VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan:Win32/Bluteal!rfn

https://forum.viry.cz:443/viewtopic.php?t=157570

Stránka 1 z 1

Trojan:Win32/Bluteal!rfn

Napsal: 13 lis 2020 19:02
od Marek 46
Dobrý den,
win defender mi nalezl Trojan:Win32/Bluteal!rfn
prosím o kontrolu logu.
Předem děkuji.
FRST + Addition.rar
(39.28 KiB) Staženo 80 x

Re: Trojan:Win32/Bluteal!rfn

Napsal: 13 lis 2020 19:09
od Diallix
Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Re: Trojan:Win32/Bluteal!rfn

Napsal: 13 lis 2020 19:49
od Marek 46
Zdravím,
AdwCleaner - report:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-13-2020
# Duration: 00:00:19
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\VIS
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine.1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4681 octets] - [13/11/2020 19:29:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Trojan:Win32/Bluteal!rfn

Napsal: 13 lis 2020 22:09
od Diallix
Poprosim o nove logy FRST + ADDITION.

Re: Trojan:Win32/Bluteal!rfn

Napsal: 14 lis 2020 10:11
od Marek 46
Zdravím,
po zapnutí FRST64 vyskočila hláška aktualizace se nezdařila
FRST + Addition.rar
(38.72 KiB) Staženo 93 x

Re: Trojan:Win32/Bluteal!rfn

Napsal: 14 lis 2020 18:06
od Diallix
Bezia vam v pocitaci ESET, AVAST, Win. Defender.
Pouzivajte len jeden antivirus a jeden rezidentny stit.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:


C:\Users\Marek\Desktop\gensig.exe

GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {02D6E50F-C960-49CD-B780-BD437E7FB926} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {28B1AD3F-5738-4166-8DC0-7C7AD27A94FE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2ADAB020-1323-4C7B-B5CF-1EBE3C3D8084} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F6157B3-3873-4C43-BC47-1DA9D41088A9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AEBA05-10B3-43F3-B112-F1F40D4CFDB7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C044880-44D0-42F5-AFB0-C857DD0B92F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [850488 2011-06-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {3D0B2AFF-E9EB-48FE-A01F-68A8CD1BA9D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3ED8DD1B-538C-40C3-A3A4-79D4E60263E9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {467C24CD-BCA2-41C0-BE4D-B3DE10A75755} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {46B23D47-5C36-42A8-B95C-BB2AF53590D1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {482F0A0E-90EF-4B83-8500-FF8A18A70DBC} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48E45AC9-66AB-4EBE-9638-95437EEFCBF6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5358D5C5-0C2F-4389-A42E-0CDF3E2AA538} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5378F21E-840A-4CC5-B3C3-1670449FCED5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {55058483-E5D9-4C3F-A003-DF8F02073CE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5528F22C-2470-4715-ACAE-E274EF6898C7} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {638614F0-59E3-4923-889A-D1928CB98811} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {66DFEF48-ABB9-4263-8EFB-C1557258637A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6AE224FF-8CD0-4AAD-8233-720867251282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7120952 2011-06-21] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {7098321E-A7B4-4EBC-90DD-0503E3B197AD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {75568FAA-53C9-4A6F-A8D0-CA4A009C0AFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E487679-A624-4ED0-9B8E-4C0C8337F224} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F9CB583-7510-47BF-9597-3A73B61C0549} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {80FBC7D5-66A4-4544-8D15-65E6D3E6550B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {83597B93-1AE0-45F9-826B-C1127F84C690} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8BD18552-55F0-4CD9-9431-565C21EA3C2A} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8C7F1A1C-B2C4-4D3B-94C8-EB3E26373035} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {943F7461-D154-4719-AE9E-2388752F8219} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {953FF048-9AD2-421B-AAA3-AC3C760F6B97} - System32\Tasks\Opera scheduled Autoupdate 1426785058 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software)
Task: {9D06D087-E374-49EB-8663-8DA1139810A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9DA85D1E-9CF3-439E-8B41-01460128DF4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A64C4710-9A7D-419E-BB08-4270FCAA39D6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AD7DD0D0-F9FB-4ED7-B70C-1891837BB6D5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE55A05F-DDD0-42DC-A9E3-9112BDE13E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [17976 2011-03-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {AF06B688-784B-4BBB-964F-0A81B20BA7CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B1219536-17C0-4888-9974-9BFB5857D28E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B49FD765-DFF6-4BDC-B336-46FD32F26F29} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
Task: {BDDDACD2-2109-4CBA-81B5-B5F304F49BBD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C4478589-6973-4EC4-9A14-A3EE00483612} - System32\Tasks\{E075696A-5B4D-4C7F-AEA7-CF1A0C0205C8} => C:\Users\Marek\Desktop\gensig.exe
Task: {C6D03988-F8CF-4F22-B777-3638128CA567} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBEB9DEC-351E-4F0C-9AF3-AED80D36F7CA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CD6F8D0A-DC4B-4E5E-B23C-6E853A02EA5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CD735119-7407-4517-9C92-A34183725B7C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D14296A3-CE5C-4A44-B737-DA1FF0526269} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D68D9DAB-05F6-4398-A2F4-5FA408EE649C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DB41C9F6-5797-4391-A505-866A18EB271E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE29BE59-B1C3-4D26-AE89-C8A74E3D877B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E64B8ABC-C8E9-4667-8CA2-90F49E3CA078} - System32\Tasks\{A5A7B2E8-369B-48E5-A9E8-8A5126AA6449} => C:\Users\Marek\Desktop\gensig.exe
Task: {E7959411-BDDA-434D-967F-CD0046837785} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E8694752-56D2-4B07-B087-39B70AFBAC4E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E932CEB7-767E-4A80-AAEC-093A1E291161} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EDD8F1F7-7CE1-4F28-9910-8AB013DF5878} - System32\Tasks\{7976CC5B-1F22-4D86-A255-44A1070CF452} => C:\Users\Marek\Desktop\gensig.exe
Task: {EE4CEA92-69AD-424B-BBE6-DF409DCC99A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D83301-14F2-4EB1-AC22-7ED9575E66FF} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
U3 idsvc; no ImagePath
U3 WMPNetworkSvc; no ImagePath
hellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ontextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} =>  -> No File
ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{53D9097A-7384-4BEF-8CFF-D7106086C007}] => (Allow) LPort=5357

EmptyTemp:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Re: Trojan:Win32/Bluteal!rfn

Napsal: 14 lis 2020 21:04
od Marek 46
Zdravím,
Avast je odinstalovaný , používám Eset
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by Marek (14-11-2020 20:38:26) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:


C:\Users\Marek\Desktop\gensig.exe

GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {02D6E50F-C960-49CD-B780-BD437E7FB926} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {28B1AD3F-5738-4166-8DC0-7C7AD27A94FE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2ADAB020-1323-4C7B-B5CF-1EBE3C3D8084} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F6157B3-3873-4C43-BC47-1DA9D41088A9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AEBA05-10B3-43F3-B112-F1F40D4CFDB7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C044880-44D0-42F5-AFB0-C857DD0B92F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [850488 2011-06-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {3D0B2AFF-E9EB-48FE-A01F-68A8CD1BA9D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3ED8DD1B-538C-40C3-A3A4-79D4E60263E9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {467C24CD-BCA2-41C0-BE4D-B3DE10A75755} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {46B23D47-5C36-42A8-B95C-BB2AF53590D1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {482F0A0E-90EF-4B83-8500-FF8A18A70DBC} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48E45AC9-66AB-4EBE-9638-95437EEFCBF6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5358D5C5-0C2F-4389-A42E-0CDF3E2AA538} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5378F21E-840A-4CC5-B3C3-1670449FCED5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {55058483-E5D9-4C3F-A003-DF8F02073CE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5528F22C-2470-4715-ACAE-E274EF6898C7} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {638614F0-59E3-4923-889A-D1928CB98811} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {66DFEF48-ABB9-4263-8EFB-C1557258637A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6AE224FF-8CD0-4AAD-8233-720867251282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7120952 2011-06-21] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {7098321E-A7B4-4EBC-90DD-0503E3B197AD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {75568FAA-53C9-4A6F-A8D0-CA4A009C0AFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E487679-A624-4ED0-9B8E-4C0C8337F224} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F9CB583-7510-47BF-9597-3A73B61C0549} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {80FBC7D5-66A4-4544-8D15-65E6D3E6550B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {83597B93-1AE0-45F9-826B-C1127F84C690} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8BD18552-55F0-4CD9-9431-565C21EA3C2A} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8C7F1A1C-B2C4-4D3B-94C8-EB3E26373035} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {943F7461-D154-4719-AE9E-2388752F8219} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {953FF048-9AD2-421B-AAA3-AC3C760F6B97} - System32\Tasks\Opera scheduled Autoupdate 1426785058 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software)
Task: {9D06D087-E374-49EB-8663-8DA1139810A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9DA85D1E-9CF3-439E-8B41-01460128DF4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A64C4710-9A7D-419E-BB08-4270FCAA39D6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AD7DD0D0-F9FB-4ED7-B70C-1891837BB6D5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE55A05F-DDD0-42DC-A9E3-9112BDE13E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [17976 2011-03-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {AF06B688-784B-4BBB-964F-0A81B20BA7CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B1219536-17C0-4888-9974-9BFB5857D28E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B49FD765-DFF6-4BDC-B336-46FD32F26F29} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
Task: {BDDDACD2-2109-4CBA-81B5-B5F304F49BBD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C4478589-6973-4EC4-9A14-A3EE00483612} - System32\Tasks\{E075696A-5B4D-4C7F-AEA7-CF1A0C0205C8} => C:\Users\Marek\Desktop\gensig.exe
Task: {C6D03988-F8CF-4F22-B777-3638128CA567} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBEB9DEC-351E-4F0C-9AF3-AED80D36F7CA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CD6F8D0A-DC4B-4E5E-B23C-6E853A02EA5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CD735119-7407-4517-9C92-A34183725B7C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D14296A3-CE5C-4A44-B737-DA1FF0526269} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D68D9DAB-05F6-4398-A2F4-5FA408EE649C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DB41C9F6-5797-4391-A505-866A18EB271E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE29BE59-B1C3-4D26-AE89-C8A74E3D877B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E64B8ABC-C8E9-4667-8CA2-90F49E3CA078} - System32\Tasks\{A5A7B2E8-369B-48E5-A9E8-8A5126AA6449} => C:\Users\Marek\Desktop\gensig.exe
Task: {E7959411-BDDA-434D-967F-CD0046837785} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E8694752-56D2-4B07-B087-39B70AFBAC4E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E932CEB7-767E-4A80-AAEC-093A1E291161} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EDD8F1F7-7CE1-4F28-9910-8AB013DF5878} - System32\Tasks\{7976CC5B-1F22-4D86-A255-44A1070CF452} => C:\Users\Marek\Desktop\gensig.exe
Task: {EE4CEA92-69AD-424B-BBE6-DF409DCC99A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D83301-14F2-4EB1-AC22-7ED9575E66FF} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
U3 idsvc; no ImagePath
U3 WMPNetworkSvc; no ImagePath
hellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ontextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {55D6813C-6CFA-4784-B5DB-B2289BE8091E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKU\S-1-5-21-2726755439-1124894997-2511033722-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{53D9097A-7384-4BEF-8CFF-D7106086C007}] => (Allow) LPort=5357

EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Users\Marek\Desktop\gensig.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02D6E50F-C960-49CD-B780-BD437E7FB926}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02D6E50F-C960-49CD-B780-BD437E7FB926}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28B1AD3F-5738-4166-8DC0-7C7AD27A94FE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28B1AD3F-5738-4166-8DC0-7C7AD27A94FE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ADAB020-1323-4C7B-B5CF-1EBE3C3D8084}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADAB020-1323-4C7B-B5CF-1EBE3C3D8084}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F6157B3-3873-4C43-BC47-1DA9D41088A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F6157B3-3873-4C43-BC47-1DA9D41088A9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38AEBA05-10B3-43F3-B112-F1F40D4CFDB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38AEBA05-10B3-43F3-B112-F1F40D4CFDB7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C044880-44D0-42F5-AFB0-C857DD0B92F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C044880-44D0-42F5-AFB0-C857DD0B92F5}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Update Check" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D0B2AFF-E9EB-48FE-A01F-68A8CD1BA9D0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0B2AFF-E9EB-48FE-A01F-68A8CD1BA9D0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ED8DD1B-538C-40C3-A3A4-79D4E60263E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ED8DD1B-538C-40C3-A3A4-79D4E60263E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{467C24CD-BCA2-41C0-BE4D-B3DE10A75755}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{467C24CD-BCA2-41C0-BE4D-B3DE10A75755}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B23D47-5C36-42A8-B95C-BB2AF53590D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B23D47-5C36-42A8-B95C-BB2AF53590D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{482F0A0E-90EF-4B83-8500-FF8A18A70DBC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482F0A0E-90EF-4B83-8500-FF8A18A70DBC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48E45AC9-66AB-4EBE-9638-95437EEFCBF6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48E45AC9-66AB-4EBE-9638-95437EEFCBF6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5358D5C5-0C2F-4389-A42E-0CDF3E2AA538}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5358D5C5-0C2F-4389-A42E-0CDF3E2AA538}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5378F21E-840A-4CC5-B3C3-1670449FCED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5378F21E-840A-4CC5-B3C3-1670449FCED5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55058483-E5D9-4C3F-A003-DF8F02073CE1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55058483-E5D9-4C3F-A003-DF8F02073CE1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5528F22C-2470-4715-ACAE-E274EF6898C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5528F22C-2470-4715-ACAE-E274EF6898C7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{638614F0-59E3-4923-889A-D1928CB98811}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638614F0-59E3-4923-889A-D1928CB98811}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66DFEF48-ABB9-4263-8EFB-C1557258637A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66DFEF48-ABB9-4263-8EFB-C1557258637A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AE224FF-8CD0-4AAD-8233-720867251282}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AE224FF-8CD0-4AAD-8233-720867251282}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Tuneup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7098321E-A7B4-4EBC-90DD-0503E3B197AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7098321E-A7B4-4EBC-90DD-0503E3B197AD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75568FAA-53C9-4A6F-A8D0-CA4A009C0AFC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75568FAA-53C9-4A6F-A8D0-CA4A009C0AFC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E487679-A624-4ED0-9B8E-4C0C8337F224}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E487679-A624-4ED0-9B8E-4C0C8337F224}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F9CB583-7510-47BF-9597-3A73B61C0549}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F9CB583-7510-47BF-9597-3A73B61C0549}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80FBC7D5-66A4-4544-8D15-65E6D3E6550B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FBC7D5-66A4-4544-8D15-65E6D3E6550B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83597B93-1AE0-45F9-826B-C1127F84C690}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83597B93-1AE0-45F9-826B-C1127F84C690}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BD18552-55F0-4CD9-9431-565C21EA3C2A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BD18552-55F0-4CD9-9431-565C21EA3C2A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C7F1A1C-B2C4-4D3B-94C8-EB3E26373035}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C7F1A1C-B2C4-4D3B-94C8-EB3E26373035}" => removed successfully
C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{943F7461-D154-4719-AE9E-2388752F8219}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{943F7461-D154-4719-AE9E-2388752F8219}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{953FF048-9AD2-421B-AAA3-AC3C760F6B97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{953FF048-9AD2-421B-AAA3-AC3C760F6B97}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1426785058 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1426785058" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D06D087-E374-49EB-8663-8DA1139810A1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D06D087-E374-49EB-8663-8DA1139810A1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DA85D1E-9CF3-439E-8B41-01460128DF4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DA85D1E-9CF3-439E-8B41-01460128DF4C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A64C4710-9A7D-419E-BB08-4270FCAA39D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64C4710-9A7D-419E-BB08-4270FCAA39D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD7DD0D0-F9FB-4ED7-B70C-1891837BB6D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD7DD0D0-F9FB-4ED7-B70C-1891837BB6D5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE55A05F-DDD0-42DC-A9E3-9112BDE13E49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE55A05F-DDD0-42DC-A9E3-9112BDE13E49}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF06B688-784B-4BBB-964F-0A81B20BA7CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF06B688-784B-4BBB-964F-0A81B20BA7CC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1219536-17C0-4888-9974-9BFB5857D28E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1219536-17C0-4888-9974-9BFB5857D28E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B49FD765-DFF6-4BDC-B336-46FD32F26F29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B49FD765-DFF6-4BDC-B336-46FD32F26F29}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDDDACD2-2109-4CBA-81B5-B5F304F49BBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDDDACD2-2109-4CBA-81B5-B5F304F49BBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4478589-6973-4EC4-9A14-A3EE00483612}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4478589-6973-4EC4-9A14-A3EE00483612}" => removed successfully
C:\WINDOWS\System32\Tasks\{E075696A-5B4D-4C7F-AEA7-CF1A0C0205C8} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E075696A-5B4D-4C7F-AEA7-CF1A0C0205C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6D03988-F8CF-4F22-B777-3638128CA567}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6D03988-F8CF-4F22-B777-3638128CA567}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBEB9DEC-351E-4F0C-9AF3-AED80D36F7CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBEB9DEC-351E-4F0C-9AF3-AED80D36F7CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6F8D0A-DC4B-4E5E-B23C-6E853A02EA5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6F8D0A-DC4B-4E5E-B23C-6E853A02EA5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD735119-7407-4517-9C92-A34183725B7C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD735119-7407-4517-9C92-A34183725B7C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D14296A3-CE5C-4A44-B737-DA1FF0526269}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14296A3-CE5C-4A44-B737-DA1FF0526269}" => removed successfully
C:\WINDOWS\System32\Tasks\SidebarExecute => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D68D9DAB-05F6-4398-A2F4-5FA408EE649C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68D9DAB-05F6-4398-A2F4-5FA408EE649C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB41C9F6-5797-4391-A505-866A18EB271E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB41C9F6-5797-4391-A505-866A18EB271E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DE29BE59-B1C3-4D26-AE89-C8A74E3D877B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE29BE59-B1C3-4D26-AE89-C8A74E3D877B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E64B8ABC-C8E9-4667-8CA2-90F49E3CA078}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E64B8ABC-C8E9-4667-8CA2-90F49E3CA078}" => removed successfully
C:\WINDOWS\System32\Tasks\{A5A7B2E8-369B-48E5-A9E8-8A5126AA6449} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5A7B2E8-369B-48E5-A9E8-8A5126AA6449}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7959411-BDDA-434D-967F-CD0046837785}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7959411-BDDA-434D-967F-CD0046837785}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8694752-56D2-4B07-B087-39B70AFBAC4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8694752-56D2-4B07-B087-39B70AFBAC4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E932CEB7-767E-4A80-AAEC-093A1E291161}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E932CEB7-767E-4A80-AAEC-093A1E291161}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDD8F1F7-7CE1-4F28-9910-8AB013DF5878}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDD8F1F7-7CE1-4F28-9910-8AB013DF5878}" => removed successfully
C:\WINDOWS\System32\Tasks\{7976CC5B-1F22-4D86-A255-44A1070CF452} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7976CC5B-1F22-4D86-A255-44A1070CF452}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE4CEA92-69AD-424B-BBE6-DF409DCC99A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE4CEA92-69AD-424B-BBE6-DF409DCC99A0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2D83301-14F2-4EB1-AC22-7ED9575E66FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D83301-14F2-4EB1-AC22-7ED9575E66FF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
C:\WINDOWS\Tasks\HPCeeScheduleForMarek.job => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\WMPNetworkSvc => removed successfully
WMPNetworkSvc => service removed successfully
hellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
ontextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"BVTConsumer" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55D6813C-6CFA-4784-B5DB-B2289BE8091E} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{55D6813C-6CFA-4784-B5DB-B2289BE8091E} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => removed successfully
"HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55D6813C-6CFA-4784-B5DB-B2289BE8091E} => removed successfully
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f}" => removed successfully
"HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53D9097A-7384-4BEF-8CFF-D7106086C007}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 77660226 B
Java, Flash, Steam htmlcache => 1182 B
Windows/system/drivers => 424852 B
Edge => 2409152 B
Chrome => 0 B
Firefox => 0 B
Opera => 536147632 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 42548 B
NetworkService => 57270 B
Marek => 75610467 B
DefaultAppPool => 75610467 B

RecycleBin => 17706936 B
EmptyTemp: => 759.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:45:54 ====

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 09:13
od Diallix
Poprosim o nove logy FRST + ADDITION.

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 10:22
od Marek 46
Dobrý den,
FRST + Addition.rar
(37.96 KiB) Staženo 109 x

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 15:17
od Diallix
Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> 
Task: {016C21AE-1807-4CC3-858D-E466B72E3629} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {07FF0FB3-6D78-4FC0-9A9B-9BE5ECAB05BF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D5A3DDA-7067-411E-B0E8-74EDEC253A23} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B5978CB-7F12-4865-8317-FE53FF79E3E3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1D550452-E4C9-47A0-86D5-6AC9413B1AB7} - System32\Tasks\Opera scheduled assistant Autoupdate 1576958661 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {213BE72B-A9CA-415F-9B4D-DDD5D7F41FB1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {25C3328D-468C-401D-BD14-23CDC60EC0DA} - System32\Tasks\{EC4CF6BB-21D8-4C57-A9A7-468F8EA9A35B} => C:\Users\Marek\Desktop\gensig.exe
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\startupfolder: C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RT-Updater-SVO.lnk => C:\Windows\pss\RT-Updater-SVO.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Marek\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: AceWebExtensionUpdater => C:\Users\Marek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\...\StartupApproved\StartupFolder: => "RT-Updater-SVO.lnk"
FirewallRules: [UDP Query User{3D988DD8-64F8-4FD9-860F-B760C2508D21}C:\program files (x86)\domoticz\domoticz.exe] => (Allow) C:\program files (x86)\domoticz\domoticz.exe => No File
FirewallRules: [TCP Query User{BE204E60-9B26-4AEA-902A-5785FE03312C}C:\program files (x86)\domoticz\domoticz.exe] => (Allow) C:\program files (x86)\domoticz\domoticz.exe => No File
FirewallRules: [{A4A88406-8647-429F-8D87-20F53F21429C}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCDS.EXE => No File
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 16:56
od Marek 46
Zdravím,

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by Marek (15-11-2020 16:52:32) Run:2
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] ->
Task: {016C21AE-1807-4CC3-858D-E466B72E3629} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {07FF0FB3-6D78-4FC0-9A9B-9BE5ECAB05BF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D5A3DDA-7067-411E-B0E8-74EDEC253A23} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B5978CB-7F12-4865-8317-FE53FF79E3E3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1D550452-E4C9-47A0-86D5-6AC9413B1AB7} - System32\Tasks\Opera scheduled assistant Autoupdate 1576958661 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {213BE72B-A9CA-415F-9B4D-DDD5D7F41FB1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {25C3328D-468C-401D-BD14-23CDC60EC0DA} - System32\Tasks\{EC4CF6BB-21D8-4C57-A9A7-468F8EA9A35B} => C:\Users\Marek\Desktop\gensig.exe
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\startupfolder: C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RT-Updater-SVO.lnk => C:\Windows\pss\RT-Updater-SVO.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Marek\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: AceWebExtensionUpdater => C:\Users\Marek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\...\StartupApproved\StartupFolder: => "RT-Updater-SVO.lnk"
FirewallRules: [UDP Query User{3D988DD8-64F8-4FD9-860F-B760C2508D21}C:\program files (x86)\domoticz\domoticz.exe] => (Allow) C:\program files (x86)\domoticz\domoticz.exe => No File
FirewallRules: [TCP Query User{BE204E60-9B26-4AEA-902A-5785FE03312C}C:\program files (x86)\domoticz\domoticz.exe] => (Allow) C:\program files (x86)\domoticz\domoticz.exe => No File
FirewallRules: [{A4A88406-8647-429F-8D87-20F53F21429C}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCDS.EXE => No File

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D28973E5-8630-41af-8831-50A15FEB396B} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{016C21AE-1807-4CC3-858D-E466B72E3629}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{016C21AE-1807-4CC3-858D-E466B72E3629}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07FF0FB3-6D78-4FC0-9A9B-9BE5ECAB05BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07FF0FB3-6D78-4FC0-9A9B-9BE5ECAB05BF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D5A3DDA-7067-411E-B0E8-74EDEC253A23}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D5A3DDA-7067-411E-B0E8-74EDEC253A23}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B5978CB-7F12-4865-8317-FE53FF79E3E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B5978CB-7F12-4865-8317-FE53FF79E3E3}" => removed successfully
C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2726755439-1124894997-2511033722-1000" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1D550452-E4C9-47A0-86D5-6AC9413B1AB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D550452-E4C9-47A0-86D5-6AC9413B1AB7}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1576958661 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1576958661" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{213BE72B-A9CA-415F-9B4D-DDD5D7F41FB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213BE72B-A9CA-415F-9B4D-DDD5D7F41FB1}" => removed successfully
C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2726755439-1124894997-2511033722-1000 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2726755439-1124894997-2511033722-1000" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C3328D-468C-401D-BD14-23CDC60EC0DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C3328D-468C-401D-BD14-23CDC60EC0DA}" => removed successfully
C:\WINDOWS\System32\Tasks\{EC4CF6BB-21D8-4C57-A9A7-468F8EA9A35B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC4CF6BB-21D8-4C57-A9A7-468F8EA9A35B}" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellConverter => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RT-Updater-SVO.lnk => removed successfully
C:\Windows\pss\RT-Updater-SVO.lnk.Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AceStream => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AceWebExtensionUpdater => removed successfully
"C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater-SVO.lnk" => not found
"HKU\S-1-5-21-2726755439-1124894997-2511033722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\RT-Updater-SVO.lnk" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3D988DD8-64F8-4FD9-860F-B760C2508D21}C:\program files (x86)\domoticz\domoticz.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE204E60-9B26-4AEA-902A-5785FE03312C}C:\program files (x86)\domoticz\domoticz.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4A88406-8647-429F-8D87-20F53F21429C}" => removed successfully

==== End of Fixlog 16:52:33 ====

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 17:39
od Diallix
Ako je na tom pocitac?

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 20:07
od Marek 46
Zdravím,
nabíhání nb se zrychlilo, disk i procesor jede na pár procent.
DĚKUJI

Re: Trojan:Win32/Bluteal!rfn

Napsal: 15 lis 2020 20:47
od Diallix
V pohodicke, aj na buduce :]]
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz