Kontrola logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu

Příspěvekod jaro3 » 15 bře 2017 19:52

Po zoeku a Zemana AntiMalware Free
dej log z HJT

RemoteMouse.exe
+


Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 15 bře 2017 22:28

RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : pc [Práva správce]
Started from : C:\Users\pc\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/15/2017 21:25:11 (Duration : 01:02:45)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-603CA0 ATA Device +++++
--- User ---
[MBR] a8bd78301d6825e1d02c5caa8a8cb053
[BSP] 26054d1d6d1a29bcdb267d680a3bf3e0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99550 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 204085248 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205006848 | Size: 376838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu

Příspěvekod jaro3 » 16 bře 2017 09:06

Ještě to další.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 12:51

Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by pc on źt 16.03.2017 at 11:14:06,32.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\pc\Desktop\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-10-03-184305.log 5622 bytes
C:\zoek-results2016-10-25-223713.log 6364 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\pc\AppData\Local\Opera Software deleted successfully
C:\Users\pc\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\ProgramData\cm-lock" not deleted

==== Chromium Look ======================


Comodo Drag&Drop Service - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
PriceSuggester - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejodbgfcaefpfbfgakjpjoppmkgmcpjp
Comodo Dragon Browser Light Theme - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kglppafajjeikfgmjjegogphhkjnnmgc
Web of Trust - pc\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
FACEIT HELPER - pc\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bjdhcabjnhhifipbnopnfpfidkafanjf
Chrome Media Router - pc\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences will be reset at reboot
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Preferences was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Secure Preferences was reset successfully
C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data was reset successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pc\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pc\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\pc\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=18 16554424 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\pc\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted
"C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences" not deleted

==== EOF on źt 16.03.2017 at 12:48:54,34 ======================

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:08

Zemana AntiMalware 2.72.2.176 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.3.16
Operating System : Windows 10 64-bit
Processor : 4X AMD Phenom(tm) II X4 965 Processor
BIOS Mode : Legacy
CUID : 120A1E85C0D6094BBF70B7
Scan Type : Skenování systému
Duration : 5m 44s
Scanned Objects : 74274
Detected Objects : 5
Excluded Objects : 0
Read Level : Normal
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Shortcut
Status : Skenováno
Object : --profile-directory="Profile 5"
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Shortcut

Chrome Shortcut
Status : Skenováno
Object : --profile-directory="Profile 4"
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Shortcut

zoek.scr
Status : Skenováno
Object : %userprofile%\desktop\zoek.scr
MD5 : 36D327EB4A26B4E9242E511913E91084
Publisher : -
Size : 1448141
Version : -
Detection : Malware:Win32/Tamaca!Keee
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\desktop\zoek.scr
Záznam registru - HKCU\Control Panel\Desktop\Scrnsave.exe = C:\Users\pc\Desktop\zoek.scr

zoek.pif
Status : Skenováno
Object : %userprofile%\desktop\zoek.pif
MD5 : 36D327EB4A26B4E9242E511913E91084
Publisher : -
Size : 1448141
Version : -
Detection : Malware:Win32/Tamaca!Keee
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\desktop\zoek.pif

zoek.com
Status : Skenováno
Object : %userprofile%\desktop\zoek.com
MD5 : 36D327EB4A26B4E9242E511913E91084
Publisher : -
Size : 1448141
Version : -
Detection : Malware:Win32/Tamaca!Keee
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\desktop\zoek.com


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:10

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:09:41, on 16.3.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
C:\Program Files (x86)\Ozone Strike Battle Keyboard\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\pc\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
O4 - HKLM\..\Run: [vdcss] "C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe" -tray
O4 - HKLM\..\Run: [Ozone Strike Battle Driver] "C:\Program Files (x86)\Ozone Strike Battle Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: csssrv - COMODO - C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: isesrv - COMODO - C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9124 bytes

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:18

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by pc (16-03-2017 13:12:34)
Running from C:\Users\pc\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-12 08:25:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2280318073-3778435999-2292474207-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2280318073-3778435999-2292474207-503 - Limited - Disabled)
Guest (S-1-5-21-2280318073-3778435999-2292474207-501 - Limited - Disabled)
pc (S-1-5-21-2280318073-3778435999-2292474207-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Aktualizace NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
COMODO Internet Security Pro (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Internet Security Pro (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.1.405760.79 - Comodo)
COMODO Secure Shopping (x32 Version: 1.1.79.0 - COMODO) Hidden
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Dirty Bomb (HKLM\...\Steam App 333930) (Version: - Splash Damage®)
EAC eSports (HKLM\...\Steam App 282660) (Version: - EasyAntiCheat Ltd)
FACEIT Client version 1.0 (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 1.0 - FACEIT LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.22 (HKLM\...\HWiNFO64_is1) (Version: 5.22 - Martin Malík - REALiX)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version: - CyberConnect2 Co. Ltd.)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Ovládací panel NVIDIA 368.39 (Version: 368.39 - NVIDIA Corporation) Hidden
Ozone Strike Battle Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.7.4 (HKLM\...\SteelSeries Engine 3) (Version: 3.7.4 - SteelSeries ApS)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Forest (HKLM\...\Steam App 242760) (Version: - Endnight Games Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DA7F0D3-7EA2-4968-9581-36934AA8C8DA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {10FA9076-F5B4-4E61-B689-C6199C974E2C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {12D4D6D2-6081-42B5-BAB7-BCA0A0DB75DA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {29ABD23D-2C13-425E-95DE-149817FF4501} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2DA0217A-B788-41D9-9BE4-213492FBC2DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {3ED5C0EF-9502-4D35-A883-D5EFB08B3552} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {419623AC-5FAF-4D54-886C-378AE11572DC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {43B549B3-3F34-4F2B-BBE8-80E425AD9033} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {530DD64F-8F73-467D-8E4D-350E1C777120} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5AA7AEEC-0527-46A5-8640-CBDF61A287FE} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {6760E458-1339-4A84-B15A-223EA00BCEDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {685C641C-49D8-4EFB-9ED3-69FE165BC55D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {700A7DBF-447B-4C99-A3FD-1E0C71AC0B00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {714D0892-2DC7-45EB-9B58-004209BC8ABD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {73C7A45C-E284-4E4A-810A-5BE8BDEE3629} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {76849A00-A1DC-466D-BCA7-4692DD6645C0} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {76A4A16E-FC75-4FFF-8924-827B806EBE54} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8463ED85-B766-438F-AC39-49FF6647E6D2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9606E3E2-41C5-482F-9AC5-4C0CC3C18D03} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {A5B93AD9-C7F7-441D-8F05-395FCEA3C715} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A9C05CD6-723E-46FF-A29A-E49B8A205E48} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {AB49CACC-0077-48B9-B064-F00D8080CB8D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BD693EF6-F0B8-4821-BCF9-36B2512014AD} - System32\Tasks\FACEIT Client => C:\Program Files\FACEIT Client\faceitclient.exe [2017-03-16] ()
Task: {BDCCB2B7-C10D-477F-A38E-E1BE9DC8D472} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C3CF5171-EF27-44E8-BCF4-5C9744A15CCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D47EEF9F-FCCE-4388-9276-2F8A3586EE6E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D63882E0-EABC-4C0A-BACC-3C368230E204} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E0FDBA46-420D-4F73-A2C2-B9C20546F9E9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E304B5B7-6C37-452F-B3D5-B2A26630D170} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {E35F1877-34EE-44B2-BD00-0621F5CB9C20} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {E36E3888-9815-4E31-A02E-E9F8208AF800} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {F23A2B81-65DD-457D-83A9-2958C639BA5F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)
Task: {FA7B0DBA-476B-48E4-B7A0-D97527BA512F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:18

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 05:57 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-12 09:04 - 2016-06-03 04:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-03-13 22:27 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-13 22:27 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-15 05:57 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-15 16:12 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-16 04:59 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 13:42 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-12 13:41 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 13:41 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 13:41 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 13:41 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 13:42 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-18 20:09 - 2013-08-19 17:17 - 00479232 _____ () C:\Program Files (x86)\Ozone Strike Battle Keyboard\Monitor.exe
2017-02-08 03:52 - 2017-02-08 03:52 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2017-03-13 13:22 - 2017-03-13 13:22 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 13:22 - 2017-03-13 13:22 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 13:22 - 2017-03-13 13:22 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 13:22 - 2017-03-13 13:22 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2016-03-16 10:25 - 2016-03-16 10:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-06-15 16:12 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-18 20:09 - 2015-01-22 10:30 - 00057344 _____ () C:\Program Files (x86)\Ozone Strike Battle Keyboard\lan.dll
2017-01-18 20:09 - 2013-01-18 15:25 - 00061440 _____ () C:\Program Files (x86)\Ozone Strike Battle Keyboard\hiddriver.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-03-16 11:18 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4f412d36-243d-437c-a1d9-a810062f47da}.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:19

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{AAF5A5F3-0C5F-459A-B642-6D4A20EA0CD8}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{57D85DA9-2662-485B-A251-486350E55DCD}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{CCB9D361-F8D8-4C59-962B-50DE6CA5FD2E}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{77E55B3B-90C3-49D8-94D3-16986BE069C6}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{ABE60150-519E-48EA-93A1-BE25528A58D6}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{38D6802C-B751-49CF-AC2D-86805B0C8C70}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{3B063D1E-9B9D-4FD8-B26B-9EEC5CB601D2}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{7C63C152-A1E3-46F8-AB4B-890D9D2BF156}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{CDD467C0-CBBF-4942-98B9-E216628FD584}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{64C1449B-F60D-4C89-97A1-1FA41D271F6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC47526D-8A6D-4FD2-9E58-BC9942E8CA28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B1CF1EEF-0AC2-4A3A-8123-AD7CB44C0664}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D786F8CE-B8D3-4C53-8202-56146396566D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B77BD414-BD27-4167-BC07-4E05BE438923}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B24F9CB7-09B9-49A5-A18F-3834470800BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B563A3D7-39BE-4E06-9BCC-6BD164CDF999}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{3BCCB856-BCAC-4E38-876A-A7ABDA742A72}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{8F328B63-66B5-40CD-B67D-FD85F600DA22}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{6DE126E8-769D-4417-B524-96A20E78D311}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{3D3AD1BC-3EDC-4FBB-9DA0-592E0DD05BDD}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{223C98FD-E7CE-4DDB-BEFC-F05E004334DA}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{0B581732-8402-4DE9-A8B4-FBF8635C35BE}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F100674A-2FA9-4416-9FA3-A1C15B04C367}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{08C6D33A-4EFD-45FB-A46D-62A1F157E123}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{377D6575-0545-4A00-AB3B-5652B0870296}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A5FE8003-FFAD-41E7-922D-B14C70D1DDF3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{0F468F8A-0601-4EBD-AE7D-47E5AA195C49}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F27D4E54-80AE-480B-BC4F-9FF7BA4A59D3}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{FCE162CF-3902-4564-9F22-4163D90395B0}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{D469B63D-4539-49B4-99C1-1C153BA3AB13}] => (Allow) D:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{BDEC0A26-6B7C-4613-BF51-8296384F8A6E}] => (Allow) D:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{8E165EC2-7DB4-4FB2-915E-E9FC79450141}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Block) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{38A770F5-E1FF-4BB8-BBA2-1357F3380E27}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Block) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{47643E0A-6473-41D0-B436-A780270B2B82}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{6704AD9E-7C31-4D9D-8C67-9645DDC00173}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{BB23D655-7E21-46D6-9E3F-500DF4237F3F}] => (Allow) D:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{D06C0150-A5D0-49D4-A9C3-EDF3DA430E18}] => (Allow) D:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{4BF442AE-E520-42C8-B199-7438CFC26B4F}D:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) D:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{2B407DDB-073A-49E4-8DCA-9F1991C3B85B}D:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) D:\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{55C19AD4-DC04-4D1F-BEB7-2C03F15F6B48}D:\gta5.exe] => (Block) D:\gta5.exe
FirewallRules: [UDP Query User{C5A26BE4-037D-4D52-B56F-FD2F737C0A04}D:\gta5.exe] => (Block) D:\gta5.exe
FirewallRules: [{793CAAD7-1DB0-4175-9419-3C7E6596A0FF}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{83A7E675-BB91-4D9C-BAC7-7B8BAAD54BD6}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0B826EB8-813F-4A99-822F-E86B52F6A08F}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{DE489288-759F-4029-9FE0-C37BC67A9BBE}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{2A86CBDF-EEE4-47FB-99AD-6F79BF920183}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{5BB22211-9D62-4EEC-95B8-28B166E705AC}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{B6B38AF2-E5CA-4D6C-9C34-A1FE7C01A6B6}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{F476BE5D-FDF9-4608-B630-D505E26A1D60}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{8C8CD595-502A-421A-A31B-F434B24FBBD0}] => (Allow) D:\Steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [{A0138352-D54B-4550-89E8-6CBB66A8AE3F}] => (Allow) D:\Steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [{B483F37A-65FE-495F-83E3-AB305E419E41}] => (Allow) D:\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{2CE3D201-B1D8-4203-AB7D-A2C1EA4F6223}] => (Allow) D:\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{0FBD11D3-8664-47E3-813F-7480D4C91918}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:19

==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2017 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.14393.479, časové razítko: 0x582588e6
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000017788
ID chybujícího procesu: 0x21c4
Čas spuštění chybující aplikace: 0x01d29e3e7a0018fe
Cesta k chybující aplikaci: C:\Users\pc\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: f88829e3-a736-42d6-9fa0-fc7954fe034e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/16/2017 11:17:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.IOException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (03/16/2017 11:13:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek.com, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.14393.479, časové razítko: 0x58256d37
Kód výjimky: 0xc0000409
Posun chyby: 0x000da832
ID chybujícího procesu: 0x20ac
Čas spuštění chybující aplikace: 0x01d29e3dfb59573a
Cesta k chybující aplikaci: C:\Users\pc\Desktop\zoek.com
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 97e26da2-abcd-4e0e-bbc2-be75273b719d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/16/2017 11:10:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: pc-PC)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/16/2017 11:08:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek.scr, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.14393.479, časové razítko: 0x58256d37
Kód výjimky: 0xc0000409
Posun chyby: 0x000da832
ID chybujícího procesu: 0x1730
Čas spuštění chybující aplikace: 0x01d29e3d49cccf9c
Cesta k chybující aplikaci: C:\Users\pc\Desktop\zoek.scr
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 11b6cced-e08d-4b00-8692-5147f8642783
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/16/2017 11:00:03 AM) (Source: ESENT) (EventID: 104) (User: )
Description: DllHost (6032) WebCacheLocal: Databázový stroj zastavil instanci (0) s chybou (-510).



Sekvence interního načasování: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.016, [10] 0.000, [11] 0.000, [12] 0.016, [13] 0.000, [14] 0.000, [15] 0.000.

Error: (03/16/2017 10:59:57 AM) (Source: ESENT) (EventID: 492) (User: )
Description: DllHost (6032) WebCacheLocal: Posloupnost souborů protokolů (C:\Users\pc\AppData\Local\Microsoft\Windows\WebCache\) se zastavila kvůli závažné chybě. Databáze, které používají tuto posloupnost souborů protokolů, už nejde aktualizovat. Vyřešte prosím problémy a restartujte nebo obnovte databázi ze záložní kopie.

Error: (03/16/2017 10:59:57 AM) (Source: ESENT) (EventID: 418) (User: )
Description: DllHost (6032) WebCacheLocal: Při otevírání nově vytvořeného souboru protokolu C:\Users\pc\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (03/16/2017 10:59:57 AM) (Source: ESENT) (EventID: 413) (User: )
Description: DllHost (6032) WebCacheLocal: Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (03/16/2017 10:59:57 AM) (Source: ESENT) (EventID: 486) (User: )
Description: DllHost (6032) WebCacheLocal: Pokus o přesunutí souboru C:\Users\pc\AppData\Local\Microsoft\Windows\WebCache\V01.log do složky C:\Users\pc\AppData\Local\Microsoft\Windows\WebCache\V0100163.log selhal. Došlo k systémové chybě 183 (0x000000b7): Nelze vytvořit soubor, který již existuje. . Operace přesunutí souboru selže a dojde k chybě -1814 (0xfffff8ea).


System errors:
=============
Error: (03/16/2017 12:46:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/16/2017 12:20:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/16/2017 12:20:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/16/2017 12:20:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/16/2017 12:20:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/16/2017 12:20:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/16/2017 11:11:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2017 11:11:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/16/2017 11:10:07 AM) (Source: DCOM) (EventID: 10010) (User: pc-PC)
Description: Server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/16/2017 10:38:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ochrana softwaru neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


CodeIntegrity:
===================================
Date: 2017-03-16 13:01:51.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 13:01:51.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 13:01:51.625
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-16 12:57:06.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-16 12:57:06.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-16 12:53:42.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-16 12:53:42.175
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-03-16 12:48:44.694
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 12:48:44.686
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 12:48:44.678
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 27%
Total physical RAM: 8190.11 MB
Available physical RAM: 5955.98 MB
Total Virtual: 16382.11 MB
Available Virtual: 14032.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.22 GB) (Free:51.24 GB) NTFS
Drive d: () (Fixed) (Total:368.01 GB) (Free:180.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91B2CDBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:19

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by pc (administrator) on PC-PC (16-03-2017 13:11:36)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
() C:\Program Files\FACEIT Client\faceitclient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
() C:\Program Files (x86)\Ozone Strike Battle Keyboard\Monitor.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Kontrola logu

Příspěvekod volvo1971 » 16 bře 2017 13:20

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1519800 2016-12-28] (COMODO)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386568 2016-12-06] (COMODO)
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [7688880 2016-12-21] (COMODO)
HKLM-x32\...\Run: [Ozone Strike Battle Driver] => C:\Program Files (x86)\Ozone Strike Battle Keyboard\Monitor.exe [479232 2013-08-19] ()
HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\...\Run: [Steam] => D:\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2280318073-3778435999-2292474207-1000\...\MountPoints2: {37626bee-4846-11e6-bd83-14dae95240b1} - "F:\Startme.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-05-16]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{83ecb876-083a-431e-8d94-754d7febb413}: [DhcpNameServer] 213.46.172.37 213.46.172.36


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů