kontrola logu starý NTB Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 09 led 2021 17:24

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Home), 10.0.19042.631 (ReleaseId: 2009), Service Pack: 0
Time: 09.01.2021 - 16:53 (UTC+01:00)
Language: OS: Slovak (0x41B). Display: Slovak (0x41B). Non-Unicode: Slovak (0x41B)
Elevated: Yes
Ran by: Ježekovci (group: Administrator) on JEŽEKOVCI-HP, FirstRun: yes

Chrome: 87.0.4280.88
Edge: 11.0.19041.546
Internet Explorer: 11.0.19041.1
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
1 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
1 C:\Program Files (x86)\Communication Manager\AssistantServices.exe
1 C:\Program Files (x86)\Communication Manager\CancelAutoPlay.exe
1 C:\Program Files (x86)\Communication Manager\UIExec.exe
1 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
8 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
1 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
1 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1 C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files\AVG\Antivirus\AVGSvc.exe
3 C:\Program Files\AVG\Antivirus\AVGUI.exe
1 C:\Program Files\AVG\Antivirus\aswEngSrv.exe
1 C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
1 C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
1 C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
1 C:\Program Files\Common Files\AVG\Overseer\overseer.exe
1 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\McAfee\WebAdvisor\browserhost.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\Windows Defender\MsMpEng.exe
1 C:\Program Files\Windows Defender\NisSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
2 C:\Users\Ježekovci\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
1 C:\Users\Ježekovci\Downloads\HiJackThis (1).exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
1 C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2 C:\Windows\SysWOW64\OneDriveSetup.exe
1 C:\Windows\SysWOW64\ezSharedSvcHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\Taskmgr.exe
1 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\cmd.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
3 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\fodhelper.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\rundll32.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
81 C:\Windows\System32\svchost.exe
4 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.621_none_e7694895260e0b6d\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://www.bing.com?pc=CPNTDF
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: [URL] = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF - Ask.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: [URL] = http://sk.wikipedia.org/wiki/Special:Search?search={searchTerms} - Wikipedia
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: [URL] = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF - Ask.com
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: [URL] = http://sk.wikipedia.org/wiki/Special:Search?search={searchTerms} - Wikipedia
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 rp.yefeneri2.com
O1 - Hosts: 0.0.0.0 os.yefeneri2.com
O1 - Hosts: 0.0.0.0 os2.yefeneri2.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
O2 - HKLM\..\BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (file missing)
O2 - HKLM\..\BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
O2 - HKLM\..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2 - HKLM\..\BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (file missing)
O2-32 - HKLM\..\BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (file missing)
O2-32 - HKLM\..\BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2-32 - HKLM\..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2-32 - HKLM\..\BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O2-32 - HKLM\..\BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O3 - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O3 - HKLM\..\Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
O3 - HKLM\..\Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (file missing)
O3 - HKLM\..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3-32 - HKLM\..\Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3-32 - HKLM\..\Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (file missing)
O3-32 - HKLM\..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [Opera Browser Assistant] = C:\Users\Ježekovci\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [Skype] = C:\Program Files (x86)\Skype\Phone\skype.exe /nosplash /minimized
O4 - HKLM\..\Run: [AVGUI.exe] = C:\Program Files\AVG\Antivirus\AvLaunch.exe /gui
O4 - HKLM\..\Run: [AthBtTray] = C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [AtherosBtStack] = C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (file missing)
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SetDefault] = C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4-32 - HKLM\..\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4-32 - HKLM\..\Run: [CancelAutoPlay] = C:\Program Files (x86)\Communication Manager\CancelAutoPlay.exe run
O4-32 - HKLM\..\Run: [Easybits Recovery] = C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4-32 - HKLM\..\Run: [HP Quick Launch] = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4-32 - HKLM\..\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4-32 - HKLM\..\Run: [HPOSD] = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4-32 - HKLM\..\Run: [Magic Desktop for HP notification] = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4-32 - HKLM\..\Run: [UIExec] = C:\Program Files (x86)\Communication Manager\UIExec.exe
O9 - Button: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Spustí HP Kontrola siete, ktorá vám pomôže vyriešiť vaše problémy s pripojením - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Kontrola siete - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pridať do blogu - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Button: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Spustí HP Kontrola siete, ktorá vám pomôže vyriešiť vaše problémy s pripojením - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9-32 - Button: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pridať do &blogu v programe Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9-32 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Kontrola siete - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9-32 - Tools menu item: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O15 - Trusted Zone: http://help.eset.com
O17 - DHCP DNS 1: 192.168.1.1
O17 - DHCP DNS 2: 195.146.128.62
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellExecuteHooks: [{E54729E8-BB3D-4270-9D49-7389EA579090}] - EasyBits ShellExecute Hook - C:\Windows\SysWOW64\ezUPBHook.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40b4-8963-D3C761B18371} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47c2-B62A-B7C4CED925CB} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDfE067B1} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: Antivirus Emergency Update - C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
O22 - Task: CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: HP AR Program Upload - 2d2176f1d11149e8a3e666f055ad476dcd16d18e623743a196018d602cfe1a61 - C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe -N 2d2176f1d11149e8a3e666f055ad476dcd16d18e623743a196018d602cfe1a61 -mode Scheduled
O22 - Task: HP AR Program Upload - eb0ed2cb5367441295ca947c5e2033d4f0b4641fe83447e094b0387a8caba88e - C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe -N eb0ed2cb5367441295ca947c5e2033d4f0b4641fe83447e094b0387a8caba88e -mode Scheduled
O22 - Task: HPCustParticipation HP Deskjet 1510 series - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe /UA 12.5 /DDV 0x0b00
O22 - Task: MirageAgent - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-3070308490-1869278605-3358388127-500 - C:\Users\Ježekovci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-4028413010-2768591140-4031899493-500 - C:\Users\Ježekovci\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Opera scheduled Autoupdate 1601112824 - C:\Users\Ježekovci\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1601112997 - C:\Users\Ježekovci\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Ježekovci\AppData\Local\Programs\Opera\assistant" $(Arg0)
O22 - Task: Registration - C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe Registration ShowMessageTask2D
O22 - Task: \AVAST Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe /from_scheduler:1
O22 - Task: \AVG\Overseer - C:\Program Files\Common Files\AVG\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA
O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart
O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u
O22 - Task: \Hewlett-Packard\HP Support Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
O22 - Task: \Hewlett-Packard\HP Support Assistant\Product Configurator - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\End Of Support\Notify1 - C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (file missing)
O22 - Task: \Microsoft\Windows\End Of Support\Notify2 - C:\WINDOWS\system32\sipnotify.exe -Daily (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing)
O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43da-BFD7-FBEEA2180A1E} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4f47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem (Microsoft)
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem (Microsoft)
O23 - Service R2: AVG Antivirus - C:\Program Files\AVG\Antivirus\AVGSvc.exe /runassvc
O23 - Service R2: AVG Tools - C:\Program Files\AVG\Antivirus\avgToolsSvc.exe /runassvc
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Andrea RT Filters Service - (AERTFilters) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service R2: Application Virtualization Client - (sftlist) - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
O23 - Service R2: ByteFence Real-time Protection - (rtop) - c:\program files\bytefence\rtop\bin\rtop_svc.exe
O23 - Service R2: Client Virtualization Handler - (cvhsvc) - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service R2: Easybits Services for Windows - (ezSharedSvc) - C:\WINDOWS\SysWOW64\ezSharedSvcHost.exe
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service R2: HPWMISVC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TrueSuiteService - (FPLService) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service R2: UI Assistant Service - C:\Program Files (x86)\Communication Manager\AssistantServices.exe
O23 - Service R2: ZAtheros Bt&Wlan Coex Agent - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service R2: Úložná technologie Intel(R) Rapid - (IAStorDataMgrSvc) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service R3: BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
O23 - Service R3: HP Software Framework Service - (hpqwmiex) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S2: AvgWscReporter - C:\Program Files\AVG\Antivirus\wsc_proxy.exe /runassvc /rpcserver
O23 - Service S2: BingBar Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
O23 - Service S2: Služba Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: GamesAppIntegrationService - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service S3: GamesAppService - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\elevation_service.exe
O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Služba Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TrueAPI Service component - (TrueService) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service S3: avgbIDSAgent - C:\Program Files\AVG\Antivirus\aswidsagent.exe


--
End of file - Time spent: 116,6 sec. - 69466 bytes, CRC32: FFFFFFFF. Sign: 왂欹

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod jaro3 » 09 led 2021 18:36

nedávej logy do spoileru ani do code!

AVG a Eset , jeden antivir odinstaluj!

pane , jo.
Vlož tento log z HJT:
http://www.pc-help.cz/viewtopic.php?f=70&t=5119
https://sourceforge.net/projects/hjt/fi ... e/download

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
kecalek
Level 3
Level 3
Příspěvky: 599
Registrován: říjen 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod kecalek » 09 led 2021 20:27

:offtopic:
jaro3 píše:....................

AVG a Eset , jeden antivir odinstaluj!

.........................

Má tam ešte McAfee!
Ja by som skôr radil - VŠETKY odinštalovať - AVG, ESET, McAfee a nechať len Defendera.
Všetky tieto AV programy sa totiž medzi sebou "hádajú".

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod jaro3 » 09 led 2021 21:25

kecalek: viz pravidla sekce HJT!

McAfee WebAdvisor není antivir!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 10 led 2021 13:42

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Home), 10.0.19042.631 (ReleaseId: 2009), Service Pack: 0
Time: 10.01.2021 - 13:36 (UTC+01:00)
Language: OS: Slovak (0x41B). Display: Slovak (0x41B). Non-Unicode: Slovak (0x41B)
Elevated: Yes
Ran by: Ježekovci (group: Administrator) on JEŽEKOVCI-HP, FirstRun: yes

Chrome: 87.0.4280.88
Edge: 11.0.19041.546
Internet Explorer: 11.0.19041.1
Default: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1 (CCleaner Browser)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
1 C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Users\Ježekovci\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\Ježekovci\Downloads\HiJackThis (1).exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Ježekovci\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O17 - DHCP DNS 1: 192.168.0.1
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: AdwCleaner_onReboot - C:/Users/Ježekovci/Downloads/adwcleaner_8.0.8.exe /r
O22 - Task: CCleaner Browser Heartbeat Task (Hourly) - C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe --type=heartbeat --hourly
O22 - Task: CCleaner Browser Heartbeat Task (Logon) - C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe --type=heartbeat --logon
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CCleanerUpdateTaskMachineCore - C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /c
O22 - Task: CCleanerUpdateTaskMachineUA - C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /ua /installsource scheduler
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S2: AVG Antivirus - C:\Program Files\AVG\Antivirus\AVGSvc.exe /runassvc (file missing)
O23 - Service S2: AvgWscReporter - C:\Program Files\AVG\Antivirus\wsc_proxy.exe /runassvc /rpcserver (file missing)
O23 - Service S2: Služba CCleaner Browser Update (ccleaner) - (ccleaner) - C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /svc
O23 - Service S3: CCleaner Browser Elevation Service (CCleanerBrowserElevationService) - (CCleanerBrowserElevationService) - C:\Program Files (x86)\CCleaner Browser\Application\86.1.6938.201\elevation_service.exe
O23 - Service S3: Služba CCleaner Browser Update (ccleanerm) - (ccleanerm) - C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /medsvc
O23 - Service S3: avgbIDSAgent - C:\Program Files\AVG\Antivirus\aswidsagent.exe (file missing)


--
End of file - Time spent: 50,6 sec. - 10824 bytes, CRC32: FFFFFFFF. Sign: 凝듎

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 10 led 2021 13:43

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-10-2021
# Duration: 00:00:39
# OS: Windows 10 Home
# Cleaned: 40
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted izito.sk

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
Deleted Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted Preinstalled.HPLaunchBox Folder C:\Program Files\HEWLETT-PACKARD\HP LAUNCHBOX
Deleted Preinstalled.HPLaunchBox Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5A847522-375C-4D05-BD3D-88C450CC047F}
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Ježekovci\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Ježekovci\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}
Deleted Preinstalled.WildTangentGamesBundle File C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted Preinstalled.WildTangentGamesBundle Registry HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6399 octets] - [10/01/2021 11:40:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 10 led 2021 13:44

Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 10. 1. 2021
Čas skenovania: 13:22
Súbor denníka: 7068a33c-533e-11eb-80fb-74e543aff9a3.json

-Údaje o softvéri-
Verzia: 4.3.0.98
Verzia súčastí: 1.0.1130
Aktualizovať verziu balíka: 1.0.35507
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 19041.631)
Procesor: x64
Systém súborov: NTFS
Používateľ: Je\u00c5\u00beekovci-HP\Je\u00c5\u00beekovci

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 282646
Zistené hrozby: 35
Hrozby umiestnené do karantény: 35
Uplynulý čas: 9 min, 48 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 7
PUP.Optional.ByteFence, HKLM\SOFTWARE\CLASSES\*\SHELL\ByteFence File Scan, Umiestené do karantény, 8809, 391313, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELL\ByteFence Folder Scan, Umiestené do karantény, 8809, 823186, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\Bytefence, Umiestené do karantény, 8809, 388723, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Umiestené do karantény, 8809, 388723, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, Umiestené do karantény, 8809, 388725, 1.0.35507, , ame, , ,
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Umiestené do karantény, 2966, 184157, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Umiestené do karantény, 8809, 389039, 1.0.35507, , ame, , ,

Hodnota databázy Registry: 2
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Umiestené do karantény, 2966, 184157, 1.0.35507, , ame, , ,
PUP.Optional.Searchweb, HKU\S-1-5-21-4028413010-2768591140-4031899493-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|glcaichhfonmdfcnehdkclfpbcopidnc, Umiestené do karantény, 10334, 554502, , , , , ,

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 7
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP, Umiestené do karantény, 8809, 388718, , , , , ,
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, Umiestené do karantény, 8809, 388718, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, Umiestené do karantény, 8809, 823168, 1.0.35507, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, Umiestené do karantény, 8809, 823167, 1.0.35507, , ame, , ,
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc, Umiestené do karantény, 10334, 554502, , , , , ,
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Umiestené do karantény, 10334, 554502, , , , , ,
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Umiestené do karantény, 10334, 554502, , , , , ,

Súbor: 19
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\hosts_backup, Umiestené do karantény, 8809, 388718, , , , , A4ECA8014112A13122660B77E6F9ECA2, D311A04D648B6A745F75A8D55D063343BBB8758DFCF0AFFE1DDA9B7617DD4BC6
PUP.Optional.ByteFence, C:\ProgramData\ByteFence\RTOP\uclogfile.bin, Umiestené do karantény, 8809, 388718, , , , , ,
Adware.InstallCore, C:\USERS\JEžEKOVCI\DOWNLOADS\MICROSOFT_POWERPOINT_SOFTFAMOUS_DOWNLOAD_MANAGER11836_1244839755.EXE, Umiestené do karantény, 3451, 845509, 1.0.35507, , ame, , D0BE4DF73557FEAA5AB3CFBF4CB1D65E, 7698FC6B79ACF982CED5FAFBAEFE1E67E24258EA02775F8FEBCFFBF2764A7209
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahradené, 10334, 554502, , , , , 347418B98084E5523F38C90F8D3B6818, 0913BDEC40714E69AB54D3DBD79DF195B35D09E9E17B633567546178EAC2D621
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nahradené, 10334, 554502, , , , , E90A239BF34C3C2BE6F2DD68B1C33010, 42A263D355798ADAD705296C7976C43864FC4A6ED78E8FE1F04AFFA3F9177DE0
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\000003.log, Umiestené do karantény, 10334, 554502, , , , , C3066A9A5188CD42F24C9E2BB4A4D226, EB651BA56E2906256983B0E259E7DFC551ECE7A460D80B31E39A1FD06410DB26
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\CURRENT, Umiestené do karantény, 10334, 554502, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\LOCK, Umiestené do karantény, 10334, 554502, , , , , ,
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\LOG, Umiestené do karantény, 10334, 554502, , , , , D17D662F75ECF2653C79A91137D2B78E, A107664C8E264A27156FA607D18887AC3FDBC2E87D1BBBEE4A64F51F336E44E5
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\LOG.old, Umiestené do karantény, 10334, 554502, , , , , F051693AF67D67400E3A9ED5D4915B2B, 81328DDA67B3C6FE03EE0B4A3D60C27162A96317D9D1C2A3588607F9D89E0C34
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glcaichhfonmdfcnehdkclfpbcopidnc\MANIFEST-000001, Umiestené do karantény, 10334, 554502, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000072.log, Umiestené do karantény, 10334, 554502, , , , , 21570E15F0A2A882E704475638540732, B79DE858020997EDF4A323C83638A07626F76DAB2081F8FC20844DFBE77C2934
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000074.ldb, Umiestené do karantény, 10334, 554502, , , , , 2523FFBABF63EAFD1A5C21FB9FDFD433, F221DF7822532970DE3280ADE0E721852BD7A20345BD0A4AA9D96D2E47B3967D
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Umiestené do karantény, 10334, 554502, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Umiestené do karantény, 10334, 554502, , , , , ,
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Umiestené do karantény, 10334, 554502, , , , , 18AE218F28F09A293BF4DF386CB66993, B4B0F9EA05DD29432CB134F5F4BCCF0C56F338986DD8D8739C57386E433FDCD3
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Umiestené do karantény, 10334, 554502, , , , , DCA69A82851373C87B0B07A9A1F38965, 1A9292A75BC8766E4BED87CF2E303C39CE1E6C446E639E612B1947A67B1FA4B0
PUP.Optional.Searchweb, C:\Users\Ježekovci\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Umiestené do karantény, 10334, 554502, , , , , 2AA80DCFE434450B9FFF2BE10F60C685, 88F2B35A6BFCDB3DC176D4ECAAF3449C41237D9F3DE7B118AA7F19BAD0ED5FD0
PUP.Optional.Searchweb, C:\USERS\JEžEKOVCI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nahradené, 10334, 554502, 1.0.35507, , ame, , 347418B98084E5523F38C90F8D3B6818, 0913BDEC40714E69AB54D3DBD79DF195B35D09E9E17B633567546178EAC2D621

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod jaro3 » 10 led 2021 17:16

chtěl jsem tento HJT:
verze 2.0.4
https://sourceforge.net/projects/hjt/fi ... e/download

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs


Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 12 led 2021 18:26

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:12, on 12. 1. 2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)


Boot mode: Normal

Running processes:
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\System32\drivers\AdminService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_318195f - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5861 bytes

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 12 led 2021 18:27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Je§ekovci (Administrator) on ut 12. 01. 2021 at 16:36:38,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{1CC8C053-F049-4A61-AFCB-ED956AA266D5} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{3ADEB0BA-3A45-446C-8D73-53DCF05087D9} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{3C8A6E53-94C8-44E2-9E32-EFC08AC5E7FB} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{4F799F21-8C05-4BF9-82DC-B12E6575237D} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{5A536891-EE83-4087-8FB0-F745D87E7A69} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{624FE478-AE1D-4F77-8F5B-954F2CB73415} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{8E38CFE9-AC54-427D-9117-AFEEE45B90AC} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{9A0797AC-3735-4C5C-9853-28C0BCC200DB} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{A5A8BC38-E017-46A5-8E95-5F71BEE08711} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{A5C68DD5-8295-4107-BC34-F949D3299B8A} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{B224459A-BD43-427F-BF35-D862ACBD3AFA} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{BDB7546C-95ED-4080-B095-421A9CD43700} (Empty Folder)
Successfully deleted: C:\Users\Je§ekovci\AppData\Local\{EC90324C-8C36-4092-9BBE-1F0CF3523DEE} (Empty Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 12. 01. 2021 at 16:42:45,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

28_nitro_28
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: prosinec 15
Bydliště: Dolná Lehota
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod 28_nitro_28 » 12 led 2021 18:27

RogueKiller Anti-Malware V14.8.3.0 (x64) [Jan 12 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Je?ekovci [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210111_142503, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/01/12 16:50:58 (Duration : 01:14:14)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4028413010-2768591140-4031899493-1000\Software\ByteFence -- N/A -> Found
[PUP.Conduit (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4028413010-2768591140-4031899493-1000\Software\Conduit -- N/A -> Found
>>>>>> O46 - ShellExecuteHooks
[PUM.SEH (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -- 1 -> Found
[PUM.SEH (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -- 1 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu starý NTB

Příspěvekod jaro3 » 12 led 2021 19:08

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů