Prosím o kontrolu Logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 22 úno 2021 19:36

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 22.02.21
Čas skenování: 19:08
Logovací soubor: e94c9daa-7538-11eb-bbc6-18c04d4d2549.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1173
Aktualizovat verzi balíku komponent: 1.0.37397
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19042.685)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-73CVO93\počítač

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 267334
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 17 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)



Reklama
Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 22 úno 2021 19:37

RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : po?íta? [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210222_102815, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/02/22 19:29:58 (Duration : 00:03:54)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.InnovativeSolutions (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Innovative Solutions -- N/A -> Found
[PUP.InnovativeSolutions (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3460323731-991323446-3131711751-1002\Software\Innovative Solutions -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InnovativeSolutions (Potentially Malicious)] (folder) Innovative Solutions -- C:\Users\po?íta?\AppData\Local\Innovative Solutions -> Found
[PUP.DriverToolkit (Potentially Malicious)] (shortcut) $R0TVW6T.lnk -- C:\$Recycle.Bin\S-1-5-21-3460323731-991323446-3131711751-1001\$R0TVW6T.lnk => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 22 úno 2021 19:37

Sophos nic nenašel.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41443
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod jaro3 » 22 úno 2021 20:26

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 08:08

RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : po?íta? [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210222_102815, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/02/23 08:02:48 (Duration : 00:03:57)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InnovativeSolutions (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Innovative Solutions -- -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] HKEY_USERS\S-1-5-21-3460323731-991323446-3131711751-1002\Software\Innovative Solutions -- -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] Innovative Solutions -- %localappdata%\Innovative Solutions -> Deleted
=> checker6 -- C:\Users\POTA~1\AppData\Local\INNOVA~1\checker6 -> Deleted
[PUP.DriverToolkit (Potentially Malicious)] $R0TVW6T.lnk -- %SystemDrive%\$Recycle.Bin\S-1-5-21-3460323731-991323446-3131711751-1001\$R0TVW6T.lnk (lnk => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe []) -> Deleted

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 08:30

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by poźˇtaź on 23.02.2021 at 8:10:41,35.
Microsoft Windows 10 Home 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\POTA~1\Desktop\zoek1\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.02.2021 8:11:40 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\POTA~1\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\POTA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d6mlx54s.default-release\prefs.js:

Added to C:\Users\POTA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d6mlx54s.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\POTA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d6mlx54s.default-release

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"pinTab\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"a
---- FireFox user.js and prefs.js backups ----

prefs__0820_.backup

==== Deleting Files \ Folders ======================

C:\Windows\SysNative\config\systemprofile\AppData\Local\CM25FD6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c2ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c2be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c2df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c2f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c303.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c314.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c326.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c376.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c388.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c399.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c3bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c3cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c3de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c3ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c401.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c422.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c424.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c436.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1d6c-20d0-18c457.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe5e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe6f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe73.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fe9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fea1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24fea3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24feb4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e98-b28-24feb6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5ba8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5baa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bbc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bbe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bc0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5be7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5be9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5beb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bfd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5bff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c16.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-e98-1e5c2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9acdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9acde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ace0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9acf1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9acf3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9acf5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad57.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad6b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-2074-9ad6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf3a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf78.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbdf90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbe0da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbe783.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbe7d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2600-2004-3fbe843.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f72.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f83.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f8d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11f9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fa1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fa3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fa5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fa7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fb8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-690-68c-11fba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d8f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0d93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0da5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0da7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0da9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dbc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dbe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dc0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dc2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dc4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dd8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6a8-1124-b6d0dda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d8f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d901.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d903.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d905.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d907.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d919.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e0-df8-14d91b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2705bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2705de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2705ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2705f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270613.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270615.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270617.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270628.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-27062a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-27062c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-27067c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-27067e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270680.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-270692.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2706b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2706b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2706c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2706f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b28-44c-2706fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143620.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143631.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143633.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143635.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143647.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143649.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14364b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14364d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14365e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143660.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143662.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143674.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143686.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-143688.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14368a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14368c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14369d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-14369f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f54-1e68-1436a1.tmp deleted
"C:\DumpStack.log.tmp" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\POTA~1\AppData\Roaming\Mozilla\Firefox\Profiles\d6mlx54s.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Chrome Media Router - POTA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\POTA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\POTA~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\POTA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\POTA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\POTA~1\AppData\Local\Mozilla\Firefox\Profiles\d6mlx54s.default-release\cache2 emptied successfully

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\POTA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\POTA~1\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=190 47603 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\POTA~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\POTA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted

==== EOF on 23.02.2021 at 8:23:43,42 ======================

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 08:31

Zemana AntiMalware nic nenašel.

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 08:38

HJT pokaždé vyhodí chybovou hlášku (viz příloha), ale to dělal i předtím. Po kliknutí na OK kontrola pokračuje dále.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:54, on 23.02.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Users\počítač\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Users\počítač\Downloads\hijackthis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\počítač\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a1e3111ee138b283\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a1e3111ee138b283\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_36594 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\88.0.4324.182\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_d392adf622e242f6\OneApp.IGCC.WinService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe
O23 - Service: @oem15.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
O23 - Service: @oem15.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\Windows\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8919 bytes
Nemáte oprávnění prohlížet přiložené soubory.

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 08:50

Hlavní problém stále přetrvává. Při pokusu o stažení .pps souboru z přílohy mailu https://vmail.centrum.cz/ a jeho pokusu o otevření začne prohlížeč vytvářet spoustu oken, které mají v URL řádku nějakou cestu do složky Users atd. Když však soubor napřed uložím a pak ručně otevřu, tak se vytvoří pouze jedno okno s tou samou cestou. V PC není nainstalován office, takže se .pps soubory počítač snaží otevírat v prohlížeči. Jak Office, tak i aktivační kód Windows plánuji v brzké době zakoupit, ale právě jsem si radši chtěl počítač nechat odvirovat, aby peníze za licence nebyly vyhozené...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41443
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod jaro3 » 23 úno 2021 16:35

HJT- je třeba spouštět jako správce.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost


Stáhni si CrystalDiskInfo
https://www.stahuj.cz/utility_a_ostatni ... ldiskinfo/
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 17:45

----------------------------------------------------------------------------
CrystalDiskInfo 8.11.0 (C) 2008-2021 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 19042] (x64)
Date : 2021/02/23 17:40:20

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- ASUS DRW-24D5MT
- WDC WDS500G2B0A-00SM50
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(01) WDC WDS500G2B0A-00SM50 : 500,1 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(01) WDC WDS500G2B0A-00SM50
----------------------------------------------------------------------------
Model : WDC WDS500G2B0A-00SM50
Firmware : 415000WD
Serial Number : 20420F809599
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-4
Minor Version : ACS-4 Revision 5
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 27 hod.
Power On Count : 79 krát
Host Reads : 209 GB
Host Writes : 214 GB
NAND Writes : 155 GB
Temperature : 31 C (87 F)
Health Status : Dobrý (100 %)
Features : S.M.A.R.T., APM, NCQ, TRIM, DevSleep
APM Level : 0080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
05 100 100 __0 000000000000 Reassigned Block Count
09 100 100 __0 00000000001B Power On Hours
0C 100 100 __0 00000000004F Power Cycle Count
A5 100 100 __0 0000002F0021 Block Erase Count (SLC)
A6 100 100 __0 000000000000 Minimum P/E Cycles
A7 100 100 __0 000000000057 Maximum Bad Blocks per die
A8 100 100 __0 000000000001 Maximum P/E Cycles
A9 100 100 __0 000000000101 Total Bad Block
AA 100 100 __0 000000000000 Grown Bad Blocks
AB 100 100 __0 000000000000 Program Fail Count
AC 100 100 __0 000000000000 Erase Fail Count
AD 100 100 __0 000000000000 Average P/E Cycles
AE 100 100 __0 000000000011 Unexpected Power Loss Count
B8 100 100 __0 000000000000 End-to-End Error Detection/Correction Count
BB 100 100 __0 000000000000 Reported Uncorrectable Errors
BC 100 100 __0 000000000000 Command Timeout Count
C2 _69 _40 __0 00280011001F Temperature
C7 100 100 __0 000000000000 CRC Error Count
E6 __1 __1 __0 000600000006 Media Wearout Indicator
E8 100 100 __4 000000000064 Available Reserve Space
E9 100 100 __0 00000000009B NAND GB Written
EA 100 100 __0 0000000000F6 NAND GB Written (SLC)
F1 253 253 __0 0000000000D6 Total GB Written
F2 253 253 __0 0000000000D1 Total GB Read
F4 __0 100 __0 000000000000 Temperature Throttle Status

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3230 3432 3046 3830 3935 3939 2020 2020 2020 2020
020: 0000 0000 0000 3431 3530 3030 5744 5744 4320 2057
030: 4453 3530 3047 3242 3041 2D30 3053 4D35 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
050: 4000 0200 0000 0006 3FFF 0010 003F FC10 00FB 9101
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D20
070: 0000 0000 0000 0000 0000 001F 850E 0006 016C 0040
080: 0FF0 005E 306B 7409 4123 3069 B409 4123 017F 0001
090: 0001 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0008 4000 0000 5001 B448
110: BB05 AC3F 0000 0000 0000 0000 0000 0000 0000 411C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 4131 3030 3442 5744 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0001
170: 0000 0000 0000 0000 0000 0000 2020 2020 2020 2020
180: 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020
190: 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020
200: 2020 2020 2020 2020 2020 2020 0000 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 11FF 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 B0A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 00 05 32 00 64 64 00 00 00 00 00 00 00 09 32
010: 00 64 64 1B 00 00 00 00 00 00 0C 32 00 64 64 4F
020: 00 00 00 00 00 00 A5 32 00 64 64 21 00 2F 00 00
030: 00 00 A6 32 00 64 64 00 00 00 00 00 00 00 A7 32
040: 00 64 64 57 00 00 00 00 00 00 A8 32 00 64 64 01
050: 00 00 00 00 00 00 A9 32 00 64 64 01 01 00 00 00
060: 00 00 AA 32 00 64 64 00 00 00 00 00 00 00 AB 32
070: 00 64 64 00 00 00 00 00 00 00 AC 32 00 64 64 00
080: 00 00 00 00 00 00 AD 32 00 64 64 00 00 00 00 00
090: 00 00 AE 32 00 64 64 11 00 00 00 00 00 00 B8 32
0A0: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
0B0: 00 00 00 00 00 00 BC 32 00 64 64 00 00 00 00 00
0C0: 00 00 C2 22 00 45 28 1F 00 11 00 28 00 00 C7 32
0D0: 00 64 64 00 00 00 00 00 00 00 E6 32 00 01 01 06
0E0: 00 00 00 06 00 00 E8 33 00 64 64 64 00 00 00 00
0F0: 00 00 E9 32 00 64 64 9B 00 00 00 00 00 00 EA 32
100: 00 64 64 F6 00 00 00 00 00 00 F1 30 00 FD FD D6
110: 00 00 00 00 00 00 F2 30 00 FD FD D1 00 00 00 00
120: 00 00 F4 32 00 00 64 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11
170: 03 00 01 00 02 0A 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 E8 04 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10

Václav Polák
Level 1.5
Level 1.5
Příspěvky: 106
Registrován: prosinec 20
Bydliště: Praha
Pohlaví: Muž

Re: Prosím o kontrolu Logu

Příspěvekod Václav Polák » 23 úno 2021 17:46

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2021
Ran by počítač (administrator) on DESKTOP-73CVO93 (Gigabyte Technology Co., Ltd. B460MD2V) (23-02-2021 17:42:46)
Running from C:\Users\počítač\Desktop
Loaded Profiles: počítač
Platform: Windows 10 Home Version 20H2 19042.685 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis, Inc -> ) C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_d392adf622e242f6\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a1e3111ee138b283\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a1e3111ee138b283\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\počítač\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1077176 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-23] (Acronis, Inc -> Acronis)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-18] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [906648 2007-10-23] (Acronis, Inc -> Acronis)
HKLM\...\Windows x64\Print Processors\Canon iP3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD99.DLL [30208 2012-08-27] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP3600 series: C:\Windows\system32\CNMLM99.DLL [385024 2012-08-27] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-22] (Google LLC -> Google LLC)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {60FF05C0-C780-409C-A881-DABBF25FECF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-19] (Google LLC -> Google LLC)
Task: {AA38D19A-8FBE-40C5-A886-3E2C55464837} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BFF6D214-7823-4961-9293-24D38AB14000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-19] (Google LLC -> Google LLC)
Task: {D8648741-24A7-48D5-9BFE-28465CD36372} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {ED0AFDF0-30A0-4820-946A-6C932AABE739} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42328839-8b97-42d5-b17e-fc7d1dd04e2a}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: 21jata7c.default
FF ProfilePath: C:\Users\počítač\AppData\Roaming\Mozilla\Firefox\Profiles\21jata7c.default [2020-12-21]
FF ProfilePath: C:\Users\počítač\AppData\Roaming\Mozilla\Firefox\Profiles\d6mlx54s.default-release [2021-02-23]
FF DownloadDir: C:\Users\počítač\Downloads
FF NewTab: Mozilla\Firefox\Profiles\d6mlx54s.default-release -> about:newtab

