VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=155038

Stránka 1 z 1

kontrola logu

Napsal: 28 říj 2018 18:11
od dany007119966
zdravim v poslednom case sa mi po zapnuti pc objavi cmd.exe s ciernou obrazovkou a blikne v po spusteni mam daco DK SUBOR

vyzera takto co to je mozem to zmazat ?

@echo off
cd %userprofile%\AppData\Local\"DK Deploy Service"\
start w1.exe
exit

posielam logy z frst :)

Re: kontrola logu

Napsal: 29 říj 2018 02:03
od Conder
Ahoj :)

:arrow: Toto je zrejme davkovy subor "C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DK.bat", kedze je v zlozke Startup tak sa automaticky spusta pri starte. Ci je to legitimny program alebo malware zistime dalsimi krokmi. Zatial to mozes zmazat/zakazat.

:arrow: Nastavoval si nieco v Group Policy (skupinova politika)?

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

Re: kontrola logu

Napsal: 29 říj 2018 07:23
od dany007119966
preskenoval som a nic nenaslo cize idem to zmazat :?:

v group policy som nic nemenil

Re: kontrola logu

Napsal: 29 říj 2018 12:53
od Conder
:arrow: OK, poprosim o obidva nove logy z FRST.

Re: kontrola logu

Napsal: 29 říj 2018 14:11
od dany007119966
tu su

Re: kontrola logu

Napsal: 29 říj 2018 14:12
od dany007119966
druhy log

Re: kontrola logu

Napsal: 29 říj 2018 19:04
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
VirusTotal: C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe
VirusTotal: C:\Users\Intel\AppData\Local\DK Deploy Service\w8.exe
Folder: C:\Users\Intel\AppData\Local\DK Deploy Service
File: C:\Users\Intel\AppData\Local\DK Deploy Service\w8.exe
File: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi
File: C:\Windows\system32\Windows.Management.Service.dll
File: C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe
File: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
CMD: type "C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\user.js"
CMD: type "C:\Users\Intel\1.bat"
CMD: type "C:\Users\Intel\erase_cache.bat"
CMD: type "C:\Users\Intel\erase_cache2.bat"
CMD: type "C:\Users\Intel\Reset_Reregister_Windows_Update_Components.bat"

BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
FF user.js: detected! => C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\user.js [2017-06-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ox8jwg36.default -> type", 0
FF Extension: (clean-youtube) - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-09-04]
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35504 2016-11-05] (MSFree Inc.) [File not signed]
2018-10-28 18:15 - 2018-10-29 07:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-28 18:15 - 2018-10-28 18:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-28 18:15 - 2018-10-28 18:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-10-28 18:56 - 2018-05-26 15:42 - 000000000 ____D C:\ProgramData\KMSAuto
2017-09-29 14:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe

CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers2-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: kontrola logu

Napsal: 30 říj 2018 07:13
od dany007119966
uz som to DK zmazal to kms tam musim mat kvoli aktivacii officu a one drive mi netreba vobec

Re: kontrola logu

Napsal: 31 říj 2018 03:27
od Conder
Tym fixlistom sa malo zistit aj viac o tom subore a ci je to realna hrozba. Co sa tyka toho KMS, upozornujem, ze nase forum nepodporuje nelegalne pouzivanie SW a navyse pri programoch takehoto typu je dost velke riziko, ze sa ako "aktivatory" iba tvaria ale v skutocnosti sa jedna o trojan resp. malware (skodlivy kod).

Re: kontrola logu

Napsal: 31 říj 2018 15:59
od dany007119966
spravil som fix pripajam logy :?:

Re: kontrola logu

Napsal: 31 říj 2018 21:01
od Conder
Posli aj Fixlog.txt, ktory obsahuje vysledky z predchadzajuceho fixlistu. Mal by byt na ploche, pripadne v adresari C:\FRST\Logs.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz