Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 11 zář 2019 19:38

Tak Jaro3-posílám Ti všechno a postupně za sebou a pokud by to bylo velké tak to dám do zipu-doufám že to nevadí?
1-RogueKiller:
RogueKiller Anti-Malware V13.4.3.0 (x64) [Aug 20 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : jozunost [Administrator]
Started from : E:\2. V?echny programy 1.1 TB\!.?istící 477 GB\1-257 GB\1.?istící 833 MB\! ?istící programy na opravu\! RogueKiller by Adlice Software\RogueKiller_portable64 (2).exe
Signatures : 20190911_081052, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/09/11 17:53:08 (Duration : 00:06:18)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[VT.Detected (Malicious)] dhcore.exe -- %programfiles(x86)%\Helexis\Drive Health\dhcore.exe -> Killed [Tree]
[VT.Detected (Malicious)] DriveHealth -- %programfiles(x86)%\Helexis\Drive Health\dhcore.exe -> ERROR [6D]
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[Adw.Seznam (Malicious)] Seznam.cz -- %localappdata%\Seznam.cz -> Deleted



Reklama
jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 11 zář 2019 19:40

2-zoek-results:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by jozunost on 11.09.2019 at 18:10:12,35.
Microsoft Windows 10 Pro 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jozun\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.09.2019 18:12:45 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~3\GramLock deleted successfully
C:\PROGRA~3\Groossel deleted successfully
C:\PROGRA~3\Kaspersky Lab deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Porland deleted successfully
C:\PROGRA~3\RegRun deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\TmpLoog deleted successfully
C:\PROGRA~3\{62A2E2AA-3853-6EBB-2B25-38E22BC261B3} deleted successfully
C:\PROGRA~3\{AD74BED9-6420-A16D-5879-EE2D589EB77C} deleted successfully
C:\PROGRA~3\{F86B0233-9A85-4589-8AAF-524CC4F8211B} deleted successfully
C:\Users\jozun\AppData\Roaming\3od4bp52tpz deleted successfully
C:\Users\jozun\AppData\Roaming\exr2mqbxn3d deleted successfully
C:\Users\jozun\AppData\Roaming\FreeFixer deleted successfully
C:\Users\jozun\AppData\Roaming\jwaazfwflprh deleted successfully
C:\Users\jozun\AppData\Roaming\khdbxojdfbmv deleted successfully
C:\Users\jozun\AppData\Roaming\Lavasoft deleted successfully
C:\Users\jozun\AppData\Roaming\MPC-HC deleted successfully
C:\Users\jozun\AppData\Roaming\tdtrqaqnekum deleted successfully
C:\Users\jozun\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\jozun\AppData\Roaming\y0s1q15lt3y deleted successfully
C:\Users\jozun\AppData\Roaming\zcw5essrwwj deleted successfully
C:\Users\jozun\AppData\Local\DBG deleted successfully
C:\Users\jozun\AppData\Local\Downloaded Installations deleted successfully
C:\Users\jozun\AppData\Local\GHISLER deleted successfully
C:\Users\jozun\AppData\Local\Lavasoft deleted successfully
C:\Users\jozun\AppData\Local\PeerDistRepub deleted successfully
C:\Users\jozun\AppData\Local\prunld5828 deleted successfully
C:\Users\jozunost\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-133057320-3794765189-3837850422-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} deleted successfully
HKEY_USERS\S-1-5-21-133057320-3794765189-3837850422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09112019160529491\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} deleted successfully
HKEY_USERS\S-1-5-21-133057320-3794765189-3837850422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09112019160530069\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\g6yga6kx.default-1567319723783\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\g6yga6kx.default-1567319723783\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\jozun\AppData\Roaming\Thunderbird\Profiles\ve5pqltn.default\prefs.js:

Added to C:\Users\jozun\AppData\Roaming\Thunderbird\Profiles\ve5pqltn.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\g6yga6kx.default-1567319723783

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"pinTab\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"a
---- FireFox user.js and prefs.js backups ----

prefs__1838_.backup

ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"pinTab\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"a
---- FireFox user.js and prefs.js backups ----

prefs__1838_.backup

ProfilePath: C:\Users\jozun\AppData\Roaming\Thunderbird\Profiles\ve5pqltn.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1838_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Lavasoft not found
C:\Users\jozun\AppData\Local\Lavasoft not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{62A2E2AA-3853-6EBB-2B25-38E22BC261B3} not found
C:\PROGRA~3\{AD74BED9-6420-A16D-5879-EE2D589EB77C} not found
C:\PROGRA~3\{F86B0233-9A85-4589-8AAF-524CC4F8211B} not found
C:\PROGRA~2\File Scanner Library (Spybot - Search & Destroy) deleted
C:\PROGRA~2\Misc. Support Library (Spybot - Search & Destroy) deleted
C:\Users\jozun\AppData\Roaming\siw_tmp deleted
C:\PROGRA~3\mozglue.dll deleted
C:\PROGRA~3\nss3.dll deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\{EAAB5A83-3809-4B0E-83A6-E4B0DBF2157E} deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\IObit Uninstaller\filectl.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\IUMenuRight.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\madbasic_.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\maddisAsm_.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\madexcept_.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\ProductStatistics.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\rgfpctl.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\rtl120.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\sqlite3.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\UninstallExplorer.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\UninstallMonitor.exe" deleted
"C:\PROGRA~2\IObit Uninstaller\vcl120.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\vclx120.bpl" deleted
"C:\PROGRA~2\IObit Uninstaller\webres.dll" deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent\Newtonsoft.Json.dll" deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent\Seznam.cz.exe" deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent\SharpRaven.dll" deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent\SznConnection.dll" deleted
"C:\PROGRA~2\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys" deleted
"C:\PROGRA~2\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys" deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser" deleted
"C:\PROGRA~2\IObit Uninstaller" not deleted
"C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent" deleted
"C:\PROGRA~2\IObit Uninstaller\drivers" not deleted
"C:\PROGRA~2\IObit Uninstaller\drivers\win10_amd64" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\g6yga6kx.default-1567319723783
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jozun\AppData\Roaming\Thunderbird\Profiles\ve5pqltn.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release
- __MSG_name__ - %ProfilePath%\extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi
- short_ Translate - %ProfilePath%\extensions\kicpmhgmcajloefloefojbfdmenhmhjf@chrome-store-foxified-unsigned.xpi
- YouTube Plus - %ProfilePath%\extensions\particle@particlecore.github.io.xpi
- short_ __MSG_extension_name__ - %ProfilePath%\extensions\s3download@statusbar.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- __MSG_appName__ - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- short_ ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\jozun\AppData\Roaming\Thunderbird\Profiles\ve5pqltn.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\jozun\AppData\Roaming\Mozilla\Firefox\Profiles\wmfoupf4.default-release
B1E9E7809E3793A7950D4F761C782C3E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
- C:\PROGRA1\Microsoft Office\Office14\NPAUTHZ.DLL - [?]
75315A70F9506A4D3011BDAD63DF0395 - C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer
DCA1830EAAF4F630FB1D96AE63235169 - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor
91AE7DD40A074298BBD044B24093203E - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor
D2C9DE4BD9F536E61073F9CCDE89B56E - C:\Program Files\Tracker Software\PDF-Tools 4\PDF-XChange PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
HKCU\SearchScopes\{472CEE61-1A3C-47E8-970C-FA9DCFBD936A} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
HKCU\SearchScopes\{58C2F23E-FD9A-40AD-AB2A-9218FBC04D12} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
HKCU\SearchScopes\{7680ACD5-C277-402F-A3B6-D6EA76EF453A} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{AC1DC5B8-36A0-4D08-B757-1841C8138D8E} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{C39F43B1-D690-4808-9724-055C44E38F8B} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{C5E96B9A-D999-4664-9320-0AF4BECD8F76} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{E0191143-46BF-4233-A913-566D7489F793} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
HKCU\SearchScopes\{F2CA7F06-1CB5-4664-9332-2E11D250550A} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454

==== Reset Google Chrome ======================

C:\Users\jozun\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\jozun\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\jozun\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\jozun\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95d34152-62d3-4d48-98b7-fe7855a1ec4c} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jozun\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jozun\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jozun\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jozun\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\jozun\AppData\Local\Mozilla\Firefox\Profiles\wmfoupf4.default-release\cache2 emptied successfully

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1829 folders=481 380469449 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jozun\AppData\Local\Temp will be emptied at reboot
C:\Users\jozunost\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jozun\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\IObit Uninstaller" not found

==== EOF on 11.09.2019 at 18:50:27,01 ======================

jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 11 zář 2019 19:43

3-Zemana Antimalware:
u Zemana Antimalware.nebylo při kontrole nalezeno vůbec nic - a v žádném případě nešlo nic zkopírovat ani uložit takže Ti ani neposílám žádné logo.

jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 11 zář 2019 19:48

3-Zemana Antimalware:
u Zemana Antimalware.nebylo při kontrole nalezeno vůbec nic - a v žádném případě nešlo nic zkopírovat ani uložit takže Ti ani neposílám žádné logo.

4-CrystalDiskInfo:
----------------------------------------------------------------------------
CrystalDiskInfo 8.3.0 (C) 2008-2019 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 Professional [10.0 Build 17763] (x64)
Date : 2019/09/11 19:30:22

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- ASUS DRW-24D5MT
- KINGSTON SA400S37240G
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) KINGSTON SA400S37240G : 240,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) KINGSTON SA400S37240G
----------------------------------------------------------------------------
Model : KINGSTON SA400S37240G
Firmware : SBFK61E1
Serial Number : 50026B76822E4FE2
Disk Size : 240,0 GB (8,4/137,4/240,0/240,0)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 468862128
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 4
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 2482 hod.
Power On Count : 1608 krát
Temperature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
APM Level : 0000h [OFF]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 __0 100 __0 000000000000 Počet chyb čtení
09 100 100 __0 0000000009B2 Hodin v činnosti
0C 100 100 __0 000000000648 Počet cyklů zapnutí zařízení
94 100 100 __0 000000000000 Specifický pro výrobce
95 100 100 __0 000000000000 Specifický pro výrobce
A7 100 100 __0 000000000000 Specifický pro výrobce
A8 100 100 __0 000000000000 Specifický pro výrobce
A9 100 100 __0 000000000009 Specifický pro výrobce
AA 100 100 _10 000000000014 Specifický pro výrobce
AC 100 100 __0 000000000000 Specifický pro výrobce
AD 100 100 __0 000000420066 Specifický pro výrobce
B5 100 100 __0 000000000000 Specifický pro výrobce
B6 100 100 __0 000000000000 Specifický pro výrobce
BB 100 100 __0 000000000000 Specifický pro výrobce
C0 100 100 __0 00000000018B Unsafe Shutdown Count
C2 _71 _58 __0 002A0012001D Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C7 100 100 __0 000000000000 Specifický pro výrobce
DA 100 100 __0 000000000000 Specifický pro výrobce
E7 __7 __7 __0 00000000005D Specifický pro výrobce
E9 100 100 __0 0000000037EA Specifický pro výrobce
F1 100 100 __0 000000004071 Total Host Writes
F2 100 100 __0 000000004F03 Total Host Reads
F4 100 100 __0 000000000042 Specifický pro výrobce
F5 100 100 __0 000000000066 Specifický pro výrobce
F6 100 100 __0 000000162710 Specifický pro výrobce

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3530 3032 3642 3736 3832 3245 3446 4532 2020 2020
020: 0000 0000 0000 5342 464B 3631 4531 4B49 4E47 5354
030: 4F4E 2053 4134 3030 5333 3732 3430 4720 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
050: 4000 0000 0000 0007 3FFF 0010 003F FC10 00FB 0101
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0C00
070: 0000 0000 0000 0000 0000 001F 850E 0006 004C 0040
080: 07F8 011B 746B 7409 4160 7469 B401 4160 207F 000A
090: 001E 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 44B0 1BF2 0000 0000 0000 0008 4000 0000 5002 6B76
110: 822E 4FE2 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 10FF 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 29A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 64 00 00 00 00 00 00 00 09 32
010: 00 64 64 B2 09 00 00 00 00 00 0C 32 00 64 64 48
020: 06 00 00 00 00 00 94 00 00 64 64 00 00 00 00 00
030: 00 00 95 00 00 64 64 00 00 00 00 00 00 00 A7 00
040: 00 64 64 00 00 00 00 00 00 00 A8 12 00 64 64 00
050: 00 00 00 00 00 00 A9 00 00 64 64 09 00 00 00 00
060: 00 00 AA 00 00 64 64 14 00 00 00 00 00 00 AC 32
070: 00 64 64 00 00 00 00 00 00 00 AD 00 00 64 64 66
080: 00 42 00 00 00 00 B5 32 00 64 64 00 00 00 00 00
090: 00 00 B6 00 00 64 64 00 00 00 00 00 00 00 BB 32
0A0: 00 64 64 00 00 00 00 00 00 00 C0 12 00 64 64 8B
0B0: 01 00 00 00 00 00 C2 22 00 47 3A 1D 00 12 00 2A
0C0: 00 00 C4 32 00 64 64 00 00 00 00 00 00 00 C7 32
0D0: 00 64 64 00 00 00 00 00 00 00 DA 32 00 64 64 00
0E0: 00 00 00 00 00 00 E7 00 00 07 07 5D 00 00 00 00
0F0: 00 00 E9 32 00 64 64 EA 37 00 00 00 00 00 F1 32
100: 00 64 64 71 40 00 00 00 00 00 F2 32 00 64 64 03
110: 4F 00 00 00 00 00 F4 00 00 64 64 42 00 00 00 00
120: 00 00 F5 00 00 64 64 66 00 00 00 00 00 00 F6 00
130: 00 64 64 10 27 16 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00
170: 03 00 01 00 02 1E 06 1E 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 00 00 00 00 00 00 00 00 00 00 00 09 00
010: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
020: 00 00 00 00 00 00 94 00 00 00 00 00 00 00 00 00
030: 00 00 95 00 00 00 00 00 00 00 00 00 00 00 A7 00
040: 00 00 00 00 00 00 00 00 00 00 A8 00 00 00 00 00
050: 00 00 00 00 00 00 A9 00 00 00 00 00 00 00 00 00
060: 00 00 AA 0A 00 00 00 00 00 00 00 00 00 00 AC 00
070: 00 00 00 00 00 00 00 00 00 00 AD 00 00 00 00 00
080: 00 00 00 00 00 00 B5 00 00 00 00 00 00 00 00 00
090: 00 00 B6 00 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
0C0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DA 00 00 00 00 00
0E0: 00 00 00 00 00 00 E7 00 00 00 00 00 00 00 00 00
0F0: 00 00 E9 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 F4 00 00 00 00 00 00 00 00 00
120: 00 00 F5 00 00 00 00 00 00 00 00 00 00 00 F6 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D

Tak co Ty na to? Tet ještě zkusím to sfc/scannow jaký bude výsledek dám vědět.....zatím

jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 11 zář 2019 20:05

Takže ta systémová kontrola sfc/scannow je stále negativní (program opravil nějaké soubory ale některé se nepodařilo opravit.....
Tak co dál? Jedině nová instalace - ale to se mi nechce-mám tam nainstalováno dost programů a různých nastavení - tak co ty na to-co mi poradíš ?????????? díky

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40000
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 11 zář 2019 20:38

Vlož nový log z HJT

Zkus windows10 manager , jestli by něco opravil. Můžeš si zadat téma do sekce windows.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jozunost
nováček
Příspěvky: 28
Registrován: listopad 08
Pohlaví: Nespecifikováno

Re: Prosím o kontrolu logu

Příspěvekod jozunost » 12 zář 2019 13:50

tady je požadovaný log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:25, on 12.09.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\InternetOff\InternetOff.exe
C:\Program Files (x86)\Kalendar\kalendar.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
C:\Program Files (x86)\Glarysoft\Quick Search 5\QuickSearch.exe
C:\Program Files (x86)\Glarysoft\Quick Search 5\MemfilesService.exe
C:\Program Files (x86)\TweakBit\PCRepairKit\PCRepairKit.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files (x86)32\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
O4 - HKCU\..\Run: [InternetOff] C:\Program Files (x86)\InternetOff\InternetOff.exe
O4 - HKCU\..\Run: [Kalendar] C:\Program Files (x86)\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [sznAgent] C:\Users\jozun\AppData\Roaming\Seznam Browser\sznAgent\Seznam.cz.exe
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019125849087\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019125849717\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019125849124\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019125849756\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-133057320-3794765189-3837850422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019125849186\..\Run: [InternetOff] C:\Program Files (x86)\InternetOff\InternetOff.exe (User '?')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Active Protection (TM) Service (AcronisActiveProtectionService) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files (x86)\BootRacer\BootRacerServ.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DriveHealth - Helexis Software Development - C:\Program Files (x86)\Helexis\Drive Health\dhcore.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Internet Off Service (InternetOffService) - Unknown owner - C:\Program Files (x86)\InternetOff\IOffSvc.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - Unknown owner - C:\Program Files (x86)\IObit Uninstaller\IUService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Acronis Managed Machine Service Mini (mmsminisrv) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service: Server záloh mobilního zařízení Acronis (mobile_backup_server) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
O23 - Service: Stav serveru záloh mobilního zařízení Acronis (mobile_backup_status_server) - Unknown owner - C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Printer Control - Unknown owner - C:\WINDOWS\system32\PrintCtrl.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: SMService - IObit - C:\Program Files (x86)\IObit\Classic Start\SMService.exe
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Stínová kopie svazku (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15562 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40000
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 12 zář 2019 20:33

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:


Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

zkusil si windows manager?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 19 hostů