Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Win10 Firewall detekuje kmss.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Win10 Firewall detekuje kmss.exe

#1 Příspěvek od tLamina »

Zdravím,

kdysi dávno jsem měl nelegální office a k tomu byl KMS emulator. Nyní už mám Office se zakoupenou licencí a domníval jsem se, že jsem vše smazal. Nicméně se mi nedávno zobrazilo varování že Win Firewall zablokoval některé funkce právě u "KMS emulator by Ratiborus, thanks to Hotbird 64"

Prosím o kontrolu logů. Oba jsou v příloze, byly moc velké.
First&addition log.rar
(43.46 KiB) Staženo 14 x
Díky!

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#3 Příspěvek od tLamina »

Ahoj,

provedl jsem dle návodu, jediné co neproběhlo byl restart počítače. Nebylo mi ani nabídnuto. Rovnou na mě vyběhl log.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-30-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Michal\AppData\Roaming\imminent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\PIP
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Softonic
Deleted HKCU\Software\YahooPartnerToolbar
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\PIP

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted kegdldmohomdaelnepdpbkdhfemobdgl

***** [ Chromium URLs ] *****

Deleted MyPlayCity Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2073 octets] - [30/04/2021 08:40:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#4 Příspěvek od Conder »

Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#5 Příspěvek od tLamina »

Logy v příloze. Jinak na mě dnes vyskočilo, že Avast dal do karantény KMSS.dat
21-05-02 FRST&Addition log.rar
(44.44 KiB) Staženo 6 x

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    Folder: C:\WINDOWS\files
    ExportKey: HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google
    Folder: C:\WINDOWS\ehome
    ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc
    File: C:\Users\Michal\AppData\Local\pcc.exe
    
    HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {00F659D6-175B-486C-A597-56EA39251283} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {064C71E9-5A57-4079-B405-A71F18BC910F} - System32\Tasks\{2932C2F3-63F6-4991-91B4-486D5A8A5E86} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\dotnetfx35setup(2).exe -d C:\Users\Michal\Downloads
    Task: {124CE8A0-0810-45DB-9528-A92FF0AAD85C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {252C78DF-D54A-4587-935E-DECDE7672CD8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {2EF29CD4-BB1E-4807-AC37-D67E3A6B989B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {38F8F30E-D1DB-4BC5-AF30-8EC3A359A03D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {4BEE9E36-DE50-4F12-9212-8831C28C3F49} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4C254901-5ECD-4BE2-86F0-09134D2A81E3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4FE6F5BB-6E97-4469-97DC-F0D405DFD3A4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4FFEB495-3ACA-4BA1-AA12-F14B51CB5D8D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6054D14E-FBE6-44A8-B02F-06DAA162BAB5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {6F00DD64-516B-40AC-A0C6-B818C23BE4F6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7590E87C-DD0C-4B8E-BAEC-5AC17C2BD498} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {860542D5-4C0B-4E22-AFEB-8B0849FE4590} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
    Task: {88F83EA7-9A3D-462A-B91A-7FD133570925} - System32\Tasks\{955D1A76-6D23-4C70-8676-11D007D7F95A} => C:\Windows\system32\pcalua.exe -a D:\Data\Download\undelete_plus_setup.exe -d D:\Data\Download
    Task: {96F8FF91-BB71-4F10-B493-FD10DB2363C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {972E505A-54B8-4274-A81A-D3D08EEFB53E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A1AE6B69-AE72-4AD8-9573-A67836637F02} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AA352CE6-C454-416D-B7EF-DAD9C818007F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B00AA387-AC44-49E0-9F89-63455564D9F5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {C40CE398-B409-4093-B6E0-830769CA3C06} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {CAB0615A-78D3-48EA-B6FE-CC69D0176A26} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D647DABE-D5EC-4B14-B080-70247055F7BC} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
    Task: {D68584F5-C4B7-4644-9634-ED672D3044F9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E8A59247-5479-481C-820F-BF07CFF94A43} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {F1DC5E98-DE41-4A70-9325-D0E3DFC9E9BC} - System32\Tasks\{2D5FE1B7-B892-4B3D-B214-98184F1CFF39} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\dotnetfx35setup(1).exe -d C:\Users\Michal\Downloads
    U3 idsvc; no ImagePath
    2021-05-02 21:25 - 2019-06-29 10:43 - 000000000 ____D C:\WINDOWS\files
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#7 Příspěvek od tLamina »

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Michal (06-05-2021 00:48:13) Run:1
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal & Guest
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\WINDOWS\files
ExportKey: HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google
Folder: C:\WINDOWS\ehome
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc
File: C:\Users\Michal\AppData\Local\pcc.exe

HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {00F659D6-175B-486C-A597-56EA39251283} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {064C71E9-5A57-4079-B405-A71F18BC910F} - System32\Tasks\{2932C2F3-63F6-4991-91B4-486D5A8A5E86} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\dotnetfx35setup(2).exe -d C:\Users\Michal\Downloads
Task: {124CE8A0-0810-45DB-9528-A92FF0AAD85C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {252C78DF-D54A-4587-935E-DECDE7672CD8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2EF29CD4-BB1E-4807-AC37-D67E3A6B989B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {38F8F30E-D1DB-4BC5-AF30-8EC3A359A03D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4BEE9E36-DE50-4F12-9212-8831C28C3F49} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C254901-5ECD-4BE2-86F0-09134D2A81E3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FE6F5BB-6E97-4469-97DC-F0D405DFD3A4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FFEB495-3ACA-4BA1-AA12-F14B51CB5D8D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6054D14E-FBE6-44A8-B02F-06DAA162BAB5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6F00DD64-516B-40AC-A0C6-B818C23BE4F6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7590E87C-DD0C-4B8E-BAEC-5AC17C2BD498} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {860542D5-4C0B-4E22-AFEB-8B0849FE4590} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {88F83EA7-9A3D-462A-B91A-7FD133570925} - System32\Tasks\{955D1A76-6D23-4C70-8676-11D007D7F95A} => C:\Windows\system32\pcalua.exe -a D:\Data\Download\undelete_plus_setup.exe -d D:\Data\Download
Task: {96F8FF91-BB71-4F10-B493-FD10DB2363C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {972E505A-54B8-4274-A81A-D3D08EEFB53E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1AE6B69-AE72-4AD8-9573-A67836637F02} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA352CE6-C454-416D-B7EF-DAD9C818007F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B00AA387-AC44-49E0-9F89-63455564D9F5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C40CE398-B409-4093-B6E0-830769CA3C06} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {CAB0615A-78D3-48EA-B6FE-CC69D0176A26} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D647DABE-D5EC-4B14-B080-70247055F7BC} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {D68584F5-C4B7-4644-9634-ED672D3044F9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E8A59247-5479-481C-820F-BF07CFF94A43} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1DC5E98-DE41-4A70-9325-D0E3DFC9E9BC} - System32\Tasks\{2D5FE1B7-B892-4B3D-B214-98184F1CFF39} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\dotnetfx35setup(1).exe -d C:\Users\Michal\Downloads
U3 idsvc; no ImagePath
2021-05-02 21:25 - 2019-06-29 10:43 - 000000000 ____D C:\WINDOWS\files
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 2801
Average :
Sum : 2923819536
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= Folder: C:\WINDOWS\files ========================

2019-06-29 10:43 - 2015-09-30 06:47 - 000000366 ____A [AC6BE84084E31DBB0E08D188B6C86EC8] () C:\WINDOWS\files\Configure.xml
2019-06-29 10:43 - 2015-06-23 11:13 - 000000059 ____A [364F86F97324EA82FE0D142CD01CF6DD] () C:\WINDOWS\files\Uninstall.xml
2019-06-29 10:43 - 2015-09-30 07:36 - 000000000 ___AD [00000000000000000000000000000000] () C:\WINDOWS\files\x64
2019-06-29 10:43 - 2014-04-28 12:16 - 000019968 ____A [162AB955CB2F002A73C1530AA796477F] () C:\WINDOWS\files\x64\cleanospp.exe
2019-06-29 10:43 - 2014-04-28 12:16 - 000829264 ____A [DF3CA8D16BDED6A54977B30E66864D33] (Microsoft Corporation) C:\WINDOWS\files\x64\msvcr100.dll
2019-06-29 10:43 - 2015-09-30 07:36 - 000000000 ___AD [00000000000000000000000000000000] () C:\WINDOWS\files\x86
2019-06-29 10:43 - 2014-04-28 12:16 - 000017408 ____A [5FD363D52D04AC200CD24F3BCC903200] () C:\WINDOWS\files\x86\cleanospp.exe
2019-06-29 10:43 - 2014-04-28 12:16 - 000773968 ____A [BF38660A9125935658CFA3E53FDC7D65] (Microsoft Corporation) C:\WINDOWS\files\x86\msvcr100.dll

