Prosím o kontrolu
Napsal: 19 lis 2020 22:22
.txt sú v prílohe
Vopred díky mocKód: Vybrat vše
CloseProcesses:
CreateRestorePoint:
c:\program files\bytefence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\ByteFenceService.exe
c:\program files\bytefence
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {718eb70d-dd56-11e9-834f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {7cd81b36-79f9-11e8-828f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2a17-69e8-11e9-831a-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2ada-69e8-11e9-831a-b4b52f72c84f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
Task: {B2AE5251-7B82-4458-9B61-B7E2B27AE414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-02-19] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [162272 2020-02-11] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
2020-04-03 00:18 - 2020-05-01 18:40 - 000000038 _____ () C:\Users\Snowie\AppData\Roaming\WB.CFG
2020-11-08 12:24 - 2020-11-08 12:24 - 000000000 _____ () C:\Users\Snowie\AppData\Local\BIT8288.tmp
2018-04-24 18:58 - 2020-08-20 17:20 - 000006144 _____ () C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B}
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
EmptyTemp:
Hosts:
Kód: Vybrat vše
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by Snowie (23-11-2020 12:10:58) Run:1
Running from C:\Users\Snowie\Desktop
Loaded Profiles: Snowie
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
c:\program files\bytefence\rtop\bin\rtop_svc.exe
C:\Program Files\ByteFence\ByteFenceService.exe
c:\program files\bytefence
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {718eb70d-dd56-11e9-834f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {7cd81b36-79f9-11e8-828f-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2a17-69e8-11e9-831a-b4b52f72c84f} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\...\MountPoints2: {faee2ada-69e8-11e9-831a-b4b52f72c84f} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
Task: {B2AE5251-7B82-4458-9B61-B7E2B27AE414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-02] (Google Inc -> Google Inc.)
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-02-19] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [162272 2020-02-11] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
2020-04-03 00:18 - 2020-05-01 18:40 - 000000038 _____ () C:\Users\Snowie\AppData\Roaming\WB.CFG
2020-11-08 12:24 - 2020-11-08 12:24 - 000000000 _____ () C:\Users\Snowie\AppData\Local\BIT8288.tmp
2018-04-24 18:58 - 2020-08-20 17:20 - 000006144 _____ () C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B}
2019-06-18 22:03 - 2019-06-18 22:03 - 000000000 _____ () C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
EmptyTemp:
Hosts:
*****************
Processes closed successfully.
Restore point was successfully created.
c:\program files\bytefence\rtop\bin\rtop_svc.exe => moved successfully
C:\Program Files\ByteFence\ByteFenceService.exe => moved successfully
c:\program files\bytefence => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{718eb70d-dd56-11e9-834f-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd81b36-79f9-11e8-828f-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faee2a17-69e8-11e9-831a-b4b52f72c84f} => removed successfully
HKU\S-1-5-21-3189503593-2876448154-3088679205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faee2ada-69e8-11e9-831a-b4b52f72c84f} => removed successfully
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DAC5A8F-4485-47E3-B9B3-52AF39A04CDA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2AE5251-7B82-4458-9B61-B7E2B27AE414}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AE5251-7B82-4458-9B61-B7E2B27AE414}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\System\CurrentControlSet\Services\rtop => removed successfully
rtop => service removed successfully
HKLM\System\CurrentControlSet\Services\ByteFenceService => removed successfully
ByteFenceService => service removed successfully
C:\Users\Snowie\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Snowie\AppData\Local\BIT8288.tmp => moved successfully
C:\Users\Snowie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Snowie\AppData\Local\{0BFDB5FA-30B8-4023-BED3-05834DD9E23B} => moved successfully
C:\Users\Snowie\AppData\Local\{5F3DC63F-4892-4EF1-B201-2BAFC2EEC8E5} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41128111 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 148941396 B
Edge => 0 B
Chrome => 655392013 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 390 B
LocalService => 390 B
NetworkService => 124561584 B
Snowie => 30384276314 B
RecycleBin => 0 B
EmptyTemp: => 29.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:15:30 ====