Zdravicko.
Reknu to ve zkratce. Reset WIn nepomohl, clean instal taky ne,secure erase disk v biosu taky ne. Porad dookola seru se s tim uz snad tyden.
Jedina pomoc bude snad KillDisk, ale pokud by se na to nekdo podival a vedel co s tim...
A otazka - Prenesl se vir na jine devices na networku ? Jsem na spolecne wifine s hovno zabezpecenim, neustale nas nekdo napada ale bohuzel landlord nechce zmenit heslo [ktere je fakt stupidni] a o lepsim routeru nechce ani slyset.
Mam Placeny AW Bit defender, malware, original windows, atd. Vsechny placene programy bohuzel hlasi ze je vse v poradku. Ja si myslim ze v poradku nic neni. Jsem na wifine s dalsima 6ti lidma. Kazdy mi tvrdi ze nikdo z nas vir nema a ze podnikat nejake kroky je zbytecne. Myslim si, ze dle NET statusu je vir/malware na drive X:\ networku, a proto ho maji i ostatni. Take dle odesilanych dat si myslim, ze nekdo nam proste krade nase osobni info.
Pridavam LOG z GMEru - je to pouze quick scan, mohu pridat i full scan ale je dost obsahly.
Omlouvam se za diakritiku. Ziju v USA.
Dekuji.
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2019-12-19 15:35:08
Windows 6.2.9200 x64
Running: g732ut3z.exe
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_ACR0603TA1AA0038541_20_07E3_33_1002_731F_0000002F_00000000_0^41FA3D732F842EAA3B5B4C5284826835@Timestamp 0xB4 0x38 0xB8 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\hivelist@\REGISTRY\MACHINE\DRIVERS \Device\HarddiskVolume4\Windows\System32\config\DRIVERS?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 812
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute autocheck autochk *?aswBoot.exe /A:"*STARTUP" /A:"*" /L:"1033" /heur:100 /RA:fix /pup /archives /IA:0 /KBD:3 /dir:"C:\Program Files\AVAST Software\Avast"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????????ex???????V???????????????4?malwarebytes_assistant.exe????????????????????????mbam.exe??????????????????????0?MBAMInstallerService.exe????????????????????????MbamPt.exe????410??17018-1001-12192019151035688-UsrClass.dat????? ?????????????????????????????????????C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup?ysX?? ????????????????????????????????????????????????8???????????????????????????????t????????????????????s????? ?????????????????????r??????????????????487-??? ??????????????????????????????T?:?????????????????????????ex????6?????????????????system32\drivers\aswSP.sys?vers\aswSP.sys????????????m?????ee?????6?????????????FSFilter Security Enhancer?xe????????????????????????????P???????e??? ??????????????????????????????V?;??????????????????????????????????e??tT??NDIS????????????????????w.????8???????????h?????system32\drivers\aswStm.sys?ers\aswStm.sys??????tcpip????????????????2?????eat??aswStm?s.d???? ??????u??? ???????????????????????????????????e??? ??????????????????????????????8?<????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 6228309
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2095501923
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 13
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 584462723
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 19771
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 19595
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 544ee1f4-c012-4749-af36-479952c
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume4\WINDOWS
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767910590152573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767913430462573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767913506252573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767913563432573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767913581562573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767913601872573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767932801092573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767967390002573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767969983592573@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15767974755462573@SetupOperations ?????U??????????????as??????t.??????????????????????????????ex???????V???????????????4?malwarebytes_assistant.exe????????????????????????mbam.exe??????????????????????0?MBAMInstallerService.exe????????????????????????MbamPt.exe????410??17018-1001-12192019151035688-UsrClass.dat????? ?????????????????????????????????????C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup?ysX?? ????????????????????????????????????????????????8???????????????????????????????t????????????????????s????? ?????????????????????r??????????????????487-??? ??????????????????????????????T?:?????????????????????????ex????6?????????????????system32\drivers\aswSP.sys?vers\aswSP.sys????????????m?????ee?????6?????????????FSFilter Security Enhancer?xe????????????????????????????P???????e??? ??????????????????????????????V?;??????????????????????????????????e??tT??NDIS????????????????????w.????8???????????h?????system32\drivers\aswStm.sys?ers\aswStm.sys??????tcpip????????????????2?????eat??aswStm?s.d???? ??????u??? ?????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Uupdate_157679427942104@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Uupdate_157679428006208@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Uupdate_157679428056209@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Uupdate_157679428081207@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-18@SequenceNumber 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3538239455-103221015-4105317018-1001@SequenceNumber 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-90-0-1@SequenceNumber 5
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon@RefCount 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 459
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 11
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Group Early-Launch
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@ImagePath system32\drivers\wd\WdBoot.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@ImagePath system32\drivers\wd\WdFilter.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ActivityDataModel\ReaderRevisionInfo@4107911F-E1B6-9E44-AE3E-7BEB0B32418B 1?60??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\CloudCacheInvalidator@4107911f-e1b6-9e44-ae3e-7beb0b32418b { "DatabaseInstanceId" : 41939, "Sequence" : 1305, "activityStoreId" : "4107911F-E1B6-9E44-AE3E-7BEB0B32418B", "filter" : { "isReadFilter" : 0, "originFilterKey" : 0, "stateFilterKey" : 0, "userActionStateFilter" : 0 } }
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched@C:\Users\Kuba\Downloads\g732ut3z.exe 2
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched@Microsoft.Windows.Explorer 1
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched@{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Samsung\Samsung Magician\SamsungMagician.exe 5
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\TrayButtonClicked@NotificationCenterButton 3
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications@TimestampWhenSeen 0xCD 0xB1 0x2B 0x5C ...
---- EOF - GMER 2.2 ----
AUTOLOGER - Pomoc
-
mmmartin
- Moderátor
-
Elite Level 10
- Příspěvky: 9504
- Registrován: srpen 04
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
Re: AUTOLOGER - Pomoc
Diakritika zas není s ohledem na USA takový problém, ale vulgarity sis mohl/a odpustit. 
ASUS Prime Z390-P / Hexa Core Intel core i5 Coffee Lake-S / Gigabyte GeForce GTX 650 Ti / FORTRON BlueStorm Bronze 80PLUS / W 11
Re: AUTOLOGER - Pomoc
Omlouvam se, za jednu vulgaritu, ale uz z toho opravdu blaznim. Nejsem ani na svem PC,
Nemam zadne Administratorske prava, pokud se v tom trosku rejpu a snazim se dat si status Owner device, jsem schopny omezit dost veci, nakonec to skonci Blue screenem.
Safe mode nefunguje.
Pokud nainstaluji jakykoliv program, myslim si, ze je automaticky ovlivnen virem.
Jedine co funguje je GMER, protoze se nemusi instalovat a prejmenoval jsem ho aby nebyl zachycen + dal jsem v nastaveni antiviru kontrolu zmen ve slozkach, takze jsem zamitnul veskere povoleni pri procesu scanu. Pokud jsem povolil pristup = Vysledek scranu 0 infection.
Zkousel jsem instalovat nove win, opravovat MBR, pouzil jsem linux boot cd, atd. Bohuzel porad dookola. Uz si o me lidi mysli ze jsem paranoidni tady...
Port 22, SSH, Terminal - Root Trvalo mi cely den nez jsem se tam dostal, nakonec jsem nemohl pouzit polovinu veci ani konfiguraci networku.
Moc se v PC nevyznam, takze nevim jake veci tam maji byt a nemaji, ale myslim si, ze je tam spousta veci co tam nepatri.
Nemam zadne Administratorske prava, pokud se v tom trosku rejpu a snazim se dat si status Owner device, jsem schopny omezit dost veci, nakonec to skonci Blue screenem.
Safe mode nefunguje.
Pokud nainstaluji jakykoliv program, myslim si, ze je automaticky ovlivnen virem.
Jedine co funguje je GMER, protoze se nemusi instalovat a prejmenoval jsem ho aby nebyl zachycen + dal jsem v nastaveni antiviru kontrolu zmen ve slozkach, takze jsem zamitnul veskere povoleni pri procesu scanu. Pokud jsem povolil pristup = Vysledek scranu 0 infection.
Zkousel jsem instalovat nove win, opravovat MBR, pouzil jsem linux boot cd, atd. Bohuzel porad dookola. Uz si o me lidi mysli ze jsem paranoidni tady...
Port 22, SSH, Terminal - Root Trvalo mi cely den nez jsem se tam dostal, nakonec jsem nemohl pouzit polovinu veci ani konfiguraci networku.
Moc se v PC nevyznam, takze nevim jake veci tam maji byt a nemaji, ale myslim si, ze je tam spousta veci co tam nepatri.
Re: AUTOLOGER - Pomoc
GMER 2.2.19882 - http://www.gmer.net
3rd party scan 2019-12-19 16:07:25
Windows 6.2.9200 x64
Running: g732ut3z.exe
---- Services - GMER 2.2 ----
Service ADOVMPPackage
Service [MANUAL] aswbdisk
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Service/AVAST Software SIGNED)(2019-12-19 06:20:37) [AUTO] avast! Antivirus
Service C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38) [AUTO] AvastWscReporter
Service CoreUI
Service C:\WINDOWS\system32\epmntdrv.sys(2019-12-19 03:19:25) [MANUAL] epmntdrv
Service C:\WINDOWS\System32\drivers\EPMVolFl.sys (Disk Performance Driver/Windows (R) Codename Longhorn DDK provider SIGNED)(2019-12-19 03:19:25) [BOOT] EPMVolFl
Service C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53) [MANUAL] GoogleChromeElevationService
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37) [AUTO] gupdate
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37) [MANUAL] gupdatem
Service C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35) [AUTO] MBAMService
Service napagent
Service NetbiosSmb
Service netvscvfpp
Service C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (GameManagerService/Razer Inc SIGNED)(2019-10-01 18:16:27) [AUTO] Razer Game Manager Service
Service C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (Razer Synapse Service/Razer Inc. SIGNED)(2019-11-19 06:25:54) [AUTO] Razer Synapse Service
Service RDMANDK
Service RDPUDD
Service C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Central Service/Razer Inc. SIGNED)(2019-10-28 19:45:08) [AUTO] RzActionSvc
Service SmartPqi
Service C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56) [AUTO] THXService
Service workerdd
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswArPot@ImagePath C:\WINDOWS\system32\drivers\aswArPot.sys (Avast anti rootkit/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ImagePath C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Behavior Shield/AVAST Software SIGNED)(2019-12-19 06:20:36)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ImagePath C:\WINDOWS\system32\drivers\aswbidsdriver.sys (IDS Application Activity Monitor Driver./AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ImagePath C:\WINDOWS\system32\drivers\aswbidsh.sys (Application Activity Monitor Helper Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ImagePath C:\WINDOWS\system32\drivers\aswbuniv.sys (Universal Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ImagePath C:\WINDOWS\system32\drivers\aswKbd.sys (Avast Keyboard Filter Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath C:\WINDOWS\system32\drivers\aswMonFlt.sys (Avast File System Minifilter for Windows 2003/Vista/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath C:\WINDOWS\system32\drivers\aswRdr2.sys (Avast WFP Redirect Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ImagePath C:\WINDOWS\system32\drivers\aswRvrt.sys (Avast Revert/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ImagePath C:\WINDOWS\system32\drivers\aswSnx.sys (Avast Virtualization Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ImagePath C:\WINDOWS\system32\drivers\aswSP.sys (Avast self protection module/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ImagePath C:\WINDOWS\system32\drivers\aswStm.sys (Stream Filter/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ImagePath C:\WINDOWS\system32\drivers\aswVmm.sys (Avast VM Monitor/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Service/AVAST Software SIGNED)(2019-12-19 06:20:37)
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@FailureCommand C:\Program Files\AVAST Software\Avast\setup\Instup.exe (Avast Antivirus Installer/AVAST Software SIGNED)(2019-12-19 06:20:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AvastWscReporter@ImagePath C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SYSTEM\CurrentControlSet\Services\epmntdrv@ImagePath C:\WINDOWS\system32\epmntdrv.sys(2019-12-19 03:19:25)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EPMVolFl@ImagePath C:\WINDOWS\System32\drivers\EPMVolFl.sys (Disk Performance Driver/Windows (R) Codename Longhorn DDK provider SIGNED)(2019-12-19 03:19:25)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chrome@CategoryMessageFile C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\eventlog_provider.dll (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService@EventMessageFile C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\GoogleChromeElevationService@ImagePath C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SYSTEM\CurrentControlSet\Services\gupdate@ImagePath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37)
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMService@ImagePath C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\Razer Game Manager Service@ImagePath C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (GameManagerService/Razer Inc SIGNED)(2019-10-01 18:16:27)
Reg HKLM\SYSTEM\CurrentControlSet\Services\Razer Synapse Service@ImagePath C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (Razer Synapse Service/Razer Inc. SIGNED)(2019-11-19 06:25:54)
Reg HKLM\SYSTEM\CurrentControlSet\Services\RzActionSvc@ImagePath C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Central Service/Razer Inc. SIGNED)(2019-10-28 19:45:08)
Reg HKLM\SYSTEM\CurrentControlSet\Services\THXService@ImagePath C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0462E881@AppFullPath C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}@StubPath C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe (Google Chrome Installer/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}@PRODUCTEXE C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}@PRODUCTEXE C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@THX22adHelper C:\Program Files (x86)\Razer\THXVAD\Drivers\x64\THXHelper22ad.exe(2019-09-18 06:23:58)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@THX0520Helper C:\Program Files (x86)\Razer\APO0520Drv\Drivers\x64\THXHelper0520.exe(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@AvastUI.exe C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AvLaunch component/AVAST Software SIGNED)(2019-12-19 06:34:24)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@DisplayIcon C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:32)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@UninstallString C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:30)
Reg HKLM\SOFTWARE\Classes\avastconfigfile\shell\open\command@ C:\Program Files\AVAST Software\Avast\aswChLic.exe (aswChLic component/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Classes\ChromeHTML\Application@ApplicationIcon C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Classes\CLSID\{008E91AA-A905-4206-A0FE-D4177E1C7BB1}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{0BFA6B09-ACA0-49C0-BB87-BEE76FB9706B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{3B8E5435-3A70-483E-A8B5-EA7C0C0EB76B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32@ C:\Program Files\AVAST Software\Avast\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@ C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Shell Extension/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:37)
Reg HKLM\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32@ C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\notification_helper.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Classes\CLSID\{A4B68340-D53D-4FBF-B245-8E7593471B70}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@ C:\Program Files\AVAST Software\Avast\asOutExt.dll (AsOutExt Module/AVAST Software SIGNED)(2019-12-19 06:20:41)
Reg HKLM\SOFTWARE\Classes\CLSID\{B64E6FDA-4B28-489E-BD98-7FD8755C3628}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{D8F7B49E-297F-4FFF-B9A4-4F8567B0AC1B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{DCE425F4-1469-414F-AD07-8A5622C312B7}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{FB904E4E-D2C7-4C8D-8492-B620BB9896B1}\InprocServer32@ C:\Program Files\AVAST Software\Avast\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\malwarebytes\shell\open\command@ C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe (Malwarebytes Assistant/Malwarebytes SIGNED)(2019-12-19 02:29:32)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{008E91AA-A905-4206-A0FE-D4177E1C7BB1}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@ C:\Program Files\AVAST Software\Avast\x86\ashShell.dll (Avast Shell Extension/AVAST Software SIGNED)(2019-12-19 06:20:37)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateBroker.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateBroker.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\asOutExt.dll (AsOutExt Module/AVAST Software SIGNED)(2019-12-19 06:20:41)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DCE425F4-1469-414F-AD07-8A5622C312B7}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FB904E4E-D2C7-4C8D-8492-B620BB9896B1}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
---- EOF - GMER 2.2 ----
3rd party scan 2019-12-19 16:07:25
Windows 6.2.9200 x64
Running: g732ut3z.exe
---- Services - GMER 2.2 ----
Service ADOVMPPackage
Service [MANUAL] aswbdisk
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Service/AVAST Software SIGNED)(2019-12-19 06:20:37) [AUTO] avast! Antivirus
Service C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38) [AUTO] AvastWscReporter
Service CoreUI
Service C:\WINDOWS\system32\epmntdrv.sys(2019-12-19 03:19:25) [MANUAL] epmntdrv
Service C:\WINDOWS\System32\drivers\EPMVolFl.sys (Disk Performance Driver/Windows (R) Codename Longhorn DDK provider SIGNED)(2019-12-19 03:19:25) [BOOT] EPMVolFl
Service C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53) [MANUAL] GoogleChromeElevationService
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37) [AUTO] gupdate
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37) [MANUAL] gupdatem
Service C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35) [AUTO] MBAMService
Service napagent
Service NetbiosSmb
Service netvscvfpp
Service C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (GameManagerService/Razer Inc SIGNED)(2019-10-01 18:16:27) [AUTO] Razer Game Manager Service
Service C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (Razer Synapse Service/Razer Inc. SIGNED)(2019-11-19 06:25:54) [AUTO] Razer Synapse Service
Service RDMANDK
Service RDPUDD
Service C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Central Service/Razer Inc. SIGNED)(2019-10-28 19:45:08) [AUTO] RzActionSvc
Service SmartPqi
Service C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56) [AUTO] THXService
Service workerdd
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswArPot@ImagePath C:\WINDOWS\system32\drivers\aswArPot.sys (Avast anti rootkit/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ImagePath C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Behavior Shield/AVAST Software SIGNED)(2019-12-19 06:20:36)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ImagePath C:\WINDOWS\system32\drivers\aswbidsdriver.sys (IDS Application Activity Monitor Driver./AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ImagePath C:\WINDOWS\system32\drivers\aswbidsh.sys (Application Activity Monitor Helper Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ImagePath C:\WINDOWS\system32\drivers\aswbuniv.sys (Universal Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ImagePath C:\WINDOWS\system32\drivers\aswKbd.sys (Avast Keyboard Filter Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath C:\WINDOWS\system32\drivers\aswMonFlt.sys (Avast File System Minifilter for Windows 2003/Vista/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath C:\WINDOWS\system32\drivers\aswRdr2.sys (Avast WFP Redirect Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ImagePath C:\WINDOWS\system32\drivers\aswRvrt.sys (Avast Revert/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ImagePath C:\WINDOWS\system32\drivers\aswSnx.sys (Avast Virtualization Driver/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ImagePath C:\WINDOWS\system32\drivers\aswSP.sys (Avast self protection module/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ImagePath C:\WINDOWS\system32\drivers\aswStm.sys (Stream Filter/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ImagePath C:\WINDOWS\system32\drivers\aswVmm.sys (Avast VM Monitor/AVAST Software SIGNED)(2019-12-19 06:20:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Service/AVAST Software SIGNED)(2019-12-19 06:20:37)
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@FailureCommand C:\Program Files\AVAST Software\Avast\setup\Instup.exe (Avast Antivirus Installer/AVAST Software SIGNED)(2019-12-19 06:20:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AvastWscReporter@ImagePath C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SYSTEM\CurrentControlSet\Services\epmntdrv@ImagePath C:\WINDOWS\system32\epmntdrv.sys(2019-12-19 03:19:25)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EPMVolFl@ImagePath C:\WINDOWS\System32\drivers\EPMVolFl.sys (Disk Performance Driver/Windows (R) Codename Longhorn DDK provider SIGNED)(2019-12-19 03:19:25)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chrome@CategoryMessageFile C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\eventlog_provider.dll (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService@EventMessageFile C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\GoogleChromeElevationService@ImagePath C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SYSTEM\CurrentControlSet\Services\gupdate@ImagePath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2019-12-19 02:56:37)
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMService@ImagePath C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\Razer Game Manager Service@ImagePath C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (GameManagerService/Razer Inc SIGNED)(2019-10-01 18:16:27)
Reg HKLM\SYSTEM\CurrentControlSet\Services\Razer Synapse Service@ImagePath C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe (Razer Synapse Service/Razer Inc. SIGNED)(2019-11-19 06:25:54)
Reg HKLM\SYSTEM\CurrentControlSet\Services\RzActionSvc@ImagePath C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Central Service/Razer Inc. SIGNED)(2019-10-28 19:45:08)
Reg HKLM\SYSTEM\CurrentControlSet\Services\THXService@ImagePath C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0462E881@AppFullPath C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}@StubPath C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe (Google Chrome Installer/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}@PRODUCTEXE C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}@PRODUCTEXE C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast remediation exe/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@THX22adHelper C:\Program Files (x86)\Razer\THXVAD\Drivers\x64\THXHelper22ad.exe(2019-09-18 06:23:58)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@THX0520Helper C:\Program Files (x86)\Razer\APO0520Drv\Drivers\x64\THXHelper0520.exe(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@AvastUI.exe C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AvLaunch component/AVAST Software SIGNED)(2019-12-19 06:34:24)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@DisplayIcon C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:32)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1@UninstallString C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:30)
Reg HKLM\SOFTWARE\Classes\avastconfigfile\shell\open\command@ C:\Program Files\AVAST Software\Avast\aswChLic.exe (aswChLic component/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Classes\ChromeHTML\Application@ApplicationIcon C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Classes\CLSID\{008E91AA-A905-4206-A0FE-D4177E1C7BB1}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{0BFA6B09-ACA0-49C0-BB87-BEE76FB9706B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{3B8E5435-3A70-483E-A8B5-EA7C0C0EB76B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32@ C:\Program Files\AVAST Software\Avast\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@ C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Shell Extension/AVAST Software SIGNED)(2019-12-19 06:20:38)
Reg HKLM\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32@ C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (Malwarebytes/Malwarebytes SIGNED)(2019-12-19 02:29:37)
Reg HKLM\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32@ C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\notification_helper.exe (Google Chrome/Google LLC SIGNED)(2019-12-19 02:56:53)
Reg HKLM\SOFTWARE\Classes\CLSID\{A4B68340-D53D-4FBF-B245-8E7593471B70}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@ C:\Program Files\AVAST Software\Avast\asOutExt.dll (AsOutExt Module/AVAST Software SIGNED)(2019-12-19 06:20:41)
Reg HKLM\SOFTWARE\Classes\CLSID\{B64E6FDA-4B28-489E-BD98-7FD8755C3628}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{D8F7B49E-297F-4FFF-B9A4-4F8567B0AC1B}\LocalServer32@ C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe (THXService/THX SIGNED)(2019-09-18 06:23:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{DCE425F4-1469-414F-AD07-8A5622C312B7}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine_64.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32@ C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Service/Malwarebytes SIGNED)(2019-12-19 02:29:35)
Reg HKLM\SOFTWARE\Classes\CLSID\{FB904E4E-D2C7-4C8D-8492-B620BB9896B1}\InprocServer32@ C:\Program Files\AVAST Software\Avast\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\malwarebytes\shell\open\command@ C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe (Malwarebytes Assistant/Malwarebytes SIGNED)(2019-12-19 02:29:32)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{008E91AA-A905-4206-A0FE-D4177E1C7BB1}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@ C:\Program Files\AVAST Software\Avast\x86\ashShell.dll (Avast Shell Extension/AVAST Software SIGNED)(2019-12-19 06:20:37)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateBroker.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateBroker.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\asOutExt.dll (AsOutExt Module/AVAST Software SIGNED)(2019-12-19 06:20:41)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.35.422\goopdate.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DCE425F4-1469-414F-AD07-8A5622C312B7}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.35.422\psmachine.dll (Google Update/Google LLC SIGNED)(2019-12-19 03:02:17)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{FB904E4E-D2C7-4C8D-8492-B620BB9896B1}\InprocServer32@ C:\Program Files\AVAST Software\Avast\x86\aswAMSI.dll (Avast AMSI COM object/AVAST Software SIGNED)(2019-12-19 22:24:40)
---- EOF - GMER 2.2 ----
Re: AUTOLOGER - Pomoc
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:26:26 PM, on 12/19/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Users\Kuba\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_618e3 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Razer Inc. - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: THXService - THX - C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7927 bytes
Scan saved at 4:26:26 PM, on 12/19/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Users\Kuba\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_618e3 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Razer Inc. - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: THXService - THX - C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7927 bytes
Re: AUTOLOGER - Pomoc
ADW MALWAREBYTES DEBUG
2019-12-20 00:31:19 : <INFO> [Button clicked] Dashboard menu item
2019-12-20 00:31:23 : <INFO> [Button clicked] Scan
2019-12-20 00:31:23 : <INFO> [Scan] Started
2019-12-20 00:31:23 : <INFO> [Database] Downloading database
2019-12-20 00:31:23 : <INFO> [Database] Checking integrity
2019-12-20 00:31:23 : <INFO> [Database] Found 2591 families
2019-12-20 00:31:23 : <INFO> [Database] Database v "2019-12-17.1"
2019-12-20 00:31:23 : <INFO> [Loading paths] Local paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] Chrome paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] Firefox paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] User Keys loaded
2019-12-20 00:31:23 : <INFO> [Module initialized] "File"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Folder"
2019-12-20 00:31:23 : <INFO> [Module initialized] "RegistryKey"
2019-12-20 00:31:23 : <INFO> [Module initialized] "RegistryValue"
2019-12-20 00:31:23 : <INFO> [Module initialized] "TaskName"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Service"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Winlogon"
2019-12-20 00:31:24 : <INFO> [Module initialized] "URL"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegAppInit"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegClasses"
2019-12-20 00:31:24 : <INFO> [Module initialized] "DNS"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegFirewallPolicy"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegGuid"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegIEElevationPolicy"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegOther"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegProductID"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegSoftware"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegStartup"
2019-12-20 00:31:24 : <INFO> [Module initialized] "WMI"
2019-12-20 00:31:24 : <INFO> [Module initialized] "ChromiumExt"
2019-12-20 00:31:24 : <INFO> [Module initialized] "FirefoxExt"
2019-12-20 00:31:24 : <INFO> [Scan] Exclusions loaded
2019-12-20 00:31:25 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\dotomi.com" [ "Registry" ]
2019-12-20 00:31:25 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\dotomi.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\s.thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\s.thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:32 : <INFO> [Telemetry] Sending to Influx
2019-12-20 00:31:33 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-12-20 00:31:33 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-12-20 00:31:33 : <INFO> [SslCert] Locality Name ()
2019-12-20 00:31:33 : <INFO> [SslCert] Organization ()
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mon Dec 16 14:50:22 2019 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate ExpirationDate: "Sun Mar 15 14:50:22 2020 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] ALPN: Yes
2019-12-20 00:31:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-12-20 00:31:33 : <INFO> [SslCert] KXE: "ECDH"
2019-12-20 00:31:33 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-12-20 00:31:33 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2019-12-20 00:31:33 : <INFO> [Telemetry] Sending to DSE
2019-12-20 00:31:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-12-20 00:31:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2019-12-20 00:31:33 : <INFO> [SslCert] Locality Name ("San Jose")
2019-12-20 00:31:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc.")
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate EffectiveDate: "Thu Feb 22 00:00:00 2018 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate ExpirationDate: "Wed Apr 22 12:00:00 2020 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] ALPN: Yes
2019-12-20 00:31:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-12-20 00:31:33 : <INFO> [SslCert] KXE: "ECDH"
2019-12-20 00:31:33 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-12-20 00:31:33 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2019-12-20 00:31:33 : <INFO> [Scan] Finished
2019-12-20 00:31:52 : <INFO> [Button clicked] Log files menu item
2019-12-20 00:31:19 : <INFO> [Button clicked] Dashboard menu item
2019-12-20 00:31:23 : <INFO> [Button clicked] Scan
2019-12-20 00:31:23 : <INFO> [Scan] Started
2019-12-20 00:31:23 : <INFO> [Database] Downloading database
2019-12-20 00:31:23 : <INFO> [Database] Checking integrity
2019-12-20 00:31:23 : <INFO> [Database] Found 2591 families
2019-12-20 00:31:23 : <INFO> [Database] Database v "2019-12-17.1"
2019-12-20 00:31:23 : <INFO> [Loading paths] Local paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] Chrome paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] Firefox paths loaded
2019-12-20 00:31:23 : <INFO> [Loading paths] User Keys loaded
2019-12-20 00:31:23 : <INFO> [Module initialized] "File"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Folder"
2019-12-20 00:31:23 : <INFO> [Module initialized] "RegistryKey"
2019-12-20 00:31:23 : <INFO> [Module initialized] "RegistryValue"
2019-12-20 00:31:23 : <INFO> [Module initialized] "TaskName"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Service"
2019-12-20 00:31:23 : <INFO> [Module initialized] "Winlogon"
2019-12-20 00:31:24 : <INFO> [Module initialized] "URL"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegAppInit"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegClasses"
2019-12-20 00:31:24 : <INFO> [Module initialized] "DNS"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegFirewallPolicy"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegGuid"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegIEElevationPolicy"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegOther"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegProductID"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegSoftware"
2019-12-20 00:31:24 : <INFO> [Module initialized] "RegStartup"
2019-12-20 00:31:24 : <INFO> [Module initialized] "WMI"
2019-12-20 00:31:24 : <INFO> [Module initialized] "ChromiumExt"
2019-12-20 00:31:24 : <INFO> [Module initialized] "FirefoxExt"
2019-12-20 00:31:24 : <INFO> [Scan] Exclusions loaded
2019-12-20 00:31:25 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\dotomi.com" [ "Registry" ]
2019-12-20 00:31:25 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\dotomi.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\s.thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\s.thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:30 : <INFO> [Scan] Item detected: "PUP.Optional.TheBrightTag" , "HKCU\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\thebrighttag.com" [ "Registry" ]
2019-12-20 00:31:32 : <INFO> [Telemetry] Sending to Influx
2019-12-20 00:31:33 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-12-20 00:31:33 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-12-20 00:31:33 : <INFO> [SslCert] Locality Name ()
2019-12-20 00:31:33 : <INFO> [SslCert] Organization ()
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mon Dec 16 14:50:22 2019 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate ExpirationDate: "Sun Mar 15 14:50:22 2020 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] ALPN: Yes
2019-12-20 00:31:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-12-20 00:31:33 : <INFO> [SslCert] KXE: "ECDH"
2019-12-20 00:31:33 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-12-20 00:31:33 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2019-12-20 00:31:33 : <INFO> [Telemetry] Sending to DSE
2019-12-20 00:31:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-12-20 00:31:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
2019-12-20 00:31:33 : <INFO> [SslCert] Locality Name ("San Jose")
2019-12-20 00:31:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc.")
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate EffectiveDate: "Thu Feb 22 00:00:00 2018 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] Certificate ExpirationDate: "Wed Apr 22 12:00:00 2020 GMT"
2019-12-20 00:31:33 : <INFO> [SslCert] ALPN: Yes
2019-12-20 00:31:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2019-12-20 00:31:33 : <INFO> [SslCert] KXE: "ECDH"
2019-12-20 00:31:33 : <INFO> [SslCert] Protocol: "TLSv1.2"
2019-12-20 00:31:33 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2019-12-20 00:31:33 : <INFO> [Scan] Finished
2019-12-20 00:31:52 : <INFO> [Button clicked] Log files menu item
Re: AUTOLOGER - Pomoc
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/19/19
Scan Time: 4:33 PM
Log File: 5b8a64e6-22c0-11ea-a48c-000000000000.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.16464
License: Trial
-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: DESKTOP-09GT5U9\Kuba
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 261937
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 0 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
www.malwarebytes.com
-Log Details-
Scan Date: 12/19/19
Scan Time: 4:33 PM
Log File: 5b8a64e6-22c0-11ea-a48c-000000000000.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.16464
License: Trial
-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: DESKTOP-09GT5U9\Kuba
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 261937
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 0 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Re: AUTOLOGER - Pomoc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Kuba (Administrator) on Thu 12/19/2019 at 17:22:38.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2019 at 17:23:36.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ROGUE KILLER take nenasel nic.
Nemohu spustit Safe mode, najede mi, ale nemohu na nic kliknout a po chvili se sekne a restartuje. Zkousel jsem Repair etc. za pomoci instalacniho CD win, take nic.
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Kuba (Administrator) on Thu 12/19/2019 at 17:22:38.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2019 at 17:23:36.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ROGUE KILLER take nenasel nic.
Nemohu spustit Safe mode, najede mi, ale nemohu na nic kliknout a po chvili se sekne a restartuje. Zkousel jsem Repair etc. za pomoci instalacniho CD win, take nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: AUTOLOGER - Pomoc
Moc tomu nerozumím , gmer je na rootkity..
Nevím v čem je problém , jen v nouz. režimu?
Autologger? Nemyslíš spíš keylogger?
Autologger:
https://pctuning.tyden.cz/software/lade ... ky?start=3
Vidím Avast , ale píšeš BitDefernder?
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Nevím v čem je problém , jen v nouz. režimu?
Autologger? Nemyslíš spíš keylogger?
Autologger:
https://pctuning.tyden.cz/software/lade ... ky?start=3
Vidím Avast , ale píšeš BitDefernder?
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: AUTOLOGER - Pomoc
Ahoj. Diky.
Ano mam placeny bitdefender, plus dalších x utility programu. Ale tenhle scan je z meho pocitace ktery jsem uz zkoušel asi 3x preinstalovat. Tak jsem zkoušel jine antiviry.
Problém je v samotnem rootu. Po dlouhe namaze jsem se do nej dostal a byly tam věci ktere tam nemaji byt.
První věci ktere jsem si vsiml je start systému. Místo abych zapl pc a rozsvitila se klavesnice a myš a vse najelo. Tak se prvne vse rozsvítí a zase zhasne a rozsvítí.
Z rootu jsem vyčetl ze je tam něco v podobe smyčky, ktera se opakuje pokazde co restartuji PC a vse prepise. Prakticky si myslím, ze ani nejsem ve Win, ze me to loguje do neceho jako virtualni os.
Vsechno je 2x. Pise mi ze mam 2 myšky, 2 klávesnice, atd. HDD si vzdycky vytvoří na disku sám svoje jednotky do kterých se nemohu dostat a mají 80mb.
Zkoušel jsem vsechno i zoek proběhl v pohode a pak chtěl restart a po restartu vyskočí chyba ze nefunguje. Proste mi nic nefunguje.
Kdykoliv něco bootuju na fleshku automaticky mi to soubory upravi. Zaplatil jsem kill disk a udělal z něj bootovacinflesku a nefunguje, to same windows.
Ano mam placeny bitdefender, plus dalších x utility programu. Ale tenhle scan je z meho pocitace ktery jsem uz zkoušel asi 3x preinstalovat. Tak jsem zkoušel jine antiviry.
Problém je v samotnem rootu. Po dlouhe namaze jsem se do nej dostal a byly tam věci ktere tam nemaji byt.
První věci ktere jsem si vsiml je start systému. Místo abych zapl pc a rozsvitila se klavesnice a myš a vse najelo. Tak se prvne vse rozsvítí a zase zhasne a rozsvítí.
Z rootu jsem vyčetl ze je tam něco v podobe smyčky, ktera se opakuje pokazde co restartuji PC a vse prepise. Prakticky si myslím, ze ani nejsem ve Win, ze me to loguje do neceho jako virtualni os.
Vsechno je 2x. Pise mi ze mam 2 myšky, 2 klávesnice, atd. HDD si vzdycky vytvoří na disku sám svoje jednotky do kterých se nemohu dostat a mají 80mb.
Zkoušel jsem vsechno i zoek proběhl v pohode a pak chtěl restart a po restartu vyskočí chyba ze nefunguje. Proste mi nic nefunguje.
Kdykoliv něco bootuju na fleshku automaticky mi to soubory upravi. Zaplatil jsem kill disk a udělal z něj bootovacinflesku a nefunguje, to same windows.
Re: AUTOLOGER - Pomoc
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:37:45 PM, on 12/19/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Administrator\Desktop\g732ut3z.exe
C:\Users\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3538239455-103221015-4105317018-500\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_21418 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6268 bytes
Scan saved at 7:37:45 PM, on 12/19/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Administrator\Desktop\g732ut3z.exe
C:\Users\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-21-3538239455-103221015-4105317018-500\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_21418 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6268 bytes
Re: AUTOLOGER - Pomoc
Tady je zretelne videt ze je nakazen root
Rootkit scan 2019-12-19 19:37:20
Windows 6.2.9200 x64
Running: g732ut3z.exe
---- Services - GMER 2.2 ----
Service C:\Windows\System32\drivers\truesight.sys (*** hidden *** ) [MANUAL] TrueSight <-- ROOTKIT !!!
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\FileSystem@DisableDeleteNotification 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_ACR0603TA1AA0038541_20_07E3_33_1002_731F_0000002F_00000000_0^41FA3D732F842EAA3B5B4C5284826835@Timestamp 0xA7 0xCC 0xEB 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 772
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@forceguest 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 6
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedExactPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Server Applications?Software\Microsoft\Windows NT\CurrentVersion?
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion\Print?Software\Microsoft\Windows NT\CurrentVersion\Windows?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?Software\Microsoft\Windows NT\CurrentVersion\Perflib?System\CurrentControlSet\Services\SysmonLog?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\ADMINI~1\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll??\??\C:\Program Files (x86)\Zemana\AntiMalware??\??\C:\Program Files (x86)\Zemana??\??\C:\WINDOWS\system32\drivers\truesight.sys??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 997137352
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ClearPageFileAtShutdown 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID bd1c31b5-d466-42d8-8301-127f756
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k AarSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@DisplayName Agent Activation Runtime_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Description @%SystemRoot%\system32\AarSvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k AarSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@DisplayName Agent Activation Runtime_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Description @%SystemRoot%\system32\AarSvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-90-0-1@SequenceNumber 8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@DisplayName GameDVR and Broadcast User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Description @%SystemRoot%\system32\BcastDVRUserService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75\Security@Security 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@DisplayName GameDVR and Broadcast User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Description @%SystemRoot%\system32\BcastDVRUserService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e\Security@Security 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k BthAppGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@DisplayName Bluetooth User Support Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Description @%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-102
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Guid 0x2A 0x30 0x50 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Data0 0x75 0x38 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Data0 0x75 0x48 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Data0 0x75 0x58 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Data0 0x75 0x68 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k BthAppGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@DisplayName Bluetooth User Support Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Description @%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-102
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Guid 0x2A 0x30 0x50 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Data0 0x75 0x38 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Data0 0x75 0x48 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Data0 0x75 0x58 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Data0 0x75 0x68 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k LocalService -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@DisplayName CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Description @%SystemRoot%\system32\CaptureService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k LocalService -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@DisplayName CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Description @%SystemRoot%\system32\CaptureService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@DisplayName Clipboard User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Description @%SystemRoot%\system32\cbdhsvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@DisplayName Clipboard User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Description @%SystemRoot%\system32\cbdhsvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@DisplayName Connected Devices Platform User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Description @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@DisplayName Connected Devices Platform User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Description @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k DevicesFlow
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@DisplayName ConsentUX_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Description @%SystemRoot%\system32\ConsentUxClient.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75\Security@Security
Rootkit scan 2019-12-19 19:37:20
Windows 6.2.9200 x64
Running: g732ut3z.exe
---- Services - GMER 2.2 ----
Service C:\Windows\System32\drivers\truesight.sys (*** hidden *** ) [MANUAL] TrueSight <-- ROOTKIT !!!
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\FileSystem@DisableDeleteNotification 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_ACR0603TA1AA0038541_20_07E3_33_1002_731F_0000002F_00000000_0^41FA3D732F842EAA3B5B4C5284826835@Timestamp 0xA7 0xCC 0xEB 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 772
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@forceguest 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 6
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedExactPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Server Applications?Software\Microsoft\Windows NT\CurrentVersion?
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion\Print?Software\Microsoft\Windows NT\CurrentVersion\Windows?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?Software\Microsoft\Windows NT\CurrentVersion\Perflib?System\CurrentControlSet\Services\SysmonLog?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\ADMINI~1\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll??\??\C:\Program Files (x86)\Zemana\AntiMalware??\??\C:\Program Files (x86)\Zemana??\??\C:\WINDOWS\system32\drivers\truesight.sys??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 997137352
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ClearPageFileAtShutdown 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID bd1c31b5-d466-42d8-8301-127f756
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k AarSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@DisplayName Agent Activation Runtime_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75@Description @%SystemRoot%\system32\AarSvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k AarSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@DisplayName Agent Activation Runtime_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e@Description @%SystemRoot%\system32\AarSvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AarSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-90-0-1@SequenceNumber 8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@DisplayName GameDVR and Broadcast User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75@Description @%SystemRoot%\system32\BcastDVRUserService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75\Security@Security 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@DisplayName GameDVR and Broadcast User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e@Description @%SystemRoot%\system32\BcastDVRUserService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e\Security@Security 0x01 0x00 0x04 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k BthAppGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@DisplayName Bluetooth User Support Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75@Description @%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-102
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\0@Guid 0x2A 0x30 0x50 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@Data0 0x75 0x38 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\1@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@Data0 0x75 0x48 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\2@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@Data0 0x75 0x58 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\3@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@Data0 0x75 0x68 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75\TriggerInfo\4@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k BthAppGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@DisplayName Bluetooth User Support Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e@Description @%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-102
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\0@Guid 0x2A 0x30 0x50 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@Data0 0x75 0x38 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\1@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@Data0 0x75 0x48 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\2@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@Data0 0x75 0x58 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\3@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Type 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Guid 0x16 0x28 0x7A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@Data0 0x75 0x68 0xBC 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e\TriggerInfo\4@DataType0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k LocalService -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@DisplayName CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75@Description @%SystemRoot%\system32\CaptureService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k LocalService -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@DisplayName CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e@Description @%SystemRoot%\system32\CaptureService.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@DisplayName Clipboard User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75@Description @%SystemRoot%\system32\cbdhsvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@DisplayName Clipboard User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e@Description @%SystemRoot%\system32\cbdhsvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@DisplayName Connected Devices Platform User Service_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75@Description @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@DisplayName Connected Devices Platform User Service_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e@Description @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_55a9e
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Type 224
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@ImagePath C:\WINDOWS\system32\svchost.exe -k DevicesFlow
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@DisplayName ConsentUX_23d75
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75@Description @%SystemRoot%\system32\ConsentUxClient.dll,-101
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_23d75\Security@Security
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti