PC-HELP.CZ

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.22621.1778 (ReleaseId: 2009), Service Pack: 0
Time: 13.06.2023 - 19:13 (UTC+02:00)
Language: OS: Czech (0x405). Display: Czech (0x405). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: lukin (group: Administrator) on LUKAS, FirstRun: no

Chrome: 114.0.5735.110
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\steamservice.exe
2 C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe
1 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe
8 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt\app\CrashpadHandlerWindows.exe
1 C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt\app\Messenger.exe
1 C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
1 C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
1 C:\Users\lukin\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3c2bd4a1ec6d228e\Display.NvContainer\NVDisplay.Container.exe
2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_31adae5d99f8cd09\RtkAudUService64.exe
1 C:\Windows\System32\LocationNotificationWindows.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\Sgrm\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
72 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\114.0.1823.43\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\114.0.1823.43\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2023/05/01)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\lukin\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2023/05/01)
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_31adae5d99f8cd09\RtkAudUService64.exe -background
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O10 - Unknown file in Winsock LSP: C:\Windows\system32\nlansp_c.dll
O17 - DHCP DNS 1: 10.0.1.138
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Printing\PrintJobCleanupTask - {8ABCE260-32B6-476C-AE13-B34D0C91292D} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (Microsoft)
O22 - Task: EOSv3 Scheduler onLogOn - C:\Users\lukin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON
O22 - Task: EOSv3 Scheduler onTime - C:\Users\lukin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED
O22 - Task: GoogleUpdateTaskMachineCore{61ACF585-92A4-4402-B26A-51FBDDD5D38D} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA{C011287C-140B-45D6-AFA5-48BEB863D8DD} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Reporting Task-S-1-5-21-4145966845-3110827728-1383042289-1001 - C:\Users\lukin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: \Meta\Messenger-WSP-Helper-S-1-5-21-4145966845-3110827728-1383042289-1001 - C:\Users\lukin\AppData\Local\Microsoft\WindowsApps\MessengerHelper.exe --lassie
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Restore - {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} - C:\Windows\system32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DiskCleanup\SilentCleanup - C:\Windows\system32\cleanmgr.exe /autocleanstoragesense /d C: (Microsoft)
O22 - Task: \Microsoft\Windows\Input\InputSettingsRestoreDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},InputSettingsRestoreDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Input\syncpensettings - {3ECEE215-83F5-4123-A592-74F1FE4C3D59},SYNC_PEN_SETTINGS - C:\Windows\System32\SettingsHandlers_Pen.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Kernel\La57Cleanup - C:\Windows\system32\la57setup.exe (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\Windows\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask - {8702A841-D5CA-47C3-812D-9CEDC304C200} - C:\Windows\system32\IntelligentPwdlessTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\Windows\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Start Oobe Expedite Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScanAfterUpdate - C:\Windows\system32\usoclient.exe StartOobeAppsScanAfterUpdate (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\Windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\Windows\system32\usoclient.exe HandleUusFailoverSignal (Microsoft)
O22 - Task: \Microsoft\Windows\WlanSvc\MoProfileManagement - {085EDA12-CF4A-4944-8222-8ADCADE137CB} - C:\Windows\System32\WlanMediaManager.dll (Microsoft)
O22 - Task: \Microsoft\Windows\capabilityaccessmanager\maintenancetasks - C:\Windows\system32\rundll32.exe C:\Windows\system32\CapabilityAccessManager.dll,CapabilityAccessManagerDoStoreMaintenance (Microsoft)
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3c2bd4a1ec6d228e\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3c2bd4a1ec6d228e\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_31adae5d99f8cd09\RtkAudUService64.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S2: AsusUpdateCheck - C:\Windows\System32\AsusUpdateCheck.exe
O23 - Service S2: Služba Aktualizace Google (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\114.0.5735.110\elevation_service.exe
O23 - Service S3: Služba Aktualizace Google (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

--
End of file - Time spent: 5,1 sec. - 24968 bytes, CRC32: FFFFFFFF. Sign: 갡ｰ

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-13-2023
# Duration: 00:00:00
# OS: Windows 11 (Build 22621.1778)
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [13/06/2023 19:20:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by lukin (Administrator) on 13.06.2023 at 23:32:58,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\lukin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk (Shortcut)
Successfully deleted: C:\Users\lukin\Desktop\facebook.lnk (Shortcut)

Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2023 at 23:33:46,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.06.23
Čas skenování: 23:36
Logovací soubor: 60e91150-0a32-11ee-b0c7-581122c741b8.json

-Informace o softwaru-
Verze: 4.5.30.269
Verze komponentů: 1.0.2037
Aktualizovat verzi balíku komponent: 1.0.70827
Licence: Bezplatná

-Systémová informace-
OS: Windows 11 (Build 22621.1778)
CPU: x64
Systém souborů: NTFS
Uživatel: LUKAS\lukin

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 238735
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 21 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Jsou nějaké problémy?

Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- - klikni na „Scan“. V novém okně nic neměň a klikni dole na „Start“ ve sloupci „Quick Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Results “ , v dalším okně pak levým t. na „Export“ a vyber : „Text File“ , log nazvi třeb RK a ulož do dokumentů nebo na plochu. Otevři soubor a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

Program : RogueKiller Anti-Malware
Version : 15.10.0.0
x64 : Yes
Program Date : May 24 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : lukin
User is Admin : Yes
Date : 2023/06/14 10:10:47
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 5
Found items : 0
Total scanned : 914
Signatures Version : 20230605_114837
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize

************************* Warnings *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit ***********************

zatim bez problemu

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni zoek:
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe

(posuvník dolu na download)
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.

Vlož nový log z HJT tento:
https://sourceforge.net/projects/hjt/fi ... e/download

+ informuj o problémech.

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by lukin on 14.06.2023 at 15:08:54,97.
Microsoft Windows 11 Pro 10.0.22621 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lukin\AppData\Local\Temp\Rar$EXa10416.10927\zoek1\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.06.2023 15:10:44 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\lukin\AppData\Local\DBG deleted successfully
C:\Users\lukin\AppData\Local\PeerDistRepub deleted successfully
C:\Users\lukin\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\lukin\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM28EA3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d321d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d322e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3230.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3232.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3244.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3246.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3248.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d324a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d324c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d325e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3260.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3262.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3283.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3285.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3297.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3299.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d329b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d32ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d32cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d32ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d32f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3312.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-10dc-3334-1d3314.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c54.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c72.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c8d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378c8f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378ca1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378ca3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378ca5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378ca7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378ca9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378cab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378cbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1264-1b78-378cbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-127c-1040-1f33fa.tmp deleted

Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 14.06.2023 15:32:55
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:12
Zkontrolované objekty : 1781
Zjištěné objekty : 0
Vyloučené objekty : 0
Automatické odesílání : Ne
Operační systém : Windows 10 x64
Procesor : 16X AMD Ryzen 7 5700G with Radeon Graphics
Režim systému BIOS : UEFI
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 12ED3D9020C098AD2BCB3C

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:36:02, on 14.06.2023
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\steam.exe
C:\Users\lukin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O4 - HKCU\..\Run: [OneDrive] "C:\Users\lukin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent -launchcontext=boot
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AsusUpdateCheck - Unknown owner - C:\Windows\System32\AsusUpdateCheck.exe (file missing)
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_7da4d - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epic Online Services (EpicOnlineServices) - Epic Games, Inc. - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\114.0.5735.110\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3c2bd4a1ec6d228e\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_31adae5d99f8cd09\RtkAudUService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\Sgrm\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7755 bytes

PC-HELP.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu