Stránka 1 z 2

Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 13:12
od ALI3N
Dobrý den, Na PC se střídá více lidí už se mi stalo že mi byly ukradeny přihlašovací údaje od emailu a dalších služeb. Přítelkyni nedávno něco vymazalo všechno včetně windows z notebooku a teď řádí na PC (přítelkyně). Prosím o preventivní kontrolu logů z FRST. Děkuji.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by ALIEN (administrator) on DRAK (19-12-2018 12:30:38)
Running from C:\Users\ALIEN\Desktop
Loaded Profiles: ALIEN (Available Profiles: ALIEN)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/












Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by ALIEN (19-12-2018 12:30:55)
Running from C:\Users\ALIEN\Desktop
Windows 8.1 (Update) (X64) (2015-03-24 06:07:31)
Boot Mode: Normal
==========================================================

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 13:16
od Diallix
Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 13:22
od ALI3N
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-17.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-19-2018
# Duration: 00:00:01
# OS: Windows 8.1
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1246 octets] - [19/12/2018 13:19:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 13:44
od Diallix
Vy pouzivate cracknuty office ??

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 13:51
od ALI3N
Originální. Mám zakoupené instalační DVD protože mám rád něco v ruce.

Re: Asi bude lepší přeinstalovat windows a nainstalovat vše znovu. nemám ponětí co se na PC děje bez mého vědomí.

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:03
od Diallix
Odinstalujte: Seznam Software

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Windows\AutoKMS.exe
2018-12-19 12:18 - 2015-06-06 11:40 - 000002738 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2018-12-19 12:18 - 2015-06-06 11:40 - 000000220 _____ C:\Windows\Tasks\AutoKMSDaily.job
2018-12-19 12:18 - 2015-06-06 11:40 - 000000210 _____ C:\Windows\Tasks\AutoKMS.job
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
2016-05-18 18:15 - 2016-05-18 18:15 - 000000000 _____ () C:\Users\ALIEN\AppData\Local\{BB7F8BC6-6DA9-401C-BA3B-0293392C1252}
Task: {DAD3EEB5-5D51-4933-BF46-59E3D89CB2C9} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [2015-06-06] ()
Task: {EB85D0E9-3ED0-4D9C-924A-163EE76009AF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2015-06-06] ()
HKU\S-1-5-21-2405869686-638844756-348609102-1001\...\Run: [GalaxyClient] => [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19010671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48989147.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58852180.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19010671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48989147.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58852180.sys => ""="Driver"
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:14
od ALI3N
Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by ALIEN (19-12-2018 14:12:41) Run:1
Running from C:\Users\ALIEN\Desktop
Loaded Profiles: ALIEN (Available Profiles: ALIEN)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

C:\Windows\AutoKMS.exe
2018-12-19 12:18 - 2015-06-06 11:40 - 000002738 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2018-12-19 12:18 - 2015-06-06 11:40 - 000000220 _____ C:\Windows\Tasks\AutoKMSDaily.job
2018-12-19 12:18 - 2015-06-06 11:40 - 000000210 _____ C:\Windows\Tasks\AutoKMS.job
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
ContextMenuHandlers6: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
2016-05-18 18:15 - 2016-05-18 18:15 - 000000000 _____ () C:\Users\ALIEN\AppData\Local\{BB7F8BC6-6DA9-401C-BA3B-0293392C1252}
Task: {DAD3EEB5-5D51-4933-BF46-59E3D89CB2C9} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [2015-06-06] ()
Task: {EB85D0E9-3ED0-4D9C-924A-163EE76009AF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2015-06-06] ()
HKU\S-1-5-21-2405869686-638844756-348609102-1001\...\Run: [GalaxyClient] => [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19010671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48989147.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58852180.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19010671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48989147.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58852180.sys => ""="Driver"
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
*****************

Processes closed successfully.
C:\Windows\AutoKMS.exe => moved successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\RecuvaShellExt => removed successfully
HKLM\Software\Classes\CLSID\[CC]{435E5DF5-2510-463C-B223-BDA47006D002} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\[CC]{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RecuvaShellExt => removed successfully
HKLM\Software\Classes\CLSID\[CC]{435E5DF5-2510-463C-B223-BDA47006D002} => not found
C:\Users\ALIEN\AppData\Local\{BB7F8BC6-6DA9-401C-BA3B-0293392C1252} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAD3EEB5-5D51-4933-BF46-59E3D89CB2C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAD3EEB5-5D51-4933-BF46-59E3D89CB2C9}" => removed successfully
"C:\Windows\System32\Tasks\AutoKMSDaily" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB85D0E9-3ED0-4D9C-924A-163EE76009AF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB85D0E9-3ED0-4D9C-924A-163EE76009AF}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKU\S-1-5-21-2405869686-638844756-348609102-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\19010671.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\48989147.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\58852180.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\19010671.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\48989147.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\58852180.sys => removed successfully
"C:\Windows\Tasks\AutoKMS.job" => not found
"C:\Windows\Tasks\AutoKMSDaily.job" => not found


The system needed a reboot.

==== End of Fixlog 14:12:46 ====

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:16
od Diallix
PoprosiM o nove logy z FRST + Addition.log

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:20
od ALI3N
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by ALIEN (administrator) on DRAK (19-12-2018 14:19:09)
Running from C:\Users\ALIEN\Desktop
Loaded Profiles: ALIEN (Available Profiles: ALIEN)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/





Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by ALIEN (19-12-2018 14:19:28)
Running from C:\Users\ALIEN\Desktop
Windows 8.1 (Update) (X64) (2015-03-24 06:07:31)
Boot Mode: Normal
==========================================================

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:28
od Diallix
Manualne zmazte:
C:\Program Files (x86)\Seznam.cz
C:\Users\ALIEN\AppData\Roaming\Seznam.cz


Ako je na tom pocitac?

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:41
od ALI3N
nemohu ani pomocí vyhledávání najít C:\Users\ALIEN\AppData\Roaming\Seznam.cz

Počítač je znatelně rychlejší.

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:44
od Diallix
Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

2018-12-19 14:10 - 2017-05-16 16:48 - 000000000 ____D C:\Users\ALIEN\AppData\Roaming\Seznam.cz
2018-12-19 14:10 - 2017-05-16 16:48 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:47
od ALI3N
Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by ALIEN (19-12-2018 14:46:56) Run:2
Running from C:\Users\ALIEN\Desktop
Loaded Profiles: ALIEN (Available Profiles: ALIEN)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2018-12-19 14:10 - 2017-05-16 16:48 - 000000000 ____D C:\Users\ALIEN\AppData\Roaming\Seznam.cz
2018-12-19 14:10 - 2017-05-16 16:48 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
*****************

C:\Users\ALIEN\AppData\Roaming\Seznam.cz => moved successfully
"C:\Program Files (x86)\Seznam.cz" => not found

==== End of Fixlog 14:46:56 ====

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:50
od Diallix
Povedal by som, ze je to ok :]]

Re: Prosím o preventivní kontrolu. Děkuji

Napsal: 19 pro 2018 14:51
od ALI3N
Velice děkuji.