VIRY.CZ

Dobrý den, prosím o kontrolu pc
Log viz příloha

Děkuji Jana

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

Posílám dle instrukcí

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-24-2019
# Duration: 00:00:17
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Ludmilka\AppData\Local\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\INSTALLPATH\STATUS
Deleted HKCU\Software\Seznam.cz

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [11221 octets] - [24/09/2019 21:10:16]
AdwCleaner[S00].txt - [3360 octets] - [24/09/2019 21:11:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Poprosim o obidva nove logy z FRST.

V příloze posílám nové logy.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\...\Policies\Explorer: [] 
  HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\...\MountPoints2: {c4467813-47fc-11e5-8260-c48e8fc019dc} - "F:\Start.exe" 
  Task: {4071833F-0C7F-403E-81B5-DC86B4B0E771} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
  Task: {703CA618-BA2F-4326-8521-241A5750BFB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
  Task: {89E7706A-3B44-4F8E-8C12-1C6D9BE0B6C1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
  Task: {A5F58CEB-15E4-402F-8E03-B782C65865B0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
  Task: {AC19A44F-E3BA-46DF-9B31-FBF4D8B63D2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
  Task: {E3CF5920-86ED-4BB5-B5E7-65D93228F49D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
  Task: {E85CE9A9-5624-4A67-81FA-2D2EEB2F12B7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
  Task: {F5609C79-DAA5-4D12-A2AC-3812D95BC2FC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [3227792 2015-06-01] (McAfee, Inc. -> McAfee, Inc.)
  Task: {F81666EE-348B-4B13-98C1-2FA2151E95B3} - System32\Tasks\{41A085A7-6C38-4D8B-A78A-23EBB2EBFE30} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" -c "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Picture Style Editor\uninstall.xml"
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
  FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
  FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
  FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
  CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
  CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
  ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
  ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
  FirewallRules: [UDP Query User{237A8D96-1F40-4E92-8DE8-505B5D64C1F8}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ludmilka\appdata\local\akamai\netsession_win.exe No File
  FirewallRules: [TCP Query User{BB9F2399-CCC9-48D1-BD94-977C0C294CE7}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ludmilka\appdata\local\akamai\netsession_win.exe No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-09-2019
Ran by Ludmilka (29-09-2019 19:04:34) Run:1
Running from C:\Users\Ludmilka\Desktop
Loaded Profiles: Ludmilka (Available Profiles: Ludmilka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\...\MountPoints2: {c4467813-47fc-11e5-8260-c48e8fc019dc} - "F:\Start.exe"
Task: {4071833F-0C7F-403E-81B5-DC86B4B0E771} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {703CA618-BA2F-4326-8521-241A5750BFB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89E7706A-3B44-4F8E-8C12-1C6D9BE0B6C1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A5F58CEB-15E4-402F-8E03-B782C65865B0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC19A44F-E3BA-46DF-9B31-FBF4D8B63D2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E3CF5920-86ED-4BB5-B5E7-65D93228F49D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E85CE9A9-5624-4A67-81FA-2D2EEB2F12B7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F5609C79-DAA5-4D12-A2AC-3812D95BC2FC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [3227792 2015-06-01] (McAfee, Inc. -> McAfee, Inc.)
Task: {F81666EE-348B-4B13-98C1-2FA2151E95B3} - System32\Tasks\{41A085A7-6C38-4D8B-A78A-23EBB2EBFE30} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" -c "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Picture Style Editor\uninstall.xml"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
FirewallRules: [UDP Query User{237A8D96-1F40-4E92-8DE8-505B5D64C1F8}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ludmilka\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{BB9F2399-CCC9-48D1-BD94-977C0C294CE7}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ludmilka\appdata\local\akamai\netsession_win.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 20987
Average :
Sum : 52126777722
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

"HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-3755741328-1988648920-3402407710-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4467813-47fc-11e5-8260-c48e8fc019dc} => removed successfully
HKLM\Software\Classes\CLSID\{c4467813-47fc-11e5-8260-c48e8fc019dc} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4071833F-0C7F-403E-81B5-DC86B4B0E771}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4071833F-0C7F-403E-81B5-DC86B4B0E771}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{703CA618-BA2F-4326-8521-241A5750BFB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{703CA618-BA2F-4326-8521-241A5750BFB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89E7706A-3B44-4F8E-8C12-1C6D9BE0B6C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E7706A-3B44-4F8E-8C12-1C6D9BE0B6C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5F58CEB-15E4-402F-8E03-B782C65865B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F58CEB-15E4-402F-8E03-B782C65865B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC19A44F-E3BA-46DF-9B31-FBF4D8B63D2E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC19A44F-E3BA-46DF-9B31-FBF4D8B63D2E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3CF5920-86ED-4BB5-B5E7-65D93228F49D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3CF5920-86ED-4BB5-B5E7-65D93228F49D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E85CE9A9-5624-4A67-81FA-2D2EEB2F12B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E85CE9A9-5624-4A67-81FA-2D2EEB2F12B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5609C79-DAA5-4D12-A2AC-3812D95BC2FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5609C79-DAA5-4D12-A2AC-3812D95BC2FC}" => removed successfully
C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F81666EE-348B-4B13-98C1-2FA2151E95B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F81666EE-348B-4B13-98C1-2FA2151E95B3}" => removed successfully
C:\WINDOWS\System32\Tasks\{41A085A7-6C38-4D8B-A78A-23EBB2EBFE30} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41A085A7-6C38-4D8B-A78A-23EBB2EBFE30}" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{237A8D96-1F40-4E92-8DE8-505B5D64C1F8}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BB9F2399-CCC9-48D1-BD94-977C0C294CE7}C:\users\ludmilka\appdata\local\akamai\netsession_win.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69935344 B
Java, Flash, Steam htmlcache => 603 B
Windows/system/drivers => 200702 B
Edge => 1115891 B
Chrome => 419461631 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15410 B
LocalService => 0 B
NetworkService => 1184 B
NetworkService => 0 B
Ludmilka => 44499975 B

RecycleBin => 598838 B
EmptyTemp: => 521.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:08:52 ====

Plocha ma takmer 50 GB, co je prilis vela. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Ako to vyzera s PC? Su nejake problemy? Inak logy vyzeraju OK.