kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu

Příspěvekod bill.da » 23 pro 2018 10:21

ComboFix 18-08-08.01 - notebook 23.12.2018 9:46.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2049 [GMT 1:00]
Spuštěný z: c:\users\notebook\Desktop\ComboFix.exe
AV: ESET Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-11-23 do 2018-12-23 )))))))))))))))))))))))))))))))
.
.
2018-12-23 09:04 . 2018-12-23 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-12-23 07:40 . 2014-02-13 22:59 24064 ----a-w- c:\windows\zoek-delete.exe
2018-12-23 07:40 . 2018-12-23 09:07 -------- d-----w- c:\users\notebook\AppData\Local\Temp
2018-12-23 06:23 . 2018-12-23 07:23 -------- d-----w- C:\zoek_backup
2018-12-23 06:03 . 2018-12-23 06:03 -------- d-----w- c:\users\notebook\AppData\Local\CrashDumps
2018-12-22 13:58 . 2018-12-23 09:06 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-12-22 13:58 . 2018-12-22 13:58 -------- d-----w- c:\users\notebook\AppData\Local\Zemana
2018-12-22 09:39 . 2018-12-22 13:56 -------- d-----w- c:\programdata\RogueKiller
2018-12-22 07:31 . 2018-12-22 07:31 -------- d-----w- c:\programdata\Sophos
2018-12-22 07:30 . 2018-12-22 07:30 -------- d-----w- c:\program files (x86)\Sophos
2018-12-22 06:56 . 2018-12-22 06:56 -------- d-----w- c:\users\notebook\AppData\Local\Apple
2018-12-21 21:38 . 2018-12-21 21:38 -------- d-----w- c:\users\notebook\AppData\Local\mbam
2018-12-21 21:23 . 2018-12-22 06:41 -------- d-----w- C:\AdwCleaner
2018-12-20 21:20 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2018-12-20 21:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2018-12-20 21:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2018-12-20 21:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2018-12-20 21:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2018-12-20 21:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2018-12-20 21:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2018-12-20 21:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2018-12-20 13:20 . 2018-12-15 00:06 817440 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2018-12-14 18:01 . 2018-11-28 22:02 14635520 ----a-w- c:\windows\system32\wmp.dll
2018-12-14 18:01 . 2018-12-06 02:39 3227648 ----a-w- c:\windows\system32\win32k.sys
2018-12-14 18:01 . 2018-11-08 16:58 1889280 ----a-w- c:\windows\system32\msxml3.dll
2018-12-14 18:01 . 2018-11-11 16:58 1211904 ----a-w- c:\windows\system32\rpcrt4.dll
2018-12-14 18:01 . 2018-11-11 17:01 5551848 ----a-w- c:\windows\system32\ntoskrnl.exe
2018-12-14 18:01 . 2018-11-08 16:43 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2018-12-14 18:01 . 2018-11-11 16:49 4054760 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2018-12-14 18:01 . 2018-11-08 16:58 2009600 ----a-w- c:\windows\system32\msxml6.dll
2018-12-14 18:01 . 2018-11-11 16:45 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2018-12-14 18:01 . 2018-11-08 16:43 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2018-12-08 18:00 . 2018-12-21 21:19 -------- d-----w- c:\users\notebook\AppData\Roaming\Canon
2018-12-08 17:54 . 2018-12-08 17:59 -------- d-----w- c:\program files\Canon
2018-12-08 17:40 . 2015-01-29 10:22 353792 ----a-w- c:\windows\SysWow64\CNC_CSL.dll
2018-12-08 17:40 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2018-12-08 17:39 . 2018-12-08 17:39 -------- d-----w- c:\windows\system32\STRING
2018-12-08 17:39 . 2015-03-17 07:51 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL
2018-12-08 17:39 . 2015-03-17 07:51 375296 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2018-12-08 17:39 . 2015-03-17 07:50 380928 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL
2018-12-08 17:39 . 2015-03-15 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDCS.DLL
2018-12-08 17:39 . 2015-03-15 04:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPCS.DLL
2018-12-08 17:35 . 2018-12-08 17:35 -------- d-----w- c:\programdata\Canon
2018-12-08 17:34 . 2018-12-08 17:59 -------- d-----w- c:\program files (x86)\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-14 17:58 . 2018-03-04 07:13 137260640 -c--a-w- c:\windows\system32\MRT.exe
2018-11-11 16:58 . 2018-12-14 18:00 345600 ----a-w- c:\windows\system32\schannel.dll
2018-11-11 16:58 . 2018-12-14 18:00 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-11-11 16:45 . 2018-12-14 18:00 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2018-11-11 16:45 . 2018-12-14 18:00 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2018-11-11 16:44 . 2018-12-14 18:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-11-11 01:25 . 2018-11-16 22:08 516608 ----a-w- c:\windows\system32\rpcss.dll
2018-11-11 01:25 . 2018-11-16 22:08 2072576 ----a-w- c:\windows\system32\ole32.dll
2018-11-11 01:25 . 2018-11-16 22:08 26112 ----a-w- c:\windows\system32\oleres.dll
2018-11-11 01:24 . 2018-11-16 22:08 8704 ----a-w- c:\windows\system32\comcat.dll
2018-11-11 01:10 . 2018-11-16 22:08 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2018-11-11 01:10 . 2018-11-16 22:08 1425920 ----a-w- c:\windows\SysWow64\ole32.dll
2018-11-11 00:47 . 2018-11-16 22:08 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2018-11-08 20:43 . 2018-07-12 12:22 82304 ----a-w- c:\windows\system32\drivers\epfw.sys
2018-11-08 20:43 . 2018-07-12 12:22 50144 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2018-11-08 20:43 . 2018-07-12 12:22 188832 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-11-08 20:43 . 2018-07-12 12:22 143448 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-11-08 20:43 . 2018-07-12 12:22 109864 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-11-08 20:43 . 2018-07-12 12:22 107896 ----a-w- c:\windows\system32\drivers\edevmon.sys
2018-11-08 20:43 . 2018-01-19 14:31 61528 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-11-03 06:17 . 2018-04-14 07:52 98680 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2018-10-27 03:42 . 2018-11-16 22:08 150016 ----a-w- c:\windows\system32\wshom.ocx
2018-10-27 03:42 . 2018-11-16 22:08 28160 ----a-w- c:\windows\system32\wshcon.dll
2018-10-27 03:42 . 2018-11-16 22:08 230400 ----a-w- c:\windows\system32\scrobj.dll
2018-10-27 03:42 . 2018-11-16 22:08 202752 ----a-w- c:\windows\system32\scrrun.dll
2018-10-27 03:41 . 2018-11-16 22:08 18944 ----a-w- c:\windows\system32\dispex.dll
2018-10-27 03:27 . 2018-11-16 22:08 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2018-10-27 03:27 . 2018-11-16 22:08 173568 ----a-w- c:\windows\SysWow64\scrobj.dll
2018-10-27 03:27 . 2018-11-16 22:08 164352 ----a-w- c:\windows\SysWow64\scrrun.dll
2018-10-27 03:11 . 2018-11-16 22:08 156160 ----a-w- c:\windows\system32\cscript.exe
2018-10-27 03:11 . 2018-11-16 22:08 168960 ----a-w- c:\windows\system32\wscript.exe
2018-10-27 03:04 . 2018-11-16 22:08 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2018-10-27 03:04 . 2018-11-16 22:08 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2018-10-27 03:04 . 2018-11-16 22:08 15360 ----a-w- c:\windows\SysWow64\dispex.dll
2018-10-27 03:04 . 2018-11-16 22:08 25088 ----a-w- c:\windows\SysWow64\wshcon.dll
2018-10-06 13:42 . 2018-11-16 22:08 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2018-10-06 13:05 . 2018-11-16 22:08 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2018-09-24 21:29 . 2018-09-29 16:52 14652992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C4ECF8E-B347-468C-A663-9CEE8356E865}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EsetPasswordManager"="c:\program files\ESET\ESET Password Manager\pwm.exe" [2018-09-24 94152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SilentCleanService"="c:\program files (x86)\iMobie\PhoneClean\SilentCleanServer.exe" [2018-09-28 488936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2018-10-06 601424]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2015-01-09 235624]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2017-07-05 1313408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 avg;Služba %1!s! Update (avg);c:\program files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe;c:\program files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [x]
R3 avgm;Služba %1!s! Update (avgm);c:\program files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe;c:\program files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [x]
R3 cpuz143;cpuz143;c:\windows\temp\cpuz143\cpuz143_x64.sys;c:\windows\temp\cpuz143\cpuz143_x64.sys [x]
R3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 DLMFENC;DLMFENC;c:\windows\system32\DRIVERS\DLMFENC.sys;c:\windows\SYSNATIVE\DRIVERS\DLMFENC.sys [x]
S0 DLPCRYPT;DLPCRYPT;c:\windows\system32\DRIVERS\dlpcrypt.sys;c:\windows\SYSNATIVE\DRIVERS\dlpcrypt.sys [x]
S0 dlpvdisk;dlpvdisk;c:\windows\system32\DRIVERS\dlpvdisk.sys;c:\windows\SYSNATIVE\DRIVERS\dlpvdisk.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 VDLPToken2;VDLPToken2;c:\windows\system32\DRIVERS\vdlptkn2.sys;c:\windows\SYSNATIVE\DRIVERS\vdlptkn2.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 dlpsrv;DESlock+ Service;c:\program files\ESET\ESET Secure Data\dlpsrv.exe;c:\program files\ESET\ESET Secure Data\dlpsrv.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{48F69C39-1356-4A7B-A899-70E3539D4982}]
2018-11-22 16:15 2551904 ----a-w- c:\program files (x86)\AVG\Browser\Application\70.0.659.104\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2018-03-11 05:26 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ESD Shell Icon Overlay Identifier]
@="{AF106685-9C86-48AF-8524-8F485C459E17}"
[HKEY_CLASSES_ROOT\CLSID\{AF106685-9C86-48AF-8524-8F485C459E17}]
2017-11-02 13:47 108736 ----a-w- c:\program files\ESET\ESET Secure Data\esdovrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2018-03-11 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2018-03-11 27184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2018-03-11 18381792]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-12-14 177928]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMService
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{61087a79-ac85-455c-934d-1fa22cc64f36} - c:\programdata\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{cb7c3049-21de-415b-bd85-b65c14e547df} - c:\programdata\Package Cache\{cb7c3049-21de-415b-bd85-b65c14e547df}\VC_redist.x86.exe
AddRemove-{d6f233bd-3f8c-43f6-878b-07bd0568d595} - c:\programdata\Package Cache\{d6f233bd-3f8c-43f6-878b-07bd0568d595}\VC_redist.x64.exe
AddRemove-{ef6b00ec-13e1-4c25-9064-b2f383cb8412} - c:\programdata\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
AddRemove-Seznam Browser - c:\users\notebook\AppData\Roaming\Seznam Browser\uninstall.exe
AddRemove-{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1 - c:\users\notebook\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe
AddRemove-{628BF902-EB66-4BDB-97CB-AE4AAAAA5A7F}_is1 - c:\users\notebook\AppData\Local\Apowersoft\Online Video Converter\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2018-12-23 10:16:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2018-12-23 09:16
.
Před spuštěním: Volných bajtů: 81 684 443 136
Po spuštění: Volných bajtů: 81 090 166 784
.
- - End Of File - - F5A4C48EA2EBEC130759AAB61F8CE765
A36C5E4F47E84449FF07ED3517B43A31



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: kontrola logu

Příspěvekod jaro3 » 23 pro 2018 19:47

RogueKiller -- smazáno? Nevidím log..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu

Příspěvekod bill.da » 24 pro 2018 14:20

Je o pár příspěvku výše ale dal jsem ho sem znovu.

RogueKiller Anti-Malware V13.0.17.0 (x64) [Dec 17 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : notebook [Administrator]
Started from : C:\Users\notebook\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/22 11:16:56 (Duration : 02:25:41)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InstallCore (Potentially Malicious)] ssins.exe (2312) -- (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (Microsoft Windows) \{6338ABD8-D507-45CE-95FB-C9496E50BA70} -- C:\Windows\system32\pcalua.exe [-a C:\Users\notebook\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O23 - Services
[PUP.InstallCore (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssinstall -- (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe -> Found
[PUP.InstallCore (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssinstall -- (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe -> Found
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CC002325-5B7F-4011-ACCE-5C587BE6E177} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| (C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{08855514-F2AD-47C7-BD73-E44F4FFBD988} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| (C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CC002325-5B7F-4011-ACCE-5C587BE6E177} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| (C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{08855514-F2AD-47C7-BD73-E44F4FFBD988} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe|Name=Online Video Converter| (C:\Users\notebook\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe) (missing) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InstallCore (Potentially Malicious)] (file) ssins.exe -- (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


Nahoru

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: kontrola logu

Příspěvekod jaro3 » 24 pro 2018 17:03

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu

Příspěvekod bill.da » 24 pro 2018 18:10

Dobrej pc už jede docela dobře, už ani větrák tak nehučííí kvůli vytížení, je to super moc dík. Tady je ten log z HJK a čekám co dál. :thumbup: :thumbup: Štastné a veselé Vánoce. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:29, on 24.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19230)


Boot mode: Normal

Running processes:
C:\Windows\snuvcdsm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Users\notebook\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [EsetPasswordManager] C:\Program Files\ESET\ESET Password Manager\pwm.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba %1!s! Update (avg) (avg) - AVG Technologies - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
O23 - Service: Služba %1!s! Update (avgm) (avgm) - AVG Technologies - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DESlock+ Service (dlpsrv) - DESlock Limited. - C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8257 bytes

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu

Příspěvekod bill.da » 24 pro 2018 18:22

Jsem si všiml až teď zapnul jsem ten RogueKiller pak to sem hodím.

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu

Příspěvekod bill.da » 24 pro 2018 19:30

RogueKiller Anti-Malware V13.0.17.0 (x64) [Dec 17 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : notebook [Administrator]
Started from : C:\Users\notebook\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/24 18:20:51 (Duration : 01:03:01)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: kontrola logu

Příspěvekod jaro3 » 25 pro 2018 17:02

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bill.da
Level 2.5
Level 2.5
Příspěvky: 332
Registrován: říjen 09
Pohlaví: Muž

Re: kontrola logu  Vyřešeno

Příspěvekod bill.da » 25 pro 2018 20:32

Tak ještě jednou díky jste borci. # DelFix v1.013 - Logfile created 25/12/2018 at 20:26:21
# Updated 17/04/2016 by Xplode
# Username : notebook - NOTEBOOK-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\notebook\Desktop\HijackThis.exe
Deleted : C:\Users\notebook\Desktop\hijackthis.log
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #109 [JRT Pre-Junkware Removal | 12/22/2018 07:04:50]
Deleted : RP #110 [Installed Sophos Virus Removal Tool. | 12/22/2018 07:29:35]
Deleted : RP #111 [zoek.exe restore point | 12/23/2018 06:26:36]
Deleted : RP #112 [Removed Sophos Virus Removal Tool. | 12/24/2018 22:35:31]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 5 hostů