Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Poprosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Poprosím o kontrolu
Zdravím po dlhšej dobe
Ak by to šlo, chcel by som vás poprosiť o kontrolu - môj PC sa posledné dni správa nejako čudne (navyše mi prestal rozproznávať externú mechaniku) - možno za tým nič nebude (síce som v Addition logu zazrel zmienku o Trojane), snáď to nebude veľmi vážne.
Vopred ďakujem za pomoc a prikladám logy.
Ak by to šlo, chcel by som vás poprosiť o kontrolu - môj PC sa posledné dni správa nejako čudne (navyše mi prestal rozproznávať externú mechaniku) - možno za tým nič nebude (síce som v Addition logu zazrel zmienku o Trojane), snáď to nebude veľmi vážne.
Vopred ďakujem za pomoc a prikladám logy.
- Přílohy
-
- FRST + Addition.rar
- (28.79 KiB) Staženo 78 x
Re: Poprosím o kontrolu
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Poprosím o kontrolu
Ďakujem. Tu je to:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-16-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Codec Settings UAC Manager
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4891 octets] - [16/09/2020 17:47:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-16-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Codec Settings UAC Manager
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4891 octets] - [16/09/2020 17:47:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Poprosím o kontrolu
dobre. poprosim o nove logy z FRST + Addition
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Poprosím o kontrolu
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Poprosím o kontrolu
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2020
Ran by Jakub (16-09-2020 19:38:50) Run:1
Running from C:\Users\Jakub\Desktop
Loaded Profiles: Jakub
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
C:\WINDOWS\System32\Tasks\Nero\Nero Info => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
C:\WINDOWS\System32\Tasks\klcp_update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\Tasks\Antivirus Emergency Update => moved successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\ProgramData\RedFox => ":AnyDVD" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 263313408 B
Java, Flash, Steam htmlcache => 1142 B
Windows/system/drivers => 101357 B
Edge => 1373931 B
Chrome => 1273542962 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 226514 B
NetworkService => 242362 B
Jakub => 64437859 B
RecycleBin => 185293 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:45:13 ====
Ran by Jakub (16-09-2020 19:38:50) Run:1
Running from C:\Users\Jakub\Desktop
Loaded Profiles: Jakub
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
C:\WINDOWS\System32\Tasks\Nero\Nero Info => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
C:\WINDOWS\System32\Tasks\klcp_update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\Tasks\Antivirus Emergency Update => moved successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\ProgramData\RedFox => ":AnyDVD" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 263313408 B
Java, Flash, Steam htmlcache => 1142 B
Windows/system/drivers => 101357 B
Edge => 1373931 B
Chrome => 1273542962 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 226514 B
NetworkService => 242362 B
Jakub => 64437859 B
RecycleBin => 185293 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:45:13 ====
Re: Poprosím o kontrolu
Ako je na tom pocitac?
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Poprosím o kontrolu
Práve som ho ešte raz reštartoval a vyzerá to skvelo
Obrovitánska vďaka za váš čas a ochotu sa mi venovať, veľmi si toho cením . Celý váš tím odvádza neskutočnú prácu...
Obrovitánska vďaka za váš čas a ochotu sa mi venovať, veľmi si toho cením . Celý váš tím odvádza neskutočnú prácu...
Re: Poprosím o kontrolu
Nemate zac, aj na buduce :]]
Cely tim sa snazime :]] Dakujem za uznanie a za cely tim Dakujem :]]
Cely tim sa snazime :]] Dakujem za uznanie a za cely tim Dakujem :]]
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky