Stránka 1 z 1
kontrola logu
Napsal: 28 říj 2018 18:11
od dany007119966
zdravim v poslednom case sa mi po zapnuti pc objavi cmd.exe s ciernou obrazovkou a blikne v po spusteni mam daco DK SUBOR
vyzera takto co to je mozem to zmazat ?
@echo off
cd %userprofile%\AppData\Local\"DK Deploy Service"\
start w1.exe
exit
posielam logy z frst
Re: kontrola logu
Napsal: 29 říj 2018 02:03
od Conder
Ahoj
Toto je zrejme davkovy subor "C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DK.bat", kedze je v zlozke Startup tak sa automaticky spusta pri starte. Ci je to legitimny program alebo malware zistime dalsimi krokmi. Zatial to mozes zmazat/zakazat.
Nastavoval si nieco v Group Policy (skupinova politika)?
Stiahni
AdwCleaner:
https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
- Nechaj zaskrtnute vsetky nalezy
- Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah sem skopiruj
Re: kontrola logu
Napsal: 29 říj 2018 07:23
od dany007119966
preskenoval som a nic nenaslo cize idem to zmazat
v group policy som nic nemenil
Re: kontrola logu
Napsal: 29 říj 2018 12:53
od Conder
OK, poprosim o obidva nove logy z FRST.
Re: kontrola logu
Napsal: 29 říj 2018 14:11
od dany007119966
tu su
Re: kontrola logu
Napsal: 29 říj 2018 14:12
od dany007119966
druhy log
Re: kontrola logu
Napsal: 29 říj 2018 19:04
od Conder
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
VirusTotal: C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe
VirusTotal: C:\Users\Intel\AppData\Local\DK Deploy Service\w8.exe
Folder: C:\Users\Intel\AppData\Local\DK Deploy Service
File: C:\Users\Intel\AppData\Local\DK Deploy Service\w8.exe
File: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi
File: C:\Windows\system32\Windows.Management.Service.dll
File: C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe
File: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
CMD: type "C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\user.js"
CMD: type "C:\Users\Intel\1.bat"
CMD: type "C:\Users\Intel\erase_cache.bat"
CMD: type "C:\Users\Intel\erase_cache2.bat"
CMD: type "C:\Users\Intel\Reset_Reregister_Windows_Update_Components.bat"
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF user.js: detected! => C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\user.js [2017-06-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ox8jwg36.default -> type", 0
FF Extension: (clean-youtube) - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\ox8jwg36.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-09-04]
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [35504 2016-11-05] (MSFree Inc.) [File not signed]
2018-10-28 18:15 - 2018-10-29 07:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-28 18:15 - 2018-10-28 18:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-28 18:15 - 2018-10-28 18:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-10-28 18:56 - 2018-05-26 15:42 - 000000000 ____D C:\ProgramData\KMSAuto
2017-09-29 14:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\Intel\AppData\Local\yEhetWAYAEfI.exe
CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-628695484-3960661340-3325897479-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers2-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Intel\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
Hosts:
EmptyTemp:
End
- Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Re: kontrola logu
Napsal: 30 říj 2018 07:13
od dany007119966
uz som to DK zmazal to kms tam musim mat kvoli aktivacii officu a one drive mi netreba vobec
Re: kontrola logu
Napsal: 31 říj 2018 03:27
od Conder
Tym fixlistom sa malo zistit aj viac o tom subore a ci je to realna hrozba. Co sa tyka toho KMS, upozornujem, ze nase forum nepodporuje nelegalne pouzivanie SW a navyse pri programoch takehoto typu je dost velke riziko, ze sa ako "aktivatory" iba tvaria ale v skutocnosti sa jedna o trojan resp. malware (skodlivy kod).
Re: kontrola logu
Napsal: 31 říj 2018 15:59
od dany007119966
spravil som fix pripajam logy
Re: kontrola logu
Napsal: 31 říj 2018 21:01
od Conder
Posli aj Fixlog.txt, ktory obsahuje vysledky z predchadzajuceho fixlistu. Mal by byt na ploche, pripadne v adresari C:\FRST\Logs.