Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Prosím o kontrolu
Dobrý den prosím o preventivní kontrolu.
Děkuji moc a přeji hezký den.
Jirka
Děkuji moc a přeji hezký den.
Jirka
- Přílohy
-
- FRST64.zip
- (32.45 KiB) Staženo 106 x
Re: Prosím o kontrolu
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Dobrý den.
Děkuji za kontrolu.
Jirka
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-09-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\NERO\NERO TUNEITUP
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\NERO\nero_tuneitup
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1440 octets] - [09/02/2019 09:21:08]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Děkuji za kontrolu.
Jirka
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-09-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\NERO\NERO TUNEITUP
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\NERO\nero_tuneitup
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1440 octets] - [09/02/2019 09:21:08]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Prosím o kontrolu
Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem:
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
2019-01-19 22:18 - 2019-01-19 22:18 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-19 22:18 - 2019-01-19 22:18 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {49167EEB-E6E9-4A19-82EA-90BAA5AAA85C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: {D4E2673A-0EA1-4682-8E57-15E3537A4A3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE trusted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\ppl.cz -> hxxps://klient.ppl.cz
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123simsen.com -> www.123simsen.com
FirewallRules: [{93A93D17-D946-4759-A150-8FE61A598BC7}] => (Allow) %ProgramFiles% (x86)\HD Tune\HDTune.exe No File
EmptyTemp:
Hosts:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Zdravím, zde to je.
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by model (09-02-2019 12:19:25) Run:1
Running from C:\Users\model\Desktop
Loaded Profiles: model (Available Profiles: model)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem:
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
2019-01-19 22:18 - 2019-01-19 22:18 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-19 22:18 - 2019-01-19 22:18 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {49167EEB-E6E9-4A19-82EA-90BAA5AAA85C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: {D4E2673A-0EA1-4682-8E57-15E3537A4A3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE trusted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\ppl.cz -> hxxps://klient.ppl.cz
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123simsen.com -> www.123simsen.com
FirewallRules: [{93A93D17-D946-4759-A150-8FE61A598BC7}] => (Allow) %ProgramFiles% (x86)\HD Tune\HDTune.exe No File
EmptyTemp:
Hosts:
*****************
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem: => Error: No automatic fix found for this entry.
[3880] C:\Windows\System32\hasplms.exe => process closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49167EEB-E6E9-4A19-82EA-90BAA5AAA85C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49167EEB-E6E9-4A19-82EA-90BAA5AAA85C}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4E2673A-0EA1-4682-8E57-15E3537A4A3A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4E2673A-0EA1-4682-8E57-15E3537A4A3A}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\TrackerAutoUpdate.job => moved successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppl.cz => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93A93D17-D946-4759-A150-8FE61A598BC7}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 137305223 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -5689704 B
Edge => 4767993 B
Chrome => 741263551 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38468 B
LocalService => 0 B
NetworkService => 908 B
NetworkService => 0 B
model => 497786654 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:20:28 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by model (09-02-2019 12:19:25) Run:1
Running from C:\Users\model\Desktop
Loaded Profiles: model (Available Profiles: model)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem:
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
2019-01-19 22:18 - 2019-01-19 22:18 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-19 22:18 - 2019-01-19 22:18 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-01-19 21:56 - 2019-01-19 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {49167EEB-E6E9-4A19-82EA-90BAA5AAA85C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: {D4E2673A-0EA1-4682-8E57-15E3537A4A3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-05] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE trusted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\ppl.cz -> hxxps://klient.ppl.cz
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3224405908-214673736-1836477294-1001\...\123simsen.com -> www.123simsen.com
FirewallRules: [{93A93D17-D946-4759-A150-8FE61A598BC7}] => (Allow) %ProgramFiles% (x86)\HD Tune\HDTune.exe No File
EmptyTemp:
Hosts:
*****************
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem: => Error: No automatic fix found for this entry.
[3880] C:\Windows\System32\hasplms.exe => process closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49167EEB-E6E9-4A19-82EA-90BAA5AAA85C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49167EEB-E6E9-4A19-82EA-90BAA5AAA85C}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4E2673A-0EA1-4682-8E57-15E3537A4A3A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4E2673A-0EA1-4682-8E57-15E3537A4A3A}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\TrackerAutoUpdate.job => moved successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppl.cz => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => removed successfully
HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93A93D17-D946-4759-A150-8FE61A598BC7}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 137305223 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -5689704 B
Edge => 4767993 B
Chrome => 741263551 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38468 B
LocalService => 0 B
NetworkService => 908 B
NetworkService => 0 B
model => 497786654 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:20:28 ====
Re: Prosím o kontrolu
Otestujte na virustotal.com subor nizssie a vysledokm tstu dajte sem:
C:\Windows\System32\hasplms.exe
C:\Windows\System32\hasplms.exe
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Zdravím.
výsledek je 0/70.
Je to soubor k hardwarovému klíči, který mám k placenému sw.
Nebo mám výsledek sem nějak zkopírovat?
Děkuji moc.
Jirka
výsledek je 0/70.
Je to soubor k hardwarovému klíči, který mám k placenému sw.
Nebo mám výsledek sem nějak zkopírovat?
Děkuji moc.
Jirka
Re: Prosím o kontrolu
Netreba, len som si chcel by isty.
Dajte sem nove logy z FRST + ADDITION.
Dajte sem nove logy z FRST + ADDITION.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Zdravím.
Každou chvilku mi běží RuntimeBroker.exe na 30% procesoru. Trvá to cca 14 dní.
Jak se ho zbavit?
Toho jsem si nikdy dříve nevšiml.
Děkuji.
Každou chvilku mi běží RuntimeBroker.exe na 30% procesoru. Trvá to cca 14 dní.
Jak se ho zbavit?
Toho jsem si nikdy dříve nevšiml.
Děkuji.
Re: Prosím o kontrolu
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Precistite pocitac s ccleanerom
Kód: Vybrat vše
CloseProcesses:
CMD: REG DELETE "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG DELETE "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker" /v Start /t REG_DWORD /d 00000004
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Precistite pocitac s ccleanerom
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 223
- Registrován: 07 led 2012 01:04
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o kontrolu
vyčištěno a zde je fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by model (09-02-2019 19:30:09) Run:2
Running from C:\Users\model\Desktop
Loaded Profiles: model (Available Profiles: model)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CMD: REG DELETE "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG DELETE "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker" /v Start /t REG_DWORD /d 00000004
*****************
Processes closed successfully.
========= REG DELETE "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG DELETE "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker" /v Start /t REG_DWORD /d 00000004 =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 19:30:12 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by model (09-02-2019 19:30:09) Run:2
Running from C:\Users\model\Desktop
Loaded Profiles: model (Available Profiles: model)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CMD: REG DELETE "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG DELETE "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
CMD: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker" /v Start /t REG_DWORD /d 00000004
*****************
Processes closed successfully.
========= REG DELETE "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG DELETE "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKU\S-1-5-21-3224405908-214673736-1836477294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
========= REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TimeBroker" /v Start /t REG_DWORD /d 00000004 =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 19:30:12 ====
Re: Prosím o kontrolu
Mozem poprosit o nove logy FRST a ADDITION.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky