Prosím o kontrolu logu z HJT - infikovaný notebook Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 11:17

{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.9.9.0",
"x64": true,
"date": "Feb 27 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.14393) 64 bits version",
"boot": 0,
"winpe": false,
"user": "Lenovo",
"user_admin": true,
"program_location": "C:\\Users\\Lenovo\\Desktop\\RogueKillerX64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "03/03/2017 22:31:31",
"duration": 2235,
"switches": 0,
"debug": false,
"count": 5,
"show_legit_hooks": false,
"expert_mode": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 424,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 580,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 540,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 684,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 540,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 696,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 676,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 768,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 676,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 812,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 684,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 820,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 684,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 928,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 992,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 588,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 616,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 768,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 400,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1028,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1184,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1376,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "ekrn.exe",
"name_parent": "",
"pid": 1384,
"path": "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe",
"command_line": "",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1596,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1640,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1756,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 1928,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1624,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k apphost",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1532,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1900,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "mqsvc.exe",
"name_parent": "",
"pid": 2092,
"path": "C:\\Windows\\System32\\mqsvc.exe",
"command_line": "C:\\WINDOWS\\system32\\mqsvc.exe",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "CxAudMsg64.exe",
"name_parent": "",
"pid": 2152,
"path": "C:\\Windows\\System32\\CxAudMsg64.exe",
"command_line": "\"C:\\WINDOWS\\system32\\CxAudMsg64.exe\"",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "NVDisplay.Container.exe",
"name_parent": "",
"pid": 2184,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe\" -s NVDisplay.ContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NVDisplay.ContainerLocalSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\LocalSystem\"",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "PnkBstrA.exe",
"name_parent": "",
"pid": 2220,
"path": "C:\\Windows\\SysWOW64\\PnkBstrA.exe",
"command_line": "C:\\WINDOWS\\SysWoW64\\PnkBstrA.exe",
"pid_parent": 812,
"path_parent": "",
"is_64": false
},
{
"name": "TeamViewer_Service.exe",
"name_parent": "",
"pid": 2236,
"path": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
"command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe\"",
"pid_parent": 812,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2256,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 2264,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2364,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 2552,
"path": "",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "SMSvcHost.exe",
"name_parent": "",
"pid": 2760,
"path": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
"command_line": "C:\\WINDOWS\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "nvxdsync.exe",
"name_parent": "NVDisplay.Container.exe",
"pid": 2204,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",
"command_line": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe -first",
"pid_parent": 2184,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"is_64": true
},
{
"name": "SMSvcHost.exe",
"name_parent": "",
"pid": 3108,
"path": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
"command_line": "\"C:\\WINDOWS\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe\" -NetMsmqActivator",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "wmpnetwk.exe",
"name_parent": "",
"pid": 3136,
"path": "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"command_line": "\"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 3744,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 3820,
"path": "C:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 588,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 3976,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 3936,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3792,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 3688,
"path": "C:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 588,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleUpdate.exe",
"name_parent": "svchost.exe",
"pid": 4112,
"path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c",
"pid_parent": 588,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 4308,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4432,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 4532,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "egui.exe",
"name_parent": "",
"pid": 4840,
"path": "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe",
"command_line": "\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide",
"pid_parent": 1384,
"path_parent": "",
"is_64": true
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 4508,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\WINDOWS\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 5132,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "TeamViewer.exe",
"name_parent": "TeamViewer_Service.exe",
"pid": 5464,
"path": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe",
"command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"",
"pid_parent": 2236,
"path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5744,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "tv_w32.exe",
"name_parent": "TeamViewer_Service.exe",
"pid": 5628,
"path": "C:\\Program Files (x86)\\TeamViewer\\tv_w32.exe",
"command_line": "\"C:\\Program Files (x86)\\TeamViewer\\tv_w32.exe\" --action hooks --log C:\\Program Files (x86)\\TeamViewer\\TeamViewer12_Logfile.log ",
"pid_parent": 2236,
"path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
"is_64": false
},
{
"name": "tv_x64.exe",
"name_parent": "TeamViewer_Service.exe",
"pid": 3388,
"path": "C:\\Program Files (x86)\\TeamViewer\\tv_x64.exe",
"command_line": "\"C:\\Program Files (x86)\\TeamViewer\\tv_x64.exe\" --action hooks --log C:\\Program Files (x86)\\TeamViewer\\TeamViewer12_Logfile.log ",
"pid_parent": 2236,
"path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 5640,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x2dc",
"pid_parent": 1596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 5900,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "AthBtTray.exe",
"name_parent": "Explorer.EXE",
"pid": 6000,
"path": "C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe",
"command_line": "\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "Energy Management.exe",
"name_parent": "Explorer.EXE",
"pid": 5488,
"path": "C:\\Program Files (x86)\\Lenovo\\Energy Management\\Energy Management.exe",
"command_line": "\"C:\\Program Files (x86)\\Lenovo\\Energy Management\\Energy Management.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "utility.exe",
"name_parent": "Explorer.EXE",
"pid": 5904,
"path": "C:\\Program Files (x86)\\Lenovo\\Energy Management\\utility.exe",
"command_line": "\"C:\\Program Files (x86)\\Lenovo\\Energy Management\\utility.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "NvBackend.exe",
"name_parent": "Explorer.EXE",
"pid": 6232,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "AAM Updates Notifier.exe",
"name_parent": "",
"pid": 6268,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe\"",
"pid_parent": 6196,
"path_parent": "",
"is_64": false
},
{
"name": "SynTPEnh.exe",
"name_parent": "Explorer.EXE",
"pid": 6276,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "CAudioFilterAgent64.exe",
"name_parent": "Explorer.EXE",
"pid": 6500,
"path": "C:\\Program Files\\CONEXANT\\cAudioFilterAgent\\CAudioFilterAgent64.exe",
"command_line": "\"C:\\Program Files\\CONEXANT\\cAudioFilterAgent\\CAudioFilterAgent64.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "SettingSyncHost.exe",
"name_parent": "svchost.exe",
"pid": 6788,
"path": "C:\\Windows\\System32\\SettingSyncHost.exe",
"command_line": "C:\\WINDOWS\\system32\\SettingSyncHost.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "VM332_STI.EXE",
"name_parent": "",
"pid": 6904,
"path": "C:\\Program Files (x86)\\USB Camera2\\VM332_STI.EXE",
"command_line": "\"C:\\Program Files (x86)\\USB Camera2\\VM332_STI.EXE\" ",
"pid_parent": 6724,
"path_parent": "",
"is_64": false
},
{
"name": "iusb3mon.exe",
"name_parent": "",
"pid": 6920,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\" ",
"pid_parent": 6724,
"path_parent": "",
"is_64": false
},
{
"name": "CCleaner64.exe",
"name_parent": "",
"pid": 6932,
"path": "C:\\Program Files\\CCleaner\\CCleaner64.exe",
"command_line": "\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR /uac",
"pid_parent": 6736,
"path_parent": "",
"is_64": true
},
{
"name": "jusched.exe",
"name_parent": "",
"pid": 6948,
"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ",
"pid_parent": 6724,
"path_parent": "",
"is_64": false
},
{
"name": "SynTPHelper.exe",
"name_parent": "",
"pid": 6688,
"path": "C:\\PROGRAM FILES\\SYNAPTICS\\SynTP\\SYNTPHELPER.EXE",
"command_line": "\"C:\\PROGRAM FILES\\SYNAPTICS\\SYNTP\\SYNTPHELPER.EXE\" ",
"pid_parent": 6324,
"path_parent": "",
"is_64": true
},
{
"name": "TrustedInstaller.exe",
"name_parent": "",
"pid": 748,
"path": "C:\\Windows\\servicing\\TrustedInstaller.exe",
"command_line": "C:\\WINDOWS\\servicing\\TrustedInstaller.exe",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "TiWorker.exe",
"name_parent": "svchost.exe",
"pid": 1752,
"path": "C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\\TiWorker.exe",
"command_line": "C:\\WINDOWS\\winsxs\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\\TiWorker.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LSB.exe",
"name_parent": "",
"pid": 7052,
"path": "C:\\Users\\Lenovo\\AppData\\Local\\Apps\\2.0\\Q1EDNP1W.L40\\TJZG0DTA.YHN\\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\\LSB.exe",
"command_line": "\"C:\\Users\\Lenovo\\AppData\\Local\\Apps\\2.0\\Q1EDNP1W.L40\\TJZG0DTA.YHN\\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\\LSB.exe\" ",
"pid_parent": 6972,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5316,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "InstallAgent.exe",
"name_parent": "svchost.exe",
"pid": 8076,
"path": "C:\\Windows\\System32\\InstallAgent.exe",
"command_line": "C:\\Windows\\System32\\InstallAgent.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "InstallAgentUserBroker.exe",
"name_parent": "svchost.exe",
"pid": 8136,
"path": "C:\\Windows\\System32\\InstallAgentUserBroker.exe",
"command_line": "C:\\Windows\\System32\\InstallAgentUserBroker.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 7192,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 808,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "ielowutil.exe",
"name_parent": "",
"pid": 4852,
"path": "C:\\Program Files\\Internet Explorer\\IELowutil.exe",
"command_line": "\"C:\\Program Files\\Internet Explorer\\IELowutil.exe\" -PID:123",
"pid_parent": 7896,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5896,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
"pid_parent": 812,
"path_parent": "",
"is_64": true
},
{
"name": "SystemSettingsBroker.exe",
"name_parent": "svchost.exe",
"pid": 2004,
"path": "C:\\Windows\\System32\\SystemSettingsBroker.exe",
"command_line": "C:\\Windows\\System32\\SystemSettingsBroker.exe -Embedding",
"pid_parent": 928,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKillerX64.exe",
"name_parent": "Explorer.EXE",
"pid": 7188,
"path": "C:\\Users\\Lenovo\\Desktop\\RogueKillerX64.exe",
"command_line": "\"C:\\Users\\Lenovo\\Desktop\\RogueKillerX64.exe\" ",
"pid_parent": 3976,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 256,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "0",
"value_data": "2",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (2)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 512,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "0",
"value_data": "2",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (2)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.StartMenu"
],
"rule_name": "Explorer Advanced",
"view": 256,
"value": "Start_ShowMyGames",
"subkey": "",
"value_old_data": "0",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-21-104870834-3866067964-3722874268-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (1)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.StartMenu"
],
"rule_name": "Explorer Advanced",
"view": 512,
"value": "Start_ShowMyGames",
"subkey": "",
"value_old_data": "0",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-21-104870834-3866067964-3722874268-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (1)",
"status_choice": 2,
"status_removed": 6
}
],
"tasks": [],
"filesystem": [],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Profile 1 [SecurePrefs]",
"line": "session.startup_urls [http://www.istartsurf.com/?type=hp&ts=1438874761&z=40051ff82aba33b0f9308a2gaz3c7bbbcm5zeq2bbt&from=cor&uid=ST500LT012-9WS142_W0VAJ134XXXXW0VAJ134]",
"key": "session.startup_urls",
"value": "http://www.istartsurf.com/?type=hp&ts=1438874761&z=40051ff82aba33b0f9308a2gaz3c7bbbcm5zeq2bbt&from=cor&uid=ST500LT012-9WS142_W0VAJ134XXXXW0VAJ134"
},
"status_str": "Smazáno",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST500LT012-9WS142 +++++\n--- User ---\n[MBR] 5fec67d9173549209841e5055a05a05f\n[BSP] 15fc16227e8fccae680f59a76c9e4889 : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 498927616 | Size: 232214 MB\n3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974502272 | Size: 1108 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod jaro3 » 04 bře 2017 13:21

Divný log , udělej ten RK+zoek a HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 16:39

Zoek ešte stále ide. Neviem ako ani zavrieť.
Snímka.PNG

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 16:54

Toto by mal byť správny log z RogueKiller.
Zoek skúsim spustiť ešte raz.

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Lenovo [Práva správce]
Started from : C:\Users\Lenovo\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/03/2017 22:31:31 (Duration : 00:37:15)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-104870834-3866067964-3722874268-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-104870834-3866067964-3722874268-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://www.istartsurf.com/?type=hp&ts=1438874761&z=40051ff82aba33b0f9308a2gaz3c7bbbcm5zeq2bbt&from=cor&uid=ST500LT012-9WS142_W0VAJ134XXXXW0VAJ134] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 +++++
--- User ---
[MBR] 5fec67d9173549209841e5055a05a05f
[BSP] 15fc16227e8fccae680f59a76c9e4889 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 498927616 | Size: 232214 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974502272 | Size: 1108 MB
User = LL1 ... OK
User = LL2 ... OK

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 17:10

Na druhý pokus mám aj log zo Zoek.


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Lenovo on so 04.03.2017 at 16:56:13,34.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Lenovo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-03-04-103335.log 3489 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\Default\AppData\Local\NetworkTiles deleted successfully
C:\Users\Lenovo\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================


==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Tiny JavaScript Debugger - %ProfilePath%\extensions\tinyjsdebugger@enigmail.net.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166
684F2DF31062413E094280891DCB6EE1 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll - Shockwave for Director / Shockwave for Director
88041A1D3DB193614C1DD264CDD7417E - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll - Shockwave for Director / Shockwave for Director
7FB1DC8C464CAFC230E7AD6392AE859B - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll - Shockwave Flash
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Lenovo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

Listen Video - Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbiapabbjlfcbfoedilflhnifandagoh
Chrome Media Router - Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Lenovo\AppData\Local\battlestick\User Data\Default\Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\battlestick\User Data\Default\Secure Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Lenovo\AppData\Local\battlestick\User Data\Default\Web Data was reset successfully
C:\Users\Lenovo\AppData\Local\battlestick\User Data\Default\Web Data-journal was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Lenovo\AppData\Local\Mozilla\Firefox\Profiles\1xy2o2g4.default-1446832914166\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Lenovo\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Lenovo\AppData\Local\battlestick\User Data\Default\Cache emptied successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=144 folders=65 56450539 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Lenovo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 04.03.2017 at 17:07:37,13 ======================

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 18:19

Tu je log zo Zemana AntiMalware. Hneď po ukončení sa mi nezobrazil a keď som klikol na "ďalej" hneď prebehlo čistenie :-( Dúfam, že to nevadí.

Zemana AntiMalware 2.72.2.101 (inštalačná verzia)

-------------------------------------------------------
Scan Result : Dokončené
Scan Date : 2017.3.4
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
BIOS Mode : Legacy
CUID : 1234113AB09C3D66F5EDFB
Scan Type : Kontrola systému
Duration : 15m 7s
Scanned Objects : 78782
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuté
Detect All Extensions : Vypnuté
Scan Documents : Vypnuté
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status : Skontrolované
Object : Zoznam - http://zoznam.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Slovnik.sk (EN-SK) - http://slovnik.azet.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Dunaj - http://dunaj.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Azet - http://azet.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Atlas - http://atlas.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

WebcamMax.exe
Status : Skontrolované
Object : %programfiles%\webcammax\webcammax.exe
MD5 : 9FAE32760505F9CA41DFA05AD695897A
Publisher : Tenki Technology Co., Ltd.
Size : 5813560
Version : 7.8.0.6
Detection : Adware:Win32/OutBrowse!Ep
Cleaning Action : Karanténa
Related Objects :
Súbor - %programfiles%\webcammax\webcammax.exe
Odkaz - C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WebcamMax.lnk

tanki online.lnk
Status : Skontrolované
Object : NE->c:\users\lenovo\appdata\local\google\chrome\user data\profile 1\web applications\tankionline.com\http_80\tanki online.lnk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Trojan:Win32/Kovter.B!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 18:20

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:08, on 4.3.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 47.0.2 (x86 sk)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Lenovo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [EADM] "D:\hry\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 11343 bytes

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 04 bře 2017 18:24

Keď je Windows spustený, nie sú žiadne problémy. Pri štarte notebooku z vypnutého stavu zastane na prihlasovacej obrazovke, v pravo dole musím dať reštartovať a potom nabehne. Robí to len pri spustení z vypnutého stavu, pri reštarte je všetko OK. Viete mi s tým prosím pomôcť? Zatiaľ ďakujem.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod jaro3 » 04 bře 2017 22:54

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 05 bře 2017 00:21

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-05 00:19:14
-----------------------------
00:19:14.687 OS Version: Windows x64 6.2.9200
00:19:14.687 Number of processors: 4 586 0x3A09
00:19:14.687 ComputerName: LENOVO-PC UserName: Lenovo
00:19:17.786 Initialize success
00:19:18.050 VM: initialized successfully
00:19:18.050 VM: Intel CPU BiosDisabled
00:19:29.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:19:29.055 Disk 0 Vendor: ST500LT0 0001 Size: 476940MB BusType: 3
00:19:29.258 Disk 0 MBR read successfully
00:19:29.258 Disk 0 MBR scan
00:19:29.258 Disk 0 Windows 7 default MBR code
00:19:29.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:19:29.297 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 243516 MB offset 206848
00:19:29.302 Disk 0 Partition - 00 0F Extended LBA 232214 MB offset 498927616
00:19:29.342 Disk 0 Partition 3 00 12 Compaq diag NTFS 1108 MB offset 974502272
00:19:29.367 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 232213 MB offset 498929664
00:19:29.414 Disk 0 scanning C:\WINDOWS\system32\drivers
00:19:44.786 Service scanning
00:19:51.673 Service eelam C:\WINDOWS\system32\DRIVERS\eelam.sys **LOCKED** 5
00:19:51.833 Service ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys **LOCKED** 5
00:19:52.300 Service epfwwfpr C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
00:20:17.792 Modules scanning
00:20:17.798 Disk 0 trace - called modules:
00:20:17.815 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:20:17.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffc783c4873060]
00:20:17.823 3 CLASSPNP.SYS[fffff803b2d55efb] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffc783c0c86050]
00:20:17.827 Disk 0 statistics 161138/0/0 @ 6,10 MB/s
00:20:17.832 Scan finished successfully
00:20:27.812 Disk 0 MBR has been saved successfully to "C:\Users\Lenovo\Desktop\MBR.dat"
00:20:27.816 The log file has been saved successfully to "C:\Users\Lenovo\Desktop\aswMBR.txt"

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 05 bře 2017 00:23

----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 Professional [10.0 Build 14393] (x64)
Date : 2017/03/05 0:22:49

-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- ST500LT012-9WS142
- HL-DT-ST DVDRAM GT80N
- Microsoft Storage Spaces Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST500LT012-9WS142 : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST500LT012-9WS142
----------------------------------------------------------------------------
Model : ST500LT012-9WS142
Firmware : 0001LVM1
Serial Number : W0VAJ134
Disk Size : 500,1 GB (7,9/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 4465 hod.
Power On Count : 4177 krát
Temperature : 43 C (109 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 119 _99 _34 00000CEA33D0 Počet chybných čítaní
03 _99 _99 __0 000000000000 Čas na roztočenie platní
04 _96 _96 _20 000000001056 Počet spustení/zastavení
05 100 100 _36 000000000000 Počet premapovaných sektorov
07 _81 _60 _30 0000072E0190 Počet chybných vyhľadávaní
09 _95 _95 __0 6D9800001171 Počet odpracovaných hodín
0A 100 100 _97 000000000000 Počet opakovaných pokusov o roztočenie platní
0C _96 _96 _20 000000001051 Počet cyklov zapnutia zariadenia
B8 100 100 _99 000000000000 Priame chyby
BB 100 100 __0 000000000000 Zaznamenané neopraviteľné chyby
BC 100 100 __0 000000000000 Limit na príkaz
BD 100 100 __0 000000000000 Zápisy veľkého preletu
BE _57 _38 _45 01982C29002B Teplota toku vzduchu
BF 100 100 __0 000000000099 Počet udalostí zaznamenaných otrasovým senzorom
C0 100 100 __0 000000000016 Počet vypnutí disku
C1 _80 _80 __0 000000009EBC Počet cyklov načítania/vymazania
C2 _43 _62 __0 00100000002B Teplota
C4 _96 _96 _30 CCDB000010D7 Počet udalostí s cieľom realokovania sektorov
C5 100 100 __0 000000000000 Počet podozrivých sektorov
C6 100 100 __0 000000000000 Počet neopraviteľných sektorov
C7 200 200 __0 000000000000 Počet chýb v kontrolnom súčte UltraDMA
FE 100 100 __0 000000000000 Ochrana pred voľným pádom

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 000F 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5730 5641 4A31 3334
020: 0000 8000 0004 3030 3031 4C56 4D31 5354 3530 304C
030: 5430 3132 2D39 5753 3134 3220 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0004 0048 0048
080: 01F8 0029 346B 7D09 6123 3469 BC09 6123 407F 0031
090: 0031 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 C500
110: 69B8 DA14 0000 0000 0000 0000 0000 0000 0000 401E
120: 401E 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 00FF 0280 0004 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5F00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 1031 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0002 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 ADA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 77 63 D0 33 EA 0C 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 60 60 56
020: 10 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 51 3C 90 01 2E 07 00 00 00 09 32
040: 00 5F 5F 71 11 00 00 98 6D 0C 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 60 60 51 10 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 39 26 2B 00 29 2C 98 01 00 BF 32
0A0: 00 64 64 99 00 00 00 00 00 00 C0 32 00 64 64 16
0B0: 00 00 00 00 00 00 C1 32 00 50 50 BC 9E 00 00 00
0C0: 00 00 C2 22 00 2B 3E 2B 00 00 00 10 00 00 C4 0F
0D0: 00 60 60 D7 10 00 00 DB CC 1E C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 FE 32
100: 00 64 64 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 66 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 06 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 99 00 00 00 38 50 5D D1 B3 0E 00 00
1B0: 00 00 00 00 01 00 97 00 B6 20 95 94 13 03 14 00
1C0: CB 09 E6 BA 01 22 41 00 00 00 00 00 00 00 00 00
1D0: 01 00 00 00 00 00 00 00 56 11 00 00 3E 01 19 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7B

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 22 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 1E
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 FE 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71

GoodByeMomo
Level 1
Level 1
Příspěvky: 50
Registrován: únor 17
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu z HJT - infikovaný notebook

Příspěvekod GoodByeMomo » 05 bře 2017 00:33

MemTest idem spustiť teraz.
Pred chvíľou som mal problém s pripojením na wifi: pripojené - žiadny internet, ale internet 100% išiel (vyskúšané na dvoch mobiloch).
Skúšal som aj spomínaný štart: notebook som vypol a zapol, pri štarte Windows bola čierna obrazovka s kurzorom, naštartoval až na druhý krát. Doteraz som ho zriedka vypínal. Používam Microsoft konto - nemôže to byť problém?


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů