Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Preventivka

#1 Příspěvek od dinospages »

Po dlouhé době prosím o kontrolu, zdá se mi že chrome je pomalejší (a zere moc RAM i po restartu s jednou záložkou). Předem díky

prikladam archiv
Přílohy
logy.zip
(35.58 KiB) Staženo 172 x
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#3 Příspěvek od dinospages »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-14-2019
# Duration: 00:00:15
# OS: Windows 10 Pro
# Cleaned: 42
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Pokki
Deleted C:\Users\lenovo\AppData\Local\Pokki
Deleted C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Deleted C:\Users\lenovo\AppData\Local\SweetLabs App Platform
Deleted C:\Program Files\Hola
Deleted C:\Users\lenovo\AppData\Roaming\Hola
Deleted C:\Program Files (x86)\wintoflash suggestor

***** [ Files ] *****

Deleted C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SweetLabs App Platform
Deleted HKCU\Software\Classes\lnkfile\shell\pokki
Deleted HKCU\Software\Classes\Drive\shell\pokki
Deleted HKCU\Software\Classes\Directory\shell\pokki
Deleted HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted HKCU\Software\Classes\pokki
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKCU\Software\csastats
Deleted HKU\S-1-5-18\Software\Hola
Deleted HKU\.DEFAULT\Software\Hola
Deleted HKLM\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\Software\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Deleted HKLM\Software\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Deleted HKLM\Software\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Deleted HKLM\Software\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor
Deleted HKCU\Software\AppDataLow\Software\WinToFlash Suggestor

***** [ Chromium (and derivatives) ] *****

Deleted WinToFlash Suggestor

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4929 octets] - [14/03/2019 08:22:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva nove logy z FRST (FRSR.txt a Addition.txt)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#5 Příspěvek od dinospages »

viz priloha
Přílohy
logy.zip
(37.63 KiB) Staženo 147 x
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    File: C:\Windows\System32\HPZinw12.dll
    File: C:\WINDOWS\system32\HPZipm12.dll
    
    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
    HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
    SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL = 
    SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL = 
    Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
    CHR NewTab: Default ->  Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
    CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
    CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
    C:\Program Files (x86)\*.tmp
    2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}
    
    CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
    Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
    Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
    IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#7 Příspěvek od dinospages »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by lenovo (15-03-2019 19:11:45) Run:1
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\WINDOWS\system32\HPZipm12.dll

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
C:\Program Files (x86)\*.tmp
2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}

CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 83
Average :
Sum : 27732188
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File not signed
MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000217088
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQCXS00
Original Name: HPQCXS00.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE Context Manager Objects
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/45e7eca ... 522937046/

====== End of File: ======


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File not signed
MD5: DF446BA625CC441617843E87798CE048
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000139264
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQDDSVC
Original Name: HPQDDSVC.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE DeviceDiscovery Service
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/b45c11e ... 522937002/

====== End of File: ======


========================= File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ========================

C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File not signed
MD5: 990CB3A2030A55884B1F6C14AB8E7E05
Creation and modification date: 2017-07-22 10:04 - 2017-07-22 10:04
Size: 000058176
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4ac31dd ... 508174767/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ========================

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File not signed
MD5: 7CF1B716372B89568AE4C0FE769F5869
Creation and modification date: 2006-10-26 13:40 - 2006-10-26 13:40
Size: 000335872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mdm.exe
Original Name: mdm.exe
Product: Microsoft® Visual Studio .NET
Description: Machine Debug Manager
File Version: 7.10.3077
Product Version: 7.10.3077
Copyright: Copyright© Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/0d70a7a ... 552377008/

====== End of File: ======


========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: DC6530A291D4BDF6DF399F1F128E7F8F
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000071680
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/85123d8 ... 546381323/

====== End of File: ======


========================= File: C:\WINDOWS\system32\HPZipm12.dll ========================

C:\WINDOWS\system32\HPZipm12.dll
File not signed
MD5: 71F62C51DFDFBC04C83C5C64B2B8058E
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000089600
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/cab12e6 ... 546381328/

====== End of File: ======

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => removed successfully
HKLM\Software\Classes\CLSID\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => not found
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully

=========== "C:\Program Files (x86)\*.tmp" ==========

C:\Program Files (x86)\GUT52A2.tmp => moved successfully

========= End -> "C:\Program Files (x86)\*.tmp" ========

C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1} => moved successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95829143 B
Java, Flash, Steam htmlcache => 2944 B
Windows/system/drivers => 7703167 B
Edge => 3141141 B
Chrome => 492310397 B
Firefox => 228104148 B
Opera => 50893366 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 58498808 B
systemprofile32 => 69086466 B
LocalService => 42734 B
LocalService => 0 B
NetworkService => 14870 B
NetworkService => 0 B
lenovo => 195942404 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:14:28 ====
_________________________________________________________________
RSIT | MWAV | CCleaner

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#8 Příspěvek od dinospages »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by lenovo (15-03-2019 19:11:45) Run:1
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\WINDOWS\system32\HPZipm12.dll

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> DefaultScope {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
SearchScopes: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> {E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} URL =
Toolbar: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://binaocijllofiljlhkakppfikcnhnfpk/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
C:\Program Files (x86)\*.tmp
2016-11-02 10:03 - 2016-11-02 10:05 - 000000000 ____C () C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1}

CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {01723086-6D03-418F-9717-15A08D1C3B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {25C6C501-E47D-4C6B-9AB5-718C79EB537C} - \WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001 -> No File <==== ATTENTION
Task: {29664D91-D5CB-4B46-B0AF-1C1C074E421F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7579E3B9-C230-4F79-BE3E-16561A432CAE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CEDFDE8-1A31-4948-9B84-40C00EF28143} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA085E9A-02C0-40C7-9EBA-E718560022AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {CC7FA0D0-2D62-4C8B-9672-B38B3901DF72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CC888D81-6E59-4024-89C1-C1DA12D2F261} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D612E18E-A85C-42C6-A166-F276FCEF4720} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7D7E15C-02E5-4897-AADD-FC5FD8158D47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB641B27-FFBC-494E-A282-069886A0C0AC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\...\onlineregister.com -> hxxps://onlineregister.com

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 83
Average :
Sum : 27732188
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
File not signed
MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000217088
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQCXS00
Original Name: HPQCXS00.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE Context Manager Objects
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/45e7eca ... 522937046/

====== End of File: ======


========================= File: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll ========================

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
File not signed
MD5: DF446BA625CC441617843E87798CE048
Creation and modification date: 2007-11-06 20:16 - 2007-11-06 20:16
Size: 000139264
Attributes: ----A
Company Name: Hewlett-Packard Co.
Internal Name: HPQDDSVC
Original Name: HPQDDSVC.DLL
Product: hp digital imaging - hp all-in-one series
Description: HP CUE DeviceDiscovery Service
File Version: 100.0.190.000
Product Version: 100.000.190.000
Copyright: Copyright (C) Hewlett-Packard Co. 1995-2008
VirusTotal: https://www.virustotal.com/file/b45c11e ... 522937002/

====== End of File: ======


========================= File: C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ========================

C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
File not signed
MD5: 990CB3A2030A55884B1F6C14AB8E7E05
Creation and modification date: 2017-07-22 10:04 - 2017-07-22 10:04
Size: 000058176
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/4ac31dd ... 508174767/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ========================

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File not signed
MD5: 7CF1B716372B89568AE4C0FE769F5869
Creation and modification date: 2006-10-26 13:40 - 2006-10-26 13:40
Size: 000335872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mdm.exe
Original Name: mdm.exe
Product: Microsoft® Visual Studio .NET
Description: Machine Debug Manager
File Version: 7.10.3077
Product Version: 7.10.3077
Copyright: Copyright© Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/0d70a7a ... 552377008/

====== End of File: ======


========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: DC6530A291D4BDF6DF399F1F128E7F8F
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000071680
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/85123d8 ... 546381323/

====== End of File: ======


========================= File: C:\WINDOWS\system32\HPZipm12.dll ========================

C:\WINDOWS\system32\HPZipm12.dll
File not signed
MD5: 71F62C51DFDFBC04C83C5C64B2B8058E
Creation and modification date: 2009-05-14 16:49 - 2009-05-14 16:49
Size: 000089600
Attributes: ----A
Company Name: Hewlett-Packard
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 12,2,3,51
Product Version: 12,2,3,51
Copyright: Copyright © 2006, 2007 Hewlett-Packard
VirusTotal: https://www.virustotal.com/file/cab12e6 ... 546381328/

====== End of File: ======

HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => removed successfully
HKLM\Software\Classes\CLSID\{E3CB11C0-1568-4F4A-9CCA-8A146D8487C5} => not found
"HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully

=========== "C:\Program Files (x86)\*.tmp" ==========

C:\Program Files (x86)\GUT52A2.tmp => moved successfully

========= End -> "C:\Program Files (x86)\*.tmp" ========

C:\Users\lenovo\AppData\Local\{FC4E1F77-EC8F-40A5-99D4-63F0C53020F1} => moved successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01723086-6D03-418F-9717-15A08D1C3B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EEB9D2F-9F78-43A5-BC79-BAFF376FE6AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C6C501-E47D-4C6B-9AB5-718C79EB537C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1864349024-1291946563-1421522111-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29664D91-D5CB-4B46-B0AF-1C1C074E421F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7579E3B9-C230-4F79-BE3E-16561A432CAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEDFDE8-1A31-4948-9B84-40C00EF28143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA085E9A-02C0-40C7-9EBA-E718560022AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7FA0D0-2D62-4C8B-9672-B38B3901DF72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC888D81-6E59-4024-89C1-C1DA12D2F261}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D612E18E-A85C-42C6-A166-F276FCEF4720}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D7E15C-02E5-4897-AADD-FC5FD8158D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93C6FF7-23ED-4655-A1B2-2F1029DA0C8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB641B27-FFBC-494E-A282-069886A0C0AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => removed successfully
HKU\S-1-5-21-1864349024-1291946563-1421522111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onlineregister.com => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95829143 B
Java, Flash, Steam htmlcache => 2944 B
Windows/system/drivers => 7703167 B
Edge => 3141141 B
Chrome => 492310397 B
Firefox => 228104148 B
Opera => 50893366 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 58498808 B
systemprofile32 => 69086466 B
LocalService => 42734 B
LocalService => 0 B
NetworkService => 14870 B
NetworkService => 0 B
lenovo => 195942404 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:14:28 ====
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#9 Příspěvek od Conder »

:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy s PC?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#10 Příspěvek od dinospages »

no to vysleduji až po nějaké době používání, dám když tak vědět chrome bere porad cca 500mb RAM ale to je asi normalni.

Ze zaslaných logů bylo něco v nepořádku více než je zdrávo?

díky
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#11 Příspěvek od Conder »

:arrow: V podstate ani nie, len sme precistili bezne zbytocnosti a precistili docasne subory.

:arrow: V Chrome je nainstalovane rozsirenie "True Key™ by McAfee" - ak ho nepotrebujes/nepouzivas, odporucam odinstalovat.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#12 Příspěvek od dinospages »

v rozsireni mam jen dve veci:

1. adobe acrobat
2. avast - ten jsem odstranil

true key od macafee tam nevidím.

Pokud je to vše můžete uzavřít, díky
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#13 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Preventivka

#14 Příspěvek od dinospages »

hotovo
_________________________________________________________________
RSIT | MWAV | CCleaner

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka

#15 Příspěvek od Conder »

Tak ak je uz teda vsetko OK, tak to by bolo vsetko z mojej strany :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět