Kontrola logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 26 dub 2022 19:22

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by breta on 25.04.2022 at 22:06:29,66.
Microsoft Windows 10 Home 10.0.19043 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\breta\Desktop\zoek1\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.04.2022 22:09:54 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Intel Driver and Support Assistant deleted successfully
C:\PROGRA~2\PokerStars.CZ deleted successfully
C:\PROGRA~2\T-Mobile deleted successfully
C:\PROGRA~2\WonderFox Soft deleted successfully
C:\Program Files\Elantech deleted successfully
C:\Program Files\Highresolution Enterprises deleted successfully
C:\Program Files\JetBrains deleted successfully
C:\Program Files\MoneyManagerEX deleted successfully
C:\PROGRA~3\48C4687D-9760-4F5B-BAB3-60351B0841E4 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\breta\AppData\Roaming\CareCenter deleted successfully
C:\Users\breta\AppData\Roaming\Opera Software deleted successfully
C:\Users\breta\AppData\Roaming\Wargaming.net deleted successfully
C:\Users\breta\AppData\Local\CrashDumps deleted successfully
C:\Users\breta\AppData\Local\DBG deleted successfully
C:\Users\breta\AppData\Local\Finkit deleted successfully
C:\Users\breta\AppData\Local\Greenshot deleted successfully
C:\Users\breta\AppData\Local\gtk-3.0 deleted successfully
C:\Users\breta\AppData\Local\Opera Software deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1885444895-1151541194-3766610177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_USERS\S-1-5-21-1885444895-1151541194-3766610177-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default\prefs.js:
user_pref("browser.newtab.url", "https://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180617__yaff");

Added to C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.newtabpage.url", "https://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180617__yaf
---- FireFox user.js and prefs.js backups ----

prefs__2239_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Intel Driver and Support Assistant not found
C:\PROGRA~2\PokerStars.CZ not found
C:\PROGRA~2\T-Mobile not found
C:\PROGRA~2\WonderFox Soft not found
C:\PROGRA~3\48C4687D-9760-4F5B-BAB3-60351B0841E4 not found
C:\Users\breta\AppData\Local\PokerStars.CZ deleted
C:\PROGRA~2\R.G. Mechanics deleted
C:\Users\breta\AppData\Roaming\discord deleted
C:\Users\breta\AppData\Roaming\uTorrent deleted
C:\Users\breta\AppData\Roaming\WhatsApp deleted
C:\windows\SysNative\Tasks\Software Update Application deleted
C:\Users\breta\.android deleted
C:\PROGRA~3\mia1989.tmp deleted
C:\PROGRA~3\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\breta\AppData\Local\Sync-1516459179.msi.log deleted
C:\Users\breta\AppData\Local\MSGBOX.EXE deleted
C:\Users\breta\AppData\Local\cache deleted
C:\Users\breta\AppData\Local\CrashRpt deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2AAFD.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486783.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486795.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867a6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867ba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867cc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4867ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486810.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486822.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486824.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486835.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-486857.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4868c6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4868d8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4868e9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-4868fb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-48691c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10c0-1260-48692e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133b64.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133b85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133b97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133bc8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133be9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133c1a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133c3b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133c5c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-111c-1518-133c7e.tmp deleted

asi milion takovych souboru, je to moc dlouhé, asi na 4 zprávy .... :(


C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782c2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782c4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782c6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782d8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782dc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782f0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-2782f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-278303.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-278305.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-278307.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-278319.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-27831b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-27831d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f64-159c-27832f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-12017d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-12018e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-120190.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201a2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201b4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201c7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201c9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201dd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201df.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-1201f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-120225.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-120227.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-120239.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-12023b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f8-2bcc-12024d.tmp deleted
C:\windows\SysNative\Tasks\Avast Secure Browser Heartbeat Task (Hourly) deleted
C:\windows\SysNative\Tasks\Avast Secure Browser Heartbeat Task (Logon) deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineCore deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineUA deleted
C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default\searchplugins\yahoo-lavasoft-ff59.xml deleted
C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default\jetpack deleted
C:\Users\breta\Launcher.exe deleted
C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default\extensions\partnerdefaults@mozilla.com deleted
"C:\WINDOWS\Installer\435db6e1.msi" deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\bretaFfl2.dat" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\Avast\datascan.json" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\breta\kv_pam.db" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\breta\kv_pamcore.db" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\breta\kv_pampub.db" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\breta\pam.db" not deleted
"C:\Users\breta\AppData\Local\AVAST Software" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\Avast" not deleted
"C:\Users\breta\AppData\Local\AVAST Software\APM\breta" not deleted

==== Orphaned Tasks deleted from Registry ======================

Avast Secure Browser Heartbeat Task (Hourly) deleted
Avast Secure Browser Heartbeat Task (Logon) deleted
AvastUpdateTaskMachineCore deleted
AvastUpdateTaskMachineUA deleted
Software Update Application deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default
- Czech CZ Language Pack - %ProfilePath%\extensions\langpack-cs@firefox.mozilla.org.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\breta\AppData\Roaming\Mozilla\Firefox\Profiles\3fa1oxu4.default
- C:\Program Files x86\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - [?]


==== Chromium Look ======================

Google Chrome Version: 100.0.4896.127

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aegnopegbbhjeeiganiajffnalhlkkjb - No path found[]
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]

Safe Torrent Scanner - breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb
Location Guard - breta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfohepagpmnodfdmjliccbbigdkfcgia
GoFullPage - Full Page Screen Capture - breta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl
FormApps Extension - breta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43} - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{A9E6B20B-3626-4F6D-9E89-81AAFF5D2D43} - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences was reset successfully
C:\Users\breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\breta\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences was reset successfully
C:\Users\breta\AppData\Local\Microsoft\Edge\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data was reset successfully
C:\Users\breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data-journal was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\breta\AppData\Local\Microsoft\Edge\User Data\Profile 1\Web Data was reset successfully
C:\Users\breta\AppData\Local\Microsoft\Edge\User Data\Profile 1\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\24C995FA5E2A15247BEE94521D74EAC0 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iastorui.exe\6effccfb19af2e23_PD deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF599C42-A2E5-4251-B7EE-4925D147AE0C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\24C995FA5E2A15247BEE94521D74EAC0 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\breta\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\breta\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\breta\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache emptied successfully
C:\Users\breta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\breta\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2937 folders=2253 473469948 bytes)

==== Empty Temp Folders ======================

C:\Users\breta\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\defaultuser0\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

Reklama
breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 26 dub 2022 19:22

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  25.04.2022 23:40:16
Typ kontroly    :  Custom Scan
Čas trvání    :  00:39:48
Zkontrolované objekty    :  238462
Zjištěné objekty    :  5
Vyloučené objekty    :  0
Automatické odesílání    :  Ano
Operační systém    :  Windows 10 x64
Procesor    :  4X Intel(R) Core(TM) i3-6006U CPU @ 2.00GHz
Režim systému BIOS    :  UEFI
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  126A35BA0013630324BACA


Odhalení
MD5    :  6DC2BEEEBEE1212D17B9376ACEE93235
Stav    :  Zkontrolováno
Objekt    :  c:\programdata\avast software\avast\log\hns.log
Vydavatel    :  
Velikost    :  116695
Odhalení    :  Trojan:Win32/MalDropper.OnClickAds
Akce    :  Karanténa
-----------------------------------------------------------------------
MD5    :  9C732FA4B78D823213C10D8223437B85
Stav    :  Zkontrolováno
Objekt    :  c:\zoek\in\usertemp\locstor.txt
Vydavatel    :  
Velikost    :  733
Odhalení    :  Adware:Win32/FeedSonicSearch
Akce    :  Karanténa
-----------------------------------------------------------------------
MD5    :  1C8C178E28E919BB797FFBEFF7C6F0A8
Stav    :  Zkontrolováno
Objekt    :  c:\zoek_backup\c_users_breta_appdata_local_avast software\browser\user data\default\extensions\kmediagceboldddnnajkcochbkfkedel\1.23.0.675_0\assets\thirdparties\pgl.yoyo.org\as\serverlist
Vydavatel    :  
Velikost    :  80236
Odhalení    :  Trojan:Win32/MalDropper.OnClickAds
Akce    :  Karanténa
-----------------------------------------------------------------------
MD5    :  35CC8ECAF3E89B39A4C73570D375E2E8
Stav    :  Zkontrolováno
Objekt    :  c:\zoek_backup\c_users_breta_appdata_local_avast software\browser\user data\default\extensions\kmediagceboldddnnajkcochbkfkedel\1.23.0.675_0\assets\thirdparties\easylist-downloads.adblockplus.org\easylist.txt
Vydavatel    :  
Velikost    :  2598100
Odhalení    :  Adware:Win32/FeedSonicSearch
Akce    :  Karanténa
-----------------------------------------------------------------------
MD5    :  B97D1667799CCE242768358DCFABB78D
Stav    :  Zkontrolováno
Objekt    :  c:\zoek_backup\c_users_breta_appdata_local_avast software\browser\user data\default\extensions\nmebbcjdbhgggcgohlnlgadkmjiedfbc\1.2.341_0\js\background.js
Vydavatel    :  
Velikost    :  2078514
Odhalení    :  Trojan:Win32/MalDropper.OnClickAds
Akce    :  Karanténa
-----------------------------------------------------------------------

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 26 dub 2022 19:25

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:24:08, on 26.04.2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1566)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
C:\Users\breta\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer17win10.msn.com/?pc=ACTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Viber] "C:\Users\breta\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [CiscoMeetingDaemon] "C:\Users\breta\AppData\Local\WebEx\WebexHost.exe" /daemon /from=autorun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1885444895-1151541194-3766610177-1000\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'defaultuser0')
O4 - HKUS\S-1-5-21-1885444895-1151541194-3766610177-1000\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'defaultuser0')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Avast Software\Avast\aswidsagent.exe
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\System32\drivers\AdminService.exe (file missing)
O23 - Service: Služba Avast Browser Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Avast Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
O23 - Service: Služba Avast Browser Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\100.0.15871.128\elevation_service.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\Avast Software\Avast\wsc_proxy.exe
O23 - Service: Služba Aktualizace Brave (brave) (brave) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: Služba Aktualizace Brave (bravem) (bravem) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: CCDMonitorService - Unknown owner - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (file missing)
O23 - Service: Avast Cleanup (CleanupPSvc) - AVAST Software - C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_377c238b1690ab0f\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_377c238b1690ab0f\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_15868f - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Avast Driver Updater (DriverUpdSvc) - AVAST Software - C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_14b6c79434365e33\OneApp.IGCC.WinService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6850e1b6319e5b65\igfxCUIService.exe
O23 - Service: @oem60.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service: @oem60.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service: Intel SST Parameter Service (IntelSSTSvc) - Unknown owner - C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Quick Access Local Service (QALSvc) - Unknown owner - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Unknown owner - C:\Program Files\Acer\Acer Quick Access\QASvc.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @oem57.inf,%RstMwService.ServiceName%;Intel(R) Storage Middleware Service (RstMwService) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c52b34f1b30918c5\RstMwService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: User Experience Improvement Program (UEIPSvc) - Unknown owner - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12210 bytes

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 26 dub 2022 19:31

Odinstaloval jsem ted ty programy, prislo mi, že se to seká. Dám info během týdne, logy vypadají ok?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 42212
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 27 dub 2022 00:54

OK.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer17win10.msn.com/?pc=ACTE
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 27 dub 2022 17:31

dobře děkuji, provedu a když bude vše OK, dám echo...

Dotaz: zmizla mi rozšíření do prohlížeče - nějaký typ čím blokovat reklamy?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 42212
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 27 dub 2022 19:09

To musel některý z nástrojů smazat.
To neporadím , používám většinu prohlížeč Opera a ten to má v sobě.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 13 kvě 2022 07:23

Dobrý den, bohužel problém přetrval, byť možná v menší míře. Jde o to, že zapnu NTB, prihlasím se a všechno hrozne trvá, i jenom kliknutí na ikonu zvuku, nabahnuti prohližece, stranky - všechno v trvá cca jednu minutu? Rešenim je restart, nebo vypnout a zapnout. Nekdy koukám do správce úloh, ale není tam asi nic, co by vytežovalo CPU na 100%.....tak nevím co s tím je?

Možná nejaka blbost, co se (nekdy) spusti se startem NTB a cele to zasekne?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 42212
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 13 kvě 2022 16:32

Přeci jenom uběhla dlouhá doba od čištění , takže se tam mohl natáhnout nějaký malware.

Vyčisti systém CCleanerem
http://www.piriform.com/ccleaner/download/standard

Otestuj zase pomocí malwarebytes antimalware a dej sem log.

Stáhni si CrystalDiskInfo
https://www.stahuj.cz/utility_a_ostatni ... ldiskinfo/
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Pak použij i Adwcleaner.log sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 18 kvě 2022 23:01

Adwcleaner cisty.....


----------------------------------------------------------------------------
CrystalDiskInfo 8.16.4 (C) 2008-2022 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 19043] (x64)
Date : 2022/05/18 23:01:38

-- Controller Map ----------------------------------------------------------
+ Intel(R) 6th Generation Core Processor Family Platform I/O SATA AHCI Controller [ATA]
- Slimtype DVD A DA8AESH
- Micron_1100_MTFDDAV256TBN
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(01) Micron_1100_MTFDDAV256TBN : 256,0 GB [0/0/2, pd1] - m2

----------------------------------------------------------------------------
(01) Micron_1100_MTFDDAV256TBN
----------------------------------------------------------------------------
Model : Micron_1100_MTFDDAV256TBN
Firmware : M0MA020
Serial Number : 164914E4D7E6
Disk Size : 256,0 GB (8,4/137,4/256,0/----)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 500118192
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 5
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 1255 hodin
Power On Count : 3825 krát
Host Writes : 17831 GB
Temperature : 63 C (145 F)
Health Status : Dobrý (90 %)
Features : S.M.A.R.T., APM, NCQ, TRIM, DevSleep
APM Level : 00FEh [ON]
AAM Level : ----
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 __0 000000000000 Míra chybovosti čtení RAW
05 100 100 _10 000000000000 Počet přerozdělených sektorů
09 100 100 __0 0000000004E7 Hodiny zapnutí
0C 100 100 __0 000000000EF1 Počet cyklů napájení
AB 100 100 __0 000000000000 Počet selhání programu
AC 100 100 __0 000000000000 Počet chyb při mazání
AD _90 _90 __0 0000000000A0 Průměrný počet vymazání bloku
AE 100 100 __0 000000000082 Neočekávaný počet ztrát napájení
B7 100 100 __0 000000000000 Zpětný posun rozhraní SATA
B8 100 100 __0 000000000000 Počet korekcí chyb
BB 100 100 __0 000000000000 Nahlášené neopravitelné chyby
C2 _37 _33 __0 00430009003F Teplota
C4 100 100 __0 000000000000 Počet událostí přerozdělení
C5 100 100 __0 000000000000 Aktuální počet čekajících sektorů
C6 100 100 __0 000000000000 Inteligentní offline skenování Počet neopravitelných chyb
C7 100 100 __0 000000000000 Míra chyb CRC Ultra DMA
CA _90 _90 __1 00000000000A Procento využité doby života
CE 100 100 __0 000000000000 Míra chyb při zápisu
F6 100 100 __0 0008B4E4028E Celkový počet zápisů hostitelského sektoru
F7 100 100 __0 000045D3015B Počet stránek programu hostitele
F8 100 100 __0 000029E450FD Počet stránek programu na pozadí
B4 __0 __0 __0 0000000007F5 Nevyužité rezervní bloky NAND
D2 100 100 __0 000000000000 Počet úspěšných obnovení RAIN

