Skenování malwarebytes se po pár vteřinách samo zruší

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43060
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenování malwarebytes se po pár vteřinách samo zruší

Příspěvekod jaro3 » 31 srp 2020 18:04

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
Příště je třeba vše vypnoput!!


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {6ca3a956-e88b-11ea-b57a-106530ed605f} - "E:\autorun.exe"
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {71cf1fd8-30ad-11ea-acda-9cb6d06b162e} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {ab2cafd3-c210-11ea-b577-9cb6d06b162e} - "E:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2020-03-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2FD9C101-2004-45AD-A49C-250801AE79A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-04-04] (Google Inc -> Google LLC)
Task: {7ED4DB04-37CD-4A15-8507-2C6A1504AB1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-04-04] (Google Inc -> Google LLC)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> DefaultScope {6DCBC374-7B8A-4DDA-A33C-D399AA33CFBC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {6DCBC374-7B8A-4DDA-A33C-D399AA33CFBC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {FC2E5F89-9B46-4019-8EEC-45F95DB91A49} URL =
C:\WINDOWS\system32\Tasks\AVAST Software
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Virustotal: C:\Windows\System32\DriverStore\FileRepository\tobii_cassini_mlk.inf_amd64_270e667274682244\tobii_usb_host_service.exe
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Failed to access process -> AWCC.Background.Server.exe
Failed to access process -> AWCC.Background.Server.exe
Alienware\AlienwareMobileConnectDrivers\AlienwareMobileConnectWelcome.exe
Je třeba ten program přeinstalovat.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
Patrik_P
nováček
Příspěvky: 20
Registrován: srpen 20
Pohlaví: Muž
Stav:
Offline

Re: Skenování malwarebytes se po pár vteřinách samo zruší

Příspěvekod Patrik_P » 31 srp 2020 20:12

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
Ran by Patrik (31-08-2020 18:52:29) Run:1
Running from C:\Users\patri\Desktop
Loaded Profiles: Patrik
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {6ca3a956-e88b-11ea-b57a-106530ed605f} - "E:\autorun.exe"
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {71cf1fd8-30ad-11ea-acda-9cb6d06b162e} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\...\MountPoints2: {ab2cafd3-c210-11ea-b577-9cb6d06b162e} - "E:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2020-03-29]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2FD9C101-2004-45AD-A49C-250801AE79A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-04-04] (Google Inc -> Google LLC)
Task: {7ED4DB04-37CD-4A15-8507-2C6A1504AB1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-04-04] (Google Inc -> Google LLC)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> DefaultScope {6DCBC374-7B8A-4DDA-A33C-D399AA33CFBC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {6DCBC374-7B8A-4DDA-A33C-D399AA33CFBC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4005144789-3426964184-1333929177-1001 -> {FC2E5F89-9B46-4019-8EEC-45F95DB91A49} URL =
C:\WINDOWS\system32\Tasks\AVAST Software
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Virustotal: C:\Windows\System32\DriverStore\FileRepository\tobii_cassini_mlk.inf_amd64_270e667274682244\tobii_usb_host_service.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca3a956-e88b-11ea-b57a-106530ed605f} => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71cf1fd8-30ad-11ea-acda-9cb6d06b162e} => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab2cafd3-c210-11ea-b577-9cb6d06b162e} => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FD9C101-2004-45AD-A49C-250801AE79A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FD9C101-2004-45AD-A49C-250801AE79A6}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ED4DB04-37CD-4A15-8507-2C6A1504AB1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ED4DB04-37CD-4A15-8507-2C6A1504AB1E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6DCBC374-7B8A-4DDA-A33C-D399AA33CFBC} => removed successfully
HKU\S-1-5-21-4005144789-3426964184-1333929177-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC2E5F89-9B46-4019-8EEC-45F95DB91A49} => removed successfully
C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
VirusTotal: C:\Windows\System32\DriverStore\FileRepository\tobii_cassini_mlk.inf_amd64_270e667274682244\tobii_usb_host_service.exe => https://www.virustotal.com/gui/file/163 ... 1528162642

=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14836130 B
Java, Flash, Steam htmlcache => 1083 B
Windows/system/drivers => 1453576 B
Edge => 0 B
Chrome => 139264 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4756 B
NetworkService => 4756 B
patri => 144466228 B

RecycleBin => 0 B
EmptyTemp: => 162 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:53:01 ====
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43060
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenování malwarebytes se po pár vteřinách samo zruší

Příspěvekod jaro3 » 31 srp 2020 20:26

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů