Fix result of Farbar Recovery Scan Tool (x64) Version: 12-05-2023 01
Ran by pumuS (12-05-2023 19:35:24) Run:1
Running from C:\Users\pumuS\Desktop
Loaded Profiles: pumuS
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
"MBAMChameleon" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service)
FirewallRules: [TCP Query User{B8411648-F08B-4BEC-B382-55151DCAD786}C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [UDP Query User{F33D3FEF-BB44-46F2-9BAB-3DEDD18277F6}C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [TCP Query User{C6F7148A-4431-4AE7-99CA-9C4B609F89AF}D:\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{32F1AB34-F7BE-48AB-B4C3-E4F41DD0B910}D:\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"MBAMChameleon" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service) => Error: No automatic fix found for this entry.
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B8411648-F08B-4BEC-B382-55151DCAD786}C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F33D3FEF-BB44-46F2-9BAB-3DEDD18277F6}C:\users\pumus\appdata\local\discord\app-1.0.9006\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6F7148A-4431-4AE7-99CA-9C4B609F89AF}D:\steam\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32F1AB34-F7BE-48AB-B4C3-E4F41DD0B910}D:\steam\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20078252 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 612844930 B
Windows/system/drivers => 2352210 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 23148 B
NetworkService => 27804 B
pumuS => 4585414 B
RecycleBin => 0 B
EmptyTemp: => 610.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:35:37 ====
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Farbar Recovery Scan Tool (x64) Version: 12-05-2023 01
Ran by pumuS (12-05-2023 19:39:12)
Running from C:\Users\pumuS\Desktop
Boot Mode: Normal
================== Search Registry: "CreateExplorerShellUnelevatedTask.job" ===========
====== End of Search ======
Ran by pumuS (12-05-2023 19:39:12)
Running from C:\Users\pumuS\Desktop
Boot Mode: Normal
================== Search Registry: "CreateExplorerShellUnelevatedTask.job" ===========
====== End of Search ======
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43072
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Vše OK!
Stáhni si zde DelFix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Stáhni si zde DelFix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
# DelFix v1.010 - Logfile created 13/05/2023 at 17:35:49
# Updated 26/04/2015 by Xplode
# Username : pumuS - ADAM-PC
# Operating System : Windows 10 Enterprise (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\pumuS\Desktop\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\Users\pumuS\Desktop\Addition.txt
Deleted : C:\Users\pumuS\Desktop\Fixlog.txt
Deleted : C:\Users\pumuS\Desktop\FRST.txt
Deleted : C:\Users\pumuS\Desktop\FRST64.exe
Deleted : C:\Users\pumuS\Desktop\JRT.exe
Deleted : C:\Users\pumuS\Desktop\JRT.txt
Deleted : C:\Users\pumuS\Desktop\HijackThis.exe
Deleted : C:\Users\pumuS\Desktop\hijackthis.log
Deleted : C:\Users\pumuS\Desktop\RogueKiller_setup.exe
Deleted : C:\Users\pumuS\Desktop\zoek (1).exe
Deleted : C:\Users\pumuS\Desktop\zoek1.rar
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\pumuS\Downloads\AdwCleaner.exe
Deleted : C:\Users\pumuS\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #4 [Restore Point Created by FRST | 05/12/2023 17:35:25]
New restore point created !
########## - EOF - ##########
Super dakujem moc :)
# Updated 26/04/2015 by Xplode
# Username : pumuS - ADAM-PC
# Operating System : Windows 10 Enterprise (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\pumuS\Desktop\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\Users\pumuS\Desktop\Addition.txt
Deleted : C:\Users\pumuS\Desktop\Fixlog.txt
Deleted : C:\Users\pumuS\Desktop\FRST.txt
Deleted : C:\Users\pumuS\Desktop\FRST64.exe
Deleted : C:\Users\pumuS\Desktop\JRT.exe
Deleted : C:\Users\pumuS\Desktop\JRT.txt
Deleted : C:\Users\pumuS\Desktop\HijackThis.exe
Deleted : C:\Users\pumuS\Desktop\hijackthis.log
Deleted : C:\Users\pumuS\Desktop\RogueKiller_setup.exe
Deleted : C:\Users\pumuS\Desktop\zoek (1).exe
Deleted : C:\Users\pumuS\Desktop\zoek1.rar
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\pumuS\Downloads\AdwCleaner.exe
Deleted : C:\Users\pumuS\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #4 [Restore Point Created by FRST | 05/12/2023 17:35:25]
New restore point created !
########## - EOF - ##########
Super dakujem moc :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 31 hostů