Při zapnutí ntb chrome s ruskou stránkou Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 07 úno 2018 16:48

Ahoj, mám problém, že pokaždé když zapnu notebook at se mi otevře chrome a vyjede tam nějaká ruská stránka, ta se ale nenačte, protože ji blokuje můj antivirus - používám McAfee

LOG Z HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:31:34 PM, on 2/7/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Users\MoonP\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ycAutoLaunch_090066D048A76F96F2ED698D931607CE] "C:\Users\MoonP\AppData\Local\yc\Application\yc.exe" /prefetch:5
O4 - HKCU\..\Run: [lsfflqseat] explorer "http://klakali.ru/?utm_source=uoua03&utm_content=d584e28cdf7e9dfb58097da935e3a560&utm_term=57CC17D2580C68F0CDA999C30262FD4C&utm_d=20180203"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{caddd320-331b-473d-ba1d-b34d8572e02a}: NameServer = 35.177.46.238,46.101.28.31,82.202.226.203,213.46.172.37,213.46.172.36
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
O23 - Service: Dolby DAX2 API Service (DAX2API) - Unknown owner - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: GameRecorderSVC - Lenovo(beijing) Limited - C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem12.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
O23 - Service: @oem16.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Online Connect - Intel Corporation - C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
O23 - Service: Intel(R) Online Connect Helper - Intel Corporation - C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe
O23 - Service: Intel(R) Online Connect Software Asset Manager - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: Intel(R) Online Connect Access Legacy CS Loader (Intel(R) TechnologyAccessLegacyCSLoader) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
O23 - Service: Intel(R) Online Connect Access (Intel(R) TechnologyAccessService) - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: PluginLoaderSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 15043 bytes


CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39303
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod jaro3 » 07 úno 2018 17:39

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 07 úno 2018 21:34

LOG Z AdwCleaner

# AdwCleaner 7.0.7.0 - Logfile created on Wed Feb 07 20:11:12 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 02-06-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

*** [ Services ] ***

No malicious services found.

*** [ Folders ] ***

Adware.pokki, C:\ProgramData\Host App Service
Adware.pokki, C:\ProgramData\Application Data\Host App Service
Adware.pokki, C:\Users\All Users\Host App Service
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\MoonP\AppData\Local\Host App Service
PUP.Optional.UpService, C:\Users\MoonP\AppData\Local\AdService


*** [ Files ] ***

No malicious files found.

*** [ DLL ] ***

No malicious DLLs found.

*** [ WMI ] ***

No malicious WMI found.

*** [ Shortcuts ] ***

No malicious shortcuts found.

*** [ Tasks ] ***

PUP.Optional.Legacy, App Explorer


*** [ Registry ] ***

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workno.ru
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Gosearch
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearch
Adware.pokki, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service


*** [ Firefox (and derivatives) ] ***

No malicious Firefox entries.

*** [ Chromium (and derivatives) ] ***

PUP.Optional.Legacy, SearchProvider found: omiga-plus - omiga-plus
PUP.Optional.Legacy, SearchProvider found: omiga-plus - omiga-plus_
PUP.Optional.Legacy, SearchProvider found: Goo - isearch.omiga-plus.com
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


***********************########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 07 úno 2018 21:34

LOG Z Malwarebytes

Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
02/07/18 " 21:14:00.188" 4439937 32a8 04c0 INFO LogController CLogController::Start "LogController.cpp" 86 "Started logging"
02/07/18 " 21:14:00.188" 4439937 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 310 "Service Controller starting controller initialization"
02/07/18 " 21:14:00.188" 4439937 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 311 "Product code MBAM-C"
02/07/18 " 21:14:00.188" 4439937 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 312 "Product version 3.3.1.2183"
02/07/18 " 21:14:00.188" 4439937 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 313 "Product build consumer"
02/07/18 " 21:14:00.204" 4439953 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 314 "OS Version Windows 10 (Build 16299.192)"
02/07/18 " 21:14:00.298" 4440046 32a8 04c0 WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::LoadConfig "PoliciesConfigHandler.cpp" 414 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\PoliciesConfig.json. Using default values."
02/07/18 " 21:14:00.376" 4440125 32a8 04c0 INFO PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::ShellExtensionControl "PoliciesConfigHandler.cpp" 1177 "Shell extension registered."
02/07/18 " 21:14:00.376" 4440125 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartPoliciesController "ServiceControllerImplementation.cpp" 1994 "Policies Controller Started"
02/07/18 " 21:14:00.376" 4440125 32a8 04c0 INFO LicenseControllerCOM CLicenseController::Start "LicenseController.cpp" 98 "CLicenseController::Start"
02/07/18 " 21:14:00.517" 4440265 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartLicenseController "ServiceControllerImplementation.cpp" 2023 "License Controller Started"
02/07/18 " 21:14:00.642" 4440390 32a8 04c0 ERROR UpdateControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Could not open file for reading C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json"
02/07/18 " 21:14:00.642" 4440390 32a8 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ReadConfig "UpdateControllerImplHelper.cpp" 334 "Config file C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json not found; using default values"
02/07/18 " 21:14:00.657" 4440406 32a8 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Initialize "UpdateControllerImplHelper.cpp" 266 "COMPONENT PACKAGE VERSION: 1.0.0, DB PACKAGE VERSION: 1.0.0"
02/07/18 " 21:14:00.657" 4440406 32a8 04c0 ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4105 "Manifest file not found: C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat"
02/07/18 " 21:14:00.657" 4440406 32a8 04c0 ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4442 "DB manifest validation failed!"
02/07/18 " 21:14:00.673" 4440421 32a8 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4117 "Signature successfully validated"
02/07/18 " 21:14:00.939" 4440687 32a8 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4121 "DB manifest successfully validated"
02/07/18 " 21:14:00.939" 4440687 32a8 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4437 "Validated DB manifest - success"
02/07/18 " 21:14:01.017" 4440765 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartUpdateController "ServiceControllerImplementation.cpp" 2072 "Update Controller Started"
02/07/18 " 21:14:01.017" 4440765 32a8 04c0 INFO CloudController CCloudController::Start "CloudController.cpp" 101 "CCloudController::Initialize"
02/07/18 " 21:14:01.142" 4440890 32a8 04c0 INFO CloudCtrlImpl Initialize "CloudControllerImpl.cpp" 58 "CC Initialize called"
02/07/18 " 21:14:01.142" 4440890 32a8 04c0 ERROR CloudCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Could not open file for reading C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\CloudConfig.json"
02/07/18 " 21:14:01.157" 4440906 32a8 04c0 INFO CloudCtrlImpl CloudControllerImplHelper::ReadConfig "CloudControllerImplHelper.cpp" 2183 "Config file C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\CloudConfig.json not found; using default values"
02/07/18 " 21:14:01.283" 4441031 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartCloudController "ServiceControllerImplementation.cpp" 2102 "Cloud Controller Started"
02/07/18 " 21:14:01.314" 4441062 32a8 04c0 INFO TelemController CTelemetryController::Start_impl "TelemetryController.cpp" 155 "::Initialize"
02/07/18 " 21:14:01.439" 4441187 32a8 04c0 ERROR TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Could not open file for reading C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\TelemCtrlConfig.json"
02/07/18 " 21:14:01.439" 4441187 32a8 04c0 INFO TelemCtrlImpl TelemetryControllerImpl::ReadConfig "TelemetryControllerImplHelper.cpp" 696 "Config file C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\TelemCtrlConfig.json not found; using default values"
02/07/18 " 21:14:01.486" 4441234 32a8 04c0 ERROR TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Could not open file for reading C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\telemetry.json"
02/07/18 " 21:14:01.486" 4441234 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartTelemetryController "ServiceControllerImplementation.cpp" 2161 "Telemetry Controller Started"
02/07/18 " 21:14:01.532" 4441281 32a8 04c0 INFO CleanController CCleanController::StartV2 "CleanController.cpp" 155 "Initializing CleanController"
02/07/18 " 21:14:02.267" 4442015 32a8 04c0 INFO CleanControllerImpl CleanControllerImpl::Start "CleanControllerImpl.cpp" 90 "Starting Clean Controller Impl"
02/07/18 " 21:14:02.267" 4442015 32a8 04c0 ERROR CleanControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Could not open file for reading C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\CleanControllerConfig.json"
02/07/18 " 21:14:02.267" 4442015 32a8 04c0 WARNING CleanControllerImpl CleanControllerImpl::ReadConfig "CleanControllerImpl.cpp" 279 "Failed to read config file C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\CleanControllerConfig.json"
02/07/18 " 21:14:02.267" 4442015 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 804 "Initializing system paths and resolving DOR status"
02/07/18 " 21:14:02.267" 4442015 32a8 04c0 INFO CleanController CCleanController::StartV2::<lambda_0019999857d57aab4774c6294c9b8245>::operator () "CleanController.cpp" 156 "CleanController initialization complete"
02/07/18 " 21:14:02.267" 4442015 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartCleanController "ServiceControllerImplementation.cpp" 2222 "Clean Controller Started"
02/07/18 " 21:14:02.282" 4442031 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 825 "Processing pending actions"
02/07/18 " 21:14:02.657" 4442406 32a8 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanConfigHandler::LoadConfig "ScanConfigHandler.cpp" 85 "Could not load config file C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\ScanConfig.json. Using default values."
02/07/18 " 21:14:02.720" 4442468 32a8 1268 INFO Actions ActionsManager::ProcessPendingActionsAfterReboot "ActionsManager.cpp" 967 "Executing pending post cleanup actions"
02/07/18 " 21:14:02.720" 4442468 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 929 "Initializing CLS Engine"
02/07/18 " 21:14:02.720" 4442468 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 964 "Initializing swiss army SDK"
02/07/18 " 21:14:02.970" 4442718 32a8 04c0 INFO SwissarmyDDA DDAInstall "dda.cpp" 249 "Existing driver is not loaded."
02/07/18 " 21:14:02.970" 4442718 32a8 04c0 ERROR SwissarmyShim SwissarmyShimImpl::InstallInternal "SwissarmyShimImpl.cpp" 1746 "DDAInstall failed (8). DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), Mode (1)"
02/07/18 " 21:14:02.970" 4442718 32a8 04c0 ERROR SwissarmyShim SwissarmyShimImpl::InstallEx "SwissarmyShimImpl.cpp" 1720 "Swissarmy failed to install [8]. Mode (1), DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), LogFile (), BootStart (false)."
02/07/18 " 21:14:03.127" 4442875 32a8 04c0 INFO SwissarmyDDA DDAInstall "dda.cpp" 261 "Successfully installed swissarmy driver."
02/07/18 " 21:14:03.127" 4442875 32a8 04c0 INFO SwissarmyShim SwissarmyShimImpl::InstallEx "SwissarmyShimImpl.cpp" 1715 "Swissarmy was successfully installed. DdaContext (0000014F7F0E6E40), Mode (0), DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), LogFile (), BootStart (false)."
02/07/18 " 21:14:03.127" 4442875 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartScanController "ServiceControllerImplementation.cpp" 2251 "Scan Controller Started"
02/07/18 " 21:14:03.173" 4442921 32a8 1268 INFO SwissarmyShim SwissarmyShimImpl::InstallEx "SwissarmyShimImpl.cpp" 1715 "Swissarmy was successfully installed. DdaContext (0000014F7F0E6EA0), Mode (1), DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), LogFile (), BootStart (false)."
02/07/18 " 21:14:03.173" 4442921 32a8 1268 INFO CleanControllerImpl CleanDBParser::Parse "CleanDBParser.cpp" 18 "Parsing C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb"
02/07/18 " 21:14:03.189" 4442937 32a8 1268 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse "GalaxyRuleParser.cpp" 2976 "Successfully parsed 196 records."
02/07/18 " 21:14:03.189" 4442937 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1011 "Loading Hubble cache"
02/07/18 " 21:14:03.283" 4443031 32a8 04c0 WARNING RTPControllerImpl mb::rtpcontrollerimpl::RTPConfigHandler::LoadConfig "RTPConfigHandler.cpp" 137 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\RtpConfig.json. Using default values."
02/07/18 " 21:14:03.314" 4443062 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartRtpController "ServiceControllerImplementation.cpp" 2280 "RTP Controller Started"
02/07/18 " 21:14:03.314" 4443062 32a8 04c0 INFO MWACControllerCOM CMWACController::StartV2 "MWACController.cpp" 231 "Initializing MWAC Controller"
02/07/18 " 21:14:03.533" 4443281 32a8 04c0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacConfigHandler::CreateMwacConfigFile "MwacConfigHandler.cpp" 374 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\MwacControllerConfig.json. Using default values."
02/07/18 " 21:14:03.533" 4443281 32a8 04c0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::IsLicenseStateValid "MWACControllerImplHelper.cpp" 548 "license state is: Unknown"
02/07/18 " 21:14:03.548" 4443296 32a8 04c0 INFO MWACControllerCOM CMWACController::StartV2::<lambda_07052000952534808cc21878996c736b>::operator () "MWACController.cpp" 232 "MWAC Controller initialization complete"
02/07/18 " 21:14:03.548" 4443296 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartMWACController "ServiceControllerImplementation.cpp" 2310 "MWAC Controller Started"
02/07/18 " 21:14:03.767" 4443515 32a8 04c0 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwConfigHandler::LoadConfig "ArwConfigHandler.cpp" 67 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\ArwControllerConfig.json. Using default values."
02/07/18 " 21:14:03.783" 4443531 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartArwController "ServiceControllerImplementation.cpp" 2342 "ARW Controller Started"
02/07/18 " 21:14:04.048" 4443796 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1038 "Starting white list manager"
02/07/18 " 21:14:04.048" 4443796 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1050 "Starting restore engine"
02/07/18 " 21:14:04.048" 4443796 32a8 1268 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1067 "Entering into main loop"
02/07/18 " 21:14:04.080" 4443828 32a8 04c0 WARNING AEControllerImpl mb::aecontrollerimpl::AEConfigHandler::LoadConfig "AeConfigHandler.cpp" 159 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\AeConfig.json. Using default values."
02/07/18 " 21:14:04.080" 4443828 32a8 3294 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::InitializeV2::<lambda_5e934c23ffd66d32b55631d8158318ce>::operator () "AEControllerImplHelper.cpp" 182 "Anti-Exploit is not licensed. MbaeSdk will not be loaded (0)"
02/07/18 " 21:14:04.080" 4443828 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartAEController "ServiceControllerImplementation.cpp" 2371 "Anti-Exploit Controller Started"
02/07/18 " 21:14:04.095" 4443843 32a8 3294 ERROR AEControllerImpl mb::aecontrollerimpl::AEShimModuleLoader::AeShimSetExclusions "AEShimModuleLoader.cpp" 365 "Cannot set exclusions! AEShim is not loaded."
02/07/18 " 21:14:04.095" 4443843 32a8 3294 ERROR AEControllerImpl mb::aecontrollerimpl::AeExclusionsHandler::InitializeExclusions "ExclusionsHandler.cpp" 73 "Could not configure exclusions in MbaeSdk (-1)"
02/07/18 " 21:14:04.408" 4444156 32a8 04c0 WARNING SPControllerImpl mb::spcontrollerimpl::SpConfigHandler::LoadConfig "SpConfigHandler.cpp" 204 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Config\SpConfigFile.json. Using default values."
02/07/18 " 21:14:04.408" 4444156 32a8 04c0 INFO SPControllerImpl mb::spcontrollerimpl::SpConfigHandler::LoadConfig "SpConfigHandler.cpp" 264 "Protecting MBAM Install path - C:\Program Files\Malwarebytes\Anti-Malware\"
02/07/18 " 21:14:04.439" 4444187 32a8 04c0 INFO SPControllerImpl mb::spcontrollerimpl::SPShimModuleLoader::SPShimSetVerificationMode "SPShimModuleLoader.cpp" 445 "verification mode = 0 ."
02/07/18 " 21:14:04.439" 4444187 32a8 04c0 INFO SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::InitializeImpl "SPControllerImplHelper.cpp" 141 "Successfully initialized the SPControllerImpl, spFolderPath=[C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE]."
02/07/18 " 21:14:04.439" 4444187 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartSpController "ServiceControllerImplementation.cpp" 2131 "Self-Protection Controller Started"
02/07/18 " 21:14:04.439" 4444187 32a8 04c0 INFO ServiceControllerImpl ServiceControllerImplementation::StartSpController "ServiceControllerImplementation.cpp" 2133 "Start Service Controller complete"
02/07/18 " 21:14:04.439" 4444187 0000 1f68 INFO MBAMInstaller IService.cpp "MbamService::Initialize" 226 "Starting post install process."
02/07/18 " 21:14:04.454" 4444203 32a8 36bc INFO ServiceControllerImpl ServiceControllerImplementation::StartApp "ServiceControllerImplementation.cpp" 71 "Starting 'C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe' in session 0x1"
02/07/18 " 21:14:04.470" 4444218 0000 1f68 INFO MBAMInstaller suhlpr.cpp "EP2" 721 "Starting Trial"
02/07/18 " 21:14:04.501" 4444250 32a8 3360 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::GetInstallationToken "KeystoneImpl.cpp" 1083 "Unable to retreive the installation token data. Performing a register to receive a token from Keystone."
02/07/18 " 21:14:04.501" 4444250 32a8 3360 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::GetInstallationToken "KeystoneImpl.cpp" 1097 "GetInstallationToken machineId is empty, calulating the machineId."
02/07/18 " 21:14:05.767" 4445515 32a8 3294 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::InitializeV2::<lambda_5e934c23ffd66d32b55631d8158318ce>::operator () "AEControllerImplHelper.cpp" 254 "Start with Anti-Exploit disabled."
02/07/18 " 21:14:10.752" 4450500 32a8 3360 WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 369 "HTTP POST - connection timed out (during connnect/send)"
02/07/18 " 21:14:10.752" 4450500 32a8 3360 WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "HttpConnection.cpp" 1472 "Exception details: text=Timeout: connect timed out: 54.87.176.164:443"
02/07/18 " 21:14:10.752" 4450500 32a8 3360 ERROR LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "KeystoneImpl.cpp" 786 "Received a [-22] response from Keystone. This isn't one of the expected httpStatus returns."
02/07/18 " 21:14:10.752" 4450500 32a8 3360 ERROR LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "KeystoneImpl.cpp" 796 "SendRequest RequestBody ({
""machine_id"" : ""6d0422a0c18164212b9933eae663cc86eb4057af"",
""product_build"" : ""consumer"",
""product_code"" : ""MBAM-C"",
""product_version"" : ""3.3.1"",
""tags"" : ""{\\u000a \""affiliate_id\"" : \""\"",\\u000a \""affiliate_name\"" : \""consumer\"",\\u000a \""antivirus\"" : [\\u000a \""Windows Defender\"",\\u000a \""ESET Smart Security Premium\""\\u000a ],\\u000a \""biz_env\"" : false,\\u000a \""domain_name\"" : \""\"",\\u000a \""is_on_domain\"" : false,\\u000a \""license_state\"" : \""unknown\"",\\u000a \""os\"" : \""Windows 10 (Build 16299.192)\"",\\u000a \""os_build\"" : \""16299\"",\\u000a \""unredeem_reason\"" : \""\"",\\u000a \""user_is_admin\"" : false\\u000a}""
})."
02/07/18 " 21:14:10.752" 4450500 32a8 3360 ERROR LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "KeystoneImpl.cpp" 798 "SendRequest returned with responseBody ()."
02/07/18 " 21:14:10.752" 4450500 32a8 3360 WARNING LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "KeystoneImpl.cpp" 817 "General network error"
02/07/18 " 21:14:10.752" 4450500 32a8 3360 ERROR LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneRegister "KeystoneImpl.cpp" 511 "SendKeystoneRequest failed trying to Register with Keystone. License functions may be unavailable! Code: -22, Message: "
02/07/18 " 21:14:10.752" 4450500 32a8 3360 ERROR LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneStart "KeystoneImpl.cpp" 404 "Unable to retreive an installation token, unable to redeem with Keystone."
02/07/18 " 21:14:10.752" 4450500 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneCheck "KeystoneImpl.cpp" 129 "Entering KeystoneCheck. Checking with Keystone for licensing status for our installation_token"
02/07/18 " 21:14:10.752" 4450500 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::GetInstallationToken "KeystoneImpl.cpp" 1083 "Unable to retreive the installation token data. Performing a register to receive a token from Keystone."
02/07/18 " 21:14:10.768" 4450515 0000 1f68 INFO MBAMInstaller IService.cpp "MbamService::~MbamService" 159 "Post install process finished."
02/07/18 " 21:14:19.883" 4459625 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::LicenseState "LicenseConfigHandler.cpp" 896 "License state changed."
02/07/18 " 21:14:19.883" 4459625 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::SendLicenseStateChangedNotification "LicenseConfigHandler.cpp" 1234 "Called License state changed callback."
02/07/18 " 21:14:19.883" 4459625 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::LicenseState "LicenseConfigHandler.cpp" 904 "LicenseStateChangedNotification Sent with license state [1]."
02/07/18 " 21:14:19.883" 4459625 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::SetReportLicenseState "LicenseConfigHandler.cpp" 1277 "Setting ReportStateChange flag to (true)."
02/07/18 " 21:14:19.926" 4459671 32a8 0d80 INFO ScanControllerImpl mb::scancontrollerimpl::ScanScheduler::UpdateScheduledScans "ScanScheduler.cpp" 1105 "License state changed from Unknown to Free. Removing existing scheduled scans and adding a default monthly scan."
02/07/18 " 21:14:19.930" 4459671 32a8 0d80 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::SetLicenseState "MWACControllerImplHelper.cpp" 3328 "Entering SetLicenseState Current State is [Not Available]; New License State is [Free]"
02/07/18 " 21:14:19.930" 4459671 32a8 0d80 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::StopProtection "MWACControllerImplHelper.cpp" 1679 "Web Access protection has been stopped."
02/07/18 " 21:14:19.934" 4459687 32a8 0d80 INFO SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::SetLicenseState "SPControllerImplHelper.cpp" 1067 "Setting SpLicenseState to [1]"
02/07/18 " 21:14:23.770" 4463515 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::SetReportLicenseState "LicenseConfigHandler.cpp" 1277 "Setting ReportStateChange flag to (true)."
02/07/18 " 21:14:23.785" 4463531 32a8 2a28 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneCheck "KeystoneImpl.cpp" 172 "Successfully checked license with Keystone."
02/07/18 " 21:14:23.785" 4463531 32a8 3184 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneCheck "KeystoneImpl.cpp" 129 "Entering KeystoneCheck. Checking with Keystone for licensing status for our installation_token"
02/07/18 " 21:14:24.613" 4464359 32a8 3184 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::SetReportLicenseState "LicenseConfigHandler.cpp" 1277 "Setting ReportStateChange flag to (true)."
02/07/18 " 21:14:24.613" 4464359 32a8 3184 INFO LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneCheck "KeystoneImpl.cpp" 172 "Successfully checked license with Keystone."
02/07/18 " 21:16:17.992" 4577734 32a8 2a28 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::StartScan "Scanner.cpp" 553 "Starting a Threat scan, clientID = MbamUI, clientType = MBClientFullUI."
02/07/18 " 21:16:18.000" 4577750 32a8 040c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4105 "Manifest file not found: C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat"
02/07/18 " 21:16:18.000" 4577750 32a8 040c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4442 "DB manifest validation failed!"
02/07/18 " 21:16:18.009" 4577750 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4117 "Signature successfully validated"
02/07/18 " 21:16:19.306" 4579046 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4121 "DB manifest successfully validated"
02/07/18 " 21:16:19.306" 4579046 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4437 "Validated DB manifest - success"
02/07/18 " 21:16:19.307" 4579046 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 537 "DoUpdate - Starting check for updates (manual)"
02/07/18 " 21:16:19.307" 4579046 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 545 "Checking for: Installer=[No], SDK/Ctlr=[No], DB/CLS=[Yes]"
02/07/18 " 21:16:20.379" 4580125 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1177 "DB/ClsEng package --> [mbam-c.dbcls.64bit], current version: [1.0.3881]"
02/07/18 " 21:16:43.002" 4602750 32a8 040c WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 369 "HTTP POST - connection timed out (during receive)"
02/07/18 " 21:16:43.002" 4602750 32a8 040c WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "HttpConnection.cpp" 1472 "Exception details: text=Timeout"
02/07/18 " 21:16:43.002" 4602750 32a8 040c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckForUpdates "UpdateControllerImplHelper.cpp" 783 "HTTP status code: -22"
02/07/18 " 21:16:43.003" 4602750 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 576 "Checked for updates - no updates available"
02/07/18 " 21:16:43.003" 4602750 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 589 "Update check is complete."
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 07 úno 2018 21:35

02/07/18 " 21:16:43.298" 4603046 32a8 3384 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>."
02/07/18 " 21:16:46.678" 4606421 32a8 3384 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
02/07/18 " 21:16:48.642" 4608390 32a8 3384 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse "GalaxyRuleParser.cpp" 2976 "Successfully parsed 69328 records."
02/07/18 " 21:16:52.170" 4611921 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=C:\WINDOWS\SYSTEM32\TASKS\CURL"
02/07/18 " 21:16:52.171" 4611921 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Init "Linker.cpp" 92 "Initializing linker"
02/07/18 " 21:16:54.437" 4614187 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:16:54.842" 4614593 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\WINDOWS\SYSTEM32\TASKS\CURL'"
02/07/18 " 21:16:54.843" 4614593 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\WINDOWS\SYSTEM32\TASKS\CURL' => None:Unknown"
02/07/18 " 21:16:54.843" 4614593 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Windows\System32\Tasks\curl' => None:Unknown"
02/07/18 " 21:16:54.843" 4614593 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:16:54.843" 4614593 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:00.007" 4619750 32a8 040c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4105 "Manifest file not found: C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat"
02/07/18 " 21:17:00.007" 4619750 32a8 040c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4442 "DB manifest validation failed!"
02/07/18 " 21:17:00.142" 4619890 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4117 "Signature successfully validated"
02/07/18 " 21:17:06.035" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 4121 "DB manifest successfully validated"
02/07/18 " 21:17:06.035" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 4437 "Validated DB manifest - success"
02/07/18 " 21:17:06.035" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 537 "DoUpdate - Starting check for updates (automatic)"
02/07/18 " 21:17:06.035" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 545 "Checking for: Installer=[Yes], SDK/Ctlr=[Yes], DB/CLS=[No]"
02/07/18 " 21:17:06.038" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1119 "Installer package --> [mbam-c.installer.consumer], current version: [3.3.1]"
02/07/18 " 21:17:06.038" 4625781 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1146 "SDK/Controller package --> [mbam-c.ctlr.64bit], current version: [1.0.262]"
02/07/18 " 21:17:11.969" 4631718 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 576 "Checked for updates - no updates available"
02/07/18 " 21:17:11.969" 4631718 32a8 040c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 589 "Update check is complete."
02/07/18 " 21:17:16.773" 4636515 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURL' => None:Unknown"
02/07/18 " 21:17:16.773" 4636515 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURL' => None:Unknown"
02/07/18 " 21:17:16.777" 4636531 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}' => None:Unknown"
02/07/18 " 21:17:16.777" 4636531 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}' => None:Unknown"
02/07/18 " 21:17:16.777" 4636531 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}' => None:Unknown"
02/07/18 " 21:17:16.777" 4636531 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}' => None:Unknown"
02/07/18 " 21:17:16.780" 4636531 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=C:\WINDOWS\SYSTEM32\TASKS\CURLS"
02/07/18 " 21:17:16.780" 4636531 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.511" 4637265 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\WINDOWS\SYSTEM32\TASKS\CURLS'"
02/07/18 " 21:17:17.511" 4637265 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\WINDOWS\SYSTEM32\TASKS\CURLS' => None:Unknown"
02/07/18 " 21:17:17.511" 4637265 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Windows\System32\Tasks\curls' => None:Unknown"
02/07/18 " 21:17:17.511" 4637265 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.511" 4637265 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.552" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURLS' => None:Unknown"
02/07/18 " 21:17:17.552" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURLS' => None:Unknown"
02/07/18 " 21:17:17.555" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}' => None:Unknown"
02/07/18 " 21:17:17.555" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}' => None:Unknown"
02/07/18 " 21:17:17.556" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}' => None:Unknown"
02/07/18 " 21:17:17.556" 4637296 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}' => None:Unknown"
02/07/18 " 21:17:17.559" 4637312 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.GoSearch, FilePath=HKU\S-1-5-21-2564185752-1118092260-3013568569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018211647434\SOFTWARE\MICROSOFT\Gosearchq"
02/07/18 " 21:17:17.560" 4637312 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.562" 4637312 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\SOFTWARE\MICROSOFT\GOSEARCHQ' => None:Unknown"
02/07/18 " 21:17:17.563" 4637312 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegKey 'HKU\S-1-5-21-2564185752-1118092260-3013568569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018211653354\SOFTWARE\MICROSOFT\GOSEARCHQ' => None:Unknown"
02/07/18 " 21:17:17.563" 4637312 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.563" 4637312 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.565" 4637312 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.StartPage.Generic, FilePath=HKU\S-1-5-21-2564185752-1118092260-3013568569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018211647434\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LSFFLQSEAT=explorer ""http://klakali.ru/?utm_source=uoua03&utm_content=d584e28cdf7e9dfb58097da935e3a560&utm_term=57CC17D2580C68F0CDA999C30262FD4C&utm_d=20180203"""
02/07/18 " 21:17:17.565" 4637312 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.567" 4637312 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegValue 'HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LSFFLQSEAT' => None:Unknown"
02/07/18 " 21:17:17.713" 4637453 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegValue 'HKU\S-1-5-21-2564185752-1118092260-3013568569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018211653354\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LSFFLQSEAT' => None:Unknown"
02/07/18 " 21:17:17.713" 4637453 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.713" 4637453 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.720" 4637468 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\curl"
02/07/18 " 21:17:17.720" 4637468 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.721" 4637468 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURL and HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURL"
02/07/18 " 21:17:17.721" 4637468 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\curls"
02/07/18 " 21:17:17.722" 4637468 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.722" 4637468 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURLS and HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CURLS"
02/07/18 " 21:17:17.722" 4637468 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}|PATH=\curl"
02/07/18 " 21:17:17.723" 4637468 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.742" 4637484 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegValue 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}|PATH' => None:Unknown"
02/07/18 " 21:17:17.742" 4637484 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}|PATH' => None:Unknown"
02/07/18 " 21:17:17.742" 4637484 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4} and HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D01A4A0-375C-49E3-8A39-0A6EEE0540B4}"
02/07/18 " 21:17:17.742" 4637484 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.743" 4637484 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.745" 4637484 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.MisusedCurl.Generic, FilePath=HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}|PATH=\curls"
02/07/18 " 21:17:17.746" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.749" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegValue 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}|PATH' => None:Unknown"
02/07/18 " 21:17:17.749" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}|PATH' => None:Unknown"
02/07/18 " 21:17:17.750" 4637500 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF} and HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D812E93D-B78A-45C8-BA2D-748EF0CDE0CF}"
02/07/18 " 21:17:17.750" 4637500 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.751" 4637500 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.752" 4637500 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=Trojan.DNSChanger, FilePath=HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{caddd320-331b-473d-ba1d-b34d8572e02a}|NameServer=35.177.46.238,46.101.28.31,82.202.226.203,213.46.172.37,213.46.172.36"
02/07/18 " 21:17:17.753" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.753" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.754" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.754" 4637500 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.754" 4637500 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.754" 4637500 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=Trojan.DNSChanger, FilePath=HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{caddd320-331b-473d-ba1d-b34d8572e02a}|NameServer=35.177.46.238,46.101.28.31,82.202.226.203,213.46.172.37,213.46.172.36"
02/07/18 " 21:17:17.755" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.755" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.755" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.755" 4637500 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.755" 4637500 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:17:17.756" 4637500 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=Trojan.DNSChanger, FilePath=HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{caddd320-331b-473d-ba1d-b34d8572e02a}|NameServer=35.177.46.238,46.101.28.31,82.202.226.203,213.46.172.37,213.46.172.36"
02/07/18 " 21:17:17.756" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:17:17.756" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.756" 4637500 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: RegValue 'HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CADDD320-331B-473D-BA1D-B34D8572E02A}|NAMESERVER' => None:Unknown"
02/07/18 " 21:17:17.756" 4637500 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:17:17.757" 4637500 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:20:28.154" 4827906 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 403 "Response body from Hubble request: {""results"":[{""sha256"":""6b7dd3540e41c3f34ec442293b2fa9ea821bca560fa9999683d2655f4ff63b7b"",""md5"":""9c55b93039b4573cdcd21c4d7bd7e0f6"",""classification"":""DO_NOT_DETECT"",""trust_always"":true,""send_file"":false}]}"
02/07/18 " 21:20:28.154" 4827906 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE' (shuriken) => Hubble:WhiteListed"
02/07/18 " 21:20:28.667" 4828421 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 403 "Response body from Hubble request: {""results"":[{""sha256"":""d1a3add2a0fa8e8c8e18c2831342746f3059d9e886e6c44d3074967b1217d9c5"",""md5"":""419bfebb2f430bc8a246515bd55e024e"",""classification"":""DO_NOT_DETECT"",""trust_always"":true,""send_file"":false}]}"
02/07/18 " 21:20:28.667" 4828421 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\TINY.DAT' (shuriken) => Hubble:WhiteListed"
02/07/18 " 21:20:28.998" 4828750 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessClassificationResult "Scanner.cpp" 3595 "Threat detected: ThreatName=PUP.Optional.GameHack, FilePath=C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT"
02/07/18 " 21:20:28.998" 4828750 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:20:29.296" 4829046 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT'"
02/07/18 " 21:20:29.296" 4829046 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT' => None:Unknown"
02/07/18 " 21:20:29.296" 4829046 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Program Files (x86)\Cheat Engine 6.7\STANDALONEPHASE1.DAT' => None:Unknown"
02/07/18 " 21:20:29.297" 4829046 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:20:29.297" 4829046 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:20:33.264" 4833015 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 403 "Response body from Hubble request: {""results"":[{""sha256"":""2f89b58aecad62383dde701574a878b9a0ab04cc90c9997b31e0aae59f3eca87"",""md5"":""f7a7c41af8bfeafccd45ccc8a1708536"",""classification"":""DO_NOT_DETECT"",""trust_always"":true,""send_file"":false}]}"
02/07/18 " 21:20:33.264" 4833015 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\PROGRAM FILES (X86)\FONTFORGEBUILDS\RUN_FONTFORGE.EXE' (shuriken) => Hubble:WhiteListed"
02/07/18 " 21:20:53.149" 4852890 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 403 "Response body from Hubble request: {""results"":[{""sha256"":""9da5a899b9d55e1d43718ec0ad6368f9e9ef0242a4e88cd5ddb2cc6d7bfa5fb3"",""md5"":""47811d50390a86a17102d7496e6eabb9"",""classification"":""DO_NOT_DETECT"",""trust_always"":true,""send_file"":false}]}"
02/07/18 " 21:20:53.149" 4852890 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\DOWNLOADS\HIJACKTHIS.EXE' (shuriken) => Hubble:WhiteListed"
02/07/18 " 21:21:05.224" 4864968 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 403 "Response body from Hubble request: {""results"":[{""sha256"":""c6592c2061c39ea8ed94d1f6854e16a722dc461f4d5b907b0230452d07d4cce3"",""md5"":""788fcddd88240a85039f7f561093b118"",""classification"":""DO_NOT_DETECT"",""trust_always"":true,""send_file"":false}]}"
02/07/18 " 21:21:05.224" 4864968 32a8 0b6c INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\DOWNLOADS\TFC.EXE' (shuriken) => Hubble:WhiteListed"
02/07/18 " 21:22:00.216" 4919968 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=http://isearch.omiga-plus.com/web/?type=dspp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864&q={searchTerms}, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data"
02/07/18 " 21:22:00.216" 4919968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:01.480" 4921234 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data'"
02/07/18 " 21:22:01.480" 4921234 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:01.480" 4921234 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:01.481" 4921234 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:22:06.536" 4926281 32a8 3098 INFO Actions ClrShort2::GetDetectedTraces "ClrShort2.cpp" 23 "Getting detected traces from ClrShort2"
02/07/18 " 21:22:06.560" 4926312 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:22:06.580" 4926328 32a8 3098 INFO CleanControllerImpl LinkingEngine::LinkChromeUrl "LinkingEngine.cpp" 2247 "Linking to Chrome URL 'http://isearch.omiga-plus.com/web/?type=dspp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864&q={searchTerms}'"
02/07/18 " 21:22:07.611" 4927359 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3'"
02/07/18 " 21:22:07.611" 4927359 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:07.611" 4927359 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:07.860" 4927609 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=http://isearch.omiga-plus.com/?type=hppp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences"
02/07/18 " 21:22:07.861" 4927609 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:07.938" 4927687 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "HubbleWhiteLister.cpp" 141 "Hubble disabled for non-Shuriken/scan detections, path='C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences'"
02/07/18 " 21:22:07.938" 4927687 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences' => None:Unknown"
02/07/18 " 21:22:07.938" 4927687 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences' => None:Unknown"
02/07/18 " 21:22:07.939" 4927687 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:22:09.166" 4928906 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:22:09.171" 4928921 32a8 3098 INFO CleanControllerImpl LinkingEngine::LinkChromeUrl "LinkingEngine.cpp" 2247 "Linking to Chrome URL 'http://isearch.omiga-plus.com/?type=hppp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864'"
02/07/18 " 21:22:09.216" 4928968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:09.216" 4928968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:09.218" 4928968 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864&ts=1422473484&type=default&q={searchTerms}, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data"
02/07/18 " 21:22:09.219" 4928968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:09.234" 4928984 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:09.234" 4928984 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:09.235" 4928984 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:22:10.623" 4930375 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:22:10.623" 4930375 32a8 3098 INFO CleanControllerImpl LinkingEngine::LinkChromeUrl "LinkingEngine.cpp" 2247 "Linking to Chrome URL 'http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864&ts=1422473484&type=default&q={searchTerms}'"
02/07/18 " 21:22:10.670" 4930421 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:10.670" 4930421 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:10.671" 4930421 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=http://isearch.omiga-plus.com/?type=hppp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences"
02/07/18 " 21:22:10.671" 4930421 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:10.675" 4930421 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences and C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences"
02/07/18 " 21:22:13.378" 4933125 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=http://isearch.omiga-plus.com/web/?type=dspp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864&q={searchTerms}, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data"
02/07/18 " 21:22:13.378" 4933125 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:13.384" 4933125 32a8 3098 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 424 "Ignoring clean item because it is a duplicate, C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data and C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Web Data"
02/07/18 " 21:22:13.390" 4933140 32a8 3098 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::ProcessUrlClassificationResult "Scanner.cpp" 3940 "URL detected: ThreatName=Adware.Elex.ShrtCln, URLString=isearch.omiga-plus.com, FilePath=C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data"
02/07/18 " 21:22:13.391" 4933140 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 206 "Finding linked traces"
02/07/18 " 21:22:13.404" 4933156 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:13.404" 4933156 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Web Data' => None:Unknown"
02/07/18 " 21:22:13.404" 4933156 32a8 3098 INFO Actions ActionsManager::GetDetectedThreatsV2 "ActionsManager.cpp" 462 "Getting detected threats from actions"
02/07/18 " 21:22:14.186" 4933937 32a8 3098 INFO CleanControllerImpl PreCleanEngine::AddLinkedTraces "PreCleanEngine.cpp" 837 "Getting linked traces"
02/07/18 " 21:22:14.186" 4933937 32a8 3098 INFO CleanControllerImpl LinkingEngine::LinkChromeUrl "LinkingEngine.cpp" 2247 "Linking to Chrome URL 'isearch.omiga-plus.com'"
02/07/18 " 21:22:14.223" 4933968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\USERS\MOONP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:14.223" 4933968 32a8 3098 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::LogWhiteListStatus "WhiteListManagerCache.cpp" 129 "White list status from cache: File 'C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3' => None:Unknown"
02/07/18 " 21:22:14.230" 4933984 32a8 3384 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 143 "Shutting down linker, waiting for it to complete"
02/07/18 " 21:22:14.230" 4933984 32a8 3384 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::UnInit "Linker.cpp" 130 "Un-initializing linker"
02/07/18 " 21:22:16.664" 4936406 32a8 3384 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 143 "Shutting down linker, waiting for it to complete"
02/07/18 " 21:22:17.794" 4937546 32a8 3384 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 152 "MBAMCore was successfully shutdown."
02/07/18 " 21:22:17.867" 4937609 32a8 3384 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::PerformScan "Scanner.cpp" 1055 "Scan completed."
02/07/18 " 21:22:17.867" 4937609 32a8 3384 INFO MBAMShimImpl MBAMShimImpl::PrepareUpdate "MBAMShimImpl.cpp" 95 "MBAMCore preparing update"
02/07/18 " 21:22:17.867" 4937609 32a8 3384 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "MBAMShimImpl.cpp" 131 "MBAMCore finishing update"
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39303
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod jaro3 » 07 úno 2018 22:55

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Scan“, po prohledání klikni na „ Clean

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 10 úno 2018 11:32

LOG Z AdwCleaner

# AdwCleaner 7.0.7.0 - Logfile created on Thu Feb 08 15:23:26 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 02-06-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

*** [ Services ] ***

No malicious services found.

*** [ Folders ] ***

Adware.pokki, C:\ProgramData\Host App Service
Adware.pokki, C:\ProgramData\Application Data\Host App Service
Adware.pokki, C:\Users\All Users\Host App Service
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\MoonP\AppData\Local\Host App Service
PUP.Optional.UpService, C:\Users\MoonP\AppData\Local\AdService


*** [ Files ] ***

No malicious files found.

*** [ DLL ] ***

No malicious DLLs found.

*** [ WMI ] ***

No malicious WMI found.

*** [ Shortcuts ] ***

No malicious shortcuts found.

*** [ Tasks ] ***

PUP.Optional.Legacy, App Explorer


*** [ Registry ] ***

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\workno.ru
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Gosearch
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearch
Adware.pokki, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service


*** [ Firefox (and derivatives) ] ***

No malicious Firefox entries.

*** [ Chromium (
*** [ Chromium (and derivatives) ] ***

PUP.Optional.Legacy, SearchProvider found: omiga-plus - omiga-plus
PUP.Optional.Legacy, SearchProvider found: omiga-plus - omiga-plus_
PUP.Optional.Legacy, SearchProvider found: Goo - isearch.omiga-plus.com
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864
PUP.Optional.Legacy, Startpage found: http://isearch.omiga-plus.com/?type=hpp ... 1986419864

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


***********************

C:/AdwCleaner/AdwCleaner[S0].txt - [3072 B] - [2018/2/7 20:11:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########LOG Z JRT

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by MoonP (Administrator) on Thu 02/08/2018 at 16:48:56.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/08/2018 at 16:51:59.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


LOG Z RogueKiller

RogueKiller V12.12.3.0 (x64) [Feb 5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : MoonP [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/10/2018 10:31:26 (Duration : 00:45:55)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo17win10.msn.com/?pc=LCTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo17win10.msn.com/?pc=LCTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Found
[Tr.Gen] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4A0626F2-B834-4CD5-8692-57B79621F1C1} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\MoonP\AppData\Local\yc\Application\yc.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=yc| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.AutoIt.Gen][File] C:\Games\SimCity 2013 Offline\En_Laucher.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://isearch.omiga-plus.com/?type=hppp&ts=1422473444&from=obw&uid=WDCXWD2500AAKS-00F0A0_WD-WCAT1941986419864] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.google.com/|https://encrypted.google.com] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] ef0f557ed2659114be76cfc8c5bba247
[BSP] 5d9dcb3a1163eae3b7ed518ddcb4f292 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 926992 MB
3 - Basic data partition | Offset (sectors): 1899046912 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39303
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod jaro3 » 10 úno 2018 11:43

znovu , musíš smazat vše z nálezu adwcleaneru i malwarebytes..
návod výše.


+
sophos něco našel?

+
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 10 úno 2018 21:34

Hele ten zoek už běží asi 5 hodin a furt nic, je to normální?
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39303
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod jaro3 » 11 úno 2018 09:13

Někdy to bývá i delší , můžeš ho spustit v nouz. režimu.
Kde jsou ostatní logy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 11 úno 2018 10:09

LOG Z RogueKilleru

{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.12.3.0",
"x64": true,
"date": "Feb 5 2018",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.16299) 64 bits version",
"boot": 0,
"winpe": false,
"user": "MoonP",
"user_admin": true,
"program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "02/10/2018 12:08:27",
"duration": 2840,
"debug": false,
"count": 8,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 460,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 728,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 716,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 832,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 716,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 844,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 824,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 904,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 924,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 284,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s PlugPlay",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "",
"pid": 424,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-40c36c79-f211-410f-bfbd-a34a6dbf872a -SystemEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-64dc6313-dbc2-48f3-bbe0-e5ea3ec6a494 -IoCancelEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-89d87acc-76fe-4a2b-b1cf-c20984b781c1 -NonStateChangingEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-fd967c78-c532-4d4d-809f-950d1d0d8939 -LifetimeId:b4cdff81-beae-4bfa-91d3-7248705ab6fa -DeviceGroupId:",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 596,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "",
"pid": 660,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 832,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 756,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 824,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 1064,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 756,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1076,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k rpcss -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1144,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s LSM",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 1220,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 756,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1280,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s gpsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1292,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s lmhosts",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1364,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Schedule",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1392,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NcbService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1408,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ProfSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1416,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1544,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s UserManager",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1552,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s hidserv",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1588,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s EventLog",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1736,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s nsi",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1760,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "NVDisplay.Container.exe",
"name_parent": "",
"pid": 1844,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe\" -s NVDisplay.ContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NVDisplay.ContainerLocalSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\LocalSystem\" -r -p 30000",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1884,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s Dhcp",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1936,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s SysMain",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1944,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s EventSystem",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1952,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Themes",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 1200,
"path": "MemCompression",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "NVDisplay.Container.exe",
"name_parent": "NVDisplay.Container.exe",
"pid": 1860,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe\" -f \"C:\\ProgramData\\NVIDIA\\DisplaySessionContainer%d.log\" -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\Session\" -r -l 3 -p 30000 -c",
"pid_parent": 1844,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Container.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1932,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s SENS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2092,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s NlaSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "igfxCUIService.exe",
"name_parent": "",
"pid": 2152,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxCUIService.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxCUIService.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2188,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s Dnscache",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2248,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2256,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s FontCache",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2272,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s netprofm",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2400,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2476,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2496,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2524,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SEMgrSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2612,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -p -s StateRepository",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2696,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2720,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s lfsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2728,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2784,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s fdPHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2808,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2088,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2128,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2488,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ShellHWDetection",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 2804,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x38c",
"pid_parent": 2400,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 3108,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3208,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s LanmanWorkstation",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3324,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3484,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3492,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s CryptSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "IntelCpHDCPSvc.exe",
"name_parent": "",
"pid": 3500,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHDCPSvc.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHDCPSvc.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3508,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -p -s DPS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "OfficeClickToRun.exe",
"name_parent": "",
"pid": 3516,
"path": "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe",
"command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe\" /service",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3528,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "ibtsiva.exe",
"name_parent": "",
"pid": 3548,
"path": "C:\\Windows\\System32\\ibtsiva.exe",
"command_line": "C:\\WINDOWS\\system32\\ibtsiva",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3556,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s IKEEXT",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.exe",
"name_parent": "",
"pid": 3576,
"path": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "LegacyCsLoaderService.exe",
"name_parent": "",
"pid": 3632,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\LegacyCsLoaderService.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\LegacyCsLoaderService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "IntelTechnologyAccessService.exe",
"name_parent": "",
"pid": 3664,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\IntelTechnologyAccessService.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect Access\\IntelTechnologyAccessService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3700,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s iphlpsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfemms.exe",
"name_parent": "",
"pid": 3768,
"path": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfemms.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3780,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s LanmanServer",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "",
"pid": 3796,
"path": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -s NvContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NvContainerLocalSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\plugins\\LocalSystem\" -r -p 30000 -st \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\NvContainerTelemetryApi.dll\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "NvTelemetryContainer.exe",
"name_parent": "",
"pid": 3828,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe\" -s NvTelemetryContainer -f \"C:\\ProgramData\\NVIDIA\\NvTelemetryContainer.log\" -l 3 -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\plugins\" -r",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "PluginLoaderSvc.exe",
"name_parent": "",
"pid": 3952,
"path": "C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\PluginLoaderSvc.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\PluginLoaderSvc.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3960,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SstpSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SecurityHealthService.exe",
"name_parent": "",
"pid": 4000,
"path": "C:\\Windows\\System32\\SecurityHealthService.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4036,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SynTPEnhService.exe",
"name_parent": "",
"pid": 4060,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4084,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3244,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s WpnService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3452,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "MsMpEng.exe",
"name_parent": "",
"pid": 4296,
"path": "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.12.17007.18011-0\\MsMpEng.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4356,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s TapiSrv",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4372,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s WdiServiceHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "dasHost.exe",
"name_parent": "svchost.exe",
"pid": 4400,
"path": "C:\\Windows\\System32\\dasHost.exe",
"command_line": "dashost.exe {27492849-67ae-4a04-983fa70aae807146}",
"pid_parent": 3484,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "IntelCpHeciSvc.exe",
"name_parent": "",
"pid": 4688,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHeciSvc.exe",
"command_line": "C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\IntelCpHeciSvc.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 5020,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5124,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfevtps.exe",
"name_parent": "mfemms.exe",
"pid": 5308,
"path": "C:\\Windows\\System32\\mfevtps.exe",
"command_line": "\"C:\\Windows\\system32\\mfevtps.exe\" -mms",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5752,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35

popcorn
Level 3
Level 3
Příspěvky: 411
Registrován: červenec 16
Pohlaví: Muž

Re: Při zapnutí ntb chrome s ruskou stránkou

Příspěvekod popcorn » 11 úno 2018 10:09

{
"name": "svchost.exe",
"name_parent": "",
"pid": 5816,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6244,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Browser",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6252,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6724,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s CDPSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mfefire.exe",
"name_parent": "mfemms.exe",
"pid": 6796,
"path": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfefire.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfefire.exe\" -mms",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "MMSSHOST.exe",
"name_parent": "mfemms.exe",
"pid": 6944,
"path": "C:\\Program Files\\Common Files\\mcafee\\MMSSHost\\MMSSHOST.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\MMSSHost\\MMSSHOST.EXE\" MMSCOM mmscom",
"pid_parent": 3768,
"path_parent": "C:\\Program Files\\Common Files\\mcafee\\SystemCore\\mfemms.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5476,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s wlidsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "nvcontainer.exe",
"pid": 7120,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%dSPUser.log\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\SPUser\" -r -l 3 -p 30000 -c",
"pid_parent": 3796,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"is_64": false
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 6684,
"path": "c:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 1544,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7140,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "PresentationFontCache.exe",
"name_parent": "",
"pid": 7192,
"path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "nvcontainer.exe",
"name_parent": "nvcontainer.exe",
"pid": 7216,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%d.log\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\User\" -r -l 3 -p 30000 -st \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\NvContainerTelemetryApi.dll\" -c",
"pid_parent": 3796,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7272,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s BDESVC",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7384,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7420,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s TokenBroker",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 7500,
"path": "c:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LenovoNerveCenterUpdateAgent.exe",
"name_parent": "svchost.exe",
"pid": 7672,
"path": "C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\LenovoNerveCenterUpdateAgent.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\Nerve Center\\bin\\x64\\LenovoNerveCenterUpdateAgent.exe\"",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "nvnodejslauncher.exe",
"name_parent": "svchost.exe",
"pid": 7692,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe\" --launcher=TaskScheduler",
"pid_parent": 1364,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7764,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "ctfmon.exe",
"name_parent": "svchost.exe",
"pid": 7892,
"path": "C:\\Windows\\System32\\ctfmon.exe",
"command_line": "\"ctfmon.exe\"",
"pid_parent": 7764,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SynTPEnh.exe",
"name_parent": "SynTPEnhService.exe",
"pid": 8100,
"path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe",
"command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\"",
"pid_parent": 4060,
"path_parent": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnhService.exe",
"is_64": true
},
{
"name": "ioc.exe",
"name_parent": "",
"pid": 8140,
"path": "C:\\Program Files\\Intel\\Intel(R) Online Connect\\ioc.exe",
"command_line": "\"C:\\Program Files\\Intel\\Intel(R) Online Connect\\ioc.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6424,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 8420,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 8272,
"path_parent": "",
"is_64": true
},
{
"name": "SynTPHelper.exe",
"name_parent": "",
"pid": 8584,
"path": "C:\\PROGRAM FILES\\SYNAPTICS\\SynTP\\SYNTPHELPER.EXE",
"command_line": "\"C:\\PROGRAM FILES\\SYNAPTICS\\SYNTP\\SYNTPHELPER.EXE\" ",
"pid_parent": 7292,
"path_parent": "",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 8592,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NisSrv.exe",
"name_parent": "",
"pid": 8680,
"path": "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.12.17007.18011-0\\NisSrv.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8972,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 9108,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "unsecapp.exe",
"name_parent": "svchost.exe",
"pid": 9140,
"path": "C:\\Windows\\System32\\wbem\\unsecapp.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 3572,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 26078413-7a04-405a-a660-a1749c7f005c -runas -pluginName DolbyAudioPlugin -pluginVersion 1.2.227.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "igfxEM.exe",
"name_parent": "",
"pid": 4772,
"path": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxEM.exe",
"command_line": "\"C:\\WINDOWS\\System32\\DriverStore\\FileRepository\\igdlh64.inf_amd64_9dc776be3e13ad6d\\igfxEM.exe\" ",
"pid_parent": 1616,
"path_parent": "",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 8656,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 63ff25fb-9d5a-41eb-a373-b169fc3a937e -runas -pluginName LenovoAppScenarioPlugin -pluginVersion 1.2.177.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 9280,
"path": "C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name a2be9447-ccd7-4f1f-8aa2-3949843fa08b -runas -pluginName GenericDisplayPlugin -pluginVersion 1.2.159.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": false
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 10092,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "DolbyDAX2API.exe",
"name_parent": "",
"pid": 9272,
"path": "C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_API\\DolbyDAX2API.exe",
"command_line": "\"C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_API\\DolbyDAX2API.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 9556,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 9776,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "jhi_service.exe",
"name_parent": "",
"pid": 10160,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 7728,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RemindersServer.exe",
"name_parent": "svchost.exe",
"pid": 10376,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersServer.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersServer.exe\" -ServerName:RemindersServer",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 10400,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 10464,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 11064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "SettingSyncHost.exe",
"name_parent": "svchost.exe",
"pid": 984,
"path": "C:\\Windows\\System32\\SettingSyncHost.exe",
"command_line": "C:\\WINDOWS\\system32\\SettingSyncHost.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 2556,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 2336,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 4056,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 11012,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Video.UI.exe",
"name_parent": "svchost.exe",
"pid": 11240,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_10.17122.15711.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
"command_line": "",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 9064,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:App.AppXass2jm06pp1n7aktd4dcj305y31qrc54.mca",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 7468,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 11692,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe1_ Global\\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
"pid_parent": 10464,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "utility.exe",
"name_parent": "Explorer.EXE",
"pid": 11796,
"path": "C:\\Program Files\\Lenovo\\LenovoUtility\\utility.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\LenovoUtility\\utility.exe\" ",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "SearchFilterHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 11972,
"path": "C:\\Windows\\System32\\SearchFilterHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 724 740 752 8192 748 ",
"pid_parent": 10464,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "RAVCpl64.exe",
"name_parent": "Explorer.EXE",
"pid": 11996,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12032,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /FORPCEE4",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 12144,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12172,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /LENOVO_DOLBYDRAGON",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "Explorer.EXE",
"pid": 12284,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /LENOVO_MICPKEY",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "DolbyDAX2TrayIcon.exe",
"name_parent": "Explorer.EXE",
"pid": 11356,
"path": "C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_APP\\DolbyDAX2TrayIcon.exe",
"command_line": "\"C:\\Program Files\\Dolby\\Dolby DAX2\\DAX2_APP\\DolbyDAX2TrayIcon.exe\" -Hide",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 10580,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "jusched.exe",
"name_parent": "",
"pid": 7656,
"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ",
"pid_parent": 9124,
"path_parent": "",
"is_64": false
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 8696,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name 0aba9867-d073-4031-a75c-7239593dc75e -runas -pluginName LenovoAppPromotionPlugin -pluginVersion 1.2.100.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 12228,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe",
"command_line": "-name c005a79c-8c02-494b-85bd-6d17ef2e7c36 -runas -pluginName LenovoSettingsAppPlugin -pluginVersion 1.2.129.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.Device.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 12244,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe",
"command_line": "\"C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe\" -name 2a8187b2-c7a5-41df-bb2c-b496cf154719 -runas SYSTEM -pluginName LenovoAuthenticationPlugin -pluginVersion 1.2.88.0",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "Lenovo.Modern.ImController.PluginHost.Device.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 9504,
"path": "C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.Device.exe",
"command_line": "-name 7a50bb66-842f-4f0b-acd3-7c3e7a00f972 -runas -pluginName LenovoDeviceMetricsPlugin -pluginVersion 2.7.1.4",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": false
},
{
"name": "Lenovo.Modern.ImController.PluginHost.CompanionApp.exe",
"name_parent": "Lenovo.Modern.ImController.exe",
"pid": 1248,
"path": "C:\\Program Files\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe",
"command_line": "-name b44f6e51-9eac-4d04-bde8-ede0f7966970 -runas -pluginName LenovoContextEnginePlugin -pluginVersion 2.0.1.1",
"pid_parent": 3576,
"path_parent": "C:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe",
"is_64": true
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 12384,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 12400,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s BITS",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 9 hostů