prosím o kontrolu logu - Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

sabrik
Level 3
Level 3
Příspěvky: 602
Registrován: únor 07
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -

Příspěvekod sabrik » 13 úno 2020 11:00

RogueKiller Anti-Malware V14.1.1.0 (x64) [Jan 28 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : derik [Administrator]
Started from : C:\Users\derik\Desktop\RogueKiller_portable64.exe
Signatures : 20200212_135530, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/02/13 10:58:19 (Duration : 00:07:01)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] ByteFence -- %programdata%\ByteFence -> Deleted
=> hosts_backup -- C:\PROGRA~3\BYTEFE~1\RTOP\HOSTS_~1 [1]
=> uclogfile.bin -- C:\PROGRA~3\BYTEFE~1\RTOP\UCLOGF~1.BIN [1]
=> RTOP -- C:\PROGRA~3\BYTEFE~1\RTOP [1]

Reklama
sabrik
Level 3
Level 3
Příspěvky: 602
Registrován: únor 07
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -

Příspěvekod sabrik » 13 úno 2020 12:00

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by derik on źt 13.02.2020 at 11:16:57,42.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\derik\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2020-02-13-100804.log 1837 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IswSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IswSvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default\prefs.js:

Added to C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default bak\prefs.js:

Added to C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default bak\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\derik\AppData\Roaming\Mozilla\Firefox\Profiles\xr2nloav.default-release\prefs.js:

Added to C:\Users\derik\AppData\Roaming\Mozilla\Firefox\Profiles\xr2nloav.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\derik\.android deleted
C:\Users\derik\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\derik\AppData\Local\cache deleted
"C:\ProgramData\R49LW" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default bak
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\derik\AppData\Roaming\Mozilla\Firefox\Profiles\xr2nloav.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default
user_pref("network.proxy.type", 4);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [03.02.2020 10:18]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker" [03.02.2020 09:59]

==== Firefox Extensions ======================

ProfilePath: C:\Users\derik\AppData\Roaming\Thunderbird\Profiles\nqq7tdcy.default bak
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi

ProfilePath: C:\Users\derik\AppData\Roaming\Mozilla\Firefox\Profiles\xr2nloav.default-release
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\derik\AppData\Roaming\Mozilla\Firefox\Profiles\xr2nloav.default-release
B1E9E7809E3793A7950D4F761C782C3E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
3C37AE56843BCCE0225708A578A81084 - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer
31837E0896A13FD58F7C8FD59A94206F - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\derik\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZaAntiRansomware deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\derik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\derik\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=52 folders=49 44300218 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\derik\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\derik\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\IswTmp" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\IswTmp" deleted

==== EOF on źt 13.02.2020 at 11:50:41,80 ======================

sabrik
Level 3
Level 3
Příspěvky: 602
Registrován: únor 07
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -

Příspěvekod sabrik » 13 úno 2020 12:23

Informace o kontroly
Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 13.2.2020 12:06:24
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:16
Zkontrolované objekty : 1291
Zjištěné objekty : 1
Vyloučené objekty : 0
Automatické odesílání : Ano
Operační systém : Windows 7 x64
Procesor : 4X AMD Athlon(tm) II X4 610e Processor
Režim systému BIOS : Legacy
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 12975519E8514122C9F777


Odhalení
MD5 : D4BB99B097FF7C2D775C63B2CD2AF5CF
Stav : Zkontrolováno
Objekt : c:\program files (x86)\checkpoint\zonealarm\vsinit.dll
Vydavatel : Check Point Software Technologies Ltd.
Velikost : 258664
Odhalení : Suspicious:SRC!P
Akce : Karanténa
-----------------------------------------------------------------------


po této akci byl net odpojen, restartoval jsem modem ..

nejde spustit ZA - chybí VSINIT.dll

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -

Příspěvekod jaro3 » 13 úno 2020 17:48

Odinstaluj Zemana , stáhni a nainstaluj znovu .

Co Crystaldiskinfo portable a Memtest????
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

sabrik
Level 3
Level 3
Příspěvky: 602
Registrován: únor 07
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -

Příspěvekod sabrik » 13 úno 2020 19:35

děkuji MOC všem co se snažili mi pomoci, po konzultaci se známým jsem se rozhodl přejít na LINUX MINT.
Možno mě čekají zase jiné problémy, ale když Bill odepsal W7 tak se s nimi už nebudu zlobit. Nakonec to možná budou W10
MOC DĚKUJI a přeji hezký den

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu -  Vyřešeno

Příspěvekod jaro3 » 13 úno 2020 20:06

Jak myslíš , ale nedal si Memtest ani Crystaldiskinfo , takže pokud budeš instalovat Linux a budeš špatné RAMky anebo disk , budou problémy stejné.

Můžeš dát zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů