The command prompt opens by itself.
Solved
Skyse
Posted messages
66
Status
Membre
-
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Hello, for the past few months (since November), the command prompt opens by itself for half a second and then closes. I can't read what is written, but I will try to let you know when I manage to catch one. It really bothers me when I'm playing fullscreen games because it takes me out of the game. I hope you find a solution.
15 réponses
Hi!
I would be worried if I were you ^^'
Are you able to see anything in that console?
Do you have something suspicious in your startup programs? (http://www.microsoft-desktop.com/2015/08/windows-10-gerer-les-programmes-lances-au-demarrage/
I would be worried if I were you ^^'
Are you able to see anything in that console?
Do you have something suspicious in your startup programs? (http://www.microsoft-desktop.com/2015/08/windows-10-gerer-les-programmes-lances-au-demarrage/
Hello,
No, I can't seem to spot anything, but I'm still trying to catch one, and the link you gave me shows error 404 not found.
No, I can't seem to spot anything, but I'm still trying to catch one, and the link you gave me shows error 404 not found.
I'm sorry, but I can only provide translations. Please provide the text you would like me to translate.
Hi,
To see what’s going on:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan, 3 FRST reports will be generated:
Send these 3 reports to the site http://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so that we can review them.
--
Please press any key to continue the disinfection...
To see what’s going on:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan, 3 FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additional.txt
Send these 3 reports to the site http://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so that we can review them.
--
Please press any key to continue the disinfection...
Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Windows Key + R,
In the "Run" field, type notepad and hit OK.
Copy/Paste the following into it:
CreateRestorePoint:
CloseProcesses:
2016-10-06 17:10 - 2016-10-06 17:10 - 0000000 _____ () C:\Users\iyaddu\AppData\Local\{14270067-D30D-4B6B-A021-FA0BB3D1EA2E}
S4 myzogibi; C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C\kns6FBA.tmp [432640 2017-01-01] () [Unsigned file]
Task: {A68D4999-66C8-4A1A-A9C3-14519D4EA041} - System32\Tasks\{45C6665E-81E9-4497-9365-91F256F77329}
C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Once the text is pasted into Notepad,
Menu "File" then "Save As",
On the left, navigate to the Desktop,
In the bottom field, for the file name, enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Restart FRST and click the "Fix" button
A restart may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
--
Please press a key to continue the disinfection...
Results of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Executed by iyaddu (07-02-2017 12:08:46) Run:2
Executed from C:\Users\iyaddu\Desktop
Loaded profiles: iyaddu (Available profiles: iyaddu)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
2016-10-06 17:10 - 2016-10-06 17:10 - 0000000 _____ () C:\Users\iyaddu\AppData\Local\{14270067-D30D-4B6B-A021-FA0BB3D1EA2E}
S4 myzogibi; C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C\kns6FBA.tmp [432640 2017-01-01] () [Unsigned file]
Task: {A68D4999-66C8-4A1A-A9C3-14519D4EA041} - System32\Tasks\{45C6665E-81E9-4497-9365-91F256F77329}
C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
C:\Users\iyaddu\AppData\Local\{14270067-D30D-4B6B-A021-FA0BB3D1EA2E} => moved successfully
HKLM\System\CurrentControlSet\Services\myzogibi => key deleted successfully
myzogibi => service deleted successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A68D4999-66C8-4A1A-A9C3-14519D4EA041} => key deleted successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A68D4999-66C8-4A1A-A9C3-14519D4EA041} => key deleted successfully
C:\WINDOWS\System32\Tasks\{45C6665E-81E9-4497-9365-91F256F77329} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45C6665E-81E9-4497-9365-91F256F77329} => key deleted successfully
C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-21-1437628794-3035026654-3620806506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-1437628794-3035026654-3620806506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 5763567 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30465099 B
Java, Flash, Steam htmlcache => 256592179 B
Windows/system/drivers => 87806926 B
Edge => 105345 B
Chrome => 584674980 B
Firefox => 20479404 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4162 B
NetworkService => 20580 B
iyaddu => 590774054 B
RecycleBin => 4032761648 B
EmptyTemp: => 5.2 GB of temporary data deleted.
================================
The system had to restart.
Executed by iyaddu (07-02-2017 12:08:46) Run:2
Executed from C:\Users\iyaddu\Desktop
Loaded profiles: iyaddu (Available profiles: iyaddu)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
2016-10-06 17:10 - 2016-10-06 17:10 - 0000000 _____ () C:\Users\iyaddu\AppData\Local\{14270067-D30D-4B6B-A021-FA0BB3D1EA2E}
S4 myzogibi; C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C\kns6FBA.tmp [432640 2017-01-01] () [Unsigned file]
Task: {A68D4999-66C8-4A1A-A9C3-14519D4EA041} - System32\Tasks\{45C6665E-81E9-4497-9365-91F256F77329}
C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
C:\Users\iyaddu\AppData\Local\{14270067-D30D-4B6B-A021-FA0BB3D1EA2E} => moved successfully
HKLM\System\CurrentControlSet\Services\myzogibi => key deleted successfully
myzogibi => service deleted successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A68D4999-66C8-4A1A-A9C3-14519D4EA041} => key deleted successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A68D4999-66C8-4A1A-A9C3-14519D4EA041} => key deleted successfully
C:\WINDOWS\System32\Tasks\{45C6665E-81E9-4497-9365-91F256F77329} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45C6665E-81E9-4497-9365-91F256F77329} => key deleted successfully
C:\Program Files (x86)\95C06200--11E4-8FB4-60029220355C => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-21-1437628794-3035026654-3620806506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-1437628794-3035026654-3620806506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 5763567 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30465099 B
Java, Flash, Steam htmlcache => 256592179 B
Windows/system/drivers => 87806926 B
Edge => 105345 B
Chrome => 584674980 B
Firefox => 20479404 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4162 B
NetworkService => 20580 B
iyaddu => 590774054 B
RecycleBin => 4032761648 B
EmptyTemp: => 5.2 GB of temporary data deleted.
================================
The system had to restart.
End of Fixlog 12:13:28
Yes, I think it changed something because I no longer see
the cmd opening, so thank you for helping me ;)
the cmd opening, so thank you for helping me ;)
great :)
Finish with a cleanup Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial
Some advice:
To avoid getting caught again.
To read - Potentially Unwanted Programs / PUPs: File on Adwares/PUPs: unwanted and parasitic programs
(Especially enable LPI detections to detect parasitic and advertising programs)
--
Please press any key to continue the disinfection...
Finish with a cleanup Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial
Some advice:
To avoid getting caught again.
To read - Potentially Unwanted Programs / PUPs: File on Adwares/PUPs: unwanted and parasitic programs
(Especially enable LPI detections to detect parasitic and advertising programs)
--
Please press any key to continue the disinfection...
Hello, I've been having the same problem for a while now, I managed to take a screenshot: https://zupimages.net/up/18/03/ery3.png
I saw you talking about PUPs, I had plenty installed as add-ons on Chrome and I cleaned everything with Malwarebytes and AdwCleaner, apparently it wasn't enough.... Any solution please?
I saw you talking about PUPs, I had plenty installed as add-ons on Chrome and I cleaned everything with Malwarebytes and AdwCleaner, apparently it wasn't enough.... Any solution please?
You have programs that were installed when you bought the computer or installed later that are not necessarily useful.
They clutter Windows and can slow it down.
You can uninstall them.
Go to the Control Panel
then Programs and Features.
Uninstall:
Avast Cleanup Premium
CCleaner
Driver Booster 5
Java
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, as it starts with Windows and slows it down with its incessant cleaning, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the fix to perform with FRST. You can help yourself with this explanatory note with screenshots.
Restart FRST then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
Save the content from the file menu then save.
Close the notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file appears, copy/paste its content here in a new message.
Restart the computer.
They clutter Windows and can slow it down.
You can uninstall them.
Go to the Control Panel
then Programs and Features.
Uninstall:
Avast Cleanup Premium
CCleaner
Driver Booster 5
Java
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, as it starts with Windows and slows it down with its incessant cleaning, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the fix to perform with FRST. You can help yourself with this explanatory note with screenshots.
Restart FRST then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
Task: {AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46} - System32\Tasks\AOJWlYdUOu => C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat [2017-03-18] () <==== ATTENTION
Task: {ADC44FE1-9320-4A27-B3AF-8937F157738A} - System32\Tasks\eiPOUUibgwgIE => C:\Users\Jeremie\ihBZUDvoAXpYY.bat [2017-03-18] () <==== ATTENTION
2018-01-15 19:06 - 2018-01-17 16:27 - 000003392 _____ C:\Windows\System32\Tasks\AOJWlYdUOu
2018-01-15 19:06 - 2018-01-17 10:04 - 000002698 _____ C:\Windows\System32\Tasks\eITe
2018-01-15 19:06 - 2018-01-17 10:04 - 000002582 _____ C:\Windows\System32\Tasks\eiPOUUibgwgIE
2018-01-15 19:06 - 2018-01-15 19:06 - 000000001 _____ C:\Users\Jeremie\AppData\Local\WMI.ini
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\LocalLow\Unity
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\Local\Unity
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ C:\Program Files (x86)\eamOdolliH
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ C:\Users\Jeremie\AppData\Roaming\kyltphTz
2018-01-15 19:06 - 2017-03-18 21:59 - 000000063 _____ C:\Users\Jeremie\ihBZUDvoAXpYY
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2017-03-18 21:59 - 2017-03-18 21:59 - 000000063 _____ () C:\Users\Jeremie\ihBZUDvoAXpYY.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH
2017-03-18 21:59 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2017-03-18 21:59 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz
2017-03-18 21:59 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu then save.
Close the notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file appears, copy/paste its content here in a new message.
Restart the computer.
Thank you for your reply, I'll do that. However, I have lots of little "PUP.Optional.legacy" and other issues detected by ADW cleaner and Malwarebytes, which I believe do not come from the programs you mentioned and which are also not the cause of my spontaneous openings of my system32/CMD. I keep deleting and re-deleting these malwares, but they reappear every time I boot up (boots requested by ADW cleaner and Malwarebytes after each clean), opening new CMDs. I can't get rid of them....
Results of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Executed by Jeremie (01-17-2018 18:26:16) Run:1
Executed from C:\Users\Jeremie\Downloads
Loaded Profiles: Jeremie (Available profiles: Jeremie)
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Task: {AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46} - System32\Tasks\AOJWlYdUOu => C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat [2017-03-18] () <==== ATTENTION
Task: {ADC44FE1-9320-4A27-B3AF-8937F157738A} - System32\Tasks\eiPOUUibgwgIE => C:\Users\Jeremie\ihBZUDvoAXpYY.bat [2017-03-18] () <==== ATTENTION
2018-01-15 19:06 - 2018-01-17 16:27 - 000003392 _____ C:\Windows\System32\Tasks\AOJWlYdUOu
2018-01-15 19:06 - 2018-01-17 10:04 - 000002698 _____ C:\Windows\System32\Tasks\eITe
2018-01-15 19:06 - 2018-01-17 10:04 - 000002582 _____ C:\Windows\System32\Tasks\eiPOUUibgwgIE
2018-01-15 19:06 - 2018-01-15 19:06 - 000000001 _____ C:\Users\Jeremie\AppData\Local\WMI.ini
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\LocalLow\Unity
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\Local\Unity
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ C:\Program Files (x86)\eamOdolliH
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ C:\Users\Jeremie\AppData\Roaming\kyltphTz
2018-01-15 19:06 - 2017-03-18 21:59 - 000000063 _____ C:\Users\Jeremie\ihBZUDvoAXpYY
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2017-03-18 21:59 - 2017-03-18 21:59 - 000000063 _____ () C:\Users\Jeremie\ihBZUDvoAXpYY.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH
2017-03-18 21:59 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2017-03-18 21:59 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz
2017-03-18 21:59 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46} => could not delete key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46}" => successfully deleted
C:\Windows\System32\Tasks\AOJWlYdUOu => successfully moved
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AOJWlYdUOu" => successfully deleted
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADC44FE1-9320-4A27-B3AF-8937F157738A}" => successfully deleted
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC44FE1-9320-4A27-B3AF-8937F157738A}" => successfully deleted
C:\Windows\System32\Tasks\eiPOUUibgwgIE => successfully moved
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eiPOUUibgwgIE" => successfully deleted
"C:\Windows\System32\Tasks\AOJWlYdUOu" => not found
C:\Windows\System32\Tasks\eITe => successfully moved
"C:\Windows\System32\Tasks\eiPOUUibgwgIE" => not found
C:\Users\Jeremie\AppData\Local\WMI.ini => successfully moved
C:\Users\Jeremie\AppData\LocalLow\Unity => successfully moved
C:\Users\Jeremie\AppData\Local\Unity => successfully moved
C:\Program Files (x86)\eamOdolliH => successfully moved
C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE => successfully moved
C:\Users\Jeremie\AppData\Roaming\kyltphTz => successfully moved
C:\Users\Jeremie\ihBZUDvoAXpYY => successfully moved
C:\Users\Jeremie\AppData\Local\YSRNcAll.exe => successfully moved
C:\Users\Jeremie\tOZyy.exe => successfully moved
C:\Users\Jeremie\ihBZUDvoAXpYY.bat => successfully moved
"C:\Users\Jeremie\tOZyy.exe" => not found
"C:\Program Files (x86)\eamOdolliH" => not found
C:\Program Files (x86)\eamOdolliH.bat => successfully moved
"C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE" => not found
C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE.bat => successfully moved
"C:\Users\Jeremie\AppData\Roaming\kyltphTz" => not found
C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat => successfully moved
"C:\Users\Jeremie\AppData\Local\YSRNcAll.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => successfully moved
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
"HKU\S-1-5-21-1431562741-2164187238-427298959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\S-1-5-21-1431562741-2164187238-427298959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83869953 B
Java, Flash, Steam htmlcache => 315805838 B
Windows/system/drivers => 0 B
Edge => 199 B
Chrome => 48995900 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Jeremie => 3671597 B
RecycleBin => 0 B
EmptyTemp: => 438.9 MB temporary data deleted.
================================
The system had to reboot.
Executed by Jeremie (01-17-2018 18:26:16) Run:1
Executed from C:\Users\Jeremie\Downloads
Loaded Profiles: Jeremie (Available profiles: Jeremie)
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Task: {AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46} - System32\Tasks\AOJWlYdUOu => C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat [2017-03-18] () <==== ATTENTION
Task: {ADC44FE1-9320-4A27-B3AF-8937F157738A} - System32\Tasks\eiPOUUibgwgIE => C:\Users\Jeremie\ihBZUDvoAXpYY.bat [2017-03-18] () <==== ATTENTION
2018-01-15 19:06 - 2018-01-17 16:27 - 000003392 _____ C:\Windows\System32\Tasks\AOJWlYdUOu
2018-01-15 19:06 - 2018-01-17 10:04 - 000002698 _____ C:\Windows\System32\Tasks\eITe
2018-01-15 19:06 - 2018-01-17 10:04 - 000002582 _____ C:\Windows\System32\Tasks\eiPOUUibgwgIE
2018-01-15 19:06 - 2018-01-15 19:06 - 000000001 _____ C:\Users\Jeremie\AppData\Local\WMI.ini
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\LocalLow\Unity
2018-01-15 19:06 - 2018-01-15 19:06 - 000000000 ____D C:\Users\Jeremie\AppData\Local\Unity
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ C:\Program Files (x86)\eamOdolliH
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ C:\Users\Jeremie\AppData\Roaming\kyltphTz
2018-01-15 19:06 - 2017-03-18 21:59 - 000000063 _____ C:\Users\Jeremie\ihBZUDvoAXpYY
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2017-03-18 21:59 - 2017-03-18 21:59 - 000000063 _____ () C:\Users\Jeremie\ihBZUDvoAXpYY.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Jeremie\tOZyy.exe
2018-01-15 19:06 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH
2017-03-18 21:59 - 2017-03-18 21:59 - 000001269 _____ () C:\Program Files (x86)\eamOdolliH.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE
2017-03-18 21:59 - 2017-03-18 21:59 - 000001136 _____ () C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE.bat
2018-01-15 19:06 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz
2017-03-18 21:59 - 2017-03-18 21:59 - 000000076 _____ () C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat
2018-01-15 19:06 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Jeremie\AppData\Local\YSRNcAll.exe
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46} => could not delete key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAB3BB54-9F7F-4541-9DC4-E8B6BAD60D46}" => successfully deleted
C:\Windows\System32\Tasks\AOJWlYdUOu => successfully moved
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AOJWlYdUOu" => successfully deleted
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADC44FE1-9320-4A27-B3AF-8937F157738A}" => successfully deleted
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC44FE1-9320-4A27-B3AF-8937F157738A}" => successfully deleted
C:\Windows\System32\Tasks\eiPOUUibgwgIE => successfully moved
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eiPOUUibgwgIE" => successfully deleted
"C:\Windows\System32\Tasks\AOJWlYdUOu" => not found
C:\Windows\System32\Tasks\eITe => successfully moved
"C:\Windows\System32\Tasks\eiPOUUibgwgIE" => not found
C:\Users\Jeremie\AppData\Local\WMI.ini => successfully moved
C:\Users\Jeremie\AppData\LocalLow\Unity => successfully moved
C:\Users\Jeremie\AppData\Local\Unity => successfully moved
C:\Program Files (x86)\eamOdolliH => successfully moved
C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE => successfully moved
C:\Users\Jeremie\AppData\Roaming\kyltphTz => successfully moved
C:\Users\Jeremie\ihBZUDvoAXpYY => successfully moved
C:\Users\Jeremie\AppData\Local\YSRNcAll.exe => successfully moved
C:\Users\Jeremie\tOZyy.exe => successfully moved
C:\Users\Jeremie\ihBZUDvoAXpYY.bat => successfully moved
"C:\Users\Jeremie\tOZyy.exe" => not found
"C:\Program Files (x86)\eamOdolliH" => not found
C:\Program Files (x86)\eamOdolliH.bat => successfully moved
"C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE" => not found
C:\Users\Jeremie\AppData\Roaming\IInfAzuaXELEE.bat => successfully moved
"C:\Users\Jeremie\AppData\Roaming\kyltphTz" => not found
C:\Users\Jeremie\AppData\Roaming\kyltphTz.bat => successfully moved
"C:\Users\Jeremie\AppData\Local\YSRNcAll.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => successfully moved
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
"HKU\S-1-5-21-1431562741-2164187238-427298959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\S-1-5-21-1431562741-2164187238-427298959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83869953 B
Java, Flash, Steam htmlcache => 315805838 B
Windows/system/drivers => 0 B
Edge => 199 B
Chrome => 48995900 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Jeremie => 3671597 B
RecycleBin => 0 B
EmptyTemp: => 438.9 MB temporary data deleted.
================================
The system had to reboot.
End of Fixlog 18:26:48
Hello, I have the same CMD problem. I followed the three links. Could you help me, please?
https://pjjoint.malekal.com/files.php?id=FRST_20180415_q7b5r13i12l5
https://pjjoint.malekal.com/files.php?id=20180415_q10m9f9x8c8
https://pjjoint.malekal.com/files.php?id=20180415_c15h6i8j8y13
https://pjjoint.malekal.com/files.php?id=FRST_20180415_q7b5r13i12l5
https://pjjoint.malekal.com/files.php?id=20180415_q10m9f9x8c8
https://pjjoint.malekal.com/files.php?id=20180415_c15h6i8j8y13
Hello,
You have programs that were installed at the time of purchasing the computer or later on that may not be useful.
They clutter up Windows and can slow it down.
You can uninstall them.
Go to the Control Panel
then Programs and Features.
Uninstall:
Avast Secure Browser
CCleaner
CyberLink
Java
WarThunder
WorldofTanks
PS: CCleaner is not really useful, even if it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, it starts up with Windows and slows it down with its incessant cleanings. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST then press the CTRL + Y keys on your keyboard.
The notepad will open, copy/paste this.
Save the content via the file menu and then save.
Close notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2°)
Reset/Repair the affected web browsers:
3°)
Finish with a cleaning using Malwarebytes - Malwarebytes Anti-Malware tutorial (free version)
4°)
See how it goes and if there have been any improvements.
If not, if you still have pop-up ads, specify which web browser.
Run a new FRST scan and share the new reports via attachment.
You have programs that were installed at the time of purchasing the computer or later on that may not be useful.
They clutter up Windows and can slow it down.
You can uninstall them.
Go to the Control Panel
then Programs and Features.
Uninstall:
Avast Secure Browser
CCleaner
CyberLink
Java
WarThunder
WorldofTanks
PS: CCleaner is not really useful, even if it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, it starts up with Windows and slows it down with its incessant cleanings. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST then press the CTRL + Y keys on your keyboard.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
Task: {0E5F3577-B55A-4C98-90AC-202EB2F7B5F5} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== WARNING
C:\ProgramData\ChelfNotify
HKU\S-1-5-21-4011222484-87278128-38673612-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Easthas\Application\chrome.exe" "%1" <==== WARNING
C:\Program Files (x86)\Easthas
Task: {72F94D02-EAC4-421E-9FE9-A76D3C445134} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\A743F5C4DF8A9E0316D188AEB9F35C06\Update\BrowserUpdate.exe <==== WARNING
Task: C:\WINDOWS\Tasks\Yahoo! Powered lened.job => Wscript.exe C:\ProgramData\{7FF0BA93-F5B2-3055-7374-AE17E93625D9}\delo.txt <==== WARNING
HKU\S-1-5-21-4011222484-87278128-38673612-1001\...\Run: [ProxyGate] => C:\Users\famil\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <==== WARNING
2018-03-31 16:33 - 2018-04-12 17:58 - 000000000 ____D C:\ProgramData\updater2
Task: {D1EDC1F6-E70E-418E-B37B-0305F0F59F98} - System32\Tasks\ACC => C:\Program Files\DriverSetupUtility\FUB\FUB_Send.bat [2015-06-22] () <==== WARNING
Task: {D248A90D-7482-46A6-938D-6E469FDD38AF} - System32\Tasks\Yahoo! Powered lened => C:\Windows\system32\wscript.exe "C:\ProgramData\{7FF0BA93-F5B2-3055-7374-AE17E93625D9}\delo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b37464630424139332d463542322d333035352d373337342d4145313745393336323544397d5c6d6172657469" "433a5c50726f6772616d446174615c7b37464630424139332d463542322d333035352d373337 (the data element has 78 extra characters). <==== WARNING
Task: {DA3A974E-F163-443E-B123-94EDE5B88EF5} - System32\Tasks\ASUS\AEGIS_II Lighting CD_Rom Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe [2015-06-30] ()
Task: {E5BF4006-62E8-4E8E-A025-98F62FF4F5A2} - System32\Tasks\MSIAfterburner => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-12-15] ()
Task: {EFF0568F-8322-4A72-8346-80BDE2FECF71} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== WARNING
EmptyTemp:
RemoveProxy:
Reboot:
Save the content via the file menu and then save.
Close notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2°)
Reset/Repair the affected web browsers:
- Repair Mozilla Firefox (first paragraph)
- Repair Google Chrome (only the first paragraph).
- Reset and repair Internet Explorer
3°)
Finish with a cleaning using Malwarebytes - Malwarebytes Anti-Malware tutorial (free version)
4°)
See how it goes and if there have been any improvements.
If not, if you still have pop-up ads, specify which web browser.
Run a new FRST scan and share the new reports via attachment.
I have exactly the same issue, here are my links, let me know as soon as possible please
https://pjjoint.malekal.com/files.php?id=20190326_e9y5o13p14d12
https://pjjoint.malekal.com/files.php?id=FRST_20190326_g12s8t12m7k12
https://pjjoint.malekal.com/files.php?id=20190326_c12b9t1510r12
https://pjjoint.malekal.com/files.php?id=20190326_e9y5o13p14d12
https://pjjoint.malekal.com/files.php?id=FRST_20190326_g12s8t12m7k12
https://pjjoint.malekal.com/files.php?id=20190326_c12b9t1510r12
Hello,
You've already installed TotalAV ... - to read: https://www.malekal.com/antivirus-totalav-avis-presentation/
Uninstall it.
Optionally uninstall:
All Wondershare programs
World of Tanks EU (unless you play it)
Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Restart FRST and then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
Save the content using the file menu and then save.
Close the notepad, return to FRST and click on the "Fix" button.
A restart may be required and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.
2)
Finish with a cleanup using Malwarebytes - Malwarebytes Anti-Malware free version tutorial
You've already installed TotalAV ... - to read: https://www.malekal.com/antivirus-totalav-avis-presentation/
Uninstall it.
Optionally uninstall:
All Wondershare programs
World of Tanks EU (unless you play it)
Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Restart FRST and then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
Start
CloseProcesses:
CreateRestorePoint:
Task: {9266198E-C073-44EB-8C5F-936E4EC064B2} - System32\Tasks\wextract => C:\Users\Admin\AppResolver\chgport.exe () [Unsigned file]
Task: {EF99CFCD-E95B-4946-B60A-D29D4955B3DC} - System32\Tasks\aswBoot => C:\Users\Admin\resmon\write.exe () [Unsigned file]
Task: {F90F9501-F956-42EF-A6DD-4C2FB26F66EE} - System32\Tasks\grpconv => C:\Users\Admin\perfmon\ImeBroker.exe () [Unsigned file]
C:\Users\Admin\perfmon
C:\Users\Admin\resmon
C:\Users\Admin\AppResolver
HKU\S-1-5-21-863412264-1523238715-1919381059-1001\...\Run: [ARP Manager] => C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70\ARP Manager\arpmgr.exe [53248 2018-03-05] (Microsoft Windows -> Microsoft Corporation)
C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
End
Save the content using the file menu and then save.
Close the notepad, return to FRST and click on the "Fix" button.
A restart may be required and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.
2)
Finish with a cleanup using Malwarebytes - Malwarebytes Anti-Malware free version tutorial
Recovery Scan Tool (x64) Version: 17.03.2019 Results
Executed by Admin (27-03-2019 09:00:12) Run:1
Executed from C:\Users\Admin\Desktop
Loaded profiles: Admin (Available profiles: Admin)
Boot mode: Normal
==============================================
fixlist content:
Start
CloseProcesses:
CreateRestorePoint:
Task: {9266198E-C073-44EB-8C5F-936E4EC064B2} - System32\Tasks\wextract => C:\Users\Admin\AppResolver\chgport.exe () [Unsigned file]
Task: {EF99CFCD-E95B-4946-B60A-D29D4955B3DC} - System32\Tasks\aswBoot => C:\Users\Admin\resmon\write.exe () [Unsigned file]
Task: {F90F9501-F956-42EF-A6DD-4C2FB26F66EE} - System32\Tasks\grpconv => C:\Users\Admin\perfmon\ImeBroker.exe () [Unsigned file]
C:\Users\Admin\perfmon
C:\Users\Admin\resmon
C:\Users\Admin\AppResolver
HKU\S-1-5-21-863412264-1523238715-1919381059-1001\...\Run: [ARP Manager] => C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70\ARP Manager\arpmgr.exe [53248 2018-03-05] (Microsoft Windows -> Microsoft Corporation)
C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
End
Processes closed successfully.
The restore point was created successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9266198E-C073-44EB-8C5F-936E4EC064B2}" => successfully deleted
C:\WINDOWS\System32\Tasks\wextract => successfully moved
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wextract" => successfully deleted
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF99CFCD-E95B-4946-B60A-D29D4955B3DC}" => not found
"C:\WINDOWS\System32\Tasks\aswBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aswBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F90F9501-F956-42EF-A6DD-4C2FB26F66EE}" => successfully deleted
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90F9501-F956-42EF-A6DD-4C2FB26F66EE}" => successfully deleted
C:\WINDOWS\System32\Tasks\grpconv => successfully moved
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\grpconv" => successfully deleted
C:\Users\Admin\perfmon => successfully moved
C:\Users\Admin\resmon => successfully moved
C:\Users\Admin\AppResolver => successfully moved
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ARP Manager" => successfully deleted
C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70 => successfully moved
C:\Windows\System32\Drivers\etc\hosts => successfully moved
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30771663 B
Java, Flash, Steam htmlcache => 1188 B
Windows/system/drivers => 433767 B
Edge => 14458 B
Chrome => 357579073 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 2996 B
NetworkService => 0 B
Admin => 14911920 B
RecycleBin => 9873 B
EmptyTemp: => 395.1 MB of temporary data deleted.
================================
The system had to restart.
Executed by Admin (27-03-2019 09:00:12) Run:1
Executed from C:\Users\Admin\Desktop
Loaded profiles: Admin (Available profiles: Admin)
Boot mode: Normal
==============================================
fixlist content:
Start
CloseProcesses:
CreateRestorePoint:
Task: {9266198E-C073-44EB-8C5F-936E4EC064B2} - System32\Tasks\wextract => C:\Users\Admin\AppResolver\chgport.exe () [Unsigned file]
Task: {EF99CFCD-E95B-4946-B60A-D29D4955B3DC} - System32\Tasks\aswBoot => C:\Users\Admin\resmon\write.exe () [Unsigned file]
Task: {F90F9501-F956-42EF-A6DD-4C2FB26F66EE} - System32\Tasks\grpconv => C:\Users\Admin\perfmon\ImeBroker.exe () [Unsigned file]
C:\Users\Admin\perfmon
C:\Users\Admin\resmon
C:\Users\Admin\AppResolver
HKU\S-1-5-21-863412264-1523238715-1919381059-1001\...\Run: [ARP Manager] => C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70\ARP Manager\arpmgr.exe [53248 2018-03-05] (Microsoft Windows -> Microsoft Corporation)
C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
End
Processes closed successfully.
The restore point was created successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9266198E-C073-44EB-8C5F-936E4EC064B2}" => successfully deleted
C:\WINDOWS\System32\Tasks\wextract => successfully moved
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wextract" => successfully deleted
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF99CFCD-E95B-4946-B60A-D29D4955B3DC}" => not found
"C:\WINDOWS\System32\Tasks\aswBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aswBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F90F9501-F956-42EF-A6DD-4C2FB26F66EE}" => successfully deleted
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90F9501-F956-42EF-A6DD-4C2FB26F66EE}" => successfully deleted
C:\WINDOWS\System32\Tasks\grpconv => successfully moved
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\grpconv" => successfully deleted
C:\Users\Admin\perfmon => successfully moved
C:\Users\Admin\resmon => successfully moved
C:\Users\Admin\AppResolver => successfully moved
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ARP Manager" => successfully deleted
C:\Users\Admin\AppData\Roaming\EE6A3D31-18E7-4FE0-B1F9-A3CA2C12DA70 => successfully moved
C:\Windows\System32\Drivers\etc\hosts => successfully moved
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => successfully deleted
"HKU\S-1-5-21-863412264-1523238715-1919381059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => successfully deleted
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30771663 B
Java, Flash, Steam htmlcache => 1188 B
Windows/system/drivers => 433767 B
Edge => 14458 B
Chrome => 357579073 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 2996 B
NetworkService => 0 B
Admin => 14911920 B
RecycleBin => 9873 B
EmptyTemp: => 395.1 MB of temporary data deleted.
================================
The system had to restart.
End of Fixlog 09:01:52
Hello, I have the same problem. Here are the analyses, here are the 3 reports:
https://pjjoint.malekal.com/files.php?id=20190331_r14h14u15e13e14
https://pjjoint.malekal.com/files.php?id=FRST_20190331_z14c10o12u11c13
https://pjjoint.malekal.com/files.php?id=20190331_p10t13z15n14w9
https://pjjoint.malekal.com/files.php?id=20190331_r14h14u15e13e14
https://pjjoint.malekal.com/files.php?id=FRST_20190331_z14c10o12u11c13
https://pjjoint.malekal.com/files.php?id=20190331_p10t13z15n14w9
Hello,
Not much that could explain these CMD openings.
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST and then press the CTRL + Y keys on your keyboard.
The notepad will open, copy/paste this.
Save the content using the file menu then save.
Close the notepad, go back to FRST and click the "Fix" button
A restart may be necessary and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.
Not much that could explain these CMD openings.
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST and then press the CTRL + Y keys on your keyboard.
The notepad will open, copy/paste this.
Start
CloseProcesses:
CreateRestorePoint:
Task: {9660122A-D221-4472-968D-5AF160589968} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {AB936D88-B8CF-4FCA-A97F-0A19E876FF11} - System32\Tasks\Opera scheduled Autoupdate 1548808161 => C:\Users\mathis\AppData\Local\Programs\Opera\launcher.exe
Task: {B6213678-871E-4258-B640-7825E0AE250F} - System32\Tasks\update-S-1-5-21-2734231168-1814704518-1204797668-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
End
Save the content using the file menu then save.
Close the notepad, go back to FRST and click the "Fix" button
A restart may be necessary and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.