Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Poprosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 22 úno 2009 10:30

Poprosím o kontrolu

#1 Příspěvek od seamus »

Zdravím po dlhšej dobe
Ak by to šlo, chcel by som vás poprosiť o kontrolu - môj PC sa posledné dni správa nejako čudne (navyše mi prestal rozproznávať externú mechaniku) - možno za tým nič nebude (síce som v Addition logu zazrel zmienku o Trojane), snáď to nebude veľmi vážne.
Vopred ďakujem za pomoc a prikladám logy.
Přílohy
FRST + Addition.rar
(28.79 KiB) Staženo 5 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2007
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Poprosím o kontrolu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 22 úno 2009 10:30

Re: Poprosím o kontrolu

#3 Příspěvek od seamus »

Ďakujem. Tu je to:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-16-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Codec Settings UAC Manager

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4891 octets] - [16/09/2020 17:47:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2007
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Poprosím o kontrolu

#4 Příspěvek od Diallix »

dobre. poprosim o nove logy z FRST + Addition
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 22 úno 2009 10:30

Re: Poprosím o kontrolu

#5 Příspěvek od seamus »

Nech sa páči.
Přílohy
FRST + Addition 2.rar
(28.61 KiB) Staženo 5 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2007
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Poprosím o kontrolu

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File

EmptyTemp:


Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 22 úno 2009 10:30

Re: Poprosím o kontrolu

#7 Příspěvek od seamus »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2020
Ran by Jakub (16-09-2020 19:38:50) Run:1
Running from C:\Users\Jakub\Desktop
Loaded Profiles: Jakub
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File

EmptyTemp:

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
C:\WINDOWS\System32\Tasks\Nero\Nero Info => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
C:\WINDOWS\System32\Tasks\klcp_update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\Tasks\Antivirus Emergency Update => moved successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\ProgramData\RedFox => ":AnyDVD" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 263313408 B
Java, Flash, Steam htmlcache => 1142 B
Windows/system/drivers => 101357 B
Edge => 1373931 B
Chrome => 1273542962 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 226514 B
NetworkService => 242362 B
Jakub => 64437859 B

RecycleBin => 185293 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:45:13 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2007
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Poprosím o kontrolu

#8 Příspěvek od Diallix »

Ako je na tom pocitac?
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 22 úno 2009 10:30

Re: Poprosím o kontrolu

#9 Příspěvek od seamus »

Práve som ho ešte raz reštartoval a vyzerá to skvelo :idea:
Obrovitánska vďaka za váš čas a ochotu sa mi venovať, veľmi si toho cením :worship: . Celý váš tím odvádza neskutočnú prácu...

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2007
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Poprosím o kontrolu

#10 Příspěvek od Diallix »

Nemate zac, aj na buduce :]]

Cely tim sa snazime :]] Dakujem za uznanie a za cely tim Dakujem :]]
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno