktop\Addition.txt
Deleted : C:\Users\Marek Poláček\Desktop\adwcleaner_8.0.7.exe
Deleted : C:\Users\Marek Poláček\Desktop\FRST.txt
Deleted : C:\Users\Marek Poláček\Desktop\FRST64.exe

########## - EOF - ##########

Re: Pomalejší PC po návštěvě maminky:)

Napsal: 21 srp 2020 23:29
od Conder
Toto je OK :)