preventivni kontrola

[jakob kovařík]

zdravim!
dlouho jsem tu nebyl (cerven 2018, tusim), pocitac pomaly, internet tez, nefunguji mi .de domeny, aplikace line. mozna je to vykonnosti meho stroje, mozna mi toho bezi moc na pozadi, mozna mnoho otevrenych list v prohlizeci, nevim .)
prosim o zevrubnou kontrolu, mozna tam toho bude vic. diky predem!

logy v priloze.

[Kodlz]

Ahoj
Uloz na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukonci vsechny programy
odsouhlas licencni podmiky (EULA) klikem na Souhlasim
klikni pravym na ikonu AdwCleaneru a vyber Spustit jako spravce
klikni na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah mi tu zkopiruj

[jakob kovařík]

dekuju za odpoved!

tady log
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-10-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-17-2019
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Users\PC\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1679 octets] - [08/06/2018 11:09:09]
AdwCleaner[C00].txt - [1769 octets] - [08/06/2018 11:09:39]
AdwCleaner_Debug.log - [10305 octets] - [17/10/2019 10:26:17]
AdwCleaner[S01].txt - [1873 octets] - [17/10/2019 10:27:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Kodlz]

tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:
CloseProcesses:
Hosts:
EmptyTemp:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {008ED675-F3DD-4389-9573-F7E41D978581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
Task: {221BC94E-D98A-4DAC-89B9-37ECB2308C8A} - System32\Tasks\{3F381D31-2080-4EC2-AA4C-0E3ED23C1B07} => C:\Users\PC\AppData\Local\Temp\is-B1CCU.tmp\XRD Manager.exe <==== ATTENTION
Task: {D936B08B-45B4-434D-8870-5E5AC0F14938} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FE44750D-176D-463F-90D3-5184EA59B301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
Shortcut: C:\Users\PC\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

end

[jakob kovařík]

zde log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by PC (17-10-2019 11:00:00) Run:2
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Hosts:
EmptyTemp:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {008ED675-F3DD-4389-9573-F7E41D978581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
Task: {221BC94E-D98A-4DAC-89B9-37ECB2308C8A} - System32\Tasks\{3F381D31-2080-4EC2-AA4C-0E3ED23C1B07} => C:\Users\PC\AppData\Local\Temp\is-B1CCU.tmp\XRD Manager.exe <==== ATTENTION
Task: {D936B08B-45B4-434D-8870-5E5AC0F14938} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FE44750D-176D-463F-90D3-5184EA59B301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
Shortcut: C:\Users\PC\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{008ED675-F3DD-4389-9573-F7E41D978581}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{008ED675-F3DD-4389-9573-F7E41D978581}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{221BC94E-D98A-4DAC-89B9-37ECB2308C8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{221BC94E-D98A-4DAC-89B9-37ECB2308C8A}" => removed successfully
C:\WINDOWS\System32\Tasks\{3F381D31-2080-4EC2-AA4C-0E3ED23C1B07} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F381D31-2080-4EC2-AA4C-0E3ED23C1B07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D936B08B-45B4-434D-8870-5E5AC0F14938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D936B08B-45B4-434D-8870-5E5AC0F14938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE44750D-176D-463F-90D3-5184EA59B301}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE44750D-176D-463F-90D3-5184EA59B301}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
C:\Users\PC\Favorites\NCH Software Download Site.lnk => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8590013 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 12434882 B
Edge => 0 B
Chrome => 28672 B
Firefox => 0 B
Opera => 166480588 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4668 B
NetworkService => 4668 B
PC => 8063588 B

RecycleBin => 7381712 B
EmptyTemp: => 203.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-10-2019 11:03:50)

C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.

==== End of Fixlog 11:03:50 ====

[Kodlz]

nasledne tento tool MBAM: http://forum.viry.cz/viewtopic.php?f=29&t=144868
-Nainstaluj,Vyber "Vlastní sken" a klikni na "Konfigurovat sken"
V okně "Konfigurace vlastního skenu" vyber všechny pevné disky a zatrhni možnost u "Hledat rootkity"
Kliknutím na Skenovat nyní začne MBAM pracovat.

-Log zkopíruj sem.

[jakob kovařík]

zdravim, sken byl dlouhy, tak se k tomu dostavam az nyni.
zde log:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 18.10.19
Čas skenování: 6:54
Logovací soubor: 6da45594-f163-11e9-908f-001fd0967481.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.12957
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 18362.418)
CPU: x64
Systém souborů: NTFS
Uživatel: PC-PC\PC

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 830842
Zjištěné hrozby: 9
Hrozby umístěné do karantény: 0
Uplynulý čas: 11 hod, 4 min, 9 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 9
PUP.Optional.ExtInstaller, C:\FRST\QUARANTINE\C\USERS\PC\APPDATA\LOCAL\TEMP\TEMP\TEMP\WORLD-SUPER-EXT.EXE, Žádná uživatelská akce, [6092], [336505],1.0.12957
Adware.HPDefender, C:\FRST\QUARANTINE\C\USERS\PC\APPDATA\LOCAL\TEMP\TEMP\TEMP\BILEHUVHNTA.RU_WORLD.EXE, Žádná uživatelská akce, [1012], [336640],1.0.12957
Adware.HPDefender, C:\FRST\QUARANTINE\C\USERS\PC\APPDATA\LOCAL\TEMP\TEMP\TEMP\BILEHUVHNTO.RU_WORLD.EXE, Žádná uživatelská akce, [1012], [335929],1.0.12957
Generic.Malware/Suspicious, C:\USERS\PC\DESKTOP\FRSTLAUNCHER.EXE, Žádná uživatelská akce, [0], [392686],1.0.12957
Generic.Malware/Suspicious, C:\USERS\PC\DESKTOP\ZOEK.EXE, Žádná uživatelská akce, [0], [392686],1.0.12957
PUP.Optional.Conduit, F:\SOFT\_ANTIVIRY, SPYWARE, FIREWALL\ZAFWSETUPWEB_110_000_038.EXE, Žádná uživatelská akce, [202], [737704],1.0.12957
PUP.Optional.Seznam, F:\SOFT\_KANCELářSKé PROGRAMY\FOXITPDFEDITOR220.0205_ENU_SETUP.EXE, Žádná uživatelská akce, [636], [623984],1.0.12957
PUP.Optional.AuslogicsDiskDefrag, F:\SOFT\_OPRAVOVACí SOFTWARE\DISK-DEFRAG-SETUP.EXE, Žádná uživatelská akce, [901], [353217],1.0.12957
PUP.Optional.Seznam, F:\SOFT\______SKENER\VUEX6495.EXE, Žádná uživatelská akce, [636], [623984],1.0.12957

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Kodlz]

muzes pustit jeste jednou a nechat odstranit.

[jakob kovařík]

hotovo

[Kodlz]

nastala nejaka zmena?
poprosim te o novy vypis z FRST pro kontrolu.

[jakob kovařík]

tady je log.
zadna zaznamenatelna zmena nenastala.
jak jsem psal na zacatku, je mozne, ze mam proste stary stroj.
graficke programy, hodne otevrenych oken v prohlizeci, hodne programu na pozadi (slack, messenger...). taky nejistota, jestli aktualni kombinace AV+FW+antitrack je vhodna.
ale nevim, jestli to resit tady, nebo v diskuzi se softem.

[jakob kovařík]

... tak dnes rano mi nejede internet, resp jede jen po chvillach a spatne a zonealarm mi hlasi, ze "xyz is trying to act as a server" (opera, x-rite). windows mi hlasi, ze zonealarm firewall je vypnuty. kdyz ho zapnu, zase se vypne.
tohle jsem jeste nezaznamenal

[jakob kovařík]

delal to mbam, ktery mi na pozadi spustil preventivni sken. takze ok .)

[Kodlz]

omlouvam se za pozdni odpoved...byl jsem ted mimo.
Mbam i adwcleaner muzes odinstalovat.
Divam se ze notebook uz je starsiho data a ani moc volne pameti uz nema, to muze zpusobovat zpomalovani.


Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:
CloseProcesses:
Hosts:
EmptyTemp:

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S2 KMSEmulator; "C:\WINDOWS\Temp\KMSAuto\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -AI 43200 -RI 43200 KillProcessOnPort -Log -IP -Hwid DD279A0090B8D83E [X]
C:\WINDOWS\Temp\KMSAuto
S3 WinDivert1.1; \??\C:\WINDOWS\Temp\KMSAuto\bin\driver\x64WDV\WinDivert.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

end

[jakob kovařík]

dekuju za odpoved, ja zase zapomnel....
pocitac je starsi, postupne vylepsovany (ne mnou teda), ale tusim, ze jsem naposledy dokupoval pameti a ssd disk tak pred 2.5 lety.

tady je log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by PC (01-11-2019 11:45:25) Run:3
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Hosts:
EmptyTemp:

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S2 KMSEmulator; "C:\WINDOWS\Temp\KMSAuto\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -AI 43200 -RI 43200 KillProcessOnPort -Log -IP -Hwid DD279A0090B8D83E [X]
C:\WINDOWS\Temp\KMSAuto
S3 WinDivert1.1; \??\C:\WINDOWS\Temp\KMSAuto\bin\driver\x64WDV\WinDivert.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\System\CurrentControlSet\Services\KMSEmulator => removed successfully
KMSEmulator => service removed successfully
"C:\WINDOWS\Temp\KMSAuto" => not found
HKLM\System\CurrentControlSet\Services\WinDivert1.1 => removed successfully
WinDivert1.1 => service removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vsmon => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35260234 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 9909459 B
Edge => 0 B
Chrome => 343791912 B
Firefox => 0 B
Opera => 443853840 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 48176 B
NetworkService => 48176 B
PC => 343137113 B

RecycleBin => 7622344 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-11-2019 11:48:45)

C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Could not restore Hosts.

==== End of Fixlog 11:48:45 ====