Právě je 23 zář 2019 17:28

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.



Odeslat nové téma Odpovědět na téma  [ Příspěvků: 36 ]  Přejít na stránku 1, 2, 3  Další
Autor Zpráva
 Předmět příspěvku: Preventivka
PříspěvekNapsal: 12 bře 2019 23:17 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
Po dlouhé době prosím o kontrolu, zdá se mi že chrome je pomalejší (a zere moc RAM i po restartu s jednou záložkou). Předem díky

prikladam archiv


Přílohy:
logy.zip [35.58 KiB]
19 krát

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner
Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 12 bře 2019 23:58 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 14 bře 2019 08:42 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-14-2019
# Duration: 00:00:15
# OS: Windows 10 Pro
# Cleaned: 42
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Pokki
Deleted C:\Users\lenovo\AppData\Local\Pokki
Deleted C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Deleted C:\Users\lenovo\AppData\Local\SweetLabs App Platform
Deleted C:\Program Files\Hola
Deleted C:\Users\lenovo\AppData\Roaming\Hola
Deleted C:\Program Files (x86)\wintoflash suggestor

***** [ Files ] *****

Deleted C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SweetLabs App Platform
Deleted HKCU\Software\Classes\lnkfile\shell\pokki
Deleted HKCU\Software\Classes\Drive\shell\pokki
Deleted HKCU\Software\Classes\Directory\shell\pokki
Deleted HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted HKCU\Software\Classes\pokki
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKCU\Software\csastats
Deleted HKU\S-1-5-18\Software\Hola
Deleted HKU\.DEFAULT\Software\Hola
Deleted HKLM\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\Software\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Deleted HKLM\Software\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Deleted HKLM\Software\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Deleted HKLM\Software\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor
Deleted HKCU\Software\AppDataLow\Software\WinToFlash Suggestor

***** [ Chromium (and derivatives) ] *****

Deleted WinToFlash Suggestor

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4929 octets] - [14/03/2019 08:22:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 14 bře 2019 09:10 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
:arrow: Poprosim o obidva nove logy z FRST (FRSR.txt a Addition.txt)

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 14 bře 2019 21:47 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
viz priloha


Přílohy:
logy.zip [37.63 KiB]
21 krát

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner
Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 15 bře 2019 15:23 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
    Kód:
    Start
    CloseProcesses:
    CreateRestorePoint:

    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    File: C:\Windows\System32\HPZinw12.dll
    File: C:\WINDOWS\system32\HPZipm12.dll

    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
    SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
    SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
    Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
    CHR NewTab: Default ->  Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
    CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
    CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
    C:\Program Files (x86)\*.tmp
    2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}

    CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
    Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
    Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
    IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com

    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 16 bře 2019 12:50 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by lenovo (15-03-2019 19:11:45) Run:1
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\WINDOWS\system32\HPZipm12.dll

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
C:\Program Files (x86)\*.tmp
2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}

CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 83
Average :
Sum : 27732188
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File not signed
MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000217088
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQCXS00
Original Name: HPQCXS00.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE Context Manager Objects
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/45e7eca ... 522937046/

====== End of File: ======


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File not signed
MD5: DF446BA625CC441617843E87798CE048
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000139264
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQDDSVC
Original Name: HPQDDSVC.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE DeviceDiscovery Service
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/b45c11e ... 522937002/

====== End of File: ======


========================= File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ========================

C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File not signed
MD5: 990CB3A2030A55884B1F6C14AB8E7E05
Creation and modification date: 2017-07-22 10:04 - 2017-07-22 10:04
Size: 000058176
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4ac31dd ... 508174767/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ========================

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File not signed
MD5: 7CF1B716372B89568AE4C0FE769F5869
Creation and modification date: 2006-10-26 13:40 - 2006-10-26 13:40
Size: 000335872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mdm.exe
Original Name: mdm.exe
Product: Microsoft® Visual Studio .NET
Description: Machine Debug Manager
File Version: 7.10.3077
Product Version: 7.10.3077
Copyright: Copyright© Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/0d70a7a ... 552377008/

====== End of File: ======


========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: DC6530A291D4BDF6DF399F1F128E7F8F
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000071680
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/85123d8 ... 546381323/

====== End of File: ======


========================= File: C:\WINDOWS\system32\HPZipm12.dll ========================

C:\WINDOWS\system32\HPZipm12.dll
File not signed
MD5: 71F62C51DFDFBC04C83C5C64B2B8058E
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000089600
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/cab12e6 ... 546381328/

====== End of File: ======

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => removed successfully
HKLM\Software\Classes\CLSID\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => not found
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully

=========== "C:\Program Files (x86)\*.tmp" ==========

C:\Program Files (x86)\GUT52A2.tmp => moved successfully

========= End -> "C:\Program Files (x86)\*.tmp" ========

C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1} => moved successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95829143 B
Java, Flash, Steam htmlcache => 2944 B
Windows/system/drivers => 7703167 B
Edge => 3141141 B
Chrome => 492310397 B
Firefox => 228104148 B
Opera => 50893366 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 58498808 B
systemprofile32 => 69086466 B
LocalService => 42734 B
LocalService => 0 B
NetworkService => 14870 B
NetworkService => 0 B
lenovo => 195942404 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:14:28 ====

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 16 bře 2019 12:50 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by lenovo (15-03-2019 19:11:45) Run:1
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\WINDOWS\system32\HPZipm12.dll

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
C:\Program Files (x86)\*.tmp
2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}

CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 83
Average :
Sum : 27732188
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File not signed
MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000217088
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQCXS00
Original Name: HPQCXS00.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE Context Manager Objects
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/45e7eca ... 522937046/

====== End of File: ======


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File not signed
MD5: DF446BA625CC441617843E87798CE048
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000139264
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQDDSVC
Original Name: HPQDDSVC.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE DeviceDiscovery Service
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/b45c11e ... 522937002/

====== End of File: ======


========================= File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ========================

C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File not signed
MD5: 990CB3A2030A55884B1F6C14AB8E7E05
Creation and modification date: 2017-07-22 10:04 - 2017-07-22 10:04
Size: 000058176
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4ac31dd ... 508174767/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ========================

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File not signed
MD5: 7CF1B716372B89568AE4C0FE769F5869
Creation and modification date: 2006-10-26 13:40 - 2006-10-26 13:40
Size: 000335872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mdm.exe
Original Name: mdm.exe
Product: Microsoft® Visual Studio .NET
Description: Machine Debug Manager
File Version: 7.10.3077
Product Version: 7.10.3077
Copyright: Copyright© Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/0d70a7a ... 552377008/

====== End of File: ======


========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: DC6530A291D4BDF6DF399F1F128E7F8F
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000071680
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/85123d8 ... 546381323/

====== End of File: ======


========================= File: C:\WINDOWS\system32\HPZipm12.dll ========================

C:\WINDOWS\system32\HPZipm12.dll
File not signed
MD5: 71F62C51DFDFBC04C83C5C64B2B8058E
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000089600
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/cab12e6 ... 546381328/

====== End of File: ======

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => removed successfully
HKLM\Software\Classes\CLSID\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => not found
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully

=========== "C:\Program Files (x86)\*.tmp" ==========

C:\Program Files (x86)\GUT52A2.tmp => moved successfully

========= End -> "C:\Program Files (x86)\*.tmp" ========

C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1} => moved successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95829143 B
Java, Flash, Steam htmlcache => 2944 B
Windows/system/drivers => 7703167 B
Edge => 3141141 B
Chrome => 492310397 B
Firefox => 228104148 B
Opera => 50893366 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 58498808 B
systemprofile32 => 69086466 B
LocalService => 42734 B
LocalService => 0 B
NetworkService => 14870 B
NetworkService => 0 B
lenovo => 195942404 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:14:28 ====

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 16 bře 2019 14:50 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy s PC?

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 17 bře 2019 15:31 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
no to vysleduji až po nějaké době používání, dám když tak vědět chrome bere porad cca 500mb RAM ale to je asi normalni.

Ze zaslaných logů bylo něco v nepořádku více než je zdrávo?

díky

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 17 bře 2019 22:47 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
:arrow: V podstate ani nie, len sme precistili bezne zbytocnosti a precistili docasne subory.

:arrow: V Chrome je nainstalovane rozsirenie "True Key™ by McAfee" - ak ho nepotrebujes/nepouzivas, odporucam odinstalovat.

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 18 bře 2019 07:04 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
v rozsireni mam jen dve veci:

1. adobe acrobat
2. avast - ten jsem odstranil

true key od macafee tam nevidím.

Pokud je to vše můžete uzavřít, díky

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 18 bře 2019 20:59 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
:arrow: Tak este upraceme po pouzitych nastrojoch:

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 19 bře 2019 09:06 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 20 črc 2006 11:33
Příspěvky: 209
hotovo

_________________
_________________________________________________________________
RSIT | MWAV | CCleaner


Nahoru
 Profil  
Odpovědět s citací  
 Předmět příspěvku: Re: Preventivka
PříspěvekNapsal: 20 bře 2019 17:38 
Offline
Rádce
Rádce

Registrován: 30 pro 2013 22:29
Příspěvky: 2907
Bydliště: Bratislava
Tak ak je uz teda vsetko OK, tak to by bolo vsetko z mojej strany :)

_________________
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

V pripade spokojnosti je mozne podporit forum. Dakujeme!


Nahoru
 Profil  
Odpovědět s citací  
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Odpovědět na téma  [ Příspěvků: 36 ]  Přejít na stránku 1, 2, 3  Další

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?