Preventivka 18.8.2015

[Márty84]

Huraaaaa to je on, meho srdce sampion


Vypnete trvale Windows Defender.



Zkontrolujte velikost adresare plochy C:\Users\David\Plocha
Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465400 2015-05-21] (O&O Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKU\S-1-5-21-2777513043-250176279-151607989-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2777513043-250176279-151607989-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-2777513043-250176279-151607989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2015-08-19]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
U3 amsa6kwo; C:\Windows\System32\Drivers\amsa6kwo.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]

2015-08-19 13:38 - 2014-06-07 14:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
2015-08-19 13:38 - 2014-06-07 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[bojimso]

Windows Defender vypnutý, plochu nějak promažu a LOG

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by David (2015-08-21 15:02:19) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & Mamka & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465400 2015-05-21] (O&O Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKU\S-1-5-21-2777513043-250176279-151607989-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2777513043-250176279-151607989-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)

HKU\S-1-5-21-2777513043-250176279-151607989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2015-08-19]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
U3 amsa6kwo; C:\Windows\System32\Drivers\amsa6kwo.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]

2015-08-19 13:38 - 2014-06-07 14:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
2015-08-19 13:38 - 2014-06-07 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OODefragTray => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value removed successfully
HKU\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
"HKU\S-1-5-21-2777513043-250176279-151607989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
SwitchBoard => service removed successfully
amsa6kwo => service not found.
AdobeARMservice => service removed successfully
gupdate => service removed successfully
SkypeUpdate => service removed successfully
AdobeFlashPlayerUpdateSvc => service removed successfully
gupdatem => service removed successfully
C:\Users\David\AppData\Roaming\Malwarebytes => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 31.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:04:03 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[bojimso]

Jeste pockam na ten defragment, to bude trvat par hodin, jinak mi prestaly vyskakovat reklamy na internetu, takze dekuji

[Márty84]

Nemate zac!

Po defragmentaci precejen jeste pc radne prozkousejte a pokud vse pobezi jak ma, tema uzavrem



13.9. http://forum.viry.cz/viewtopic.php?f=12&t=123975