Preventivní kontrola

[Sirius]

Zdravím,

prosím o kontrolu logu. Log přikládám jako přílohu, jinak bych ho musel rozložit na 5 částí. Pokud to ale nevadí, vložím ho do příspěvku. Děkuji

[altrok]

Krasny den Vam preju


Slozku c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e} zabalte do zipu/raru a upnete na leteckaposta.cz, odkaz ke stazeni dejte do pristiho prispevku.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Sirius]

Zdravím,

ať hledám jak hledám, složku nelze nalézt ( Nechal jsem prohledat i celé C:\ ). Podle adresy z logu jsem našel pouze soubor Cartoonify.job, který sem vložím, i když nevím zda k něčemu bude. Notebook jsem 100% nečistil žádným programem, protože jsem k němu až do dneška neměl přístup ( Nikdo další k němu přístup nemá ). Mám aktivní možnost vidět skryté složky, chráněné složky systému a prázdné složky. (Hledáno před čištěním AdwCleanerem)

Log:

# AdwCleaner v5.005 - Logfile created 01/09/2015 at 20:13:10
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 10 Pro Insider Preview (x64)
# Username : Anetka - WIN-5LKS7F1KP3T
# Running from : C:\Users\Anetka\Desktop\adwcleaner_5.005.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\15002769421496721767

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Anetka\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : askws

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [800 bytes] ##########

Soubor:
http://leteckaposta.cz/608262485

[altrok]

Nic se nedeje, zkusime to jeste jinak.


Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Sirius]

Zkoušel jsem vložit log do příspěvku, ovšem dostal jsem upozornění že obsahuje 778 000 znaků. Mohu ho vložit jako přílohu ?

[altrok]

Ano, muzete. Zabalte logy do raru/zipu a prilozte k pristimu prispevku.

[Sirius]

Přikládám tedy oba logy

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  File: C:\WINDOWS\SysWOW64\GameMon.des
  File: C:\ProgramData\DP45977C.lfl
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
  HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
  HKU\S-1-5-21-1818996410-246096817-3522660448-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  2015-09-02 17:37 - 2015-09-02 17:41 - 00112640 _____ (forum.viry.cz) C:\Users\Anetka\Desktop\FRSTLauncher.exe
  2015-09-01 20:12 - 2015-09-01 20:13 - 00000000 ____D C:\AdwCleaner
  2015-09-01 20:11 - 2015-09-01 20:12 - 01654272 _____ C:\Users\Anetka\Desktop\adwcleaner_5.005.exe
  2015-08-29 14:33 - 2015-08-29 14:39 - 00000000 ____D C:\Program Files\trend micro
  2015-08-29 14:33 - 2015-08-29 14:34 - 00000000 ____D C:\rsit
  2015-08-29 14:32 - 2015-08-29 14:33 - 01222144 _____ C:\Users\Anetka\Desktop\RSITx64.exe
  Task: {9137DB14-5C2B-4D3B-979A-4753D81D9BD0} - System32\Tasks\Cartoonify => c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe <==== ATTENTION
  Task: C:\WINDOWS\Tasks\Cartoonify.job => c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe <==== ATTENTION
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09f16801074a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  File: c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe
  c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}
  Hosts:
  EmptyTemp:
  End

[Sirius]

Log:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Anetka (2015-09-02 20:17:45) Run:1
Running from C:\Users\Anetka\Desktop
Loaded Profiles: Anetka (Available Profiles: Anetka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
File: C:\WINDOWS\SysWOW64\GameMon.des
File: C:\ProgramData\DP45977C.lfl
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKU\S-1-5-21-1818996410-246096817-3522660448-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-09-02 17:37 - 2015-09-02 17:41 - 00112640 _____ (forum.viry.cz) C:\Users\Anetka\Desktop\FRSTLauncher.exe
2015-09-01 20:12 - 2015-09-01 20:13 - 00000000 ____D C:\AdwCleaner
2015-09-01 20:11 - 2015-09-01 20:12 - 01654272 _____ C:\Users\Anetka\Desktop\adwcleaner_5.005.exe
2015-08-29 14:33 - 2015-08-29 14:39 - 00000000 ____D C:\Program Files\trend micro
2015-08-29 14:33 - 2015-08-29 14:34 - 00000000 ____D C:\rsit
2015-08-29 14:32 - 2015-08-29 14:33 - 01222144 _____ C:\Users\Anetka\Desktop\RSITx64.exe
Task: {9137DB14-5C2B-4D3B-979A-4753D81D9BD0} - System32\Tasks\Cartoonify => c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Cartoonify.job => c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09f16801074a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
File: c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe
c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========================= File: C:\WINDOWS\SysWOW64\GameMon.des ========================

File is digitally signed
MD5: AA98DA1933FC9D562E675C93DC003943
Creation and modification date: 2015-08-24 14:58 - 2015-07-22 09:26
Size: 3512928
Attributes: ----A
Company Name: INCA Internet Co., Ltd.
Internal Name: GameMon
Original Name: GameMon.des
Product: nProtect Game Monitor
Description: nProtect Game Monitor Rev 2239
File Version: 2015, 7, 20, 1
Product Version: 2015, 7, 20, 1
Copyright: Copyright ⓒ 2000-2011 INCA Internet

====== End of File: ======


========================= File: C:\ProgramData\DP45977C.lfl ========================

File not signed
MD5:
Creation and modification date: 2015-08-28 23:30 - 2015-08-28 23:30
Size: 0000000
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKU\S-1-5-21-1818996410-246096817-3522660448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Anetka\Desktop\FRSTLauncher.exe => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Anetka\Desktop\adwcleaner_5.005.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\Users\Anetka\Desktop\RSITx64.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9137DB14-5C2B-4D3B-979A-4753D81D9BD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9137DB14-5C2B-4D3B-979A-4753D81D9BD0}" => key removed successfully
C:\WINDOWS\System32\Tasks\Cartoonify => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cartoonify" => key removed successfully
C:\WINDOWS\Tasks\Cartoonify.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09f16801074a.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

========================= File: c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe ========================

"c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}\download.exe-1437082734335.exe" => not found.
====== End of File: ======

"c:\programdata\{e77b615f-9cb5-63da-e77b-b615f9cb857e}" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:18:22 ====

[altrok]

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Sirius]

Šlo jen o prevenci, takže o žádném velkém problému nevím. Děkuji

[altrok]

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy