Prosím kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod Scanner » 18 led 2019 20:43

Dělám na něm.

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Simona on 18.01.2019 at 19:25:53,89.
Microsoft Windows 10 Home 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.01.2019 19:27:54 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\Program Files\Leapdroid deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SUPPORTDIR deleted successfully
C:\Users\User\AppData\Roaming\HMYGSetting deleted successfully
C:\Users\User\AppData\Local\DBG deleted successfully
C:\Users\User\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\BlueStacksHelper deleted
C:\Users\User\.android deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Tencent deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\AppData\Local\Wondershare deleted
C:\Users\User\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\Newtonsoft.Json.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\WsAppCollect.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\WsAppCommon.dll" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\WsAppService.exe" not deleted
"C:\PROGRA~2\Wondershare" not deleted
"C:\PROGRA~2\Wondershare\WAF" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233" not deleted

==== Orphaned Tasks deleted from Registry ======================

BlueStacksHelper deleted

==== Chromium Look ======================

Google Chrome Version: 71.0.3578.98


Bob Marley Tribute - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahanpmgekmileoidjopjeghlchcigafk
Chrome Media Router - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKCU\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Web Data-journal was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=287 folders=164 191771696 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\WsAppCommon.dll" not found
"C:\PROGRA~2\Wondershare\WAF\2.4.3.233\WsAppService.exe" not found
"C:\PROGRA~2\Wondershare" not found

==== EOF on 18.01.2019 at 20:38:47,88 ======================


When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Reklama
Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod Scanner » 18 led 2019 21:10

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2019.1.18
Operating System : Windows 10 64-bit
Processor : 4X AMD A4-6210 APU with AMD Radeon R3 Graphics
BIOS Mode : UEFI
CUID : 1282D9C7DA6937DF780226
Scan Type : Skenování systému
Duration : 11m 28s
Scanned Objects : 70482
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

QMEmulatorService.exe
Status : Skenováno
Object : %programw6432%\txgameassistant\appmarket\qmemulatorservice.exe
MD5 : 47C59BDE86BB9E83C6D3A8FD1D5E1033
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 342776
Version : 2.0.7758.123
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programw6432%\txgameassistant\appmarket\qmemulatorservice.exe
Proces - 1796 - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
Záznam registru - HKLM\System\CurrentControlSet\Services\QMEmulatorService\ImagePath = "C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe"

AppMarket.exe
Status : Skenováno
Object : %programw6432%\txgameassistant\appmarket\appmarket.exe
MD5 : F5636D982E73790A147491526A7D51B9
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 2822392
Version : 2.0.7758.123
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programw6432%\txgameassistant\appmarket\appmarket.exe
Odkaz - C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\腾讯手游助手.lnk

aow_drv_x64_ev.sys
Status : Skenováno
Object : %programw6432%\txgameassistant\ui\2.0.7755.123\aow_drv_x64_ev.sys
MD5 : FC0E849C5A1A0B75F583478FA533C82D
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 859240
Version : 2.0.7704.123
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programw6432%\txgameassistant\ui\2.0.7755.123\aow_drv_x64_ev.sys
Záznam registru - HKLM\System\CurrentControlSet\Services\aow_drv\ImagePath = \??\C:\Program Files\TxGameAssistant\UI\2.0.7755.123\aow_drv_x64_ev.sys

CCleaner.exe
Status : Skenováno
Object : %programw6432%\ccleaner\ccleaner.exe
MD5 : 1F9EB07F1C292E28C089744D254DE3A2
Publisher : Piriform Software Ltd
Size : 14449664
Version : 5.52.0.6967
Detection : Malware:Win32/Quarand!Atir
Cleaning Action : Karanténa
Related Objects :
Soubor - %programw6432%\ccleaner\ccleaner.exe
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

tencent
Status : Skenováno
Object : NE->c:\users\user\appdata\roaming\tencent
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Tencent.C!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

tencent
Status : Skenováno
Object : NE->c:\windows\syswow64\config\systemprofile\appdata\roaming\tencent
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Tencent.J!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod Scanner » 18 led 2019 21:10

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.1.15
Operating System : Windows 10 64-bit
Processor : 4X AMD A4-6210 APU with AMD Radeon R3 Graphics
BIOS Mode : UEFI
CUID : 1282D9C7DA6937DF780226
Scan Type : Skenování systému
Duration : 7m 7s
Scanned Objects : 47615
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Nebyly zjištěny žádné hrozby
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod Scanner » 18 led 2019 21:17

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:08, on 18.01.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
C:\Users\User\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [MagicPlusHelper] "C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "D:\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: CCSDK - Lenovo - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MxService - Maxthon International ltd. - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9401 bytes
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39209
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod jaro3 » 18 led 2019 21:43

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod Scanner » 18 led 2019 22:03

Notebook funguje daleko lépe již od včerejška, spíše jsem řešil ty viry co to furt nacházelo ale doufám, že již je čistej.
To se mi stalo poprvé, že každý program který jsem nainstaloval mi něco našel. :D

# DelFix v1.013 - Logfile created 18/01/2019 at 21:58:36
# Updated 17/04/2016 by Xplode
# Username : Simona - SIMONA-NOTEBOOK
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\User\Desktop\AdwCleaner.exe
Deleted : C:\Users\User\Desktop\JRT.exe
Deleted : C:\Users\User\Desktop\JRT.txt
Deleted : C:\Users\User\Desktop\hijackthis.exe
Deleted : C:\Users\User\Desktop\hijackthis.log
Deleted : C:\Users\User\Desktop\LOG.txt
Deleted : C:\Users\User\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\User\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #51 [Windows Update | 01/17/2019 21:43:03]
Deleted : RP #52 [JRT Pre-Junkware Removal | 01/17/2019 22:50:11]

New restore point created !

########## - EOF - ##########
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39209
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím kontrolu

Příspěvekod jaro3 » 18 led 2019 22:53

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 698
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž

Re: Prosím kontrolu  Vyřešeno

Příspěvekod Scanner » 19 led 2019 10:00

Díky moc za pomoc. :)
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 24 hostů