kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

saska
nováček
Příspěvky: 42
Registrován: květen 20
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu

Příspěvekod saska » 17 kvě 2020 16:59

je už to ono?

RogueKiller Anti-Malware V14.4.2.0 (x64) [Apr 30 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : vlasta [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200515_094408, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/05/17 16:47:39 (Duration : 00:26:41)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-996778704-1629249770-274376508-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce|Application Restart #0 -- [%_vlasta_appdata%\Seznam] -> Deleted
[Adw.Seznam (Malicious)] Seznam.cz -- %localappdata%\Seznam.cz -> Deleted
=> BrowserMetrics-5EC13395-108C.pma -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\BrowserMetrics\BrowserMetrics-5EC13395-108C.pma [1]
=> BrowserMetrics -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\BrowserMetrics [1]
=> metadata -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Crashpad\metadata [1]
=> reports -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Crashpad\reports [1]
=> settings.dat -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Crashpad\settings.dat [1]
=> Crashpad -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Crashpad [1]
=> CrashpadMetrics-active.pma -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\CrashpadMetrics-active.pma [1]
=> Network Persistent State -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Default\Network Persistent State [1]
=> Default -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Default [1]
=> FontLookupTableCache -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\FontLookupTableCache [1]
=> Local State -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\Local State [1]
=> data_0 -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache\data_0 [1]
=> data_1 -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache\data_1 [1]
=> data_2 -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache\data_2 [1]
=> data_3 -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache\data_3 [1]
=> index -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache\index [1]
=> GPUCache -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache\GPUCache [1]
=> ShaderCache -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data\ShaderCache [1]
=> User Data -- C:\Users\vlasta\AppData\Local\Seznam.cz\User Data [1]

Reklama
saska
nováček
Příspěvky: 42
Registrován: květen 20
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu

Příspěvekod saska » 17 kvě 2020 17:15

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  17.5.2020 17:10:21
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:01:09
Zkontrolované objekty    :  1441
Zjištěné objekty    :  0
Vyloučené objekty    :  0
Automatické odesílání    :  Ano
Operační systém    :  Windows 7 x64
Procesor    :  2X Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Režim systému BIOS    :  Legacy
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  12E22CF47CC3EA00E52A4E

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jaro3 » 17 kvě 2020 17:30

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

saska
nováček
Příspěvky: 42
Registrován: květen 20
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu

Příspěvekod saska » 17 kvě 2020 17:48

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.7

Platform: x64 Windows 7 (Home Premium), 6.1.7601.24544, Service Pack: 1
Time: 17.05.2020 - 17:43 (UTC+02:00)
Language: OS: Czech (0x405). Display: Czech (0x405). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: vlasta (group: Administrator) on VLASTA-PC, FirstRun: yes

Chrome: 81.0.4044.138
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
1 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
1 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
1 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
1 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
1 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
1 C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
1 C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\RogueKiller\RogueKiller64.exe
1 C:\Program Files\RogueKiller\RogueKillerSvc.exe
1 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1 C:\Users\vlasta\Desktop\HiJackThis.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
13 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.seznam.cz/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: [URL] = http://www.google.com/search?q={searchTerms} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: [SuggestionsURL,SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: [URL] = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ424CZ426 - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL,SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{72F7D073-4B53-4DD2-ACB1-2CA87D872EC5}: [URL] = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454 - Seznam TV Program
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
O2 - HKLM\..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2-32 - HKLM\..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2-32 - HKLM\..\BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2-32 - HKLM\..\BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - (no file)
O3 - HKLM\..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - HKLM\..\Toolbar: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O3-32 - HKLM\..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] = C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk [backup] => C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (2012/08/19) (file missing)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk [backup] => C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (2012/08/19) (file missing)
O4 - MSConfig\startupreg: APSDaemon [command] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (HKLM) (2016/08/10)
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2016/08/10)
O4 - MSConfig\startupreg: Adobe Reader Speed Launcher [command] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (HKLM) (2016/08/10)
O4 - MSConfig\startupreg: AthBtTray [command] = C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (HKLM) (2016/08/10)
O4 - MSConfig\startupreg: AtherosBtStack [command] = C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (HKLM) (2016/08/10)
O4 - MSConfig\startupreg: CCleaner Monitoring [command] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2016/08/10)
O4 - MSConfig\startupreg: ETDWare [command] = C:\Program Files\Elantech\ETDCtrl.exe (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: IAStorIcon [command] = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: LManager [command] = C:\Program Files (x86)\Launch Manager\LManager.exe (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: PLFSetI [command] = C:\Windows\PLFSetI.exe (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: RtHDVCpl [command] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: Sidebar [command] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (HKCU) (2012/08/19)
O4 - MSConfig\startupreg: StartCCC [command] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun (HKLM) (2012/08/19)
O4 - MSConfig\startupreg: swg [command] = C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (HKCU) (2012/08/19)
O4-32 - HKLM\..\Run: [AntiLogger] = C:\Program Files (x86)\AntiLogger\AntiLogger.exe /minimized (file missing)
O9 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - (no file)
O9 - Button: HKLM\..\{CCA281CA-C863-46ef-9331-5C8D4460577F}: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - (no file)
O9 - Tools menu item: HKLM\..\{CCA281CA-C863-46ef-9331-5C8D4460577F}: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9-32 - Button: HKLM\..\{0000036B-C524-4050-81A0-243669A86B9F}: Doplněk Messenger Companion (Ctrl+Shift+C) - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Přidat na blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9-32 - Button: HKLM\..\{CCA281CA-C863-46ef-9331-5C8D4460577F}: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: &Přidat na blog prostřednictvím aplikace Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9-32 - Tools menu item: HKLM\..\{CCA281CA-C863-46ef-9331-5C8D4460577F}: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - DHCP DNS 1: 10.0.0.138
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = (no CLSID) - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task: (disabled) CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
O22 - Task: (disabled) {3CA194BE-93C7-46D3-B2F3-65BBC140A86D} - c:\program files\internet explorer\iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/cs/a ... age=tsBing
O22 - Task: (disabled) {58207BE7-DAAC-4065-B991-59F31D21606A} - C:\Windows\system32\pcalua.exe -a C:\ProgramData\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe -d C:\ProgramData\LGMOBILEAX\B2C_Client
O22 - Task: (disabled) {A2DE4739-2E3C-471A-8E1E-8283661498EA} - C:\Windows\system32\pcalua.exe -a C:\Users\vlasta\Desktop\AMC\Setup.exe -d C:\Users\vlasta\Desktop\AMC
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Task: AMHelper - C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /UPDATE
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe -check pepperplugin
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: AdwCleaner_onReboot - C:/Users/vlasta/Desktop/adwcleaner_8.0.4.exe /r
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \AVAST Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\End Of Support\Notify1 - C:\Windows\system32\sipnotify.exe -LogonOrUnlock (Microsoft)
O22 - Task: \Microsoft\Windows\End Of Support\Notify2 - C:\Windows\system32\sipnotify.exe -Daily (Microsoft)
O22 - Task: \Microsoft\Windows\Setup\EOSNotify2 - C:\Windows\system32\EOSNotify.exe -Daily (Microsoft)
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Application Virtualization Client - (sftlist) - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
O23 - Service R2: AtherosSvc - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe /runassvc
O23 - Service R2: Bluetooth Service - (btwdins) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service R2: Broadcom Wireless LAN Tray Service - (wltrysvc) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe"
O23 - Service R2: Client Virtualization Handler - (cvhsvc) - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Dritek WMI Service - (DsiWMIService) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service R2: NTI Backup Now 5 Scheduler Service - (NTISchedulerSvc) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service R2: NTI IScheduleSvc - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service R2: Protexis Licensing V2 - (PSI_SVC_2) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service R2: RogueKiller RTP - (rkrtservice) - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service R2: SeaPort - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
O23 - Service R2: Windows Live ID Sign-in Assistant - (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service R3: Application Virtualization Service Agent - (sftvsa) - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: GREGService - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe Files (x86)\Acer\Registration\GREGsvc.exe (file missing)
O23 - Service S2: Raw Socket Service - (RS_Service) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe Files (x86)\Acer\Acer VCM\RS_Service.exe (file missing)
O23 - Service S2: Služba %1!s! Update (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Služba Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Updater Service - C:\Program Files\Acer\Acer Updater\UpdaterService.exe Files\Acer\Acer Updater\UpdaterService.exe (file missing)
O23 - Service S3: Acer ePower Service - (ePowerSvc) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe Files\Acer\Acer ePower Management\ePowerSvc.exe (file missing)
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\81.0.4053.113\elevation_service.exe
O23 - Service S3: Bing Bar Update Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\elevation_service.exe
O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: IviRegMgr - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: NTI Backup Now 5 Backup Service - (NTIBackupSvc) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service S3: Služba %1!s! Update (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Služba Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe


--
End of file - Time spent: 16,6 sec. - 41968 bytes, CRC32: FFFFFFFF. Sign: 剎Ή

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jaro3 » 17 kvě 2020 18:00

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: [URL] = http://www.google.com/search?q={searchTerms} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: [SuggestionsURL,SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: [URL] = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ424CZ426 - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL,SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{72F7D073-4B53-4DD2-ACB1-2CA87D872EC5}: [URL] = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454 - Seznam TV Program
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
O2-32 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - (no file)
O3 - HKLM\..\Toolbar: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk [backup] => C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (2012/08/19) (file missing)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk [backup] => C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (2012/08/19) (file missing)
O4-32 - HKLM\..\Run: [AntiLogger] = C:\Program Files (x86)\AntiLogger\AntiLogger.exe /minimized (file missing)
O9 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - (no file)
O9 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = (no CLSID) - (no file)


Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

saska
nováček
Příspěvky: 42
Registrován: květen 20
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu

Příspěvekod saska » 17 kvě 2020 19:57

vše jsem udělala, notebook je znatelně rychlejší než byl, co s těmi programy co jsem stáhla... odinstalovat nebo je nechat v pc? moc děkuji za pomoc a trpělivost

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu

Příspěvekod jaro3 » 17 kvě 2020 20:03

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Zbytek odinstalovat nebo ponechat.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

saska
nováček
Příspěvky: 42
Registrován: květen 20
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu  Vyřešeno

Příspěvekod saska » 17 kvě 2020 20:24

# DelFix v1.013 - Logfile created 17/05/2020 at 20:21:10
# Updated 17/04/2016 by Xplode
# Username : vlasta - VLASTA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\vlasta\Desktop\adwcleaner_8.0.4.exe
Deleted : C:\Users\vlasta\Desktop\JRT.exe
Deleted : C:\Users\vlasta\Desktop\JRT.txt
Deleted : C:\Users\vlasta\Desktop\HiJackThis.exe
Deleted : C:\Users\vlasta\Desktop\HiJackThis.log
Deleted : C:\Users\vlasta\Desktop\HiJackThis.zip
Deleted : C:\Users\vlasta\Desktop\RogueKiller_setup_ref3.exe
Deleted : C:\Users\vlasta\Desktop\TFC.exe
Deleted : C:\Users\vlasta\Desktop\zoek.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #766 [Windows Update | 05/16/2020 17:35:55]
Deleted : RP #767 [AdwCleaner_BeforeCleaning_16/05/2020_20:12:03 | 05/16/2020 18:12:07]
Deleted : RP #768 [JRT Pre-Junkware Removal | 05/16/2020 20:55:03]
Deleted : RP #769 [Installed Sophos Virus Removal Tool. | 05/16/2020 21:45:34]
Deleted : RP #770 [zoek.exe restore point | 05/17/2020 13:08:12]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů