Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Prosím o kontrolu logu
Potýkám se s malým, ale docela podstatným problémem. Kdykoli chci otevřít CMD, vždy se objeví na zlomek vteřiny, poté se přepne na druhé, menší okno a to následně taky zmizí. Různé opravy a repairServices přes DISM jsem zkoušel. Tady jinak log na drive.google, poněvadž má přes půl milionů znaků.
https://drive.google.com/file/d/1rWI5BM ... sp=sharing
https://drive.google.com/file/d/1rWI5BM ... sp=sharing
Re: Prosím o kontrolu logu
Ahoj
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
- Nechaj zaskrtnute vsetky nalezy
- Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build: 07-04-2018
# Database: 2018-07-04.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-15-2018
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\Jakub Kasanda\Desktop\Facebook.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver
***** [ Chromium (and derivatives) ] *****
Deleted ojhagnahfpegocdhlopgljpaafeogmcc
***** [ Chromium URLs ] *****
Deleted Slunečnice
Deleted Ask.com
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1434 octets] - [15/07/2018 14:00:15]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build: 07-04-2018
# Database: 2018-07-04.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-15-2018
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\Jakub Kasanda\Desktop\Facebook.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver
***** [ Chromium (and derivatives) ] *****
Deleted ojhagnahfpegocdhlopgljpaafeogmcc
***** [ Chromium URLs ] *****
Deleted Slunečnice
Deleted Ask.com
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1434 octets] - [15/07/2018 14:00:15]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Prosím o kontrolu logu
Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707
V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.
Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.
Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
Přidávám tedy RAR: Skoro milion znaků.
- Přílohy
-
- FRST.rar
- (97.64 KiB) Staženo 92 x
Re: Prosím o kontrolu logu
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe File: D:\Data a programy\arcai.com\aips.exe File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe File: C:\Program Files (x86)\Browny02\BrYNSvc.exe File: C:\WINDOWS\OInstall.exe HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {424bce19-8379-11e8-aee2-6045cb266758} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {e1cda806-8610-11e8-898c-6045cb266758} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [280064 2018-07-07] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35448 2016-09-19] (MSFree Inc.) 2018-07-14 10:42 - 2018-07-14 10:50 - 000000000 ____D C:\rsit 2018-07-14 10:42 - 2018-07-14 10:42 - 000000000 ____D C:\Program Files\trend micro 2018-07-11 22:23 - 2018-07-11 22:23 - 000003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet CustomCLSID: HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {0CCBE0FD-85EC-4DE5-A14D-C967C110D51E} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe Task: {124E1103-5B31-49D9-9E6B-77B6070C1F57} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {225E881D-3580-4982-9B7E-EFF2C49A3133} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION Task: {3642DEE8-E03F-43B1-9C92-7A16EF56215F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION Task: {410F1C83-C2B8-45D8-859F-4CED8ACA4CD6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-09-19] (MSFree Inc.) Task: {A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION Task: {C6BF7FF5-43E5-4796-B825-1EE864A2321B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION Task: {D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION Task: {D3441051-000F-4C3D-81AB-9575212B40E4} - System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => D:\Data a programy\Driver Booster\5.2.0\DriverBooster.exe Task: {F0854EE7-19C9-4235-9626-477E0104401F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC [464] C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer C:\ProgramData\KMSAutoS C:\WINDOWS\OInstall.exe Hosts: EmptyTemp: End
- Klikni na Subor a potom na Ulozit
- Vpravo dole vyber kodovanie Unicode
- Subor uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
Bájo. Dle logu vidím mj. fix i pro CMD, která už nyní funguje jak má. Mohu se zeptat, co bylo konkrétněji špatně (do budoucna)?
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Jakub Kasanda (15-07-2018 22:02:00) Run:1
Running from C:\Users\Jakub Kasanda\Desktop
Loaded Profiles: Jakub Kasanda (Available Profiles: defaultuser0 & Jakub Kasanda & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File: D:\Data a programy\arcai.com\aips.exe
File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File: C:\Program Files (x86)\Browny02\BrYNSvc.exe
File: C:\WINDOWS\OInstall.exe
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {424bce19-8379-11e8-aee2-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {e1cda806-8610-11e8-898c-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [280064 2018-07-07] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35448 2016-09-19] (MSFree Inc.)
2018-07-14 10:42 - 2018-07-14 10:50 - 000000000 ____D C:\rsit
2018-07-14 10:42 - 2018-07-14 10:42 - 000000000 ____D C:\Program Files\trend micro
2018-07-11 22:23 - 2018-07-11 22:23 - 000003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
CustomCLSID: HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0CCBE0FD-85EC-4DE5-A14D-C967C110D51E} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe
Task: {124E1103-5B31-49D9-9E6B-77B6070C1F57} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {225E881D-3580-4982-9B7E-EFF2C49A3133} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {3642DEE8-E03F-43B1-9C92-7A16EF56215F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {410F1C83-C2B8-45D8-859F-4CED8ACA4CD6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-09-19] (MSFree Inc.)
Task: {A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {C6BF7FF5-43E5-4796-B825-1EE864A2321B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {D3441051-000F-4C3D-81AB-9575212B40E4} - System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => D:\Data a programy\Driver Booster\5.2.0\DriverBooster.exe
Task: {F0854EE7-19C9-4235-9626-477E0104401F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC [464]
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
C:\ProgramData\KMSAutoS
C:\WINDOWS\OInstall.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)
========================= Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer ========================
2018-04-15 22:20 - 2018-05-16 21:11 - 000000679 ____A [7598FE642358695E351FE03AD14C228E] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\fly.dbl
2018-04-15 22:20 - 2018-04-15 22:20 - 284774400 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic
2018-04-17 09:40 - 2018-05-16 21:11 - 000000509 ____A [C0E3BA78EFDF96B021132DA1FBF1517D] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\config.json
2018-04-15 22:20 - 2018-04-15 22:21 - 284926976 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\SoundA.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North
2018-04-17 09:40 - 2018-05-16 21:53 - 000000801 ____A [4516A8F31C23EA33BFDC39714F5D81F9] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\config.json
2018-04-15 22:20 - 2018-04-15 22:20 - 290417664 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe
====== End of Folder: ======
========================= File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe ========================
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2018-04-15 22:20 - 2018-04-15 22:20
Size: 284774400
Attributes: ----A
Company Name: SoundMixer
Internal Name:
Original Name: SoundMixer.exe
Product: SoundMixer
Description: Sound Mixing Utility
File Version: 2.6
Product Version: 2.6
Copyright: Copyright (C) 2017
VirusTotal: 0-byte
====== End of File: ======
========================= File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe ========================
C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File not signed
MD5: EACDC1CB7A30DEACDCE02FC0A2BE0F29
Creation and modification date: 2017-12-24 21:06 - 2016-08-19 18:37
Size: 000961536
Attributes: ----A
Company Name: 香港飞翔科技集团有限公司
Internal Name: MotoSpeed_GamingMouse_V30.exe
Original Name: MotoSpeed_GamingMouse_V30.exe
Product: V30美洲豹鼠标驱动
Description: Motospeed Gaming Mousev30
File Version: 0.0.1.0
Product Version: 0.0.1.0
Copyright: MTG INC
VirusTotal: https://www.virustotal.com/file/99526de ... 524985255/
====== End of File: ======
========================= File: D:\Data a programy\arcai.com\aips.exe ========================
D:\Data a programy\arcai.com\aips.exe
File not signed
MD5: D1C1FFA5C318B9FD451030BF945CC0E5
Creation and modification date: 2018-05-18 13:24 - 2018-05-11 09:51
Size: 002677760
Attributes: ----A
Company Name: Arcai.com
Internal Name: AIPS
Original Name: AIPS.exe
Product: AIPS Application
Description: Arp Intelligent Protection Service
File Version: 214
Product Version: 214
Copyright: Arcai.com Copyright (C) 2011
VirusTotal: https://www.virustotal.com/file/0eb4dc0 ... 531008943/
====== End of File: ======
========================= File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe ========================
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File not signed
MD5: 01B56BCA24EDAF80FF7EBCA5CC2EFF3E
Creation and modification date: 2018-05-07 19:13 - 2017-09-15 18:10
Size: 000099840
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/69732e6 ... 521134613/
====== End of File: ======
========================= File: C:\Program Files (x86)\Browny02\BrYNSvc.exe ========================
C:\Program Files (x86)\Browny02\BrYNSvc.exe
File not signed
MD5: 5FAE1765FCD6CEE58E2D0F4CDC91A685
Creation and modification date: 2018-05-07 19:29 - 2018-01-18 15:39
Size: 000314368
Attributes: ----A
Company Name: Brother Industries, Ltd.
Internal Name: BrYNSvc.exe
Original Name: BrYNSvc.exe
Product: BrYNCSvc
Description: BrYNCSvc
File Version: 1.11.1.0
Product Version: 1.11.1.0
Copyright: Copyright (C) 2009-2017 Brother Industries, Ltd.
VirusTotal: https://www.virustotal.com/file/3b536d6 ... 531268135/
====== End of File: ======
========================= File: C:\WINDOWS\OInstall.exe ========================
"C:\WINDOWS\OInstall.exe" => not found
====== End of File: ======
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bce19-8379-11e8-aee2-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{424bce19-8379-11e8-aee2-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1cda806-8610-11e8-898c-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{e1cda806-8610-11e8-898c-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => value restored successfully
"HKLM\System\CurrentControlSet\Services\KMSEmulator" => removed successfully
KMSEmulator => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
C:\WINDOWS\System32\Tasks\OInstall => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OInstall" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"C:\WINDOWS\System32\Tasks\KMSAutoNet" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Jakub Kasanda)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle" => not found
C:\ProgramData\Temp => ":EC2E1DEC" ADS removed successfully
"C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" folder move:
Could not move "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" => Scheduled to move on reboot.
C:\ProgramData\KMSAutoS => moved successfully
"C:\WINDOWS\OInstall.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68782068 B
Java, Flash, Steam htmlcache => 30373834 B
Windows/system/drivers => 79414733 B
Edge => 2383400 B
Chrome => 24593568 B
Firefox => 20571041 B
Opera => 504650115 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1444 B
LocalService => 1656162 B
LocalService => 0 B
NetworkService => 8796 B
NetworkService => 0 B
defaultuser0 => 6656 B
Jakub Kasanda => 412522108 B
DefaultAppPool => 6656 B
RecycleBin => 28792205511 B
EmptyTemp: => 27.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-07-2018 22:04:43)
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer => Is moved successfully
==== End of Fixlog 22:04:44 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Jakub Kasanda (15-07-2018 22:02:00) Run:1
Running from C:\Users\Jakub Kasanda\Desktop
Loaded Profiles: Jakub Kasanda (Available Profiles: defaultuser0 & Jakub Kasanda & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File: D:\Data a programy\arcai.com\aips.exe
File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File: C:\Program Files (x86)\Browny02\BrYNSvc.exe
File: C:\WINDOWS\OInstall.exe
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {424bce19-8379-11e8-aee2-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {e1cda806-8610-11e8-898c-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [280064 2018-07-07] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35448 2016-09-19] (MSFree Inc.)
2018-07-14 10:42 - 2018-07-14 10:50 - 000000000 ____D C:\rsit
2018-07-14 10:42 - 2018-07-14 10:42 - 000000000 ____D C:\Program Files\trend micro
2018-07-11 22:23 - 2018-07-11 22:23 - 000003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
CustomCLSID: HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0CCBE0FD-85EC-4DE5-A14D-C967C110D51E} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe
Task: {124E1103-5B31-49D9-9E6B-77B6070C1F57} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {225E881D-3580-4982-9B7E-EFF2C49A3133} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {3642DEE8-E03F-43B1-9C92-7A16EF56215F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {410F1C83-C2B8-45D8-859F-4CED8ACA4CD6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-09-19] (MSFree Inc.)
Task: {A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {C6BF7FF5-43E5-4796-B825-1EE864A2321B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {D3441051-000F-4C3D-81AB-9575212B40E4} - System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => D:\Data a programy\Driver Booster\5.2.0\DriverBooster.exe
Task: {F0854EE7-19C9-4235-9626-477E0104401F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC [464]
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
C:\ProgramData\KMSAutoS
C:\WINDOWS\OInstall.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)
========================= Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer ========================
2018-04-15 22:20 - 2018-05-16 21:11 - 000000679 ____A [7598FE642358695E351FE03AD14C228E] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\fly.dbl
2018-04-15 22:20 - 2018-04-15 22:20 - 284774400 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic
2018-04-17 09:40 - 2018-05-16 21:11 - 000000509 ____A [C0E3BA78EFDF96B021132DA1FBF1517D] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\config.json
2018-04-15 22:20 - 2018-04-15 22:21 - 284926976 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\SoundA.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North
2018-04-17 09:40 - 2018-05-16 21:53 - 000000801 ____A [4516A8F31C23EA33BFDC39714F5D81F9] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\config.json
2018-04-15 22:20 - 2018-04-15 22:20 - 290417664 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe
====== End of Folder: ======
========================= File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe ========================
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2018-04-15 22:20 - 2018-04-15 22:20
Size: 284774400
Attributes: ----A
Company Name: SoundMixer
Internal Name:
Original Name: SoundMixer.exe
Product: SoundMixer
Description: Sound Mixing Utility
File Version: 2.6
Product Version: 2.6
Copyright: Copyright (C) 2017
VirusTotal: 0-byte
====== End of File: ======
========================= File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe ========================
C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File not signed
MD5: EACDC1CB7A30DEACDCE02FC0A2BE0F29
Creation and modification date: 2017-12-24 21:06 - 2016-08-19 18:37
Size: 000961536
Attributes: ----A
Company Name: 香港飞翔科技集团有限公司
Internal Name: MotoSpeed_GamingMouse_V30.exe
Original Name: MotoSpeed_GamingMouse_V30.exe
Product: V30美洲豹鼠标驱动
Description: Motospeed Gaming Mousev30
File Version: 0.0.1.0
Product Version: 0.0.1.0
Copyright: MTG INC
VirusTotal: https://www.virustotal.com/file/99526de ... 524985255/
====== End of File: ======
========================= File: D:\Data a programy\arcai.com\aips.exe ========================
D:\Data a programy\arcai.com\aips.exe
File not signed
MD5: D1C1FFA5C318B9FD451030BF945CC0E5
Creation and modification date: 2018-05-18 13:24 - 2018-05-11 09:51
Size: 002677760
Attributes: ----A
Company Name: Arcai.com
Internal Name: AIPS
Original Name: AIPS.exe
Product: AIPS Application
Description: Arp Intelligent Protection Service
File Version: 214
Product Version: 214
Copyright: Arcai.com Copyright (C) 2011
VirusTotal: https://www.virustotal.com/file/0eb4dc0 ... 531008943/
====== End of File: ======
========================= File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe ========================
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File not signed
MD5: 01B56BCA24EDAF80FF7EBCA5CC2EFF3E
Creation and modification date: 2018-05-07 19:13 - 2017-09-15 18:10
Size: 000099840
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/69732e6 ... 521134613/
====== End of File: ======
========================= File: C:\Program Files (x86)\Browny02\BrYNSvc.exe ========================
C:\Program Files (x86)\Browny02\BrYNSvc.exe
File not signed
MD5: 5FAE1765FCD6CEE58E2D0F4CDC91A685
Creation and modification date: 2018-05-07 19:29 - 2018-01-18 15:39
Size: 000314368
Attributes: ----A
Company Name: Brother Industries, Ltd.
Internal Name: BrYNSvc.exe
Original Name: BrYNSvc.exe
Product: BrYNCSvc
Description: BrYNCSvc
File Version: 1.11.1.0
Product Version: 1.11.1.0
Copyright: Copyright (C) 2009-2017 Brother Industries, Ltd.
VirusTotal: https://www.virustotal.com/file/3b536d6 ... 531268135/
====== End of File: ======
========================= File: C:\WINDOWS\OInstall.exe ========================
"C:\WINDOWS\OInstall.exe" => not found
====== End of File: ======
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bce19-8379-11e8-aee2-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{424bce19-8379-11e8-aee2-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1cda806-8610-11e8-898c-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{e1cda806-8610-11e8-898c-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => value restored successfully
"HKLM\System\CurrentControlSet\Services\KMSEmulator" => removed successfully
KMSEmulator => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
C:\WINDOWS\System32\Tasks\OInstall => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OInstall" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"C:\WINDOWS\System32\Tasks\KMSAutoNet" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Jakub Kasanda)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle" => not found
C:\ProgramData\Temp => ":EC2E1DEC" ADS removed successfully
"C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" folder move:
Could not move "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" => Scheduled to move on reboot.
