Preventivní kontrola

[maty207]

Ahoj, zdá se mi že PC lehce zpomalil, můžete se mi prosím na to podívat? Nedávno se mi stalo, že mě to z google odkazu, co vedl na stackoverflow, tak mě to přesměrovalo na nějakou divnou stránku, kde to svítilo podvodnýma reklamama, proto ta obava.
Díky

[Diallix]

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

[maty207]

Ahoj, tady log. Co jsem koukal tak to asi bylo čistý, takže mi jen holt stárne PC. Díky

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-19-2020
# Duration: 00:00:02
# OS: Windows 10 Education
# Cleaned: 6
# Failed: 3


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8D6B5E6-6C6D-4819-AFE3-3585C22ACFC8}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D6B5E6-6C6D-4819-AFE3-3585C22ACFC8}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2560 octets] - [18/11/2018 12:56:20]
AdwCleaner[C00].txt - [2414 octets] - [18/11/2018 12:56:50]
AdwCleaner[S01].txt - [2526 octets] - [19/04/2020 10:19:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Diallix]

Poprosim o novr logy FRST a ADDITION

[maty207]

Ahoj, omlouvám se za zpoždění, log v příloze

[Diallix]

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Start:
FirewallRules: [{C79C6A39-B4AB-4D72-8BA2-44755E530475}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [{A2CB4814-4AE7-4712-BE4B-97D5DDD1F254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{284D797E-7A85-44D0-869E-F004F0E99B8A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5D8AC712-34D9-4FBF-A943-3165E8758609}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{4EC16A19-8A14-42D1-8DD0-00FEBE19BF1F}] => (Allow) C:\Users\Ondrej Chladek\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{7F0B28A7-4B95-45F1-8909-079CB41F579B}] => (Allow) C:\Users\Ondrej Chladek\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{2B6D730E-D256-45C0-A97A-F9B45000BFF5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{279E8B19-EECA-40BE-9DDF-D7B7C52D91C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{7E3EE59F-0801-4185-B12F-B3244F1C1F36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Luftrausers\bin\Luftrausers.exe No File
FirewallRules: [{FD04228D-C335-4826-B871-12F2041A4670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Luftrausers\bin\Luftrausers.exe No File
FirewallRules: [{3765F823-94B9-4A93-BBB7-24603777EEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SovietRepublic\SOVIET.exe No File
FirewallRules: [{CFB3A8A6-D176-4693-A4A4-439468506350}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SovietRepublic\SOVIET.exe No File
IE trusted site: HKU\S-1-5-21-83661414-2985840491-4141075080-1001\...\sharepoint.com -> hxxps://campuscvut-files.sharepoint.com
Shortcut: C:\Users\OndrejChladek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeX Live 2019\Uninstall TeX Live.lnk -> C:\texlive\2019\tlpkg\installer\uninst.bat (No File)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-10 15:43 - 2020-04-10 15:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

EmptyTemp:

End:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.