Prosím o kontrolu logu
Napsal: 18 zář 2021 11:32
Dobrý den,
po zavření Chromu začala střídavě v pravém dolním rohu vyskakovat okna bez rámu, vypadala jako hlášky operačního systému, update apod., různé odpuzující symboly, lebky se skříženými hnáty, texty v češtině typu: "Probíhá šifrování všech vašich dat, Počítač je napaden trojským koněm, Zapněte Avast, Počítač je napaden 5 novými viry, Bylo napadeno vaše internetové baknovnictví" apod. Okna obsahovala tlačítka vyzývající k akci, ke kliknutí, což jsem neudělal. Vše jsem 2x oskenoval aktuálním Eset endpoint security, ale nic nenašel. Pak jsem stahnul CCleaner, odstranil všechny ty cookies, temp atd. Restartoval win10 a nic se už neobjevuje. Přesto si dovoluji požádat o kontrolu logu. Díky.
Platform: x64 Windows 10 (Enterprise LTSB), 10.0.17763.2183 (ReleaseId: 1809), Service Pack: 0
Time: 18.09.2021 - 10:54 (UTC+02:00)
Language: OS: Czech (0x405). Display: English (0x809). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: panS (group: Administrator) on DESK57823, FirstRun: yes
Chrome: 93.0.4577.82
Internet Explorer: 11.0.17763.2145
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\DatacardService\DCSHelper.exe
1 C:\Program Files (x86)\DatacardService\HWDeviceService64.exe
1 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1 C:\Program Files\ESET\ESET Security\eguiProxy.exe
1 C:\Program Files\ESET\ESET Security\ekrn.exe
1 C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
1 C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
1 C:\Users\panS\Downloads\HiJackThis.exe
1 C:\Windows\System32\BdeUISrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atiesrxx.exe
2 C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_b329da652cac1281\WTabletServiceISD.exe
1 C:\Windows\System32\FMService64.exe
2 C:\Windows\System32\RtkAudUService64.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\dolbyaposvc\DAX3API.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
70 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\ymc.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O1 - Hosts.ICS: 192.168.137.112 QB789A8217.mshome.net # 2021 5 5 21 10 7 39 898
O1 - Hosts.ICS: 23
O1 - Hosts.ICS: 1
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /run /hide /proxy
O4-32 - HKLM\..\Run: [PWRISOVM.EXE] = C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4-32 - HKLM\..\Run: [TeamsMachineUninstallerLocalAppData] = C:\Users\panS\AppData\Local\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
O4-32 - HKLM\..\Run: [TeamsMachineUninstallerProgramData] = C:\ProgramData\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (file missing)
O15 - Trusted Zone: https://akhk-files.sharepoint.com
O15 - Trusted Zone: https://akhk-myfiles.sharepoint.com
O17 - DHCP DNS 1: 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc3fb9f-87a7-4605-becf-8bff3ce24d21}: [NameServer] = 62.141.16.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc3fb9f-87a7-4605-becf-8bff3ce24d21}: [NameServer] = 62.141.16.177
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (Microsoft)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - panS - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CCleanerSkipUAC - panS - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \Lenovo\Lenovo YMC Uninstall Task - C:\Windows\System32\YMC.exe -PnPTask
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atiesrxx.exe
O23 - Service R2: Dolby DAX API Service - (DolbyDAXAPI) - C:\Windows\system32\dolbyaposvc\DAX3API.exe
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R2: Fortemedia APO Control Service - (FMAPOService) - C:\Windows\System32\FMService64.exe
O23 - Service R2: HWDeviceService64.exe - C:\Program Files (x86)\DatacardService\HWDeviceService64.exe -/service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\RtkAudUService64.exe
O23 - Service R2: Wacom ISD Service - (WTabletServiceISD) - C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_b329da652cac1281\WTabletServiceISD.exe
O23 - Service R2: ymc - (YMC) - C:\Windows\System32\ymc.exe
O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service S2: Internet Manager. OUC - (Internet Manager. RunOuc) - C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
O23 - Service S2: Služba Aktualizace Google (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: ESET HTTP Server - (EHttpSrv) - C:\Program Files\ESET\ESET Security\ehttpsrv.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\elevation_service.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Služba Aktualizace Google (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
po zavření Chromu začala střídavě v pravém dolním rohu vyskakovat okna bez rámu, vypadala jako hlášky operačního systému, update apod., různé odpuzující symboly, lebky se skříženými hnáty, texty v češtině typu: "Probíhá šifrování všech vašich dat, Počítač je napaden trojským koněm, Zapněte Avast, Počítač je napaden 5 novými viry, Bylo napadeno vaše internetové baknovnictví" apod. Okna obsahovala tlačítka vyzývající k akci, ke kliknutí, což jsem neudělal. Vše jsem 2x oskenoval aktuálním Eset endpoint security, ale nic nenašel. Pak jsem stahnul CCleaner, odstranil všechny ty cookies, temp atd. Restartoval win10 a nic se už neobjevuje. Přesto si dovoluji požádat o kontrolu logu. Díky.
Platform: x64 Windows 10 (Enterprise LTSB), 10.0.17763.2183 (ReleaseId: 1809), Service Pack: 0
Time: 18.09.2021 - 10:54 (UTC+02:00)
Language: OS: Czech (0x405). Display: English (0x809). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: panS (group: Administrator) on DESK57823, FirstRun: yes
Chrome: 93.0.4577.82
Internet Explorer: 11.0.17763.2145
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\DatacardService\DCSHelper.exe
1 C:\Program Files (x86)\DatacardService\HWDeviceService64.exe
1 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1 C:\Program Files\ESET\ESET Security\eguiProxy.exe
1 C:\Program Files\ESET\ESET Security\ekrn.exe
1 C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
1 C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
1 C:\Users\panS\Downloads\HiJackThis.exe
1 C:\Windows\System32\BdeUISrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atiesrxx.exe
2 C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_b329da652cac1281\WTabletServiceISD.exe
1 C:\Windows\System32\FMService64.exe
2 C:\Windows\System32\RtkAudUService64.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\dolbyaposvc\DAX3API.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
70 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\ymc.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O1 - Hosts.ICS: 192.168.137.112 QB789A8217.mshome.net # 2021 5 5 21 10 7 39 898
O1 - Hosts.ICS: 23
O1 - Hosts.ICS: 1
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /run /hide /proxy
O4-32 - HKLM\..\Run: [PWRISOVM.EXE] = C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4-32 - HKLM\..\Run: [TeamsMachineUninstallerLocalAppData] = C:\Users\panS\AppData\Local\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
O4-32 - HKLM\..\Run: [TeamsMachineUninstallerProgramData] = C:\ProgramData\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (file missing)
O15 - Trusted Zone: https://akhk-files.sharepoint.com
O15 - Trusted Zone: https://akhk-myfiles.sharepoint.com
O17 - DHCP DNS 1: 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc3fb9f-87a7-4605-becf-8bff3ce24d21}: [NameServer] = 62.141.16.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc3fb9f-87a7-4605-becf-8bff3ce24d21}: [NameServer] = 62.141.16.177
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (Microsoft)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - panS - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CCleanerSkipUAC - panS - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \Lenovo\Lenovo YMC Uninstall Task - C:\Windows\System32\YMC.exe -PnPTask
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0339832.inf_amd64_5b40e4b124ce713e\B339478\atiesrxx.exe
O23 - Service R2: Dolby DAX API Service - (DolbyDAXAPI) - C:\Windows\system32\dolbyaposvc\DAX3API.exe
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R2: Fortemedia APO Control Service - (FMAPOService) - C:\Windows\System32\FMService64.exe
O23 - Service R2: HWDeviceService64.exe - C:\Program Files (x86)\DatacardService\HWDeviceService64.exe -/service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\RtkAudUService64.exe
O23 - Service R2: Wacom ISD Service - (WTabletServiceISD) - C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_b329da652cac1281\WTabletServiceISD.exe
O23 - Service R2: ymc - (YMC) - C:\Windows\System32\ymc.exe
O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service S2: Internet Manager. OUC - (Internet Manager. RunOuc) - C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
O23 - Service S2: Služba Aktualizace Google (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: ESET HTTP Server - (EHttpSrv) - C:\Program Files\ESET\ESET Security\ehttpsrv.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\elevation_service.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Služba Aktualizace Google (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc