Asi vir

Zpráva

pepinojablo · #1 Příspěvek od **pepinojablo** » 08 lis 2020 17:57

[Dobrý den, dneska začal problém co cca 5 seund vyskočí okno z ovcí co mečí. Log je v příloze, byl moc velký. Děkuji

#2 Příspěvek od **Conder** » 08 lis 2020 18:14

Ahoj

V prilohe je iba log Addition.txt, potrebujem aj hlavny log s nazvom FRST.txt

pepinojablo · #3 Příspěvek od **pepinojablo** » 08 lis 2020 20:34

Takže můžete zamknout, viděl sem ve správci úloh, že se to spoušťí pod javou, tak jsem ji odinstaloval a je klid

#4 Příspěvek od **Conder** » 08 lis 2020 20:47

Odporucam pokracovat v precisteni, pretoze z doplneneho logu je vidno, ze v PC naozaj je neziaduci SW, a to sa nevyriesi len odinstalovanim Javy.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Spustit skenovani a pockaj na dokoncenie
V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

pepinojablo · #5 Příspěvek od **pepinojablo** » 09 lis 2020 15:31

Děkukuji za reakci, samozřejmě sem udělal sken pc adw i on line esetem než sem tady napsal, klidně přidám log, je čistý, jen dodám s takovou kravinou sem se ještě nikdy nesetkal.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-09-2020
# Duration: 00:00:27
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [1447 octets] - [09/10/2020 19:37:00]
AdwCleaner[C00].txt - [1617 octets] - [09/10/2020 19:37:27]
AdwCleaner[S01].txt - [6064 octets] - [22/10/2020 15:40:44]
AdwCleaner[C01].txt - [5454 octets] - [22/10/2020 15:42:43]
AdwCleaner[S02].txt - [1824 octets] - [28/10/2020 11:44:01]
AdwCleaner[C02].txt - [1956 octets] - [28/10/2020 11:44:37]
AdwCleaner[S03].txt - [4606 octets] - [03/11/2020 15:11:19]
AdwCleaner[C03].txt - [4212 octets] - [03/11/2020 15:14:01]
AdwCleaner[S04].txt - [1893 octets] - [08/11/2020 15:38:25]
AdwCleaner[S05].txt - [1954 octets] - [08/11/2020 18:09:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########

#6 Příspěvek od **Conder** » 09 lis 2020 22:36

Poprosim o obidva nove logy z FRST.

pepinojablo · #7 Příspěvek od **pepinojablo** » 10 lis 2020 15:55

Zde jsou

#8 Příspěvek od **Conder** » 11 lis 2020 15:50

Toto su zrejme znovu tie predchadzajuce FRST logy, kedze datum a cas ich vytvorenia je 08-11-2020 17:28:24. Na vytvorenie novych FRST logov je potrebne znovu spustit FRST a kliknut na Scan.

pepinojablo · #9 Příspěvek od **pepinojablo** » 11 lis 2020 17:51

Omlouvám se zde jsou nové.

#10 Příspěvek od **Conder** » 11 lis 2020 23:39

V pohode

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\ProgramData\Avast\VARS
File: C:\ProgramData\Avast\VARS\ServiceManager.exe
File: C:\ProgramData\Avast\VARS\WindowsRuntime.exe
File: C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe
File: C:\Users\pepin\Downloads\driver_booster_setup_ri.exe
File: C:\Users\pepin\Downloads\winDRV103.exe
File: C:\games\counter-strike global offensive\csgo.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe [2020-11-08] () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2020-11-11 17:22 - 2020-11-11 17:22 - 000000000 ____D C:\Users\pepin\Downloads\FRST-OlderVersion
2020-10-31 16:34 - 2020-10-31 16:34 - 000000000 ____D C:\Users\pepin\AppData\LocalLow\IObit
2020-10-31 16:33 - 2020-11-03 19:41 - 000000000 ____D C:\Users\pepin\AppData\Roaming\IObit
2020-10-31 16:33 - 2020-10-31 16:34 - 000000000 ____D C:\ProgramData\IObit
2020-10-31 16:32 - 2020-10-31 16:33 - 024243544 _____ (IObit ) C:\Users\pepin\Downloads\driver_booster_setup_ri.exe
2020-10-22 19:51 - 2020-10-22 19:52 - 019578824 _____ (IObit ) C:\Users\pepin\Downloads\winDRV103.exe
CustomCLSID: HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\pepin\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\MicrosoftListSync.exe => No File
CustomCLSID: HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\pepin\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\MicrosoftListSync.exe => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
FirewallRules: [UDP Query User{3719A2E7-2EF4-404C-A15B-EE0096AAAAB2}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe] => (Allow) C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe => No File
FirewallRules: [TCP Query User{A66F1E10-79A1-4794-9906-45829E418282}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe] => (Allow) C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe => No File
FirewallRules: [UDP Query User{8A8E4B94-69E6-49E5-A16A-66ED3F21926D}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [TCP Query User{2E3CB7E5-1E16-46CA-98F3-4078F4032B13}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [UDP Query User{A2729722-2BCF-430C-8027-11B4BFA59E45}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe => No File
FirewallRules: [TCP Query User{9E5FAC43-8701-471D-9178-651BBBC76D11}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe => No File
FirewallRules: [UDP Query User{3E15A141-575D-4CBB-A869-2DDD795A26D3}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [TCP Query User{C41211A9-81B4-47F6-BFBE-4A8E073200CC}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [UDP Query User{92FEFC80-C835-43E6-BD0F-A767FA17971B}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{FDE72AB2-6043-41CF-8FCD-13791B0ED3DA}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{AA475711-C3DA-4FC0-964E-939B291394C1}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{40FFE1BF-342B-426C-8AC7-F67FE519CBD3}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
C:\ProgramData\Avast\VARS

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

pepinojablo · #11 Příspěvek od **pepinojablo** » 12 lis 2020 02:30

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by pepin (12-11-2020 02:17:05) Run:2
Running from C:\Users\pepin\OneDrive\Plocha
Loaded Profiles: pepin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\ProgramData\Avast\VARS
File: C:\ProgramData\Avast\VARS\ServiceManager.exe
File: C:\ProgramData\Avast\VARS\WindowsRuntime.exe
File: C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe
File: C:\Users\pepin\Downloads\driver_booster_setup_ri.exe
File: C:\Users\pepin\Downloads\winDRV103.exe
File: C:\games\counter-strike global offensive\csgo.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe [2020-11-08] () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2020-11-11 17:22 - 2020-11-11 17:22 - 000000000 ____D C:\Users\pepin\Downloads\FRST-OlderVersion
2020-10-31 16:34 - 2020-10-31 16:34 - 000000000 ____D C:\Users\pepin\AppData\LocalLow\IObit
2020-10-31 16:33 - 2020-11-03 19:41 - 000000000 ____D C:\Users\pepin\AppData\Roaming\IObit
2020-10-31 16:33 - 2020-10-31 16:34 - 000000000 ____D C:\ProgramData\IObit
2020-10-31 16:32 - 2020-10-31 16:33 - 024243544 _____ (IObit ) C:\Users\pepin\Downloads\driver_booster_setup_ri.exe
2020-10-22 19:51 - 2020-10-22 19:52 - 019578824 _____ (IObit ) C:\Users\pepin\Downloads\winDRV103.exe
CustomCLSID: HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\pepin\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\MicrosoftListSync.exe => No File
CustomCLSID: HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\pepin\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\MicrosoftListSync.exe => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [UDP Query User{3719A2E7-2EF4-404C-A15B-EE0096AAAAB2}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe] => (Allow) C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe => No File
FirewallRules: [TCP Query User{A66F1E10-79A1-4794-9906-45829E418282}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe] => (Allow) C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe => No File
FirewallRules: [UDP Query User{8A8E4B94-69E6-49E5-A16A-66ED3F21926D}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [TCP Query User{2E3CB7E5-1E16-46CA-98F3-4078F4032B13}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe => No File
FirewallRules: [UDP Query User{A2729722-2BCF-430C-8027-11B4BFA59E45}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe => No File
FirewallRules: [TCP Query User{9E5FAC43-8701-471D-9178-651BBBC76D11}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe => No File
FirewallRules: [UDP Query User{3E15A141-575D-4CBB-A869-2DDD795A26D3}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [TCP Query User{C41211A9-81B4-47F6-BFBE-4A8E073200CC}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [UDP Query User{92FEFC80-C835-43E6-BD0F-A767FA17971B}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{FDE72AB2-6043-41CF-8FCD-13791B0ED3DA}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{AA475711-C3DA-4FC0-964E-939B291394C1}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{40FFE1BF-342B-426C-8AC7-F67FE519CBD3}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
C:\ProgramData\Avast\VARS

