VIRY.CZ

Dobrý den,
velmi se nám zpomalil počítač, téměř se "zastavuje". Když jsem ho dal naposledy restartovat, tak po hodině jsem ho vypnul natvrdo.
Po startu jsem spustil Správce úloh a Sledování prostředků, abych trochu věděl, co se děje.

Prosím o kontrolu logu a pomoc. Předem děkuji.
S pozdravem Pavel Papežík

Posílám lohy FRST Addition a RSIT v příloze

Včera jsem jako první zkouše ADWcleaner ale našel jen 1 věc, kterou jsem dal odstranit:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-07-2020
# Duration: 00:00:24
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Seznam.cz Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Rodiče\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Rodiče\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK


AdwCleaner[S00].txt - [1266 octets] - [05/06/2019 00:51:07]
AdwCleaner[C00].txt - [1432 octets] - [05/06/2019 00:51:22]
AdwCleaner[S01].txt - [2206 octets] - [15/12/2019 12:00:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Zdravím!
Nejprve dejte do karantény (smažte) položky, které nalezl ADW. Logy FRST+Addition byly sejmuty před akcí ADW, nebo po ní? Pokud před ní, dejte nové.

Včera jsem dal smazat pouze
PUP.Optional.Seznam.cz Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

To od HP jsem tam nechal. Mám to smazat taky?

Nemusíte, to jsou doplňky od HP. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {6ED794BC-6808-4FFD-8FF5-1CFBC7A69929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-20] (Google Inc -> Google Inc.)
Task: {5FFB56A6-6C45-415F-81E5-7678A5F929D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-20] (Google Inc -> Google Inc.)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\WINDOWS\SysWOW64\gsfkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gsw32.exe:$CmdTcID [64]
FirewallRules: [{810970A1-3107-4630-95AA-A2805884C328}] => (Block) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [{82CFDFC3-8378-4430-8EFC-C825365BCEB6}] => (Block) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [UDP Query User{1D63CEDA-6F2F-4952-809F-19CE0120908D}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [TCP Query User{98AB0D34-C86B-4125-A675-B16EFD5171D8}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Děkuji, posílám...

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2020
Ran by Rodiče (08-11-2020 12:44:19) Run:1
Running from C:\Users\Rodiče\Desktop
Loaded Profiles: Rodiče
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {6ED794BC-6808-4FFD-8FF5-1CFBC7A69929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-20] (Google Inc -> Google Inc.)
Task: {5FFB56A6-6C45-415F-81E5-7678A5F929D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-20] (Google Inc -> Google Inc.)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\WINDOWS\SysWOW64\gsfkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gsw32.exe:$CmdTcID [64]
FirewallRules: [{810970A1-3107-4630-95AA-A2805884C328}] => (Block) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [{82CFDFC3-8378-4430-8EFC-C825365BCEB6}] => (Block) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [UDP Query User{1D63CEDA-6F2F-4952-809F-19CE0120908D}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [TCP Query User{98AB0D34-C86B-4125-A675-B16EFD5171D8}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6ED794BC-6808-4FFD-8FF5-1CFBC7A69929}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ED794BC-6808-4FFD-8FF5-1CFBC7A69929}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FFB56A6-6C45-415F-81E5-7678A5F929D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FFB56A6-6C45-415F-81E5-7678A5F929D5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
C:\WINDOWS\SysWOW64\gsfkill.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gsw32.exe => ":$CmdTcID" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{810970A1-3107-4630-95AA-A2805884C328}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82CFDFC3-8378-4430-8EFC-C825365BCEB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1D63CEDA-6F2F-4952-809F-19CE0120908D}C:\program files\openshot video editor\launch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98AB0D34-C86B-4125-A675-B16EFD5171D8}C:\program files\openshot video editor\launch.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 444014254 B
Java, Flash, Steam htmlcache => 1171 B
Windows/system/drivers => 74554122 B
Edge => 5443701 B
Chrome => 145699769 B
Firefox => 1219262984 B
Opera => 166335081 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 55894300 B
NetworkService => 55898626 B
Rodiče => 259394062 B

RecycleBin => 180788 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-11-2020 12:52:24)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 12:52:24 ====

Smazáno. Nastala nějaká změna?

Děkuji,
už opět jede "jak blesk"!
Co s tím bylo, co se nám ti přilepilo? Tušíte odkud?
Pavel Papežík

Víceméně zbytečnosti, hodně tam bylo dočasných souborů internetu. takže asi tak.

JJ, děkuji.
Tak to vím, kdo to má na starosti...
Přeji Vám Boží požehnání a pevné zdraví!
Něco jsem už poslal
S pozdravem Pavel Papežík

Nemáte zač a za příspěvek děkujeme. Hezký den!