Stránka 1 z 1

Prosím o kontrolu

Napsal: 19 lis 2020 22:22
od Alžbeta
.txt sú v prílohe
FIRST+ADD.rar
(17.5 KiB) Staženo 74 x
Vopred díky moc

Re: Prosím o kontrolu

Napsal: 20 lis 2020 05:00
od Diallix
Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Re: Prosím o kontrolu

Napsal: 20 lis 2020 14:50
od Alžbeta
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-20-2020
# Duration: 00:00:05
# OS: Windows 8.1 Pro
# Cleaned: 38
# Failed: 0


***** [ Services ] *****

Deleted RelevantKnowledge

***** [ Folders ] *****

Deleted C:\Program Files (x86)\RelevantKnowledge
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Deleted C:\Users\Snowie\AppData\Roaming\Seznam.cz

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\rlls.dll
Deleted C:\Windows\System32\rlls64.dll

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8E891DCA-E3E6-4FC6-851A-FCF6263719A2}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{826F04AC-5E0F-4959-84A4-02E8479F9707}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0478DA5A-7887-42EE-ADAF-8A0444A2ECFB}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{747F9A91-D381-44F2-8F86-3D55807E3EAA}
Deleted HKLM\Software\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}

***** [ Chromium (and derivatives) ] *****

Deleted mmnfmgelbcgoildddbgofpeofhjgipoi

***** [ Chromium URLs ] *****

Deleted Search Here
Deleted Search Here
Deleted Search Here
Deleted Search Here
Deleted delta-homes
Deleted delta-homes
Deleted delta-homes
Deleted delta-homes
Deleted http://www.oursurfing.com/?type=hp&ts=1 ... J9BC916972
Deleted oursurfing
Deleted uTorrentControl_v6 Customized Web Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.CyberLinkService Folder C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Sunplus SPUVCb


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4835 octets] - [20/11/2020 14:37:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Prosím o kontrolu

Napsal: 20 lis 2020 15:01
od Diallix
Poprosim o nove logy FRST+ADDITION.

Re: Prosím o kontrolu

Napsal: 20 lis 2020 16:06
od Alžbeta
FIRST+ADD.rar
(16.87 KiB) Staženo 89 x

Re: Prosím o kontrolu

Napsal: 22 lis 2020 19:05
od Diallix
Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:
c:\program files\bytefence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\ByteFenceService.exe
c:\program files\bytefence
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {718eb70d-dd56-11e9-834f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {7cd81b36-79f9-11e8-828f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2a17-69e8-11e9-831a-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2ada-69e8-11e9-831a-b4b52f72c84f} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
Task: {B2AE5251-7B82-4458-9B61-B7E2B27AE414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-02-19] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [162272 2020-02-11] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
2020-04-03 00:18 - 2020-05-01 18:40 - 000000038 _____ () C:\Users\Snowie\AppData\Roaming\WB.CFG
2020-11-08 12:24 - 2020-11-08 12:24 - 000000000 _____ () C:\Users\Snowie\AppData\Local\BIT8288.tmp
2018-04-24 18:58 - 2020-08-20 17:20 - 000006144 _____ () C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B}
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Re: Prosím o kontrolu

Napsal: 23 lis 2020 12:20
od Alžbeta

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by Snowie (23-11-2020 12:10:58) Run:1
Running from C:\Users\Snowie\Desktop
Loaded Profiles: Snowie
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
c:\program files\bytefence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\ByteFenceService.exe
c:\program files\bytefence
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {718eb70d-dd56-11e9-834f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {7cd81b36-79f9-11e8-828f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2a17-69e8-11e9-831a-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2ada-69e8-11e9-831a-b4b52f72c84f} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
Task: {B2AE5251-7B82-4458-9B61-B7E2B27AE414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-02-19] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [162272 2020-02-11] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
2020-04-03 00:18 - 2020-05-01 18:40 - 000000038 _____ () C:\Users\Snowie\AppData\Roaming\WB.CFG
2020-11-08 12:24 - 2020-11-08 12:24 - 000000000 _____ () C:\Users\Snowie\AppData\Local\BIT8288.tmp
2018-04-24 18:58 - 2020-08-20 17:20 - 000006144 _____ () C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B}
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
EmptyTemp:
Hosts:

*****************

Processes closed successfully.
Restore point was successfully created.
c:\program files\bytefence\rtop\bin\rtop_svc.exe => moved successfully
C:\Program Files\ByteFence\ByteFenceService.exe => moved successfully
c:\program files\bytefence => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{718eb70d-dd56-11e9-834f-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd81b36-79f9-11e8-828f-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faee2a17-69e8-11e9-831a-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faee2ada-69e8-11e9-831a-b4b52f72c84f} => removed successfully
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2AE5251-7B82-4458-9B61-B7E2B27AE414}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AE5251-7B82-4458-9B61-B7E2B27AE414}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\System\CurrentControlSet\Services\rtop => removed successfully
rtop => service removed successfully
HKLM\System\CurrentControlSet\Services\ByteFenceService => removed successfully
ByteFenceService => service removed successfully
C:\Users\Snowie\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Snowie\AppData\Local\BIT8288.tmp => moved successfully
C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B} => moved successfully
C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41128111 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 148941396 B
Edge => 0 B
Chrome => 655392013 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 390 B
LocalService => 390 B
NetworkService => 124561584 B
Snowie => 30384276314 B

RecycleBin => 0 B
EmptyTemp: => 29.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:15:30 ====

Re: Prosím o kontrolu

Napsal: 23 lis 2020 14:48
od Diallix
Ako je na tom pocitac?

Re: Prosím o kontrolu

Napsal: 24 lis 2020 13:50
od Alžbeta
Určite vidím zmenu k lepšiemu. Hlavne prihlasovanie do systemu sa zrychlilo ako aj otváranie apiek. Ďakujem za pomoc :)

Re: Prosím o kontrolu

Napsal: 24 lis 2020 14:25
od Diallix
V pohode, nemate zaco :]]