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [599320 2007-10-23] (Acronis, Inc -> Acronis)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686592 2021-02-12] (Adlice -> )
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] (Acronis, Inc -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-02-23] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 2002-09-16] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49552 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [419040 2021-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-23 17:42 - 2021-02-23 17:43 - 000009871 _____ C:\Users\počítač\Desktop\FRST.txt
2021-02-23 17:42 - 2021-02-23 17:42 - 000000000 ____D C:\FRST
2021-02-23 17:41 - 2021-02-23 17:41 - 002301440 _____ (Farbar) C:\Users\počítač\Desktop\FRST64.exe
2021-02-23 17:40 - 2021-02-23 17:40 - 000001828 _____ C:\Users\počítač\Desktop\CrystalDiskInfo.lnk
2021-02-23 17:40 - 2021-02-23 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-02-23 17:40 - 2021-02-23 17:40 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-02-23 17:40 - 2021-02-23 17:40 - 000000000 _____ C:\Users\počítač\Desktop\crystal disk.txt
2021-02-23 17:39 - 2021-02-23 17:39 - 004707568 _____ (Crystal Dew World ) C:\Users\počítač\Downloads\CrystalDiskInfo8_11_0.exe
2021-02-23 17:38 - 2021-02-23 17:38 - 000000000 ____D C:\Users\počítač\Desktop\backups
2021-02-23 08:47 - 2021-02-23 08:47 - 001121280 _____ C:\Users\počítač\Downloads\Matematicka_krasa-1(1).pps
2021-02-23 08:44 - 2021-02-23 08:44 - 003113984 _____ C:\Users\počítač\Downloads\Tadž_Mahal_zevnitř(1)(1).pps
2021-02-23 08:43 - 2021-02-23 08:43 - 003113984 _____ C:\Users\počítač\Downloads\Tadž_Mahal_zevnitř.pps
2021-02-23 08:43 - 2021-02-23 08:43 - 003113984 _____ C:\Users\počítač\Downloads\Tadž_Mahal_zevnitř(1).pps
2021-02-23 08:32 - 2021-02-23 08:32 - 000388608 _____ (Trend Micro Inc.) C:\Users\počítač\Desktop\hijackthis(1).exe
2021-02-23 08:25 - 2021-02-23 17:43 - 001591349 _____ C:\Windows\ZAM.krnl.trace
2021-02-23 08:25 - 2021-02-23 08:25 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2021-02-23 08:25 - 2021-02-23 08:25 - 000003562 _____ C:\Windows\system32\Tasks\AMHelper
2021-02-23 08:25 - 2021-02-23 08:25 - 000000000 ____D C:\Users\počítač\AppData\Local\Zemana
2021-02-23 08:25 - 2021-02-23 08:25 - 000000000 ____D C:\Users\počítač\AppData\Local\AMSDK
2021-02-23 08:25 - 2021-02-23 08:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-02-23 08:25 - 2021-02-23 08:25 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-02-23 08:24 - 2021-02-23 08:24 - 012795472 _____ (Zemana Ltd. ) C:\Users\počítač\Desktop\AntiMalware_Setup.exe
2021-02-23 08:24 - 2021-02-23 08:24 - 000024266 _____ C:\Users\počítač\Desktop\zoek.txt
2021-02-23 08:23 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2021-02-23 08:10 - 2021-02-23 08:21 - 000000000 ____D C:\zoek_backup
2021-02-23 08:10 - 2021-02-23 08:10 - 000000000 ____D C:\Users\počítač\Desktop\zoek1
2021-02-23 08:10 - 2021-02-23 08:10 - 000000000 ____D C:\Users\počítač\AppData\Local\CrashDumps
2021-02-23 08:04 - 2021-02-23 08:04 - 001800862 _____ C:\Users\počítač\Desktop\zoek1.rar
2021-02-23 08:03 - 2021-02-23 08:03 - 000001295 _____ C:\Users\počítač\Desktop\rogue killer.txt
2021-02-22 19:28 - 2021-02-22 19:33 - 000000000 ____D C:\ProgramData\RogueKiller
2021-02-22 19:28 - 2021-02-22 19:28 - 040494928 _____ (Adlice Software ) C:\Users\počítač\Desktop\RogueKiller_setup.exe
2021-02-22 19:28 - 2021-02-22 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-22 19:28 - 2021-02-22 19:28 - 000000000 ____D C:\Program Files\RogueKiller
2021-02-22 19:17 - 2021-02-22 19:02 - 000001857 _____ C:\Users\počítač\Desktop\AdwCleaner[C01].txt
2021-02-22 19:12 - 2021-02-22 19:12 - 000000000 ____D C:\ProgramData\Sophos
2021-02-22 19:12 - 2021-02-22 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-02-22 19:12 - 2021-02-22 19:12 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-02-22 19:10 - 2021-02-22 19:11 - 206758184 _____ (Sophos Limited) C:\Users\počítač\Downloads\Sophos Virus Removal Tool.exe
2021-02-22 19:08 - 2021-02-22 19:08 - 000001679 _____ C:\Users\počítač\Desktop\malwarebytes1.txt
2021-02-22 19:06 - 2021-02-22 19:06 - 000000873 _____ C:\Users\počítač\Desktop\JRT.txt
2021-02-22 19:04 - 2021-02-22 19:04 - 001790024 _____ (Malwarebytes) C:\Users\počítač\Desktop\JRT.exe
2021-02-22 18:52 - 2021-02-22 18:52 - 000000000 ____D C:\Users\počítač\AppData\Local\Comms
2021-02-22 18:36 - 2021-02-22 18:36 - 000003775 _____ C:\Users\počítač\Desktop\malwarebytes.txt
2021-02-22 18:35 - 2021-02-22 18:35 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-22 18:35 - 2021-02-22 18:35 - 000000000 ____D C:\Users\počítač\AppData\Local\mbam
2021-02-22 18:34 - 2021-02-22 18:34 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-22 18:34 - 2021-02-22 18:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-22 18:34 - 2021-02-22 18:34 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-02-22 18:34 - 2021-02-22 18:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-22 18:34 - 2021-02-22 18:34 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-22 18:33 - 2021-02-22 18:33 - 002084016 _____ (Malwarebytes) C:\Users\počítač\Desktop\MBSetup.exe
2021-02-22 18:31 - 2021-02-22 19:02 - 000000000 ____D C:\AdwCleaner
2021-02-22 18:30 - 2021-02-22 18:30 - 008463216 _____ (Malwarebytes) C:\Users\počítač\Desktop\AdwCleaner.exe
2021-02-22 18:24 - 2021-02-22 18:24 - 000448512 _____ (OldTimer Tools) C:\Users\počítač\Downloads\TFC.exe
2021-02-22 18:23 - 2021-02-22 18:23 - 000050688 _____ (Atribune.org) C:\Users\počítač\Downloads\ATF-Cleaner.exe
2021-02-22 18:21 - 2021-02-22 18:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-23 17:39 - 2020-12-21 20:17 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-23 17:38 - 2020-12-21 20:17 - 000000000 ____D C:\Users\počítač\AppData\LocalLow\Mozilla
2021-02-23 17:33 - 2020-12-21 20:10 - 000000000 __SHD C:\Users\počítač\IntelGraphicsProfiles
2021-02-23 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-23 08:28 - 2020-12-19 10:31 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-23 08:28 - 2019-12-07 15:41 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-02-23 08:28 - 2019-12-07 15:41 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-02-23 08:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-23 08:23 - 2020-12-19 10:48 - 000000000 ____D C:\Intel
2021-02-23 08:23 - 2020-09-27 08:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-23 08:23 - 2020-09-27 06:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-23 08:23 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-02-22 19:07 - 2020-12-22 15:49 - 000000000 ____D C:\Users\počítač\AppData\Roaming\Innovative Solutions
2021-02-22 19:01 - 2020-09-27 06:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-22 18:54 - 2020-12-21 20:10 - 000000000 ____D C:\Users\počítač\AppData\Local\Packages
2021-02-22 18:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-22 18:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-22 18:50 - 2020-12-23 16:25 - 000000000 ____D C:\Users\počítač\AppData\Local\ElevatedDiagnostics
2021-02-22 18:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-22 18:29 - 2020-12-24 15:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-22 18:29 - 2020-12-21 20:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-22 18:29 - 2020-12-21 20:10 - 000000000 ____D C:\Users\počítač\AppData\Local\ConnectedDevicesPlatform
2021-02-22 18:28 - 2020-12-19 10:53 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-22 18:27 - 2020-09-27 08:53 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-22 18:21 - 2020-12-21 20:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-22 18:21 - 2020-12-21 20:11 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3460323731-991323446-3131711751-1002
2021-02-22 18:21 - 2020-12-21 20:11 - 000000000 ___RD C:\Users\počítač\OneDrive
2021-02-22 18:21 - 2020-12-21 20:10 - 000002367 _____ C:\Users\počítač\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-22 18:21 - 2020-12-19 10:52 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-22 18:21 - 2020-12-19 10:52 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-22 18:21 - 2020-09-27 08:53 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-22 18:21 - 2020-09-27 08:53 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-22 18:20 - 2020-12-19 10:46 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-02-22 18:20 - 2020-09-27 08:51 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 4 hosti