Prosím o kontrolu logu

[kouzelnik3]

Potýkám se s malým, ale docela podstatným problémem. Kdykoli chci otevřít CMD, vždy se objeví na zlomek vteřiny, poté se přepne na druhé, menší okno a to následně taky zmizí. Různé opravy a repairServices přes DISM jsem zkoušel. Tady jinak log na drive.google, poněvadž má přes půl milionů znaků.



https://drive.google.com/file/d/1rWI5BM ... sp=sharing

[Conder]

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[kouzelnik3]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.1
# -------------------------------
# Build: 07-04-2018
# Database: 2018-07-04.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-15-2018
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Users\Jakub Kasanda\Desktop\Facebook.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver

***** [ Chromium (and derivatives) ] *****

Deleted ojhagnahfpegocdhlopgljpaafeogmcc

***** [ Chromium URLs ] *****

Deleted Slunečnice
Deleted Ask.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1434 octets] - [15/07/2018 14:00:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Conder]

Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

[kouzelnik3]

Přidávám tedy RAR: Skoro milion znaků.

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
  Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
  File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
  File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
  File: D:\Data a programy\arcai.com\aips.exe
  File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
  File: C:\Program Files (x86)\Browny02\BrYNSvc.exe
  File: C:\WINDOWS\OInstall.exe
  
  HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {424bce19-8379-11e8-aee2-6045cb266758} - "F:\OnePlus_setup.exe" /s
  HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {e1cda806-8610-11e8-898c-6045cb266758} - "F:\OnePlus_setup.exe" /s
  HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [280064 2018-07-07] (Microsoft Corporation) <==== ATTENTION
  HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
  Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
  R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35448 2016-09-19] (MSFree Inc.)
  2018-07-14 10:42 - 2018-07-14 10:50 - 000000000 ____D C:\rsit
  2018-07-14 10:42 - 2018-07-14 10:42 - 000000000 ____D C:\Program Files\trend micro
  2018-07-11 22:23 - 2018-07-11 22:23 - 000003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
  
  CustomCLSID: HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
  ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
  ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
  ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
  ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
  ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
  ShellIconOverlayIdentifiers: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
  ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  Task: {0CCBE0FD-85EC-4DE5-A14D-C967C110D51E} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe
  Task: {124E1103-5B31-49D9-9E6B-77B6070C1F57} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
  Task: {225E881D-3580-4982-9B7E-EFF2C49A3133} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
  Task: {3642DEE8-E03F-43B1-9C92-7A16EF56215F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
  Task: {410F1C83-C2B8-45D8-859F-4CED8ACA4CD6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-09-19] (MSFree Inc.)
  Task: {A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
  Task: {C6BF7FF5-43E5-4796-B825-1EE864A2321B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
  Task: {D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
  Task: {D3441051-000F-4C3D-81AB-9575212B40E4} - System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => D:\Data a programy\Driver Booster\5.2.0\DriverBooster.exe
  Task: {F0854EE7-19C9-4235-9626-477E0104401F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
  AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC [464]
  
  C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
  C:\ProgramData\KMSAutoS
  C:\WINDOWS\OInstall.exe
  
  Hosts:
  EmptyTemp:
  End

• Klikni na Subor a potom na Ulozit
• Vpravo dole vyber kodovanie Unicode
• Subor uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[kouzelnik3]

Bájo. Dle logu vidím mj. fix i pro CMD, která už nyní funguje jak má. Mohu se zeptat, co bylo konkrétněji špatně (do budoucna)?


Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Jakub Kasanda (15-07-2018 22:02:00) Run:1
Running from C:\Users\Jakub Kasanda\Desktop
Loaded Profiles: Jakub Kasanda (Available Profiles: defaultuser0 & Jakub Kasanda & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File: D:\Data a programy\arcai.com\aips.exe
File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File: C:\Program Files (x86)\Browny02\BrYNSvc.exe
File: C:\WINDOWS\OInstall.exe

HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {424bce19-8379-11e8-aee2-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\MountPoints2: {e1cda806-8610-11e8-898c-6045cb266758} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [280064 2018-07-07] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35448 2016-09-19] (MSFree Inc.)
2018-07-14 10:42 - 2018-07-14 10:50 - 000000000 ____D C:\rsit
2018-07-14 10:42 - 2018-07-14 10:42 - 000000000 ____D C:\Program Files\trend micro
2018-07-11 22:23 - 2018-07-11 22:23 - 000003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet

CustomCLSID: HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0CCBE0FD-85EC-4DE5-A14D-C967C110D51E} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe
Task: {124E1103-5B31-49D9-9E6B-77B6070C1F57} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {225E881D-3580-4982-9B7E-EFF2C49A3133} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {3642DEE8-E03F-43B1-9C92-7A16EF56215F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {410F1C83-C2B8-45D8-859F-4CED8ACA4CD6} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-09-19] (MSFree Inc.)
Task: {A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {C6BF7FF5-43E5-4796-B825-1EE864A2321B} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {D3441051-000F-4C3D-81AB-9575212B40E4} - System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => D:\Data a programy\Driver Booster\5.2.0\DriverBooster.exe
Task: {F0854EE7-19C9-4235-9626-477E0104401F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC [464]

C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
C:\ProgramData\KMSAutoS
C:\WINDOWS\OInstall.exe

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)

========================= Folder: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer ========================

2018-04-15 22:20 - 2018-05-16 21:11 - 000000679 ____A [7598FE642358695E351FE03AD14C228E] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\fly.dbl
2018-04-15 22:20 - 2018-04-15 22:20 - 284774400 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic
2018-04-17 09:40 - 2018-05-16 21:11 - 000000509 ____A [C0E3BA78EFDF96B021132DA1FBF1517D] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\config.json
2018-04-15 22:20 - 2018-04-15 22:21 - 284926976 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\Arctic\SoundA.exe
2018-04-15 22:20 - 2018-04-17 09:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North
2018-04-17 09:40 - 2018-05-16 21:53 - 000000801 ____A [4516A8F31C23EA33BFDC39714F5D81F9] () C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\config.json
2018-04-15 22:20 - 2018-04-15 22:20 - 290417664 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe

====== End of Folder: ======


========================= File: C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe ========================

C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2018-04-15 22:20 - 2018-04-15 22:20
Size: 284774400
Attributes: ----A
Company Name: SoundMixer
Internal Name:
Original Name: SoundMixer.exe
Product: SoundMixer
Description: Sound Mixing Utility
File Version: 2.6
Product Version: 2.6
Copyright: Copyright (C) 2017
VirusTotal: 0-byte

====== End of File: ======


========================= File: C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe ========================

C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
File not signed
MD5: EACDC1CB7A30DEACDCE02FC0A2BE0F29
Creation and modification date: 2017-12-24 21:06 - 2016-08-19 18:37
Size: 000961536
Attributes: ----A
Company Name: 香港飞翔科技集团有限公司
Internal Name: MotoSpeed_GamingMouse_V30.exe
Original Name: MotoSpeed_GamingMouse_V30.exe
Product: V30美洲豹鼠标驱动
Description: Motospeed Gaming Mousev30
File Version: 0.0.1.0
Product Version: 0.0.1.0
Copyright: MTG INC
VirusTotal: https://www.virustotal.com/file/99526de ... 524985255/

====== End of File: ======


========================= File: D:\Data a programy\arcai.com\aips.exe ========================

D:\Data a programy\arcai.com\aips.exe
File not signed
MD5: D1C1FFA5C318B9FD451030BF945CC0E5
Creation and modification date: 2018-05-18 13:24 - 2018-05-11 09:51
Size: 002677760
Attributes: ----A
Company Name: Arcai.com
Internal Name: AIPS
Original Name: AIPS.exe
Product: AIPS Application
Description: Arp Intelligent Protection Service
File Version: 214
Product Version: 214
Copyright: Arcai.com Copyright (C) 2011
VirusTotal: https://www.virustotal.com/file/0eb4dc0 ... 531008943/

====== End of File: ======


========================= File: C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe ========================

C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
File not signed
MD5: 01B56BCA24EDAF80FF7EBCA5CC2EFF3E
Creation and modification date: 2018-05-07 19:13 - 2017-09-15 18:10
Size: 000099840
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/69732e6 ... 521134613/

====== End of File: ======


========================= File: C:\Program Files (x86)\Browny02\BrYNSvc.exe ========================

C:\Program Files (x86)\Browny02\BrYNSvc.exe
File not signed
MD5: 5FAE1765FCD6CEE58E2D0F4CDC91A685
Creation and modification date: 2018-05-07 19:29 - 2018-01-18 15:39
Size: 000314368
Attributes: ----A
Company Name: Brother Industries, Ltd.
Internal Name: BrYNSvc.exe
Original Name: BrYNSvc.exe
Product: BrYNCSvc
Description: BrYNCSvc
File Version: 1.11.1.0
Product Version: 1.11.1.0
Copyright: Copyright (C) 2009-2017 Brother Industries, Ltd.
VirusTotal: https://www.virustotal.com/file/3b536d6 ... 531268135/

====== End of File: ======


========================= File: C:\WINDOWS\OInstall.exe ========================

"C:\WINDOWS\OInstall.exe" => not found
====== End of File: ======

"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bce19-8379-11e8-aee2-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{424bce19-8379-11e8-aee2-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1cda806-8610-11e8-898c-6045cb266758}" => removed successfully
HKLM\Software\Classes\CLSID\{e1cda806-8610-11e8-898c-6045cb266758} => not found
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => value restored successfully
"HKLM\System\CurrentControlSet\Services\KMSEmulator" => removed successfully
KMSEmulator => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
"HKU\S-1-5-21-3858045577-2291682650-3043789371-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D0AE411B593B}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CCBE0FD-85EC-4DE5-A14D-C967C110D51E}" => removed successfully
C:\WINDOWS\System32\Tasks\OInstall => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OInstall" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124E1103-5B31-49D9-9E6B-77B6070C1F57}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225E881D-3580-4982-9B7E-EFF2C49A3133}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3642DEE8-E03F-43B1-9C92-7A16EF56215F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410F1C83-C2B8-45D8-859F-4CED8ACA4CD6}" => removed successfully
"C:\WINDOWS\System32\Tasks\KMSAutoNet" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AB2630-E8CC-4BFE-A9DC-1F47F67B8EA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BF7FF5-43E5-4796-B825-1EE864A2321B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0573B9F-6E8B-4FD3-9E23-534B1AA0DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3441051-000F-4C3D-81AB-9575212B40E4}" => removed successfully
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Jakub Kasanda) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Jakub Kasanda)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0854EE7-19C9-4235-9626-477E0104401F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle" => not found
C:\ProgramData\Temp => ":EC2E1DEC" ADS removed successfully

"C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" folder move:

Could not move "C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer" => Scheduled to move on reboot.

C:\ProgramData\KMSAutoS => moved successfully
"C:\WINDOWS\OInstall.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68782068 B
Java, Flash, Steam htmlcache => 30373834 B
Windows/system/drivers => 79414733 B
Edge => 2383400 B
Chrome => 24593568 B
Firefox => 20571041 B
Opera => 504650115 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1444 B
LocalService => 1656162 B
LocalService => 0 B
NetworkService => 8796 B
NetworkService => 0 B
defaultuser0 => 6656 B
Jakub Kasanda => 412522108 B
DefaultAppPool => 6656 B

RecycleBin => 28792205511 B
EmptyTemp: => 27.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-07-2018 22:04:43)

C:\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer => Is moved successfully

==== End of Fixlog 22:04:44 ====

[Conder]

Vyzera to na bitcoin miner. CMD uz funguje?

Poprosim este o nove logy z FRST.

[kouzelnik3]

Bitcoin miner nepotěší. Snad se jej pohodlně zbavíme. Popřípadě jak ses proti němu chránit? Antivirus nepoužívám, páč spoléhám na vestavěný v "desítkách", ale nejspíš bude potřeba i 3rd-party-AV, nebo ne? Ano, CMD už funguje bez problémů, zdá se.

[Conder]

Uz sme sa ho zbavili

Spusti este tento fixlist (postup taky isty, tentokrat ale bez restartu):

Kód: Vybrat vše

Start
Zip: C:\FRST\Quarantine\C\Users\Jakub Kasanda\AppData\Roaming\Microsoft\SoundMixer
End

Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, ten nahraj napr. na leteckaposta.cz a posli odkaz na stiahnutie.

Co sa tyka toho antivirusu, ja osobne tiez spolieham na WinDefender, ale vzdy kontrolujem, co stahujem/spustam/instalujem (a na podozrive veci virtualny PC alebo virustotal.com). Konkretny AV neviem odporucit, ale tu je odporucanie kolegu: https://forum.viry.cz/viewtopic.php?f=29&t=152926

[kouzelnik3]

To super. Na počítači to je znát. Při startu se vždy značně sekal v prvních několika minutách po spuštění. To samé při hraní, což jsem ještě neověřil, ale mohlo by být taky vyřešeno. Přisuzoval jsem to "Insider Preview".

Soubor tady, s leteckou poštou jsem se nějak nedohodl, tak sdilej.cz
https://sdilej.cz/10069122/16.07.2018-07.47.47.zip

Dobrá, kdyžtak tak kouknu, díky moc.

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[kouzelnik3]

Hotovo. Nyní tedy hotovo a stroj zbaven veškeré "zkázy"?

[Conder]

Ano, podla poslednych logov to uz vyzera ciste.

[kouzelnik3]

Dobrá, tak v tom případě moc děkuji za vyčištění a vlastně i odvirování!