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Local\Data aplikací byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\...l\Data aplikací:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Local\History byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\AppData\Local\History:String) [Get-ChildItem], Unautho
rizedAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\...che\Content.IE5:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Local\Microsoft\Windows\Temporary Internet Files byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\... Internet Files:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Local\Temporary Internet Files byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\... Internet Files:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programy byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\...t Menu\Programy:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Data aplikací byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Data aplikací:String) [Get-ChildItem], UnauthorizedAcc
essException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Documents\Filmy byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Documents\Filmy:String) [Get-ChildItem], UnauthorizedA
ccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Documents\Hudba byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Documents\Hudba:String) [Get-ChildItem], UnauthorizedA
ccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Documents\Obrázky byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Documents\Obrázky:String) [Get-ChildItem], Unauthorize
dAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Dokumenty byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Dokumenty:String) [Get-ChildItem], UnauthorizedAccessE
xception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Local Settings byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Local Settings:String) [Get-ChildItem], UnauthorizedAc
cessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Nabídka Start byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Nabídka Start:String) [Get-ChildItem], UnauthorizedAcc
essException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Okolní síť byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Okolní síť:String) [Get-ChildItem], UnauthorizedAccess
Exception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Okolní tiskárny byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Okolní tiskárny:String) [Get-ChildItem], UnauthorizedA
ccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Poslední byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Poslední:String) [Get-ChildItem], UnauthorizedAccessEx
ception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\SendTo byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\SendTo:String) [Get-ChildItem], UnauthorizedAccessExce
ption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Soubory cookie byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Soubory cookie:String) [Get-ChildItem], UnauthorizedAc
cessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Přístup k cestě C:\Users\pepin\Šablony byl odepřen.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\pepin\Šablony:String) [Get-ChildItem], UnauthorizedAccessExc
eption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Measure-Object : The property "Length" cannot be found in the input for any objects.
At C:\FRST\tmp.ps1:1 char:66
+ ... OFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Measure-Object], PSArgumentException
+ FullyQualifiedErrorId : GenericMeasurePropertyNotFound,Microsoft.PowerShell.Commands.MeasureObjectCommand

========= End of Powershell: =========

========================= Folder: C:\ProgramData\Avast\VARS ========================

not found.

====== End of Folder: ======

========================= File: C:\ProgramData\Avast\VARS\ServiceManager.exe ========================

"C:\ProgramData\Avast\VARS\ServiceManager.exe" => not found
====== End of File: ======

========================= File: C:\ProgramData\Avast\VARS\WindowsRuntime.exe ========================

"C:\ProgramData\Avast\VARS\WindowsRuntime.exe" => not found
====== End of File: ======

========================= File: C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe ========================

"C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe" => not found
====== End of File: ======

========================= File: C:\Users\pepin\Downloads\driver_booster_setup_ri.exe ========================

"C:\Users\pepin\Downloads\driver_booster_setup_ri.exe" => not found
====== End of File: ======

========================= File: C:\Users\pepin\Downloads\winDRV103.exe ========================

"C:\Users\pepin\Downloads\winDRV103.exe" => not found
====== End of File: ======

========================= File: C:\games\counter-strike global offensive\csgo.exe ========================

C:\games\counter-strike global offensive\csgo.exe
File not signed
MD5: 5704508E71BDFE06911CF17FFD2CD3E5
Creation and modification date: 2020-11-06 16:02 - 2015-02-24 11:13
Size: 000103424
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/dda ... 1544088100

====== End of File: ======

========================= File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========================

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
File not signed
MD5: E5C796B621F6FBA8616511063D7F0FFE
Creation and modification date: 2009-12-23 22:34 - 2009-12-23 22:34
Size: 000370688
Attributes: ----A
Company Name: StarWind Software
Internal Name: StarWind
Original Name: StarWind
Product: StarWind Alcohol Edition
Description: StarWind iSCSI Target (Alcohol Edition)
File Version: 12.1 Build 20091211
Product Version: 12.1 Build 20091211
Copyright: Copyright (c) StarWind Software 2003-2009. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/447 ... 1602712134

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => not found
"C:\Users\pepin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemX46Startup.exe" => not found
HKLM\SOFTWARE\Policies\Mozilla => not found
"C:\Users\pepin\Downloads\FRST-OlderVersion" => not found
"C:\Users\pepin\AppData\LocalLow\IObit" => not found
"C:\Users\pepin\AppData\Roaming\IObit" => not found
"C:\ProgramData\IObit" => not found
"C:\Users\pepin\Downloads\driver_booster_setup_ri.exe" => not found
"C:\Users\pepin\Downloads\winDRV103.exe" => not found
HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1} => not found
HKU\S-1-5-21-139061250-2846365895-4098680197-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3719A2E7-2EF4-404C-A15B-EE0096AAAAB2}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A66F1E10-79A1-4794-9906-45829E418282}C:\users\pepin\appdata\local\plarium\plariumplay\standaloneapps\raid\224\raid.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A8E4B94-69E6-49E5-A16A-66ED3F21926D}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2E3CB7E5-1E16-46CA-98F3-4078F4032B13}C:\users\pepin\appdata\local\programs\opera\70.0.3728.178\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A2729722-2BCF-430C-8027-11B4BFA59E45}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9E5FAC43-8701-471D-9178-651BBBC76D11}C:\users\pepin\appdata\local\programs\opera\68.0.3618.165\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3E15A141-575D-4CBB-A869-2DDD795A26D3}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C41211A9-81B4-47F6-BFBE-4A8E073200CC}C:\users\pepin\appdata\local\programs\opera\68.0.3618.125\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{92FEFC80-C835-43E6-BD0F-A767FA17971B}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FDE72AB2-6043-41CF-8FCD-13791B0ED3DA}C:\users\pepin\appdata\local\programs\opera\68.0.3618.63\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AA475711-C3DA-4FC0-964E-939B291394C1}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{40FFE1BF-342B-426C-8AC7-F67FE519CBD3}C:\users\pepin\appdata\local\programs\opera\71.0.3770.284\opera.exe" => not found
"C:\ProgramData\Avast\VARS" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10563216 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20396 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 25484816 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1866 B
pepin => 58481 B

RecycleBin => 0 B
EmptyTemp: => 44.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 02:22:06 ====

#12 Příspěvek od **Conder** » 12 lis 2020 18:45

Skontroluj adresar C:\FRST\Logs a pokial sa tam bude nachadzat viacero suborov, ktore maju v nazve slovo "Fixlog", poprosim o poslanie obsahu vsetkych takychto suborov.

pepinojablo · #13 Příspěvek od **pepinojablo** » 13 lis 2020 17:41

Tento log je jeďiný co tam mám.

#14 Příspěvek od **Conder** » 13 lis 2020 21:58

Zvlastne, ten fixlist bol zjavne spusteny dvakrat, ale prvy fixlog sa z nejakeho dovodu nevytvoril. Poprosim teda este raz o obidva nove logy z FRST.

Ako to momentalne vyzera s PC? Su este nejake problemy?

pepinojablo · #15 Příspěvek od **pepinojablo** » 14 lis 2020 06:31

Jo byl spuštěn 2x, protože ten první log záhadně zmizel. Pc se chová OK, dokonce po restartu mě neotravuje s tím, že mi tam chybí ta java. Děkuji

VIRY.CZ

Asi vir

Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir

Re: Asi vir