Kontrola 10/2020

Zpráva

funnerno1 · #1 Příspěvek od **funnerno1** » 10 říj 2020 19:13

Dobrý den, prosím o kontrolu logu, přijde mi, že počítač jede nějak pomalu.

log.rar: (40.87 KiB) Staženo 75 x

#2 Příspěvek od **Diallix** » 10 říj 2020 21:15

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

funnerno1 · #3 Příspěvek od **funnerno1** » 11 říj 2020 13:07

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-11-2020
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 16
# Failed: 0

***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Pavel\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Pavel\AppData\Roaming\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{362a1483-e9ae-47e3-9cfe-544ba2c5c866}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{362a1483-e9ae-47e3-9cfe-544ba2c5c866}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{362a1483-e9ae-47e3-9cfe-544ba2c5c866}|UninstallString

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4418 octets] - [11/10/2020 13:46:45]
AdwCleaner[S01].txt - [4479 octets] - [11/10/2020 13:50:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

#4 Příspěvek od **Diallix** » 11 říj 2020 14:51

Ok

Poprosim o nove logy FRST a ADDITION.

funnerno1 · #5 Příspěvek od **funnerno1** » 12 říj 2020 18:59

Nové logy.

Log2.rar: (37.1 KiB) Staženo 74 x

#6 Příspěvek od **Diallix** » 13 říj 2020 16:07

Log FRST neni kompletny. Chyba hlavicka subory s podsekciami.

funnerno1 · #7 Příspěvek od **funnerno1** » 13 říj 2020 18:40

Teď je to v pořádku?

Log3.rar: (40.93 KiB) Staženo 70 x

#8 Příspěvek od **Diallix** » 13 říj 2020 22:23

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\...\MountPoints2: {07372968-5a40-11ea-9ce0-3052cb811641} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\...\MountPoints2: {aac8fb45-fd1b-11ea-9cfa-3052cb811641} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {19E2285A-B41C-4BAD-8342-FD5842AC0BF2} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {3F9DA40E-74EE-409F-AF7A-6AA0CA841CF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-31] (Google Inc -> Google Inc.)
Task: {EE82215C-0A2F-45A2-94B9-3CEB2206F962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-31] (Google Inc -> Google Inc.)
Task: {FE61F908-0545-4E6A-B6EB-A58578A8B894} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\78cl2cts.default -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\78cl2cts.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-01 11:04:11&bName=
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-01 11:04:11&bName=
SearchScopes: HKU\S-1-5-21-3648554848-4071138000-2400774708-1001 -> DefaultScope {0C23C7B3-22DC-4399-91E1-77BE17C98C53} URL = 
SearchScopes: HKU\S-1-5-21-3648554848-4071138000-2400774708-1001 -> {0C23C7B3-22DC-4399-91E1-77BE17C98C53} URL = 
BHO: No Name -> {DAA07C00-C20D-4F41-8933-33473543A4FD}' -> No File
BHO-x32: No Name -> {DAA07C00-C20D-4F41-8933-33473543A4FD}' -> No File
FirewallRules: [{D224EE75-2A93-4FF8-B17E-E925CD48FEA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8D91AE5D-B1FA-4973-AE9E-88EC7F280E2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6C00ACF2-D3DA-4AA6-9BF8-645329011ED8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4E0007F6-5025-4606-B26F-15824305F134}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

funnerno1 · #9 Příspěvek od **funnerno1** » 14 říj 2020 19:56

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Pavel (14-10-2020 20:36:11) Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel & Jana
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\...\MountPoints2: {07372968-5a40-11ea-9ce0-3052cb811641} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\...\MountPoints2: {aac8fb45-fd1b-11ea-9cfa-3052cb811641} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {19E2285A-B41C-4BAD-8342-FD5842AC0BF2} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {3F9DA40E-74EE-409F-AF7A-6AA0CA841CF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-31] (Google Inc -> Google Inc.)
Task: {EE82215C-0A2F-45A2-94B9-3CEB2206F962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-31] (Google Inc -> Google Inc.)
Task: {FE61F908-0545-4E6A-B6EB-A58578A8B894} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\78cl2cts.default -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\78cl2cts.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-01 11:04:11&bName=
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-01 11:04:11&bName=
SearchScopes: HKU\S-1-5-21-3648554848-4071138000-2400774708-1001 -> DefaultScope {0C23C7B3-22DC-4399-91E1-77BE17C98C53} URL =
SearchScopes: HKU\S-1-5-21-3648554848-4071138000-2400774708-1001 -> {0C23C7B3-22DC-4399-91E1-77BE17C98C53} URL =
BHO: No Name -> {DAA07C00-C20D-4F41-8933-33473543A4FD}' -> No File
BHO-x32: No Name -> {DAA07C00-C20D-4F41-8933-33473543A4FD}' -> No File
FirewallRules: [{D224EE75-2A93-4FF8-B17E-E925CD48FEA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8D91AE5D-B1FA-4973-AE9E-88EC7F280E2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6C00ACF2-D3DA-4AA6-9BF8-645329011ED8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4E0007F6-5025-4606-B26F-15824305F134}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File

EmptyTemp:

*****************

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07372968-5a40-11ea-9ce0-3052cb811641} => removed successfully
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aac8fb45-fd1b-11ea-9cfa-3052cb811641} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19E2285A-B41C-4BAD-8342-FD5842AC0BF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E2285A-B41C-4BAD-8342-FD5842AC0BF2}" => removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F9DA40E-74EE-409F-AF7A-6AA0CA841CF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F9DA40E-74EE-409F-AF7A-6AA0CA841CF5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE82215C-0A2F-45A2-94B9-3CEB2206F962}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE82215C-0A2F-45A2-94B9-3CEB2206F962}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE61F908-0545-4E6A-B6EB-A58578A8B894}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE61F908-0545-4E6A-B6EB-A58578A8B894}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3648554848-4071138000-2400774708-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C23C7B3-22DC-4399-91E1-77BE17C98C53} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA07C00-C20D-4F41-8933-33473543A4FD}' => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA07C00-C20D-4F41-8933-33473543A4FD}' => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D224EE75-2A93-4FF8-B17E-E925CD48FEA9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D91AE5D-B1FA-4973-AE9E-88EC7F280E2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C00ACF2-D3DA-4AA6-9BF8-645329011ED8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E0007F6-5025-4606-B26F-15824305F134}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92606056 B
Java, Flash, Steam htmlcache => 1387 B
Windows/system/drivers => 42300489 B
Edge => 51985 B
Chrome => 355124144 B
Firefox => 1137533147 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8806 B
NetworkService => 8806 B
Pavel => 17831265 B
Jana => 24919685 B

RecycleBin => 9106170200 B
EmptyTemp: => 10 GB temporary data Removed.

================================

The system needed a reboot.

==== End 1 Fixlog 20:36:58 ====

#10 Příspěvek od **Diallix** » 14 říj 2020 23:20

Dobre.

Ako je na tom pocitac?

funnerno1 · #11 Příspěvek od **funnerno1** » 15 říj 2020 20:05

Myslím, že běží v pohodě. Díky.

#12 Příspěvek od **Diallix** » 15 říj 2020 20:20

Za malicko :]]

VIRY.CZ

Kontrola 10/2020

Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020

Re: Kontrola 10/2020