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0440 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 3136 3439 3134 4534 4437 4536
020: 0000 0000 0000 204D 304D 4130 3230 4D69 6372 6F6E
030: 5F31 3130 305F 4D54 4644 4441 5632 3536 5442 4E20
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 9110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D28
070: 0000 0000 0000 0000 0000 001F 950E 00C6 014C 004C
080: 07F8 006D 706B 7409 6163 7069 B409 6163 407F 0001
090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 32B0 1DCF 0000 0000 0000 0008 4000 0000 500A 0751
110: 14E4 D7E6 0000 0000 0000 0000 0000 0000 0000 411E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 3333
130: 3163 3161 6600 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 4D54 4644 4441
150: 5632 3536 5442 4E20 0000 0000 0000 0000 0000 A5A5
160: 0000 0000 0000 0000 0000 0000 0000 0000 0005 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0035 0000 0000 4000
210: 0000 0000 0000 0001 0000 0000 0000 0001 0000 0000
220: 0000 0000 10FF 0000 0000 0000 0000 0000 0000 0000
230: 32B0 1DCF 0000 0000 0001 00FF 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 93A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 05 32
010: 00 64 64 00 00 00 00 00 00 00 09 32 00 64 64 E7
020: 04 00 00 00 00 00 0C 32 00 64 64 F1 0E 00 00 00
030: 00 00 AB 32 00 64 64 00 00 00 00 00 00 00 AC 32
040: 00 64 64 00 00 00 00 00 00 00 AD 32 00 5A 5A A0
050: 00 00 00 00 00 00 AE 32 00 64 64 82 00 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 C2 22 00 25 21 3F 00 09 00 43
090: 00 00 C4 32 00 64 64 00 00 00 00 00 00 00 C5 32
0A0: 00 64 64 00 00 00 00 00 00 00 C6 30 00 64 64 00
0B0: 00 00 00 00 00 00 C7 32 00 64 64 00 00 00 00 00
0C0: 00 00 CA 30 00 5A 5A 0A 00 00 00 00 00 00 CE 0E
0D0: 00 64 64 00 00 00 00 00 00 00 F6 32 00 64 64 8E
0E0: 02 E4 B4 08 00 00 F7 32 00 64 64 5B 01 D3 45 00
0F0: 00 00 F8 32 00 64 64 FD 50 E4 29 00 00 00 B4 33
100: 00 00 00 F5 07 00 00 00 00 00 D2 32 00 64 64 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 A6 02 00 7B
170: 03 00 01 00 02 04 03 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 00 00 00 00 00 00 00 00 00 00 00 05 0A
010: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
020: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
030: 00 00 AB 00 00 00 00 00 00 00 00 00 00 00 AC 00
040: 00 00 00 00 00 00 00 00 00 00 AD 00 00 00 00 00
050: 00 00 00 00 00 00 AE 00 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 00
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 CA 01 00 00 00 00 00 00 00 00 00 00 CE 00
0D0: 00 00 00 00 00 00 00 00 00 00 F6 00 00 00 00 00
0E0: 00 00 00 00 00 00 F7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F8 00 00 00 00 00 00 00 00 00 00 00 B4 00
100: 00 00 00 00 00 00 00 00 00 00 D2 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 42212
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 18 kvě 2022 23:07

000000000082 Neočekávaný počet ztrát napájení -- možná něco s napájením? To je notebook?

Udělej ještě malwarebytes antimalware.

+
Stáhni si Memtest
http://www.stahuj.cz/utility_a_ostatni/ ... i/memtest/

Políčko , ve kterém je napsáno:
All unused RAM ponech.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

a ještě RogueKiller.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

breta21
Level 1
Level 1
Příspěvky: 71
Registrován: srpen 10
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod breta21 » 21 kvě 2022 18:28

Ano, notebook.


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 18.05.22
Čas skenování: 21:39
Logovací soubor: 3cbc751c-d6e2-11ec-be16-a81e8445a94b.json

-Informace o softwaru-
Verze: 4.5.7.186
Verze komponentů: 1.0.1645
Aktualizovat verzi balíku komponent: 1.0.55149
Licence: Bezplatná

-Systémová informace-
OS: Windows 10 (Build 19043.1706)
CPU: x64
Systém souborů: NTFS
Uživatel: LAPTOP-RCMATI0H\breta

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 602705
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 1
Uplynulý čas: 15 hod, 6 min, 1 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
Malware.Heuristic.1003, C:\$RECYCLE.BIN\S-1-5-21-1885444895-1151541194-3766610177-1001\$RUAPL8K\ZOEK (1).EXE, Smazání při restartu, 1000001, 0, 1.0.55149, 0000000000000000000003EB, dds, 01776544, 294DBD73A55AF616B18771026B499B53, CDF21E47A065A699769D6CEB95474249270B4700547AB86369A311BB69A93DEC

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 13 hostů