VIRY.CZ

4: http://leteckaposta.cz/842800184

V MBAM bol spusteny iba threat scan, spusti uplny sken podla pokynov v predchadzajucom prispevku.

Poznas toto? \\MIRADSERVER

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  
  CMD: systeminfo | findstr /B /C:"Domain"
  VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm
  VirusTotal: C:\Users\Marek\AppData\Local\pcc.exe
  File: C:\Users\Marek\AppData\Local\pcc.exe
  File: C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
  File: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  File: C:\WINDOWS\system32\Drivers\DLPortIO.sys
  File: C:\WINDOWS\System32\Drivers\driverx.sys
  File: C:\WINDOWS\System32\Drivers\usbaapl.sys
  File: \\MIRADSERVER\mksqlbin\exe\appsql.exe
  AlternateDataStreams: C:\Users\Marek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [106]
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

1. ok ... v Mbam som spustil scan podla navodu ... vysledok zatial nemam ... poslem
2. miradserver... poznam a musi to bezat aj dalej .... je to nevyhnutne
3. zatial nevykonane ... pockam za logom z Mbam

dakujem

Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 23.03.18
Čas skenovania: 7:13
Súbor denníka: 534f7c58-2e61-11e8-8b07-001bfc2113bd.json
Správca: Áno

-Údaje o softvéri-
Verzia: 3.4.4.2398
Verzia súčastí: 1.0.322
Aktualizovať verziu balíka: 1.0.4454
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 16299.309)
Procesor: x86
Systém súborov: NTFS
Používateľ: PC-MAREL\Marek

-Zhrnutie skenovania-
Typ skenovania: Vlastné skenovanie
Výsledok: Dokončené
Preskenované objekty: 341008
Zistené hrozby: 0
(Nezistili sa nijaké škodlivé položky)
Hrozby umiestnené do karantény: 0
(Nezistili sa nijaké škodlivé položky)
Uplynulý čas: 3 h, 25 min, 32 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 0
(Nezistili sa nijaké škodlivé položky)

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)


(end)

Vyzera to OK, spusti este ten fixlist.

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Marek (26-03-2018 07:03:01) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:

CMD: systeminfo | findstr /B /C:"Domain"
VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm
VirusTotal: C:\Users\Marek\AppData\Local\pcc.exe
File: C:\Users\Marek\AppData\Local\pcc.exe
File: C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
File: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
File: C:\WINDOWS\system32\Drivers\DLPortIO.sys
File: C:\WINDOWS\System32\Drivers\driverx.sys
File: C:\WINDOWS\System32\Drivers\usbaapl.sys
File: \\MIRADSERVER\mksqlbin\exe\appsql.exe
AlternateDataStreams: C:\Users\Marek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [106]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========= systeminfo | findstr /B /C:"Domain" =========

Domain: MIRAD

========= End of CMD: =========

VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm => (3) Error
VirusTotal: C:\Users\Marek\AppData\Local\pcc.exe => https://www.virustotal.com/file/025168e ... 501831338/

========================= File: C:\Users\Marek\AppData\Local\pcc.exe ========================

C:\Users\Marek\AppData\Local\pcc.exe
File is digitally signed
MD5: 37825AD29E3FDDBA7FD7DC16441EBE93
Creation and modification date: 2015-11-16 12:57 - 2015-11-16 12:57
Size: 029361616
Attributes: ----A
Company Name: Sony Mobile Communications
Internal Name: stub32
Original Name: stub32i.exe
Product: Sony PC Companion
Description:
File Version: 2.10.289
Product Version: 2.10.289
Copyright: Sony
VirusTotal: https://www.virustotal.com/file/025168e ... 501831338/

====== End of File: ======


========================= File: C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe ========================

C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
File not signed
MD5: 21EDA96FBD5D219862122D8D351FC7DC
Creation and modification date: 2017-02-13 17:50 - 2017-02-13 17:50
Size: 005255680
Attributes: ----A
Company Name: fischerwerke Gmbh & Co. KG
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.11.0
Product Version: 1.0.0.0
Copyright:
VirusTotal: https://www.virustotal.com/file/4ee5880 ... 521566599/

====== End of File: ======


========================= File: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ========================

C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
File not signed
MD5: F577910A133A592234EBAAD3F3AFA258
Creation and modification date: 2010-02-19 13:37 - 2010-02-19 13:37
Size: 000517096
Attributes: ----A
Company Name: Adobe Systems Incorporated
Internal Name: SwitchBoard
Original Name: SwitchBoard.exe
Product: SBSV 2010/02/19-11:02:07
Description: SwitchBoard Server (32 bit)
File Version: 2.0.13.7486
Product Version: 61.421671
Copyright: © 2008-2009 Adobe Systems Incorporated. All Rights Reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\Drivers\DLPortIO.sys ========================

C:\WINDOWS\system32\Drivers\DLPortIO.sys
File not signed
MD5: 1D95D36DB805787D54EB50E45ED4AF40
Creation and modification date: 2018-01-12 13:54 - 1996-09-27 13:10
Size: 000003584
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\System32\Drivers\driverx.sys ========================

C:\WINDOWS\System32\Drivers\driverx.sys
File not signed
MD5: 5418C3432FA9C4EBC477CD4DDDCCD704
Creation and modification date: 2017-11-27 15:02 - 2001-06-11 22:01
Size: 000052512
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: driverx.sys
Original Name: driverx.sys
Product: Microsoft(R) Windows NT(TM) Operating System
Description: DriverX kernel-mode driver
File Version: 4.00
Product Version: 4.00
Copyright: Copyright (C) Microsoft Corp. 1981-1996
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\System32\Drivers\usbaapl.sys ========================

C:\WINDOWS\System32\Drivers\usbaapl.sys
File not signed
MD5: A176718F0DF45F60F545CF3E14F4D108
Creation and modification date: 2015-06-17 18:04 - 2015-06-17 18:04
Size: 000045056
Attributes: ----A
Company Name: Apple, Inc.
Internal Name: usbaapl.sys
Original Name: usbaapl.sys
Product: Apple Mobile Device USB Driver
Description: Apple Mobile Device USB Driver
File Version: 1, 67, 0, 0
Product Version: 1.67.0.0
Copyright: © Apple, Inc. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: \\MIRADSERVER\mksqlbin\exe\appsql.exe ========================

\\MIRADSERVER\mksqlbin\exe\appsql.exe
File is digitally signed
MD5: FF7C8626EECB05C365E5329CBFE592BE
Creation and modification date: 2018-03-23 23:31 - 2018-03-23 14:32
Size: 054187016
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 3.285.1.1
Product Version: 1.0.0.0
Copyright:
VirusTotal: 0

====== End of File: ======

C:\Users\Marek\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25739113 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 49137736 B
Edge => 51213 B
Chrome => 175103443 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 7422 B
NetworkService => 9212 B
Marek => 42473773 B

RecycleBin => 0 B
EmptyTemp: => 286.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:04:55 ====

Spusti chkdsk na systemovom disku:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Napis prikaz:

  Kód: Vybrat vše

  chkdsk c: /f /r

• Napis "y" (bez uvodzoviek) a stlac enter, cim sa naplanuje kontrola disku pri najblizsom zapnuti PC
• Restartuj PC a napis vysledok
• Potom opakuj pre vsetky dalsie disky v PC (tu uz nebude potrebny restart), napr.:

  Kód: Vybrat vše

  chkdsk d: /f
  chkdsk e: /f
  chkdsk f: /f

Nasledne posli nove logy z event vieweru (system a application):

Stlac klavesy Win+R, napis "eventvwr" (bez uvodzoviek) a stlac enter

• Vlavo klikni na Protokoly systemu Windows (Windows Logs) a potom na System
• Vpravo klikni na Ulozit vsechny udalosti jako (Save All Events As)
• Napis nazov suboru "system", typ suboru nechaj ako .evtx a uloz na plochu
• Vlavo klikni na Aplikacie (Application), vpravo klikni na Ulozit vsechny udalosti jako (Save All Events As)
• Napis nazov suboru "application", typ suboru nechaj ako .evtx a uloz na plochu
• Tieto 2 subory nahraj napr. na leteckaposta.cz a do dalsej odpovede vloz odkazy na stiahnutie