====== End of Folder: ======

================== ExportKey: ===================

[HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google]
[HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google\Chrome]
[HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]
"1"="kegdldmohomdaelnepdpbkdhfemobdgl"

=== End of ExportKey ===

========================= Folder: C:\WINDOWS\ehome ========================

2011-04-12 10:45 - 2020-08-16 19:49 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Components
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Components\tables
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Filters
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\SFXPlugins
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\SonicResources
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\style
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\NTSC
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\NTSC\Symphony\Symphony
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\PAL
2011-04-12 10:45 - 2019-09-21 22:11 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\CreateDisc\Styles\PAL\Symphony\Symphony
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\cs-CZ
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\en-US
2011-04-12 10:45 - 2020-08-16 19:49 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\MCX
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\MCX\X02
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\MediaRenderer
2011-04-12 10:45 - 2020-08-16 19:49 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\wow
2011-04-12 10:45 - 2011-04-12 10:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\ehome\wow\en-US

====== End of Folder: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]
"FailureActions"="840300000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"Start"="3"

=== End of ExportKey ===

========================= File: C:\Users\Michal\AppData\Local\pcc.exe ========================

C:\Users\Michal\AppData\Local\pcc.exe
File not signed
MD5: 2E8DBA19BC7042139F5C950D9669B4AF
Creation and modification date: 2014-12-26 13:24 - 2015-03-13 22:59
Size: 028579392
Attributes: ----A
Company Name: Sony Mobile Communications -> Sony Mobile Communications
Internal Name: stub32
Original Name: stub32i.exe
Product: Sony PC Companion
Description:
File Version: 2.10.251
Product Version: 2.10.251
Copyright: Sony
VirusTotal: https://www.virustotal.com/gui/file/695 ... 1614920557

====== End of File: ======

HKU\S-1-5-21-1053401254-3134794029-3190599243-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00F659D6-175B-486C-A597-56EA39251283}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F659D6-175B-486C-A597-56EA39251283}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{064C71E9-5A57-4079-B405-A71F18BC910F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{064C71E9-5A57-4079-B405-A71F18BC910F}" => removed successfully
C:\WINDOWS\System32\Tasks\{2932C2F3-63F6-4991-91B4-486D5A8A5E86} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2932C2F3-63F6-4991-91B4-486D5A8A5E86}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124CE8A0-0810-45DB-9528-A92FF0AAD85C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124CE8A0-0810-45DB-9528-A92FF0AAD85C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{252C78DF-D54A-4587-935E-DECDE7672CD8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{252C78DF-D54A-4587-935E-DECDE7672CD8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EF29CD4-BB1E-4807-AC37-D67E3A6B989B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EF29CD4-BB1E-4807-AC37-D67E3A6B989B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F8F30E-D1DB-4BC5-AF30-8EC3A359A03D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F8F30E-D1DB-4BC5-AF30-8EC3A359A03D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BEE9E36-DE50-4F12-9212-8831C28C3F49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BEE9E36-DE50-4F12-9212-8831C28C3F49}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C254901-5ECD-4BE2-86F0-09134D2A81E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C254901-5ECD-4BE2-86F0-09134D2A81E3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FE6F5BB-6E97-4469-97DC-F0D405DFD3A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE6F5BB-6E97-4469-97DC-F0D405DFD3A4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FFEB495-3ACA-4BA1-AA12-F14B51CB5D8D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFEB495-3ACA-4BA1-AA12-F14B51CB5D8D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6054D14E-FBE6-44A8-B02F-06DAA162BAB5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6054D14E-FBE6-44A8-B02F-06DAA162BAB5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F00DD64-516B-40AC-A0C6-B818C23BE4F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F00DD64-516B-40AC-A0C6-B818C23BE4F6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7590E87C-DD0C-4B8E-BAEC-5AC17C2BD498}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7590E87C-DD0C-4B8E-BAEC-5AC17C2BD498}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{860542D5-4C0B-4E22-AFEB-8B0849FE4590}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{860542D5-4C0B-4E22-AFEB-8B0849FE4590}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88F83EA7-9A3D-462A-B91A-7FD133570925}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F83EA7-9A3D-462A-B91A-7FD133570925}" => removed successfully
C:\WINDOWS\System32\Tasks\{955D1A76-6D23-4C70-8676-11D007D7F95A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{955D1A76-6D23-4C70-8676-11D007D7F95A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F8FF91-BB71-4F10-B493-FD10DB2363C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F8FF91-BB71-4F10-B493-FD10DB2363C4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{972E505A-54B8-4274-A81A-D3D08EEFB53E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{972E505A-54B8-4274-A81A-D3D08EEFB53E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1AE6B69-AE72-4AD8-9573-A67836637F02}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1AE6B69-AE72-4AD8-9573-A67836637F02}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA352CE6-C454-416D-B7EF-DAD9C818007F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA352CE6-C454-416D-B7EF-DAD9C818007F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B00AA387-AC44-49E0-9F89-63455564D9F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B00AA387-AC44-49E0-9F89-63455564D9F5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C40CE398-B409-4093-B6E0-830769CA3C06}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C40CE398-B409-4093-B6E0-830769CA3C06}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAB0615A-78D3-48EA-B6FE-CC69D0176A26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAB0615A-78D3-48EA-B6FE-CC69D0176A26}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D647DABE-D5EC-4B14-B080-70247055F7BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D647DABE-D5EC-4B14-B080-70247055F7BC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D68584F5-C4B7-4644-9634-ED672D3044F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68584F5-C4B7-4644-9634-ED672D3044F9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8A59247-5479-481C-820F-BF07CFF94A43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A59247-5479-481C-820F-BF07CFF94A43}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1DC5E98-DE41-4A70-9325-D0E3DFC9E9BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1DC5E98-DE41-4A70-9325-D0E3DFC9E9BC}" => removed successfully
C:\WINDOWS\System32\Tasks\{2D5FE1B7-B892-4B3D-B214-98184F1CFF39} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D5FE1B7-B892-4B3D-B214-98184F1CFF39}" => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
C:\WINDOWS\files => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31687811 B
Java, Flash, Steam htmlcache => 848612936 B
Windows/system/drivers => 3070188 B
Edge => 18432 B
Chrome => 538899696 B
Firefox => 9537722 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
ProgramData => 33058 B
Public => 33058 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 50812 B
NetworkService => 50812 B
Michal => 140124497 B
Guest => 140161554 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:49:02 ====

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#8 Příspěvek od Conder »

Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy? Pokial sa znovu vyskytne hlaska antivirusu, poprosim aj presne umiestnenie detekovaneho suboru alebo screenshot celej hlasky.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#9 Příspěvek od tLamina »

Ahoj,

neřekl bych, že by bylo cokoliv jinak. Opravdu jsem na to přišel pouze tou hláškou. SS jsem si udělal, zapomněl jsem je přidat hned na začátk. Každopádně jestli je pryč, tak děkuji mnohokrát!
KMSS.rar
(46.29 KiB) Staženo 4 x

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#10 Příspěvek od Conder »

:arrow: Ano, tento subor uz bol zmazany spolu s dalsimi.

:arrow: Odporucal by som este upratat na ploche, kedze ma 2.7 GB, co uz je trochu vela - odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

:arrow: Ak uz nie su ine problemy, tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#11 Příspěvek od tLamina »

Plochu pouprátám :) Poslední dobou ji používám jako odkladiště, nicméně jsem nevěděl, že to může zpomalovat počítač. Díky za tip.

Dnes na mě ale opět vyskočilo hláška avastu, viz přílohu... uložil jsem do truhly a následně smazal.
2021-05-12 22_55_38-Window.png
2021-05-12 22_55_38-Window.png (92.67 KiB) Zobrazeno 161 x

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#12 Příspěvek od Conder »

Poprosim este raz o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#13 Příspěvek od tLamina »

Logy v příloze. Plocha promazána :)
21-05-13 FRST&Addition.rar
(42.09 KiB) Staženo 5 x

Conder
Moderátor
Moderátor
Příspěvky: 4308
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Win10 Firewall detekuje kmss.exe

#14 Příspěvek od Conder »

Pardon za zdrzanie.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start::
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\WINDOWS\OInstall.exe
    Folder: C:\WINDOWS\files
    
    Task: {B67D3098-3ED3-4ED8-8020-FFFB788F14C5} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe [11995824 2016-12-06] (WZTeam -> ) [File not signed]
    C:\WINDOWS\OInstall.exe
    2021-05-12 19:59 - 2021-05-12 23:21 - 000000000 ____D C:\WINDOWS\files
    2021-05-13 22:58 - 2020-08-16 18:59 - 000003100 _____ C:\WINDOWS\system32\Tasks\OInstall
    
    Hosts:
    EmptyTemp:
    End::
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

tLamina
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 09 dub 2007 20:31

Re: Win10 Firewall detekuje kmss.exe

#15 Příspěvek od tLamina »

Taky se omlouvám za zpoždění, nebyl jsem doma :)

Log zde:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Michal (19-05-2021 20:42:09) Run:1
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal & Guest
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\WINDOWS\OInstall.exe
Folder: C:\WINDOWS\files
Task: {B67D3098-3ED3-4ED8-8020-FFFB788F14C5} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe [11995824 2016-12-06] (WZTeam -> ) [File not signed]
C:\WINDOWS\OInstall.exe
2021-05-12 19:59 - 2021-05-12 23:21 - 000000000 ____D C:\WINDOWS\files
2021-05-13 22:58 - 2020-08-16 18:59 - 000003100 _____ C:\WINDOWS\system32\Tasks\OInstall
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 91
Average :
Sum : 9818152
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\WINDOWS\OInstall.exe ========================

C:\WINDOWS\OInstall.exe
File not signed
MD5: 6D6EAAB343F322867008D8B9CFEFB7BD
Creation and modification date: 2016-12-06 10:36 - 2016-12-06 10:36
Size: 011995824
Attributes: ----N
Company Name: WZTeam ->
Internal Name:
Original Name:
Product: Office 2013-2016 C2R Install
Description: Office 2013-2016 C2R Install
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/3aa ... 1620857523

====== End of File: ======


========================= Folder: C:\WINDOWS\files ========================

2021-05-12 19:59 - 2015-09-30 06:47 - 000000366 ____A [AC6BE84084E31DBB0E08D188B6C86EC8] () C:\WINDOWS\files\Configure.xml
2021-05-12 19:59 - 2015-06-23 11:13 - 000000059 ____A [364F86F97324EA82FE0D142CD01CF6DD] () C:\WINDOWS\files\Uninstall.xml
2021-05-12 19:59 - 2015-09-30 07:36 - 000000000 ___AD [00000000000000000000000000000000] () C:\WINDOWS\files\x64
2021-05-12 19:59 - 2014-04-28 12:16 - 000019968 ____A [162AB955CB2F002A73C1530AA796477F] () C:\WINDOWS\files\x64\cleanospp.exe
2021-05-12 19:59 - 2014-04-28 12:16 - 000829264 ____A [DF3CA8D16BDED6A54977B30E66864D33] (Microsoft Corporation) C:\WINDOWS\files\x64\msvcr100.dll
2021-05-12 19:59 - 2015-09-30 07:36 - 000000000 ___AD [00000000000000000000000000000000] () C:\WINDOWS\files\x86
2021-05-12 19:59 - 2014-04-28 12:16 - 000017408 ____A [5FD363D52D04AC200CD24F3BCC903200] () C:\WINDOWS\files\x86\cleanospp.exe
2021-05-12 19:59 - 2014-04-28 12:16 - 000773968 ____A [BF38660A9125935658CFA3E53FDC7D65] (Microsoft Corporation) C:\WINDOWS\files\x86\msvcr100.dll

====== End of Folder: ======

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B67D3098-3ED3-4ED8-8020-FFFB788F14C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B67D3098-3ED3-4ED8-8020-FFFB788F14C5}" => removed successfully
C:\WINDOWS\System32\Tasks\OInstall => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OInstall" => removed successfully
C:\WINDOWS\OInstall.exe => moved successfully
C:\WINDOWS\files => moved successfully
"C:\WINDOWS\system32\Tasks\OInstall" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9616435 B
Java, Flash, Steam htmlcache => 15739400 B
Windows/system/drivers => 9358802 B
Edge => 0 B
Chrome => 9543633 B
Firefox => 1378503 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4440 B
NetworkService => 4440 B
Michal => 13597304 B
Guest => 13597304 B

RecycleBin => 0 B
EmptyTemp: => 79.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:42:42 ====

Odpovědět