C:\ProgramData\KMSAutoS => moved successfully
"C:\WINDOWS\OInstall.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68782068 B
Java, Flash, Steam htmlcache => 30373834 B
Windows/system/drivers => 79414733 B
Edge => 2383400 B
Chrome => 24593568 B
Firefox => 20571041 B
Opera => 504650115 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1444 B
LocalService => 1656162 B
LocalService => 0 B
NetworkService => 8796 B
NetworkService => 0 B
defaultuser0 => 6656 B
Jakub Kasanda => 412522108 B
DefaultAppPool => 6656 B
RecycleBin => 28792205511 B
EmptyTemp: => 27.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-07-2018 22:04:43)
C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer => Is moved successfully
==== End of Fixlog 22:04:44 ====
Re: Prosím o kontrolu logu
Vyzera to na bitcoin miner. CMD uz funguje?
Poprosim este o nove logy z FRST.
Poprosim este o nove logy z FRST.
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
Bitcoin miner nepotěší. Snad se jej pohodlně zbavíme. Popřípadě jak ses proti němu chránit? Antivirus nepoužívám, páč spoléhám na vestavěný v "desítkách", ale nejspíš bude potřeba i 3rd-party-AV, nebo ne? Ano, CMD už funguje bez problémů, zdá se.
- Přílohy
-
- FRST.rar
- (96.64 KiB) Staženo 83 x
Re: Prosím o kontrolu logu
Uz sme sa ho zbavili
Spusti este tento fixlist (postup taky isty, tentokrat ale bez restartu):
Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, ten nahraj napr. na leteckaposta.cz a posli odkaz na stiahnutie.
Co sa tyka toho antivirusu, ja osobne tiez spolieham na WinDefender, ale vzdy kontrolujem, co stahujem/spustam/instalujem (a na podozrive veci virtualny PC alebo virustotal.com). Konkretny AV neviem odporucit, ale tu je odporucanie kolegu: https://forum.viry.cz/viewtopic.php?f=29&t=152926
Spusti este tento fixlist (postup taky isty, tentokrat ale bez restartu):
Kód: Vybrat vše
Start
Zip: C:\FRST\Quarantine\C\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
End
Co sa tyka toho antivirusu, ja osobne tiez spolieham na WinDefender, ale vzdy kontrolujem, co stahujem/spustam/instalujem (a na podozrive veci virtualny PC alebo virustotal.com). Konkretny AV neviem odporucit, ale tu je odporucanie kolegu: https://forum.viry.cz/viewtopic.php?f=29&t=152926
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
To super. Na počítači to je znát. Při startu se vždy značně sekal v prvních několika minutách po spuštění. To samé při hraní, což jsem ještě neověřil, ale mohlo by být taky vyřešeno. Přisuzoval jsem to "Insider Preview".
Soubor tady, s leteckou poštou jsem se nějak nedohodl, tak sdilej.cz
https://sdilej.cz/10069122/16.07.2018-07.47.47.zip
Dobrá, kdyžtak tak kouknu, díky moc.
Soubor tady, s leteckou poštou jsem se nějak nedohodl, tak sdilej.cz
https://sdilej.cz/10069122/16.07.2018-07.47.47.zip
Dobrá, kdyžtak tak kouknu, díky moc.
Re: Prosím o kontrolu logu
Tak este upraceme po pouzitych nastrojoch:
- Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
- Uloz na plochu a spusti
- Nechaj oznacenu moznost "Remove disinfection tools"
- Klikni na "Run"
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
Hotovo. Nyní tedy hotovo a stroj zbaven veškeré "zkázy"?
Re: Prosím o kontrolu logu
Ano, podla poslednych logov to uz vyzera ciste.
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 191
- Registrován: 28 úno 2012 15:32
Re: Prosím o kontrolu logu
Dobrá, tak v tom případě moc děkuji za vyčištění a vlastně i odvirování!