prosím o kontrolu logu HJT

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001\...\MountPoints2: {12438d51-68b0-11eb-829c-507b9d91ec18} - "F:\Setup.exe"
Task: {579E92DF-794A-49E4-9AB8-F18940B6AC09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001Core => C:\Users\lucka\AppData\Local\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {5C32CCE1-19EF-4EFA-9881-1DF7C4FDF5A3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {7FFB78E1-1C29-4295-97EC-35CBCDEAF639} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001UA => C:\Users\lucka\AppData\Local\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
R1 cmdcss; C:\windows\system32\drivers\cmdcss.sys [125000 2018-02-28] (Comodo Security Solutions, Inc. -> COMODO)
C:\Program Files\Malwarebytes
C:\Users\lucka\Downloads\MBSetup.exe
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{131F1D07-101A-4F36-9A5B-55E0111B69C1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{D382C858-3B36-4482-ACF7-06BE08BCDF9C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{69F0FB2A-60AD-4B34-8AFD-DF6CACC76D3D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{6E2C7393-55E6-4889-8731-023034F67E8C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak napiš ,zda je vše v pořádku.

[Reklama]

[vejmol71]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by lucka (19-02-2022 09:01:25) Run:1
Running from C:\Users\lucka\Desktop
Loaded Profiles: lucka & Guest
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001\...\MountPoints2: {12438d51-68b0-11eb-829c-507b9d91ec18} - "F:\Setup.exe"
Task: {579E92DF-794A-49E4-9AB8-F18940B6AC09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001Core => C:\Users\lucka\AppData\Local\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Task: {5C32CCE1-19EF-4EFA-9881-1DF7C4FDF5A3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {7FFB78E1-1C29-4295-97EC-35CBCDEAF639} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001UA => C:\Users\lucka\AppData\Local\Google\Update\GoogleUpdate.exe [154456 2021-06-01] (Google LLC -> Google LLC)
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
R1 cmdcss; C:\windows\system32\drivers\cmdcss.sys [125000 2018-02-28] (Comodo Security Solutions, Inc. -> COMODO)
C:\Program Files\Malwarebytes
C:\Users\lucka\Downloads\MBSetup.exe
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\lucka\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{131F1D07-101A-4F36-9A5B-55E0111B69C1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{D382C858-3B36-4482-ACF7-06BE08BCDF9C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{69F0FB2A-60AD-4B34-8AFD-DF6CACC76D3D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{6E2C7393-55E6-4889-8731-023034F67E8C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File

EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => removed successfully
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12438d51-68b0-11eb-829c-507b9d91ec18} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{579E92DF-794A-49E4-9AB8-F18940B6AC09}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{579E92DF-794A-49E4-9AB8-F18940B6AC09}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C32CCE1-19EF-4EFA-9881-1DF7C4FDF5A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C32CCE1-19EF-4EFA-9881-1DF7C4FDF5A3}" => removed successfully
C:\windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FFB78E1-1C29-4295-97EC-35CBCDEAF639}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FFB78E1-1C29-4295-97EC-35CBCDEAF639}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4289856400-1582998229-3165114676-1001UA" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
cmdcss => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cmdcss => removed successfully
cmdcss => service removed successfully
HKLM\System\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}\\UpperFilters cmdcss => value removed successfully
C:\Program Files\Malwarebytes => moved successfully
C:\Users\lucka\Downloads\MBSetup.exe => moved successfully
"AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}" => removed successfully
"AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}" => removed successfully
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47} => removed successfully
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-4289856400-1582998229-3165114676-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{131F1D07-101A-4F36-9A5B-55E0111B69C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D382C858-3B36-4482-ACF7-06BE08BCDF9C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69F0FB2A-60AD-4B34-8AFD-DF6CACC76D3D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E2C7393-55E6-4889-8731-023034F67E8C}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16724992 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1853601 B
Edge => 0 B
Chrome => 9120621 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 5230 B
NetworkService => 29072 B
lucka => 33722791 B
Guest => 33728903 B

RecycleBin => 279937957 B
EmptyTemp: => 357.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:04:11 ====


Tak ok ten malwarebytes je pryč.díky

[jaro3]

Nemáš zač!

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[vejmol71]

# DelFix v1.013 - Logfile created 21/02/2022 at 06:24:30
# Updated 17/04/2016 by Xplode
# Username : lucka - LENOVO-PC
# Operating System : Windows 8.1 Connected (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\lucka\Desktop\Fixlog.txt
Deleted : C:\Users\lucka\Desktop\FRST64.exe

~ Cleaning system restore ...

Deleted : RP #75 [End of disinfection | 02/15/2022 18:12:38]
Deleted : RP #77 [Restore Point Created by FRST | 02/19/2022 08:01:35]

New restore point created !

########## - EOF - ##########

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.