Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojský kůň???

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Trojský kůň???

#1 Příspěvek od Ivošisko »

Dobrý večer, přišel mi vyděračský mail (viz příloha), kde se autor dost rozmluvil. Toto je už druhý mail, ten první mi zmizel (vyčkával jsem a pomalu měnil některá citlivá hesla. Faktem je, že toho dost o mě ví, ale v určitých věcech je vedle a vaří z vody.
Přikládám logy z FRST a onen mail. Prosím, pomozte, nechce se mi přeinstalovávat systém (a ani bych to asi nedal), i když mě některý SW nutí jít do W11 (ale to je jiná píseň).
Dík, Ivo

PS: nějak se mi ten mail nechce v náhledu zobrazit (měl jsem ho schovat do FRST.rar ?)
Přílohy
FRST.rar
(29.18 KiB) Staženo 59 x
Dík, Ivo.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#2 Příspěvek od Rudy »

Zdravím!
Takové maily občas chodí. Jsou od průměrných hackerů, kteří si dokáží zjistit o vybraném uživateli základní informace a pak "machrují", jací jsou to velcí znalci. Také mi asi před 2 roky takový přišel ( s výhrůžlou platby několika tisíc €. Změnil jsem si hesla a od té doby se už neozval. Pro jistotu prověříme PC. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Re: Trojský kůň???

#3 Příspěvek od Ivošisko »

Zde je log z AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-08-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-07-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 18362.720)
# Cleaned: 9
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\AdvancedWindowsManager

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted MyStart Search
Deleted iZito.com
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted webssearches
Deleted webssearches

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3411 octets] - [18/05/2020 20:16:03]
AdwCleaner[C00].txt - [3363 octets] - [18/05/2020 20:17:06]
AdwCleaner[S01].txt - [2491 octets] - [19/05/2020 19:45:42]
AdwCleaner[C01].txt - [2445 octets] - [19/05/2020 19:46:14]
AdwCleaner[S02].txt - [1851 octets] - [24/05/2020 13:29:39]
AdwCleaner[C02].txt - [1949 octets] - [24/05/2020 13:31:03]
AdwCleaner[S03].txt - [2242 octets] - [05/11/2022 22:00:50]
AdwCleaner[C03].txt - [2248 octets] - [05/11/2022 22:03:02]
AdwCleaner[S04].txt - [2289 octets] - [06/05/2023 21:05:49]
AdwCleaner[S05].txt - [2350 octets] - [06/05/2023 21:21:25]
AdwCleaner[C05].txt - [2370 octets] - [06/05/2023 21:23:59]
AdwCleaner[S06].txt - [2547 octets] - [07/06/2023 10:46:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########


Zde je vyděračský mail:

Od: ivo01@post.cz
Komu: ivo01@post.cz
Předmět: POPLACH - Napadl jsem te a ukradl jsem ti informace a fotku

Datum: 30.6.2031 15:23


Dobry den, ivo01@post.cz,
Musim se s vami podelit o spatnou zpravu.
Priblizne pred nekolika mesici jsem ziskal pristup k vasim zarizenim, ktera pouzivate k prohlizeni internetu.
Pote jsem zacal sledovat vase internetove aktivity.
Pred casem jsem vas naboural a ziskal jsem pristup k vasim e-mailovym uctum
ivo01@post.cz

Je zrejme, ze jsem se snadno naboural, abych se prihlasil k vasemu e-mailu.
Vase heslo:
ArnyKatRen6

O tyden pozdeji jsem jiz nainstaloval trojsky virus do operacnich systemu vsech zarizeni, ktera pouzivate pro pristup k e-mailu.
Ve skutecnosti to nebylo vubec tezke (protoze jste sledovali odkazy z e-mailu s dorucenou postou).
Vse dumyslne je jednoduche. =)

Tento software mi poskytuje pristup ke vsem ovladacum vasich zarizeni (napr. mikrofon, videokamera a klavesnice).
Stahl jsem si vsechny vase informace, data, fotografie, historii prochazeni webu na sve servery.
Mam pristup ke vsem vasim messengerum, socialnim sitim, e-mailum, historii chatu a seznamu kontaktu.
Muj virus neustale obnovuje signatury (je zalozen na ovladaci), a proto zustava pro antivirovy software neviditelny.
Stejne tak uz asi chapete, proc jsem zustal nezjisten az do tohoto dopisu...
Pri shromazdovani informaci o vas jsem zjistil, ze jste velkym fanouskem webovych stranek pro dospele.
Opravdu radi navstevujete porno webove stranky a sledujete vzrusujici videa a zaroven si uzijete obrovske mnozstvi poteseni.
Podarilo se mi zaznamenat nekolik vasich spinavych scen a namontovat nekolik videi, ktera ukazuji zpusob, jakym masturbujete a dosahujete orgasmu.
Pokud mate pochybnosti, mohu provest nekolik kliknuti mysi a vsechna vase videa budou sdilena s vasimi prateli, kolegy a pribuznymi.
Nemam take zadny problem je zpristupnit verejnosti.

Myslim, ze opravdu nechcete, aby se to stalo, vzhledem ke specificnosti videi, ktera radi sledujete, (dokonale vite, co tim myslim) to pro vas zpusobi skutecnou katastrofu.
Vyresime to takto:
Prevedete mi 400 USD (v ekvivalentu bitcoinu podle smenneho kurzu v okamziku prevodu prostredku) a jakmile bude prevod prijat, vsechny tyto spinave veci okamzite smazu.
Pote na sebe zapomeneme. Slibuji take, ze deaktivuji a odstranim veskery skodlivy software z vasich zarizeni. Ver mi, drzim slovo.
Jedna se o ferove jednani a cena je pomerne nizka, vezmeme-li v uvahu, ze vas profil a navstevnost jiz nejakou dobu sleduji.
V pripade, ze nevite, jak bitcoiny koupit a prevest - muzete pouzit jakykoli moderni vyhledavac.

Zde je moje bitcoinova penezenka:
bc1q7q3jpx0a36sjgx7jaxvtdyf3g6cytkhhyzx9w6

Veci, kterym se musite vyhnout:
*Neodpovidejte mi (tento e-mail jsem vytvoril ve vasi dorucene poste a vygeneroval zpatecni adresu).
*Nepokousejte se kontaktovat policii a dalsi bezpecnostni sluzby. Navic zapomente na to, ze byste to rekli svym pratelum. Pokud to zjistim (jak vidite, opravdu to neni tak tezke, vzhledem k tomu, ze ovladam vsechny vase systemy) � vase video bude okamzite sdileno s verejnosti.
*Nesnazte se me najit - je to naprosto zbytecne. Vsechny transakce s kryptomenami jsou anonymni.
*Nepokousejte se preinstalovat OS na svych zarizenich ani je nevyhazujte. Je to take zbytecne, protoze vsechna videa jiz byla ulozena na vzdalenych serverech.

Veci, o ktere se nemusite starat:
*Ze nebudu moci prijmout vas prevod prostredku.
- Nebojte se, uvidim to hned, jakmile dokoncite prenos, protoze neustale sleduji vsechny vase aktivity (muj trojsky virus ma funkci dalkoveho ovladani, neco jako TeamViewer).
*Ze vase videa budu i tak sdilet, az dokoncite prevod prostredku.
- Ver mi, nemam smysl pokracovat ve vytvareni problemu ve tvem zivote. Kdybych to opravdu chtel, udelal bych to uz davno!
Vse bude provedeno spravedlivym zpusobem!
Jeste jedna vec... Nenechte se v budoucnu chytit do podobnych situaci!
Moje rada � pravidelne mente vsechna sva hesla

Jak si mohu koupit bitcoiny?
Podivejte se na tyto stranky:
[https://www.coinbase.com/how-to-buy/bitcoin] www.coinbase.com/how-to-buy/bitcoin
[https://www.binance.com/en-NG/buy-Bitcoin] www.binance.com/en-NG/buy-Bitcoin
[https://www.kraken.com/learn/buy-bitcoin-btc] www.kraken.com/learn/buy-bitcoin-btc


Poznámka k mailu:

Před časem mi přišel první mail, který se týkal jiného mailového účtu - také tam heslo sedělo
Dík, Ivo.

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15364
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Trojský kůň???

#4 Příspěvek od JaRon »

len doplnim:
zvacsa sa to robi cez ukradnute databazy hesiel >> https://touchit.sk/tieto-hesla-uz-podvo ... ase/332794
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#5 Příspěvek od Rudy »

OK. Teď dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Re: Trojský kůň???

