Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
JanPavel
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 18 dub 2021 23:49

Prosim o kontrolu logu

#1 Příspěvek od JanPavel »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Athlon (administrator) on ATHLON-PC (19-04-2021 00:36:30)
Running from N:\ LOST PARTITION\Software\ Virus Vault
Loaded Profiles: Athlon
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] M:\ Crypto\BitcloudX\bitcloud-qt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <25>
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\Total Commader 7.56a - FULL (Created Xnuke)\TCMDX64.EXE
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\Total Commader 7.56a - FULL (Created Xnuke)\TOTALCMD.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <35>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: O - O:\LaunchU3.exe -a
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: {37063b62-32bb-11e8-8724-7085c2064f38} - K:\LaunchU3.exe -a
HKLM\...\Windows x64\Print Processors\GTEG_IPPR: C:\Windows\System32\spool\prtprocs\x64\GTEG_IPPR.dll [77312 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Monotype Imaging Inc.)
HKLM\...\Windows x64\Print Processors\HP2030PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP2030PP.DLL [65024 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpcpp093: C:\Windows\System32\spool\prtprocs\x64\hpcpp093.DLL [300032 2010-04-15] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpcpp250: C:\Windows\System32\spool\prtprocs\x64\hpcpp250.dll [850024 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\FPR9:: C:\Windows\system32\fpmon9.dll [720064 2017-01-29] (FinePrint Software, LLC -> FinePrint Software, LLC)
HKLM\...\Print\Monitors\GTEG PJL Monitor: C:\Windows\system32\GTEG_LMON.dll [73728 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Teco Image Systems Co., Ltd.)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW082.DLL [127592 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP2030LM: C:\Windows\system32\HP2030LM.DLL [246784 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor India Private Limited.)
HKLM\...\Print\Monitors\HPMLM225: C:\Windows\system32\hpmlm225.dll [315496 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\90.1.23.71\Installer\chrmstp.exe [2021-04-16] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE4197C-405C-46BC-8F28-C7907BEEE779} - System32\Tasks\{71979838-1D6F-4853-A603-D54B3137F2A8} => C:\Windows\system32\pcalua.exe -a "C:\ Down\17405_03.exe" -d "C:\ Down"
Task: {4486EE25-4A0F-4E9F-A1DF-E77893A0AB29} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {479DF540-E364-4610-8EEB-32F8CB8F33CB} - System32\Tasks\{BA0C7A69-3883-48D2-97F4-5E47E030DA91} => C:\Windows\system32\pcalua.exe -a C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\PreCracked.exe -d C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\ <==== ATTENTION
Task: {569984A5-1028-4E2D-B4DF-D7D447A9B1F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {6189DE3E-1541-40FB-926A-BA4061039634} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {64328E78-43A4-437C-AF9A-6272EAC0B94E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe
Task: {6ADA6719-7F34-4547-A6DE-328238D97AD6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8A2904F2-6C62-46EA-97BE-13D8E6C0C7BB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {90D3F28D-C58E-4175-BB45-CB3421DA29EF} - System32\Tasks\{A09B6756-B2E9-425E-9486-5BD0A722987F} => C:\Windows\system32\pcalua.exe -a "C:\ Down\sp54508.exe" -d "C:\ Down"
Task: {9C9714E0-039A-45E1-AD9D-29D090B454AE} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe
Task: {AEDDAC32-FC14-4A61-A6A8-4635AF81D5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {C6DE380D-53B4-487F-B23C-2D9BC9650319} - System32\Tasks\Skype => C:\Users\Athlon\AppData\Local\Temp\115C.vbs <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 194.228.41.65
Tcpip\..\Interfaces\{8D8F21F2-A607-40C7-ADDD-0D7B3032792C}: [DhcpNameServer] 192.168.0.1 194.228.41.65

FireFox:
========
FF DefaultProfile: 0nq53hdw.default
FF ProfilePath: C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\0nq53hdw.default [2021-04-19]
FF DownloadDir: C:\ Down
FF Notifications: Mozilla\Firefox\Profiles\0nq53hdw.default -> hxxps://forum24.os.tc; hxxps://gonetwork.co; hxxps://testnet.bitmex.com
FF Extension: (RAMBack) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\0nq53hdw.default\Extensions\ramback@pavlov.net.xpi [2017-11-09] [Legacy]
FF Extension: (Bulk Image Downloader) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\0nq53hdw.default\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2021-03-14]
FF Extension: (No Name) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\0nq53hdw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-13] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default [2021-04-19]
CHR Notifications: Default -> hxxps://wallet.crypto-bridge.org; hxxps://www.bitmex.com; hxxps://www.esky.cz; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.reformy.cz; hxxps://xcraft.net
CHR Extension: (Prezentace) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Dokumenty) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Disk Google) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-25]
CHR Extension: (Image Downloader) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-28]
CHR Extension: (Tabulky) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Lamden Wallet - Browser Extension) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfffofbcgbjjojdnpcfompojdjjhdim [2021-03-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-13]
CHR Extension: (MetaMask) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-04-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-10]
CHR Profile: C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-23]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx <not found>

Brave:
=======
BRA Profile: C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-19]
BRA Extension: (MetaMask) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-04-18]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-31]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-18]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-07-23]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2021-04-18]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-07-23]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-08-16]
BRA Extension: (Crypto Wallets) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2020-07-28]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2021-04-18]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-04-17]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2019-02-02] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2019-02-02] (HP Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [611512 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2015-02-03] (ASROCK Incorporation -> ASRock Inc.)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [29096 2020-08-21] (Hewlett-Packard Company -> Hewlett Packard)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [611728 2020-01-16] (Bitdefender SRL -> Bitdefender)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-19 00:36 - 2021-04-19 00:37 - 000000000 ____D C:\FRST
2021-04-11 02:09 - 2021-04-17 15:21 - 000001028 _____ C:\Users\Athlon\Desktop\new mining.txt
2021-04-06 13:05 - 2021-04-06 13:05 - 000000859 _____ C:\Users\Athlon\Desktop\GT.contact
2021-03-25 22:01 - 2021-03-30 15:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-24 14:07 - 2021-03-24 14:07 - 000420392 _____ (Facebook Technologies, LLC) C:\Users\Athlon\Downloads\FacebookGameroom (3).exe
2021-03-24 14:01 - 2021-03-24 14:01 - 000420392 _____ (Facebook Technologies, LLC) C:\Users\Athlon\Downloads\FacebookGameroom (2).exe
2021-03-24 14:00 - 2021-03-24 14:00 - 000420392 _____ (Facebook Technologies, LLC) C:\Users\Athlon\Downloads\FacebookGameroom.exe
2021-03-24 14:00 - 2021-03-24 14:00 - 000420392 _____ (Facebook Technologies, LLC) C:\Users\Athlon\Downloads\FacebookGameroom (1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-19 00:24 - 2017-09-19 01:13 - 000110367 _____ C:\Users\Athlon\Desktop\COINZ.txt
2021-04-19 00:24 - 2017-09-16 20:12 - 000000000 ____D C:\ Down
2021-04-19 00:24 - 2017-08-02 02:50 - 000000095 _____ C:\Windows\winamp.ini
2021-04-19 00:06 - 2019-02-07 23:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-19 00:05 - 2017-08-02 02:43 - 000000000 ____D C:\Users\Athlon\AppData\LocalLow\Mozilla
2021-04-18 20:36 - 2017-10-24 13:03 - 000000000 ____D C:\Users\Athlon\Documents\FinePrint files
2021-04-18 18:03 - 2009-07-14 17:18 - 003015362 _____ C:\Windows\system32\perfh005.dat
2021-04-18 18:03 - 2009-07-14 17:18 - 000933442 _____ C:\Windows\system32\perfc005.dat
2021-04-18 18:03 - 2009-07-14 07:13 - 000006208 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-18 15:50 - 2017-08-02 03:11 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\qBittorrent
2021-04-18 13:39 - 2021-03-11 20:44 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Idena
2021-04-17 16:43 - 2018-01-05 10:09 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Telegram Desktop
2021-04-17 15:42 - 2009-07-14 06:45 - 000025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-04-17 15:42 - 2009-07-14 06:45 - 000025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-04-17 15:22 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-17 15:22 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-17 15:21 - 2017-08-06 09:49 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-04-17 14:04 - 2020-11-03 20:12 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2021-04-17 13:55 - 2020-11-03 20:12 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Star Stable Online
2021-04-17 13:45 - 2020-11-03 20:12 - 000002229 _____ C:\Users\Public\Desktop\Star Stable Online.lnk
2021-04-17 13:45 - 2020-11-03 20:12 - 000002229 _____ C:\ProgramData\Desktop\Star Stable Online.lnk
2021-04-17 02:53 - 2018-01-05 01:02 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Exodus
2021-04-17 02:52 - 2018-01-06 16:57 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Neon
2021-04-17 02:21 - 2017-12-29 02:35 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\WinAuth
2021-04-16 02:48 - 2020-07-19 01:25 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-04-16 02:48 - 2020-07-19 01:25 - 000002268 _____ C:\Users\Public\Desktop\Brave.lnk
2021-04-16 02:48 - 2020-07-19 01:25 - 000002268 _____ C:\ProgramData\Desktop\Brave.lnk
2021-04-16 01:13 - 2019-04-14 13:17 - 000000000 ____D C:\Users\Athlon\AppData\Local\exodus
2021-04-16 01:12 - 2018-01-05 01:02 - 000002125 _____ C:\Users\Athlon\Desktop\Exodus.lnk
2021-04-16 01:12 - 2018-01-05 01:02 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-04-15 19:43 - 2020-12-17 13:41 - 000000000 ____D C:\Users\Athlon\AppData\Local\CrashDumps
2021-04-15 01:21 - 2020-11-30 21:16 - 000002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-15 01:21 - 2020-11-30 21:16 - 000002151 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-15 01:21 - 2017-08-25 02:50 - 000002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-07 09:21 - 2018-01-03 09:56 - 000047104 _____ C:\Users\Athlon\Desktop\ICOs.xls
2021-04-03 02:34 - 2018-01-05 22:52 - 000000000 ____D C:\Users\Athlon\Downloads\Telegram Desktop
2021-03-30 15:33 - 2017-11-07 01:58 - 000000056 _____ C:\Windows\Lic.xxx
2021-03-30 15:33 - 2009-07-14 04:34 - 000000915 _____ C:\Windows\win.ini
2021-03-30 15:30 - 2020-12-30 16:58 - 843810667 ____N C:\Windows\MEMORY.DMP
2021-03-30 15:30 - 2018-04-29 00:55 - 000000000 ____D C:\Windows\Minidump
2021-03-30 15:30 - 2017-08-02 02:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-29 22:48 - 2019-06-30 22:10 - 000016075 _____ C:\Users\Athlon\Desktop\FRA.txt
2021-03-29 14:05 - 2021-03-11 20:44 - 000002151 _____ C:\Users\Athlon\Desktop\Idena.lnk
2021-03-29 14:03 - 2021-03-11 20:44 - 000000000 ____D C:\Users\Athlon\AppData\Local\idena-desktop-updater
2021-03-29 01:38 - 2017-09-26 10:15 - 000027648 _____ C:\Users\Athlon\Desktop\karpotu.xls

==================== Files in the root of some directories ========

2015-03-26 13:48 - 2015-03-26 13:48 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-10-23 22:57 - 2017-10-23 22:59 - 000728064 _____ () C:\Users\Athlon\AppData\Local\file__0.localstorage
2017-08-07 07:41 - 2020-09-01 21:19 - 000007670 _____ () C:\Users\Athlon\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-04-12 00:23
==================== End of FRST.txt ========================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosim o kontrolu logu

#2 Příspěvek od JaRon »

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
 HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: O - O:\LaunchU3.exe -a
 HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: {37063b62-32bb-11e8-8724-7085c2064f38} - K:\LaunchU3.exe -a
Task: {479DF540-E364-4610-8EEB-32F8CB8F33CB} - System32\Tasks\{BA0C7A69-3883-48D2-97F4-5E47E030DA91} => C:\Windows\system32\pcalua.exe -a C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\PreCracked.exe -d C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\ <==== ATTENTION
Task: {C6DE380D-53B4-487F-B23C-2D9BC9650319} - System32\Tasks\Skype => C:\Users\Athlon\AppData\Local\Temp\115C.vbs <==== ATTENTION



EmptyTemp:
Reboot:
End
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

:arrow: Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

:arrow: Restart PC a dejte mi sem fixlog.txt
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

JanPavel
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 18 dub 2021 23:49

Re: Prosim o kontrolu logu

#3 Příspěvek od JanPavel »

Dekuji ;-)

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Athlon (19-04-2021 12:56:03) Run:1
Running from N:\ LOST PARTITION\Software\ Virus Vault
Loaded Profiles: Athlon
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: O - O:\LaunchU3.exe -a
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: {37063b62-32bb-11e8-8724-7085c2064f38} - K:\LaunchU3.exe -a
Task: {479DF540-E364-4610-8EEB-32F8CB8F33CB} - System32\Tasks\{BA0C7A69-3883-48D2-97F4-5E47E030DA91} => C:\Windows\system32\pcalua.exe -a C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\PreCracked.exe -d C:\Users\Athlon\AppData\Local\Temp\ir_ext_temp_0\ <==== ATTENTION
Task: {C6DE380D-53B4-487F-B23C-2D9BC9650319} - System32\Tasks\Skype => C:\Users\Athlon\AppData\Local\Temp\115C.vbs <==== ATTENTION



EmptyTemp:
Reboot:
End
*****************

HKU\S-1-5-21-1612216774-2786075622-449432659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => removed successfully
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O => removed successfully
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37063b62-32bb-11e8-8724-7085c2064f38} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{479DF540-E364-4610-8EEB-32F8CB8F33CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{479DF540-E364-4610-8EEB-32F8CB8F33CB}" => removed successfully
C:\Windows\System32\Tasks\{BA0C7A69-3883-48D2-97F4-5E47E030DA91} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA0C7A69-3883-48D2-97F4-5E47E030DA91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6DE380D-53B4-487F-B23C-2D9BC9650319}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6DE380D-53B4-487F-B23C-2D9BC9650319}" => removed successfully
C:\Windows\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62750899 B
Java, Flash, Steam htmlcache => 11355 B
Windows/system/drivers => 757890 B
Edge => 0 B
Chrome => 729266621 B
Brave => 330162754 B
Firefox => 1668348843 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100902 B
systemprofile32 => 167130 B
LocalService => 299374 B
NetworkService => 3042000 B
Athlon => 10686706 B

RecycleBin => 1921276 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:56:50 ====

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosim o kontrolu logu

#4 Příspěvek od JaRon »

OK, a teraz to mozes preventivne prescanovat ADWCleanerom
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

JanPavel
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 18 dub 2021 23:49

Re: Prosim o kontrolu logu

#5 Příspěvek od JanPavel »

Jeste na me vyskakuje hned po startu systemu tohle:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosim o kontrolu logu

#6 Příspěvek od JaRon »

Pozri do msconfig
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Odpovědět