Preventivka.

[Shady22]

Zdravím! Poprosím vás o kontrolu logu, děkuji.

[Conder]

Ahoj

FRST logy su vytvorene zastaralou FRST verziou z roku 2018. Stiahni aktualnu verziu FRST z https://www.bleepingcomputer.com/downlo ... scan-tool/ (logy zatial netreba)

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[Shady22]

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-03-2019
# Duration: 00:00:10
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [34411 octets] - [03/11/2019 17:26:53]
AdwCleaner[S00].txt - [6685 octets] - [03/11/2019 17:34:13]
AdwCleaner[S01].txt - [6746 octets] - [03/11/2019 17:35:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Conder]

OK, poprosim o obidva nove logy z FRST

[Shady22]

V příloze.

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
  HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
  SearchScopes: HKU\S-1-5-21-244420544-3215236786-1705726321-1001 -> DefaultScope {093D8006-F869-4623-88AC-84D727BAFBD8} URL = 
  SearchScopes: HKU\S-1-5-21-244420544-3215236786-1705726321-1001 -> {093D8006-F869-4623-88AC-84D727BAFBD8} URL = 
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[Shady22]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by lenovo (04-11-2019 03:30:26) Run:2
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-244420544-3215236786-1705726321-1001 -> DefaultScope {093D8006-F869-4623-88AC-84D727BAFBD8} URL =
SearchScopes: HKU\S-1-5-21-244420544-3215236786-1705726321-1001 -> {093D8006-F869-4623-88AC-84D727BAFBD8} URL =
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 6
Average :
Sum : 9244567
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-244420544-3215236786-1705726321-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-244420544-3215236786-1705726321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-244420544-3215236786-1705726321-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{093D8006-F869-4623-88AC-84D727BAFBD8} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19020576 B
Java, Flash, Steam htmlcache => 54706624 B
Windows/system/drivers => 76924878 B
Edge => 278460117 B
Chrome => 268433595 B
Firefox => 22109836 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7566 B
NetworkService => 7566 B
lenovo => 12371276 B

RecycleBin => 0 B
EmptyTemp: => 708.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 03:32:47 ====

[Conder]

Ako to vyzera s PC? Su nejake problemy?

[Shady22]

Nejsou, vše funguje bez problému.

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[Shady22]

Hotovo!

# DelFix v1.013 - Logfile created 05/11/2019 at 17:21:24
# Updated 17/04/2016 by Xplode
# Username : lenovo - LAPTOP-DQ4AT5OK
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\lenovo\Desktop\adwcleaner_7.4.2.exe
Deleted : C:\Users\lenovo\Desktop\Fixlog.txt
Deleted : C:\Users\lenovo\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

[Conder]

Toto je OK

[Shady22]

Děkuji za pomoc.

[Conder]

Nie je zaco, rad som pomohol