#6 Příspěvek od Ivošisko »

FRST.rar
(26.45 KiB) Staženo 67 x
Zde jsou logy z FRSTu:
Dík, Ivo.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore: [DisableConfig] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR] Restriction <==== ATTENTION
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\Run: [bvCkqlDgKUt] => "C:\Users\Lenovo\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Lenovo\PTCVWyAJvEp\XWHPSJfipJk.zbJXrg" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\Run: [UjmsTPqVeRE] => "C:\Users\Lenovo\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Lenovo\pVZXuzLnHiO\JZIJkaGNhiN.PFQpDs" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Uninstall 23.096.0507.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\23.096.0507.0001" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Uninstall 23.101.0514.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\23.101.0514.0001" (No File)
IFEO\acs.exe: [Debugger] svchost.exe
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVK.exe: [Debugger] svchost.exe
IFEO\AVKProxy.exe: [Debugger] svchost.exe
IFEO\AVKService.exe: [Debugger] svchost.exe
IFEO\AVKTray.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuard.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\cavwp.exe: [Debugger] svchost.exe
IFEO\CertReg.exe: [Debugger] svchost.exe
IFEO\cis.exe: [Debugger] svchost.exe
IFEO\CisTray.exe: [Debugger] svchost.exe
IFEO\clamscan.exe: [Debugger] svchost.exe
IFEO\ClamTray.exe: [Debugger] svchost.exe
IFEO\ClamWin.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\FilMsg.exe: [Debugger] svchost.exe
IFEO\FilUp.exe: [Debugger] svchost.exe
IFEO\filwscc.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\FPAVServer.exe: [Debugger] svchost.exe
IFEO\FProtTray.exe: [Debugger] svchost.exe
IFEO\FPWin.exe: [Debugger] svchost.exe
IFEO\freshclam.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\FSM32.EXE: [Debugger] svchost.exe
IFEO\FSMA32.EXE: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\fssm32.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\guardxservice.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamscheduler.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\MsMpEng.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nbrowser.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\NisSrv.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\nprosec.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcod.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\ONLINENT.EXE: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\procexp.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\psview.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\quamgr.exe: [Debugger] svchost.exe
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\SCANNER.EXE: [Debugger] svchost.exe
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe
IFEO\schmgr.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\Taskmgr.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\twsscan.exe: [Debugger] svchost.exe
IFEO\twssrv.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe
IFEO\UserReg.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\wireshark.exe: [Debugger] svchost.exe
IFEO\Zanda.exe: [Debugger] svchost.exe
IFEO\Zlh.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
ShortcutTarget: One Calendar.lnk -> (No File)
Task: {19507FD4-2017-469D-B214-86497FC0BB41} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-760426430-1322398698-3842268529-1001 => "C:\Users\Lenovo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe" (No File)
Task: {21590184-A8AC-416B-AE51-A0C5E4C1E89E} - System32\Tasks\GoogleUpdateTaskMachineUA{A987E47C-FDCE-43C0-9DF1-9B3BA1177E03} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-10] (Google Inc -> Google LLC)
Task: {2B8EBC6D-12F2-4EC6-A8F3-4BB64B67C5BD} - System32\Tasks\GoogleUpdateTaskMachineCore{27A8687D-D8ED-44A7-80C9-240AFA9957D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-10] (Google Inc -> Google LLC)
Task: {3E35EAB2-CF0B-4236-9A54-10220D004DDF} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
AlternateDataStreams: C:\ProgramData\TEMP:D5AD7675 [120]
FirewallRules: [TCP Query User{C614CFF0-8986-4CF4-AC60-01A179A931F9}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Allow) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [UDP Query User{4B2D5AD1-3837-4EC8-BEA0-D39946476455}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Allow) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [TCP Query User{090ADE78-9271-4C43-B79E-0702395740BB}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Block) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [UDP Query User{F0F67570-2B58-4854-97DF-11F28CA75061}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Block) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
C:\Users\Lenovo\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Re: Trojský kůň???

#8 Příspěvek od Ivošisko »

Zde je log z Fixlistu:


Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by Lenovo (07-06-2023 20:15:50) Run:4
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore: [DisableConfig] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR] Restriction <==== ATTENTION
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\Run: [bvCkqlDgKUt] => "C:\Users\Lenovo\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Lenovo\PTCVWyAJvEp\XWHPSJfipJk.zbJXrg" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\Run: [UjmsTPqVeRE] => "C:\Users\Lenovo\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Lenovo\pVZXuzLnHiO\JZIJkaGNhiN.PFQpDs" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Uninstall 23.096.0507.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\23.096.0507.0001" (No File)
HKU\S-1-5-21-760426430-1322398698-3842268529-1001\...\RunOnce: [Uninstall 23.101.0514.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\23.101.0514.0001" (No File)
IFEO\acs.exe: [Debugger] svchost.exe
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVK.exe: [Debugger] svchost.exe
IFEO\AVKProxy.exe: [Debugger] svchost.exe
IFEO\AVKService.exe: [Debugger] svchost.exe
IFEO\AVKTray.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuard.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\cavwp.exe: [Debugger] svchost.exe
IFEO\CertReg.exe: [Debugger] svchost.exe
IFEO\cis.exe: [Debugger] svchost.exe
IFEO\CisTray.exe: [Debugger] svchost.exe
IFEO\clamscan.exe: [Debugger] svchost.exe
IFEO\ClamTray.exe: [Debugger] svchost.exe
IFEO\ClamWin.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\FilMsg.exe: [Debugger] svchost.exe
IFEO\FilUp.exe: [Debugger] svchost.exe
IFEO\filwscc.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\FPAVServer.exe: [Debugger] svchost.exe
IFEO\FProtTray.exe: [Debugger] svchost.exe
IFEO\FPWin.exe: [Debugger] svchost.exe
IFEO\freshclam.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\FSM32.EXE: [Debugger] svchost.exe
IFEO\FSMA32.EXE: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\fssm32.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\guardxservice.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamscheduler.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\MsMpEng.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nbrowser.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\NisSrv.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\nprosec.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcod.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\ONLINENT.EXE: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\procexp.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\psview.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\quamgr.exe: [Debugger] svchost.exe
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\SCANNER.EXE: [Debugger] svchost.exe
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe
IFEO\schmgr.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\Taskmgr.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\twsscan.exe: [Debugger] svchost.exe
IFEO\twssrv.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe
IFEO\UserReg.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\wireshark.exe: [Debugger] svchost.exe
IFEO\Zanda.exe: [Debugger] svchost.exe
IFEO\Zlh.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
ShortcutTarget: One Calendar.lnk -> (No File)
Task: {19507FD4-2017-469D-B214-86497FC0BB41} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-760426430-1322398698-3842268529-1001 => "C:\Users\Lenovo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe" (No File)
Task: {21590184-A8AC-416B-AE51-A0C5E4C1E89E} - System32\Tasks\GoogleUpdateTaskMachineUA{A987E47C-FDCE-43C0-9DF1-9B3BA1177E03} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-10] (Google Inc -> Google LLC)
Task: {2B8EBC6D-12F2-4EC6-A8F3-4BB64B67C5BD} - System32\Tasks\GoogleUpdateTaskMachineCore{27A8687D-D8ED-44A7-80C9-240AFA9957D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-10] (Google Inc -> Google LLC)
Task: {3E35EAB2-CF0B-4236-9A54-10220D004DDF} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [697208 2022-05-11] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
AlternateDataStreams: C:\ProgramData\TEMP:D5AD7675 [120]
FirewallRules: [TCP Query User{C614CFF0-8986-4CF4-AC60-01A179A931F9}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Allow) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [UDP Query User{4B2D5AD1-3837-4EC8-BEA0-D39946476455}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Allow) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [TCP Query User{090ADE78-9271-4C43-B79E-0702395740BB}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Block) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
FirewallRules: [UDP Query User{F0F67570-2B58-4854-97DF-11F28CA75061}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe] => (Block) C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe => No File
C:\Users\Lenovo\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => not found
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bvCkqlDgKUt" => removed successfully
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UjmsTPqVeRE" => removed successfully
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.096.0507.0001" => removed successfully
"HKU\S-1-5-21-760426430-1322398698-3842268529-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.101.0514.0001" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acs.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareDesktop.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareService.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AgentSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVK.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKProxy.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKService.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKWCtlx64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avpmapp.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\av_task.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Bav.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bavhm.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavUpdater.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavWebClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BDSSVC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BgScan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuard.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardBhvScanner.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardUpdate.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuarScanner.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\capinfos.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cavwp.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CertReg.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cis.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CisTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clamscan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamWin.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ConfigSecurityPolicy.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CONSCTLX.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreFrameworkHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreServiceShell.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dragon_updater.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dumpcap.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econceal.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econser.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\editcap.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EMLPROXY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanmon.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanpro.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fcappdb.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCDBlog.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCHelper64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilMsg.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilUp.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filwscc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fmon.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient_Diagnostic_Tool.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiESNAC.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiFW.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiProxy.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiSSLVPNdaemon.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPAVServer.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FProtTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPWin.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclam.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclamwrap.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSHDLL64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fshoster32.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSM32.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSMA32.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsorsp.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fssm32.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GdBgInx64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDKBFltExe32.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDSC.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDScan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxkickoff_x64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxservice.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iptray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7AVScan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7CrvSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7EmlPxy.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7FWSrvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7PSSrvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7RTScan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7SysMon.Exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSecurity.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMain.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMngr.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LittleHook.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCS-Uninstall.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldCCC.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldDS.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldRTM.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mergecap.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpUXSrv.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWAGENT.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWASER.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanoav.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanosvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nbrowser.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nfservice.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NisSrv.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\njeeves2.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nnf.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nprosec.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NS.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nseupdatesvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcod.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcsvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvoy.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nwscmon.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONLINENT.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OPSSVC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\op_mon.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProcessHacker.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procexp.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAMain.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAService.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\psview.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSessionAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSvcHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtWatchDog.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\quamgr.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QUHLPSVC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rawshark.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAPISSVC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASCore64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASTask.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBPIMSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANNER.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANWSCS.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\schmgr.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scproxysrv.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ScSecSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFSSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDScan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWelcome.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSUpdate64.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERDelete.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Taskmgr.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\text2pcap.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYICOS.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYSSER.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\trigger.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tshark.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twsscan.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twssrv.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiSeAgnt.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiUpdateTray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWatchDog.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWinMgr.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UnThreat.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserAccountControlSettings.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserReg.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utsvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Main.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Medic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Proxy.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3SP.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Svc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Up.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIEWTCP.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIPREUI.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\virusutilities.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WebCompanion.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zanda.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zlh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlhh.exe => removed successfully
"ShortcutTarget: One Calendar.lnk -> (No File)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19507FD4-2017-469D-B214-86497FC0BB41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19507FD4-2017-469D-B214-86497FC0BB41}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-760426430-1322398698-3842268529-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-760426430-1322398698-3842268529-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21590184-A8AC-416B-AE51-A0C5E4C1E89E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21590184-A8AC-416B-AE51-A0C5E4C1E89E}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{A987E47C-FDCE-43C0-9DF1-9B3BA1177E03} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{A987E47C-FDCE-43C0-9DF1-9B3BA1177E03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B8EBC6D-12F2-4EC6-A8F3-4BB64B67C5BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8EBC6D-12F2-4EC6-A8F3-4BB64B67C5BD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{27A8687D-D8ED-44A7-80C9-240AFA9957D1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{27A8687D-D8ED-44A7-80C9-240AFA9957D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E35EAB2-CF0B-4236-9A54-10220D004DDF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E35EAB2-CF0B-4236-9A54-10220D004DDF}" => removed successfully
C:\Windows\System32\Tasks\AdvancedWindowsManager #6 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #6" => removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
C:\ProgramData\TEMP => ":D5AD7675" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C614CFF0-8986-4CF4-AC60-01A179A931F9}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4B2D5AD1-3837-4EC8-BEA0-D39946476455}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{090ADE78-9271-4C43-B79E-0702395740BB}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F0F67570-2B58-4854-97DF-11F28CA75061}C:\users\lenovo\desktop\medal of honor allied assault\mohaa.exe" => removed successfully
C:\Users\Lenovo\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40227530 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 2698088 B
Edge => 226796 B
Chrome => 321157173 B
Firefox => 1105512193 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Lenovo => 622504 B
WgaUtilAcc => 622504 B

RecycleBin => 288231 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:16:08 ====
Dík, Ivo.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#9 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Re: Trojský kůň???

#10 Příspěvek od Ivošisko »

Děkuji za pomoc, přispěl jsem nějakým obolusem. Teď si ještě udělat rozvahu, jak bezpečně a přitom efektivně řešit hesla.

A ještě jeden dotaz na závěr: ta "Vzdálená pomoc NEŠLAPE" by mi pomohla s přeinstalací Windows na jedenáctky?
Dík, Ivo.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#11 Příspěvek od Rudy »

1. Děkujeme za příspěvek.
2. Bezpečné heslo by mělo mít nejméně 8 znaků v kombinaci malých a velkých písmen, číslic a diakritických znamének.
3. Win 11 nelze nainstalovat na starší HW. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
Ivošisko
Návštěvník
Návštěvník
Příspěvky: 393
Registrován: 04 říj 2006 11:26
Bydliště: Ostrava/Jeseníky
Kontaktovat uživatele:

Re: Trojský kůň???

#12 Příspěvek od Ivošisko »

Dík a tím bychom to mohli uzavřít (sice jsi mi zamotal šišku, neboť "jsi mi smazal" tabulku s hesly, ale aspoň začnu z gruntu odznova) :shock:
Dík, Ivo.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň???

#13 Příspěvek od Rudy »

To já nerad, ovšem FRST má tu vlastnost, že téměř vše uvádí do defaultu. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno