Prosím o kontrolu logu, nežádoucí otevírání oken v chromu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod jaro3 » 03 kvě 2017 17:42

logy vkládej sem , -pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 03 kvě 2017 21:03

log měl kolem 700 000 znaků :)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod jaro3 » 03 kvě 2017 22:28

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 04 kvě 2017 11:46

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Volda on 04.05.2017 at 11:11:09,25.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Volda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04.05.2017 11:12:53 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AlphaGo deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\Volda\AppData\Local\clean deleted successfully
C:\Users\Volda\AppData\Local\NetworkTiles deleted successfully
C:\Users\Volda\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AlphaGo not found
"C:\Windows\Installer\b58659.msi" not found
C:\Users\Volda\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1AF73C7-0C82-4D66-829E-16B29FBBF384} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Volda\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Volda\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Volda\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=40 folders=47 44292820 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Volda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04.05.2017 at 11:44:42,78 ======================

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 04 kvě 2017 11:51

"header": {
"program": {
"project": "RogueKiller",
"version": "12.10.7.0",
"x64": true,
"date": "May 1 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.14393) 64 bits version",
"boot": 0,
"winpe": false,
"user": "Volda",
"user_admin": true,
"program_location": "C:\\Users\\Volda\\Desktop\\RogueKillerX64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "05/03/2017 18:31:07",
"duration": 5163,
"debug": false,
"count": 16,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 388,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 512,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 500,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 584,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 500,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 616,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 576,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 652,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 576,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 692,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 584,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 708,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "",
"pid_parent": 584,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 788,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 844,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 932,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 652,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 312,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 332,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 524,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 532,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "svchost.exe",
"pid": 480,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-de0065a5-ac91-45ed-bc9e-1277998f51ef -SystemEventPortName:HostProcess-2b4c72e7-5bad-45e6-b516-82eac33ad0ca -IoCancelEventPortName:HostProcess-f64f2916-1db0-46c4-80aa-6e2bc46397c9 -NonStateChangingEventPortName:HostProcess-06a971ee-1db7-4d0e-8d4b-2c9ed3791813 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0ca6a986-78a2-4670-9476-cfdb0eed41ca -DeviceGroupId:WudfDefaultDevicePool",
"pid_parent": 312,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1120,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1240,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k NetworkService",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1448,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1544,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1624,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "AvastSvc.exe",
"name_parent": "",
"pid": 1684,
"path": "C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe",
"command_line": "",
"pid_parent": 692,
"path_parent": "",
"is_64": false
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 1800,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\Windows\\System32\\spoolsv.exe",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "AppleMobileDeviceService.exe",
"name_parent": "",
"pid": 1504,
"path": "C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe",
"command_line": "\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "mDNSResponder.exe",
"name_parent": "",
"pid": 1540,
"path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe",
"command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1644,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k utcsvc",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "RazerCentralService.exe",
"name_parent": "",
"pid": 1964,
"path": "C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\RazerCentralService.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\RazerCentralService.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": false
},
{
"name": "RzKLService.exe",
"name_parent": "",
"pid": 1960,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzKLService.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzKLService.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": false
},
{
"name": "GameManagerService.exe",
"name_parent": "",
"pid": 1316,
"path": "C:\\Program Files (x86)\\Razer\\Razer Services\\GMS\\GameManagerService.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Services\\GMS\\GameManagerService.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2056,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k SNARE",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2068,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "SynTPEnhService.exe",
"name_parent": "",
"pid": 2088,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2184,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k appmodel",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "MsMpEng.exe",
"name_parent": "",
"pid": 2200,
"path": "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
"command_line": "",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 2372,
"path": "",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "MBAMService.exe",
"name_parent": "",
"pid": 2464,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 1356,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NisSrv.exe",
"name_parent": "",
"pid": 3652,
"path": "C:\\Program Files\\Windows Defender\\NisSrv.exe",
"command_line": "",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3832,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 3840,
"path": "C:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 332,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 3912,
"path": "C:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 332,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 4536,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\Windows\\Explorer.EXE",
"pid_parent": 4440,
"path_parent": "",
"is_64": true
},
{
"name": "dasHost.exe",
"name_parent": "svchost.exe",
"pid": 4692,
"path": "C:\\Windows\\System32\\dasHost.exe",
"command_line": "dashost.exe {b8fda753-cc1a-4ed8-8e1a2d83a8657183}",
"pid_parent": 312,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 952,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleCrashHandler.exe",
"name_parent": "",
"pid": 3884,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.5\\GoogleCrashHandler.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.5\\GoogleCrashHandler.exe\"",
"pid_parent": 3928,
"path_parent": "",
"is_64": false
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 4484,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 1484,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleCrashHandler64.exe",
"name_parent": "",
"pid": 1864,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.5\\GoogleCrashHandler64.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.5\\GoogleCrashHandler64.exe\"",
"pid_parent": 3928,
"path_parent": "",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 5584,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\Windows\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "TiltWheelMouse.exe",
"name_parent": "Explorer.EXE",
"pid": 5660,
"path": "C:\\Windows\\System32\\TiltWheelMouse.exe",
"command_line": "\"C:\\Windows\\System32\\TiltWheelMouse.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "igfxtray.exe",
"name_parent": "Explorer.EXE",
"pid": 1784,
"path": "C:\\Windows\\System32\\igfxtray.exe",
"command_line": "\"C:\\Windows\\System32\\igfxtray.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "hkcmd.exe",
"name_parent": "Explorer.EXE",
"pid": 2084,
"path": "C:\\Windows\\System32\\hkcmd.exe",
"command_line": "\"C:\\Windows\\System32\\hkcmd.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "igfxpers.exe",
"name_parent": "Explorer.EXE",
"pid": 5748,
"path": "C:\\Windows\\System32\\igfxpers.exe",
"command_line": "\"C:\\Windows\\System32\\igfxpers.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2688,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "mbamtray.exe",
"name_parent": "Explorer.EXE",
"pid": 5292,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "AvastUI.exe",
"name_parent": "",
"pid": 1708,
"path": "C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe",
"command_line": "AvastUI.exe /nogui",
"pid_parent": 5876,
"path_parent": "",
"is_64": false
},
{
"name": "MSASCuiL.exe",
"name_parent": "Explorer.EXE",
"pid": 2040,
"path": "C:\\Program Files\\Windows Defender\\MSASCuiL.exe",
"command_line": "\"C:\\Program Files\\Windows Defender\\MSASCuiL.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "DTAgent.exe",
"name_parent": "Explorer.EXE",
"pid": 4796,
"path": "C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe",
"command_line": "\"C:\\Program Files\\DAEMON Tools Lite\\DTAgent.exe\" -autorun",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "FacebookGameroom.exe",
"name_parent": "Explorer.EXE",
"pid": 6384,
"path": "C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\FacebookGameroom.exe",
"command_line": "\"C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\FacebookGameroom.exe\" fbgames://windows_startup/",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "DiscSoftBusServiceLite.exe",
"name_parent": "",
"pid": 6616,
"path": "C:\\Program Files\\DAEMON Tools Lite\\DiscSoftBusServiceLite.exe",
"command_line": "\"C:\\Program Files\\DAEMON Tools Lite\\DiscSoftBusServiceLite.exe\"",
"pid_parent": 692,
"path_parent": "",
"is_64": true
},
{
"name": "RazerCortex.exe",
"name_parent": "RzKLService.exe",
"pid": 6668,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerCortex.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerCortex.exe\" -autorun",
"pid_parent": 1960,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzKLService.exe",
"is_64": false
},
{
"name": "jusched.exe",
"name_parent": "",
"pid": 6708,
"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ",
"pid_parent": 6292,
"path_parent": "",
"is_64": false
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 6940,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\Windows\\system32\\AUDIODG.EXE 0x2a8",
"pid_parent": 1448,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 04 kvě 2017 11:52

{
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 6276,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MpCmdRun.exe",
"name_parent": "",
"pid": 6916,
"path": "C:\\Program Files\\Windows Defender\\MpCmdRun.exe",
"command_line": "\"C:\\Program Files\\Windows Defender\\\\MpCmdRun.exe\" SpyNetServiceDss -RestrictPrivileges -AccessKey F85B829E-6E19-3DAD-AB3D-A7245D85AD58 -Reinvoke",
"pid_parent": 6532,
"path_parent": "",
"is_64": true
},
{
"name": "Razer Central.exe",
"name_parent": "RazerCentralService.exe",
"pid": 596,
"path": "C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\Razer Central.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\Razer Central.exe\" /Client",
"pid_parent": 1964,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\RazerCentralService.exe",
"is_64": false
},
{
"name": "PMRunner32.exe",
"name_parent": "RazerCortex.exe",
"pid": 2660,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\PMRunner32.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\PMRunner32.exe\" RazerCortex.exe",
"pid_parent": 6668,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerCortex.exe",
"is_64": false
},
{
"name": "PMRunner64.exe",
"name_parent": "RazerCortex.exe",
"pid": 1204,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\x64\\PMRunner64.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\x64\\PMRunner64.exe\" RazerCortex.exe",
"pid_parent": 6668,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerCortex.exe",
"is_64": true
},
{
"name": "CefSharp.BrowserSubprocess.exe",
"name_parent": "Razer Central.exe",
"pid": 6356,
"path": "C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\CefSharp.BrowserSubprocess.exe",
"command_line": "CefSharp.BrowserSubprocess.exe --type=gpu-process --channel=\"596.0.1215226414\\594173746\" --no-sandbox --lang=en-US --log-file=\"C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\debug.log\" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,23,51 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor=\"Intel Corporation\" --gpu-driver-version=9.17.10.4459 --lang=en-US --log-file=\"C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\debug.log\" /prefetch:822062411",
"pid_parent": 596,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Services\\Razer Central\\Razer Central.exe",
"is_64": false
},
{
"name": "RazerGamecasterEngine.exe",
"name_parent": "RazerCortex.exe",
"pid": 3984,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerGamecasterEngine.exe",
"command_line": "\"RazerGamecasterEngine.exe\" 6668 66400",
"pid_parent": 6668,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerCortex.exe",
"is_64": false
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 5864,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 652,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "Facebook Gameroom Browser.exe",
"name_parent": "FacebookGameroom.exe",
"pid": 7608,
"path": "C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\Facebook Gameroom Browser.exe",
"command_line": "\"Facebook Gameroom Browser.exe\" --type=gpu-process --no-sandbox --lang=en-US --log-file=\"C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\debug.log\" --log-severity=disable --user-agent=\"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 CanvasFrame/1.3.1.3 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.3.1.3]\" --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,17,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor=\"Intel Corporation\" --gpu-driver-version=9.17.10.4459 --gpu-driver-date=5-19-2016 --lang=en-US --log-file=\"C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\debug.log\" --log-severity=disable --user-agent=\"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 CanvasFrame/1.3.1.3 Safari/537.36 FacebookCanvasDesktop [FBAN/GamesWindowsDesktopApp; FBAV/1.3.1.3]\" --service-request-channel-token=0571351B39CE0561FFD29A2A22DB2B60 --mojo-platform-channel-handle=2388 /prefetch:2",
"pid_parent": 6384,
"path_parent": "C:\\Users\\Volda\\AppData\\Local\\Facebook\\Games\\FacebookGameroom.exe",
"is_64": false
},
{
"name": "FPSRunner32.exe",
"name_parent": "RazerGamecasterEngine.exe",
"pid": 6344,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\FPSRunner32.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\FPSRunner32.exe\" RazerGamecasterEngine.exe",
"pid_parent": 3984,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerGamecasterEngine.exe",
"is_64": false
},
{
"name": "FPSRunner64.exe",
"name_parent": "RazerGamecasterEngine.exe",
"pid": 4576,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\x64\\FPSRunner64.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\x64\\FPSRunner64.exe\" RazerGamecasterEngine.exe",
"pid_parent": 3984,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerGamecasterEngine.exe",
"is_64": true
},
{
"name": "RzFpsApplet.exe",
"name_parent": "RazerGamecasterEngine.exe",
"pid": 7472,
"path": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe\" --no-proxy-server",
"pid_parent": 3984,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RazerGamecasterEngine.exe",
"is_64": false
},
{
"name": "RazerIngameEngine.exe",
"name_parent": "",
"pid": 6976,
"path": "C:\\Program Files (x86)\\Razer\\InGameEngine\\32bit\\RazerIngameEngine.exe",
"command_line": "\"C:\\Program Files (x86)\\Razer\\InGameEngine\\32bit\\RazerIngameEngine.exe\"",
"pid_parent": 8128,
"path_parent": "",
"is_64": false
},
{
"name": "rzcefrenderprocess.exe",
"name_parent": "RzFpsApplet.exe",
"pid": 6332,
"path": "C:\\Users\\Volda\\AppData\\Local\\Razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe",
"command_line": "\"C:\\Users\\Volda\\AppData\\Local\\razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe\" --type=gpu-process --channel=\"7472.0.154151475\\960522777\" --no-sandbox --lang=en-US --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor=\"Intel Corporation\" --gpu-driver-version=9.17.10.4459 --lang=en-US /prefetch:822062411",
"pid_parent": 7472,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe",
"is_64": false
},
{
"name": "rzcefrenderprocess.exe",
"name_parent": "RzFpsApplet.exe",
"pid": 7964,
"path": "C:\\Users\\Volda\\AppData\\Local\\Razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe",
"command_line": "\"C:\\Users\\Volda\\AppData\\Local\\razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe\" --type=renderer --no-sandbox --disable-databases --lang=en-US --lang=en-US --enable-system-flash=1 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"7472.1.1326600626\\1060721080\" /prefetch:673131151",
"pid_parent": 7472,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe",
"is_64": false
},
{
"name": "rzcefrenderprocess.exe",
"name_parent": "RzFpsApplet.exe",
"pid": 9188,
"path": "C:\\Users\\Volda\\AppData\\Local\\Razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe",
"command_line": "\"C:\\Users\\Volda\\AppData\\Local\\razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe\" --type=renderer --no-sandbox --disable-databases --lang=en-US --lang=en-US --enable-system-flash=1 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"7472.2.968658116\\1614963241\" /prefetch:673131151",
"pid_parent": 7472,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe",
"is_64": false
},
{
"name": "rzcefrenderprocess.exe",
"name_parent": "RzFpsApplet.exe",
"pid": 8680,
"path": "C:\\Users\\Volda\\AppData\\Local\\Razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe",
"command_line": "\"C:\\Users\\Volda\\AppData\\Local\\razer\\InGameEngine\\cache\\RzFpsApplet\\RzCefRenderProcess.exe\" --type=renderer --no-sandbox --disable-databases --lang=en-US --lang=en-US --enable-system-flash=1 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"7472.3.2000109027\\428832165\" /prefetch:673131151",
"pid_parent": 7472,
"path_parent": "C:\\Program Files (x86)\\Razer\\Razer Cortex\\RzFpsApplet\\RzFpsApplet.exe",
"is_64": false
},
{
"name": "jucheck.exe",
"name_parent": "jusched.exe",
"pid": 8676,
"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe\" -auto -scheduled -critical",
"pid_parent": 6708,
"path_parent": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
"is_64": false
},
{
"name": "SrTasks.exe",
"name_parent": "",
"pid": 5800,
"path": "C:\\Windows\\System32\\SrTasks.exe",
"command_line": "C:\\Windows\\system32\\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:35",
"pid_parent": 9012,
"path_parent": "",
"is_64": true
},
{
"name": "conhost.exe",
"name_parent": "srtasks.exe",
"pid": 9928,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\Windows\\system32\\conhost.exe 0x4",
"pid_parent": 5800,
"path_parent": "C:\\Windows\\System32\\SrTasks.exe",
"is_64": true
},
{
"name": "SystemSettingsBroker.exe",
"name_parent": "svchost.exe",
"pid": 4156,
"path": "C:\\Windows\\System32\\SystemSettingsBroker.exe",
"command_line": "C:\\Windows\\System32\\SystemSettingsBroker.exe -Embedding",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 14812,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 788,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKillerX64.exe",
"name_parent": "Explorer.EXE",
"pid": 14404,
"path": "C:\\Users\\Volda\\Desktop\\RogueKillerX64.exe",
"command_line": "\"C:\\Users\\Volda\\Desktop\\RogueKillerX64.exe\" ",
"pid_parent": 4536,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "SynTPEnh.exe",
"name_parent": "SynTPEnhService.exe",
"pid": 1416,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe",
"command_line": "",
"pid_parent": 2088,
"path_parent": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 2,
"scan_how": [
1
],
"scan_how_trigger": 1,
"vendors": [
"Suspicious.Path"
],
"rule_name": "CLSID",
"view": 256,
"value": "",
"subkey": "{E3D93A26-0D4B-11E7-A752-64006A5CFC23}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_CLASSES_ROOT\\CLSID",
"extra": "C:\\Users\\Volda\\AppData\\Roaming\\Cupchkehutain\\Jawakerkaing.dll",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\Volda\\AppData\\Roaming\\Cupchkehutain\\Jawakerkaing.dll",
"path_compressed": "%APPDATA%\\Cupchkehutain\\Jawakerkaing.dll",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"Adw.Elex"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "InterSect Alliance",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Smazáno",
"status_choice": 2,
"status_removed": 3
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP.Gen1"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Elex-tech",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP.Ghokswa"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Firefox",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP.Ghokswa"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "Firefox",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-265134905-3244373644-1722686845-1001\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP.Ghokswa"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Firefox",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-265134905-3244373644-1722686845-1001\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
3
],
"scan_how_trigger": 3,
"vendors": [
"Suspicious.Path"
],
"rule_name": "SEH",
"view": 256,
"value": "{E3D93A26-0D4B-11E7-A752-64006A5CFC23}",
"subkey": "",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks",
"extra": "C:\\Users\\Volda\\AppData\\Roaming\\Cupchkehutain\\Jawakerkaing.dll",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\Volda\\AppData\\Roaming\\Cupchkehutain\\Jawakerkaing.dll",
"path_compressed": "%APPDATA%\\Cupchkehutain\\Jawakerkaing.dll",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
5
],
"scan_how_trigger": 5,
"vendors": [
"Adw.Snarasite",
"Suspicious.Path"
],
"rule_name": "Svchost Services",
"view": 256,
"value": "SNARE",
"subkey": "",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost",
"extra": "C:\\Users\\Volda\\AppData\\Local\\SNARE\\Snare.dll",
"files_status": "[-]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\Volda\\AppData\\Local\\SNARE\\Snare.dll",
"path_compressed": "%localappdata%\\SNARE\\Snare.dll",
"md5": "2CEAF014FFA42DCABCDFC765F4B56370",
"exists": true,
"signed": false,
"signer": "",
"vtscore": 4
}
],
"status_str": "Smazáno",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Adw.Snarasite",
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "SNARE",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
"extra": "C:\\Users\\Volda\\AppData\\Local\\SNARE\\Snare.dll",
"files_status": "[-]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\Volda\\AppData\\Local\\SNARE\\Snare.dll",
"path_compressed": "%localappdata%\\SNARE\\Snare.dll",
"md5": "2CEAF014FFA42DCABCDFC765F4B56370",
"exists": true,
"signed": false,
"signer": "",
"vtscore": 4
}
],
"status_str": "Smazáno",
"status_choice": 2,
"status_removed": 3
},
{
"scan_what": 1,
"scan_how": [
12
],
"scan_how_trigger": 12,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "10.255.255.10 10.255.255.20 8.8.8.8 192.168.1.1",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{cf2f9a78-c3d3-4100-a83c-94564a92d6df}",
"extra": "[][][-][-]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
16
],
"scan_how_trigger": 16,
"vendors": [
"PUP.Ghokswa"
],
"rule_name": "Firewall",
"view": 256,
"value": "{6974BAB5-23FF-4C1C-BC29-B88D5A830A11}",
"subkey": "",
"value_old_data": "",
"value_data": "v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\Firefox\\Firefox.exe|Name=Firefox browser|",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Program Files (x86)\\Firefox\\Firefox.exe",
"path_compressed": "%programfiles(x86)%\\Firefox\\Firefox.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 256,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "",
"value_data": "0",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 512,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "",
"value_data": "0",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nevybráno",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
3,
9
],
"vendors": [
"PUP.Gen0"
],
"status_choice": 2,
"processed": [
{
"type": 1,
"name": "SECOH-QAD.exe",
"path_expanded": "C:\\Windows\\SECOH-QAD.exe",
"path_compressed": "%SystemRoot%\\SECOH-QAD.exe",
"extra": "",
"md5": "38DE5B216C33833AF710E88F7F64FC98",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "Smazáno",
"status_removed": 1
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"Adw.Snarasite"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "SNARE",
"path_expanded": "C:\\Users\\Volda\\AppData\\Local\\SNARE",
"path_compressed": "%localappdata%\\SNARE",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "Odstraněno při restartu [91]",
"status_removed": 2
},
{
"type": 1,
"name": "Snare.dll",
"path_expanded": "C:\\Users\\Volda\\AppData\\Local\\SNARE\\Snare.dll",
"path_compressed": "%localappdata%\\SNARE\\Snare.dll",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "ERROR [5]",
"status_removed": 6
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP.Gen1"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "Elex-tech",
"path_expanded": "C:\\Program Files (x86)\\Elex-tech",
"path_compressed": "%programfiles(x86)%\\Elex-tech",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "Smazáno",
"status_removed": 1
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++\n--- User ---\n[MBR] f17f141c70f0ff3a2e16e5933ac42e22\n[BSP] 69bccc084ecd761cb4c5d051379d4ec5 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 714902 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod jaro3 » 04 kvě 2017 16:55

RK .. to sice není ten log , ale Zemana Antimalware si udělal?

Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 05 kvě 2017 10:43

Zemana AntiMalware 2.72.2.388 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.5.5
Operating System : Windows 10 64-bit
Processor : 2X Intel(R) Pentium(R) CPU B960 @ 2.20GHz
BIOS Mode : Legacy
CUID : 120A3B6294D3EA0E85C57E
Scan Type : Skenování systému
Duration : 16m 59s
Scanned Objects : 84073
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Edge Homepage
Status : Skenováno
Object : http://www.startpageing123.com/?type=hp ... X7294X7294
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Edge Homepage

Chrome Shortcut
Status : Skenováno
Object : --profile-directory=ChromeDefaultData
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Shortcut

mio
Status : Skenováno
Object : NE->c:\program files (x86)\mio
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.O!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

snare
Status : Skenováno
Object : NE->c:\users\volda\appdata\local\snare
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.WC!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

snare.dll
Status : Skenováno
Object : NE->c:\users\volda\appdata\local\snare\snare.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.WE!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

fuzokokation.default
Status : Skenováno
Object : NE->c:\users\volda\appdata\roaming\profiles\fuzokokation.default
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Trotux.FakeProfile!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 1
Failed : 0

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 05 kvě 2017 11:31

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:05, on 05.05.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal

Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Volda\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Volda\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Volda\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Volda\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [RazerCortex] "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Volda\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Volda\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - Startup: Facebook Gameroom.lnk = C:\Users\Volda\AppData\Local\Facebook\Games\FacebookGameroom.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 10533 bytes

Voldacz
Level 2
Level 2
Příspěvky: 244
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod Voldacz » 05 kvě 2017 11:32

Nezdá se, že by byli nějaké problémy

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, nežádoucí otevírání oken v chromu

Příspěvekod jaro3 » 05 kvě 2017 18:48

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů