Prosím o kontrolu logu. Děkuji Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

bandas
Level 1
Level 1
Příspěvky: 70
Registrován: únor 09
Bydliště: vetsinou ano ;o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu. Děkuji

Příspěvekod bandas » 19 bře 2021 21:18

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Mirek (19-03-2021 21:15:47) Run:1
Running from C:\Users\miros\Desktop
Loaded Profiles: Mirek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\...\MountPoints2: {0a126600-e3ec-11e8-8644-806e6f6e6963} - "Explorer.exe" VRinsight.htm
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {57A07915-B87B-4278-BF18-7C2758700D0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-09] (Google Inc -> Google Inc.)
Task: {8098E410-E278-45AB-A924-2E04A8735B91} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {9656CD80-A527-4104-BECE-909DB72646F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-09] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> D:\Programy\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
S2 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2020-10-08] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-08] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

Folder: C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP
Folder: C:\Users\miros\AppData\LocalLow\cR1dL5pE5dG6mD5k
Folder: C:\Program Files\2MI8AVKTV0
Folder: C:\Program Files (x86)\Nameless-Snowflake
Folder: C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ
Folder: C:\Program Files (x86)\FastVDWW
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3280845815-3375143711-2799469307-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3280845815-3375143711-2799469307-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
FirewallRules: [{A4ECFC3F-D840-4105-86C3-E86747E7F6C2}] => (Allow) C:\Users\miros\AppData\Roaming\uTorrent\utorrent.exe => No File
FirewallRules: [{6BC118EB-77B9-413C-84EA-443EF4A1FB06}] => (Allow) C:\Users\miros\AppData\Roaming\uTorrent\utorrent.exe => No File
FirewallRules: [{85FE031F-F6B0-4F80-869A-B03B628FA6E8}] => (Allow) C:\Users\miros\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{ABD858CE-8529-47FF-AAF7-A6FA91641E47}] => (Allow) C:\Users\miros\AppData\Roaming\uTorrent\uTorrent.exe => No File
Virustotal: C:\FSUIPC7\MSFS.bat
Virustotal: D:\Programy\Lightroom\Portable Adobe Photoshop Lightroom\LightroĐľm.exe


EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a126600-e3ec-11e8-8644-806e6f6e6963} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57A07915-B87B-4278-BF18-7C2758700D0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57A07915-B87B-4278-BF18-7C2758700D0F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8098E410-E278-45AB-A924-2E04A8735B91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8098E410-E278-45AB-A924-2E04A8735B91}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9656CD80-A527-4104-BECE-909DB72646F7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9656CD80-A527-4104-BECE-909DB72646F7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.8 -> D:\Programy\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN" => not found
D:\Programy\VideoLAN\VLC\npvlc.dll => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
HKLM\System\CurrentControlSet\Services\cpuz148 => removed successfully
cpuz148 => service removed successfully
"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => not found

========================= Folder: C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP ========================

2021-03-14 22:40 - 2021-03-14 22:40 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b941660647409.zip
2021-03-14 22:32 - 2021-03-14 22:32 - 000042807 ____A [64913113E5460A429B7B2E87BF07BA45] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b941748298346.zip
2021-03-14 22:35 - 2021-03-14 22:35 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b942417725904.zip
2021-03-14 22:43 - 2021-03-14 22:43 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b942690172574.zip
2021-03-14 22:33 - 2021-03-14 22:33 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b942833472216.zip
2021-03-14 22:36 - 2021-03-14 22:36 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b943274501622.zip
2021-03-14 22:38 - 2021-03-14 22:38 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b947266906616.zip
2021-03-14 22:39 - 2021-03-14 22:39 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b947748152604.zip
2021-03-14 22:42 - 2021-03-14 22:42 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\5618db67-1f64-4179-b577-d642b0298b949797679462.zip
2021-03-14 22:32 - 2021-03-14 22:32 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\files
2021-03-14 22:32 - 2021-03-14 22:32 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\files\Soft
2021-03-14 22:32 - 2021-03-14 22:32 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\KNS6O4TEX8CBIBGKX3MPP3MAP\files\Soft\Authy

====== End of Folder: ======


========================= Folder: C:\Users\miros\AppData\LocalLow\cR1dL5pE5dG6mD5k ========================

2019-03-14 15:20 - 2019-03-14 15:20 - 000137168 ____A [EAE9273F8CDCF9321C6C37C244773139] (Mozilla Foundation) C:\Users\miros\AppData\LocalLow\cR1dL5pE5dG6mD5k\mozglue.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 001245136 ____A [02CC7B8EE30056D5912DE54F1BDFC219] (Mozilla Foundation) C:\Users\miros\AppData\LocalLow\cR1dL5pE5dG6mD5k\nss3.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000144848 ____A [4E8DF049F3459FA94AB6AD387F3561AC] (Mozilla Foundation) C:\Users\miros\AppData\LocalLow\cR1dL5pE5dG6mD5k\softokn3.dll

====== End of Folder: ======


========================= Folder: C:\Program Files\2MI8AVKTV0 ========================

2021-03-14 22:31 - 2021-03-14 22:31 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\2MI8AVKTV0\2MI8AVKTV.exe.config
2021-03-14 22:31 - 2021-03-14 22:31 - 000001810 ____A [A2EBF843442988EE2D667E9C7FC28CE1] () C:\Program Files\2MI8AVKTV0\uninstaller.exe.config

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\Nameless-Snowflake ========================

2021-03-14 22:30 - 2021-03-14 22:30 - 000269312 ____A [3107CAECF7EC7A7CE12D05F9C3AB078F] (Igor Pavlov) C:\Program Files (x86)\Nameless-Snowflake\7za.dll
2021-03-14 22:30 - 2021-03-14 22:30 - 000739840 ____A [43141E85E7C36E31B52B22AB94D5E574] (Igor Pavlov) C:\Program Files (x86)\Nameless-Snowflake\7za.exe
2021-03-14 22:30 - 2021-03-14 22:30 - 000158720 ____A [786D4C74C05832A652BE5C0A559BE1E6] (Igor Pavlov) C:\Program Files (x86)\Nameless-Snowflake\7zxa.dll

====== End of Folder: ======


========================= Folder: C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ ========================

2021-03-14 22:37 - 2021-03-14 22:37 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b941672161691.zip
2021-03-14 22:39 - 2021-03-14 22:39 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b941809993463.zip
2021-03-14 22:36 - 2021-03-14 22:36 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b942127989511.zip
2021-03-14 22:43 - 2021-03-14 22:43 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b942675944158.zip
2021-03-14 22:32 - 2021-03-14 22:32 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b943119970888.zip
2021-03-14 22:40 - 2021-03-14 22:40 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b944734082151.zip
2021-03-14 22:33 - 2021-03-14 22:33 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b944793223775.zip
2021-03-14 22:42 - 2021-03-14 22:42 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b946318315148.zip
2021-03-14 22:30 - 2021-03-14 22:30 - 000042724 ____A [DABD54A12F27A8415EDAFDB2C8613EA6] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b948269412195.zip
2021-03-14 22:34 - 2021-03-14 22:34 - 000000022 ____A [76CDB2BAD9582D23C1F6F4D868218D6C] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\5618db67-1f64-4179-b577-d642b0298b948924880788.zip
2021-03-14 22:30 - 2021-03-14 22:30 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\files
2021-03-14 22:30 - 2021-03-14 22:30 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\files\Soft
2021-03-14 22:30 - 2021-03-14 22:30 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\ALOR4K1JNNI1RV7E8730EQ7EZ\files\Soft\Authy

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\FastVDWW ========================

2021-03-14 22:30 - 2019-03-19 10:13 - 002617312 ____A [B8B5AC306DAEA7FA217346122AD9613B] (Microsoft Corporation) C:\Program Files (x86)\FastVDWW\MpAzSubmit.dll
2021-03-14 22:30 - 2019-05-22 19:10 - 000967720 ____A [0EFBC50EB04E3B94CBAD7493384C8180] (NVIDIA Corporation) C:\Program Files (x86)\FastVDWW\NvPluginAbHubClient32.dll
2021-03-14 22:30 - 2021-03-14 22:31 - 000065429 ____A [8181F55F800E92239B8C562E0D95E81F] () C:\Program Files (x86)\FastVDWW\unins000.dat
2021-03-14 22:31 - 2021-03-14 22:31 - 000722597 ____A [271E72BD7BF1FE980C7BFD0AC877C332] () C:\Program Files (x86)\FastVDWW\unins000.exe

====== End of Folder: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKU\S-1-5-21-3280845815-3375143711-2799469307-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4ECFC3F-D840-4105-86C3-E86747E7F6C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BC118EB-77B9-413C-84EA-443EF4A1FB06}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85FE031F-F6B0-4F80-869A-B03B628FA6E8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABD858CE-8529-47FF-AAF7-A6FA91641E47}" => removed successfully
VirusTotal: C:\FSUIPC7\MSFS.bat => https://www.virustotal.com/gui/file/a99 ... 1616184961
VirusTotal: D:\Programy\Lightroom\Portable Adobe Photoshop Lightroom\LightroĐľm.exe => https://www.virustotal.com/gui/file/eb3 ... 1556151274

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20466673 B
Java, Flash, Steam htmlcache => 407695396 B
Windows/system/drivers => 451105 B
Edge => 0 B
Chrome => 3964271 B
Firefox => 112186712 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 19078 B
NetworkService => 19078 B
miros => 8985023 B

RecycleBin => 102513 B
EmptyTemp: => 538 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:16:16 ====

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu. Děkuji

Příspěvekod jaro3 » 19 bře 2021 21:56

Zkus tento web:


Pokus č. 4

- Více na http://www.vodnikovo.cz/2017/03/26/wind ... x80080008/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bandas
Level 1
Level 1
Příspěvky: 70
Registrován: únor 09
Bydliště: vetsinou ano ;o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu. Děkuji  Vyřešeno

Příspěvekod bandas » 20 bře 2021 11:28

Děkuji.

Většina kroků z odkazu sice nešla provést, ale po provedení kroku 4 a 5 se alespoň změnil chybový kód na 0x80070424.

Následně jsem v googlu našel přesně svou situaci na https://www.winhelponline.com/blog/error-0x80070424-windows-update-and-microsoft-store/ a pomocí uvedených kroků se podařilo Win Update zprovoznit. Nyní už fungují i věci z MS store.

Jdu zaslat slíbený příspěvek :-)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 16 hostů