winlogon.exe

[Vojtěch Bednařík]

Dobrý den ve správci úloh systému jsem našel proces winlogon.exe, při ukončení procesu napíše přístup odepřen, jsem přihlášen jako admin. Hledal jsem na internetu a nešel jsem pokud není C:\Windows\System32\drivers tak je to virus a doopravdy ho tam nemám. Jak ho odstranit? přikládám výpis ze hijackthis.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:19, on 20.9.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19463)
Boot mode: Normal

Running processes:
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Vojta\Downloads\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:8446/sos.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll
O2 - BHO: (no name) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] C:\Users\Vojta\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MonectServerService - Monect - C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Online Shield Starter Service - Steganos Software GmbH - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RunSwUSB - Unknown owner - C:\Windows\runSW.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: UDisk Monitor Z5 Phone - Unknown owner - C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10278 bytes

[Conder]

Ahoj

Subor "winlogon.exe" sa standardne ma nachadzat v "C:\Windows\System32"

HijackThis je uz zastraly nastroj, dnes sa pouziva FRST. Ale k tomu sa dostaneme v dalsom kroku.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[Vojtěch Bednařík]

Ahoj

Subor "winlogon.exe" sa standardne ma nachadzat v "C:\Windows\System32"

HijackThis je uz zastraly nastroj, dnes sa pouziva FRST. Ale k tomu sa dostaneme v dalsom kroku.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-21-2019
# Duration: 00:00:10
# OS: Windows 7 Professional
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Users\Vojta\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [7545 octets] - [21/09/2019 13:19:49]
AdwCleaner[S00].txt - [1516 octets] - [21/09/2019 13:21:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Conder]

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

[Vojtěch Bednařík]

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

[Conder]

Ta hlaska "Nepodařilo se připojení ke službě systému Windows" (z predchadzajucej temy) sa este objavuje?

Tento proxy server mas nastaveny umyselne? ManualProxies: 0hxxp://localhost:8446/sos.pac

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files\ParkControl\ParkControl.exe
  File: C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe
  
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {0d43e166-b312-11e9-877e-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {a2a5ba77-4784-11e9-bb83-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {b11c49c7-e1d2-11e8-a0bd-50e5492054f9} - F:\PMCsetup.exe
  GroupPolicy: Restriction ? <==== ATTENTION
  FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
  Task: {9AED0A2B-663D-4B42-8561-187D9638E01E} - System32\Tasks\{927D7A3E-D7AF-4EAD-A7A6-DC20FDA4293A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe" -c --log {630c3d8e-2bee-465f-9e59-bb069ed10761}
  Task: {9C050331-B8F9-4C68-A8FE-AE602E0ED40A} - System32\Tasks\{4323F08A-AC55-4C89-A05F-4A68B8D80B5B} => C:\Windows\system32\pcalua.exe -a "C:\PROGRA~2\GameSpy Arcade\UNWISE.EXE" -c C:\PROGRA~2\GameSpy Arcade\INSTALL.LOG
  Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
  Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Vojta\Desktop\adwcleaner_7.4.1.exe
  BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  U0 Partizan; system32\drivers\Partizan.sys [X]
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[Vojtěch Bednařík]

Ta hlaska "Nepodařilo se připojení ke službě systému Windows" (z predchadzajucej temy) sa este objavuje?

Tento proxy server mas nastaveny umyselne? ManualProxies: 0hxxp://localhost:8446/sos.pac

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files\ParkControl\ParkControl.exe
  File: C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe
  
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {0d43e166-b312-11e9-877e-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {a2a5ba77-4784-11e9-bb83-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
  HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {b11c49c7-e1d2-11e8-a0bd-50e5492054f9} - F:\PMCsetup.exe
  GroupPolicy: Restriction ? <==== ATTENTION
  FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
  Task: {9AED0A2B-663D-4B42-8561-187D9638E01E} - System32\Tasks\{927D7A3E-D7AF-4EAD-A7A6-DC20FDA4293A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe" -c --log {630c3d8e-2bee-465f-9e59-bb069ed10761}
  Task: {9C050331-B8F9-4C68-A8FE-AE602E0ED40A} - System32\Tasks\{4323F08A-AC55-4C89-A05F-4A68B8D80B5B} => C:\Windows\system32\pcalua.exe -a "C:\PROGRA~2\GameSpy Arcade\UNWISE.EXE" -c C:\PROGRA~2\GameSpy Arcade\INSTALL.LOG
  Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
  Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Vojta\Desktop\adwcleaner_7.4.1.exe
  BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  U0 Partizan; system32\drivers\Partizan.sys [X]
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Proxy server jsem žádný nenastavoval.

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
Ran by Vojta (22-09-2019 02:12:52) Run:1
Running from C:\Users\Vojta\Desktop
Loaded Profiles: Vojta (Available Profiles: Vojta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\ParkControl\ParkControl.exe
File: C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe

HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {0d43e166-b312-11e9-877e-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {a2a5ba77-4784-11e9-bb83-50e5492054f9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
HKU\S-1-5-21-1798616249-510404611-1270143056-1000\...\MountPoints2: {b11c49c7-e1d2-11e8-a0bd-50e5492054f9} - F:\PMCsetup.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {9AED0A2B-663D-4B42-8561-187D9638E01E} - System32\Tasks\{927D7A3E-D7AF-4EAD-A7A6-DC20FDA4293A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe" -c --log {630c3d8e-2bee-465f-9e59-bb069ed10761}
Task: {9C050331-B8F9-4C68-A8FE-AE602E0ED40A} - System32\Tasks\{4323F08A-AC55-4C89-A05F-4A68B8D80B5B} => C:\Windows\system32\pcalua.exe -a "C:\PROGRA~2\GameSpy Arcade\UNWISE.EXE" -c C:\PROGRA~2\GameSpy Arcade\INSTALL.LOG
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Vojta\Desktop\adwcleaner_7.4.1.exe
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U0 Partizan; system32\drivers\Partizan.sys [X]

Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========


========= End of Powershell: =========


========================= File: C:\Program Files\ParkControl\ParkControl.exe ========================

C:\Program Files\ParkControl\ParkControl.exe
File is digitally signed
MD5: 2D8DCA668D865D473316B3DA6D7ABAC2
Creation and modification date: 2019-08-15 18:53 - 2019-08-15 18:53
Size: 000709512
Attributes: ----A
Company Name: Bitsum LLC -> Bitsum LLC
Internal Name: ParkControl.exe
Original Name: parkcontrol.exe
Product: ParkControl
Description: ParkControl
File Version: 1.3.1.8
Product Version: 1.3.1.8
Copyright: (c)2019 Bitsum LLC
VirusTotal: https://www.virustotal.com/file/ed35755 ... 566711165/

====== End of File: ======


========================= File: C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe ========================

C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe
File not signed
MD5: EE4640DE439DFC7E2ED13CB90F4FAE09
Creation and modification date: 2018-08-22 11:55 - 2018-08-22 11:55
Size: 000110592
Attributes: ----A
Company Name: Monect
Internal Name: MonectServerService.exe
Original Name: MonectServerService.exe
Product: PC Remote Receiver Service
Description: MonectServerService
File Version: 5.0.0.0
Product Version: 5.0.0.0
Copyright: Copyright (C) 2012
VirusTotal: https://www.virustotal.com/file/4b6fcf4 ... 555906352/

====== End of File: ======

HKU\S-1-5-21-1798616249-510404611-1270143056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d43e166-b312-11e9-877e-50e5492054f9} => removed successfully
HKLM\Software\Classes\CLSID\{0d43e166-b312-11e9-877e-50e5492054f9} => not found
HKU\S-1-5-21-1798616249-510404611-1270143056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2a5ba77-4784-11e9-bb83-50e5492054f9} => removed successfully
HKLM\Software\Classes\CLSID\{a2a5ba77-4784-11e9-bb83-50e5492054f9} => not found
HKU\S-1-5-21-1798616249-510404611-1270143056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b11c49c7-e1d2-11e8-a0bd-50e5492054f9} => removed successfully
HKLM\Software\Classes\CLSID\{b11c49c7-e1d2-11e8-a0bd-50e5492054f9} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AED0A2B-663D-4B42-8561-187D9638E01E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AED0A2B-663D-4B42-8561-187D9638E01E}" => removed successfully
C:\Windows\System32\Tasks\{927D7A3E-D7AF-4EAD-A7A6-DC20FDA4293A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{927D7A3E-D7AF-4EAD-A7A6-DC20FDA4293A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C050331-B8F9-4C68-A8FE-AE602E0ED40A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C050331-B8F9-4C68-A8FE-AE602E0ED40A}" => removed successfully
C:\Windows\System32\Tasks\{4323F08A-AC55-4C89-A05F-4A68B8D80B5B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4323F08A-AC55-4C89-A05F-4A68B8D80B5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
C:\Windows\Tasks\AdwCleaner_onReboot.job => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => removed successfully
Partizan => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4551119 B
Java, Flash, Steam htmlcache => 431331478 B
Windows/system/drivers => 53090756 B
Edge => 0 B
Chrome => 353641155 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
Vojta => 90554599 B

RecycleBin => 0 B
EmptyTemp: => 898.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:15:04 ====

[Conder]

Tak este jeden fixlsit. Inak nemusis citovat predchadzajuci prispevok, posli cisto novu odpoved.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  AutoConfigURL: [S-1-5-21-1798616249-510404611-1270143056-1000] => hxxp://localhost:8446/sos.pac
  ManualProxies: 0hxxp://localhost:8446/sos.pac
  
  RemoveProxy:
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[Vojtěch Bednařík]

Už jsem vyřešil ten problém "Nepodařilo se připojení ke službě systému Windows" stačilo vymazat logy. A winlogon jsem v C:\Windows\System32 našel. Ale pro jistotu přikládám výpis z fixlogu.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2019
Ran by Vojta (24-09-2019 14:51:04) Run:2
Running from C:\Users\Vojta\Desktop
Loaded Profiles: Vojta (Available Profiles: Vojta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

AutoConfigURL: [S-1-5-21-1798616249-510404611-1270143056-1000] => hxxp://localhost:8446/sos.pac
ManualProxies: 0hxxp://localhost:8446/sos.pac

RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1798616249-510404611-1270143056-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1798616249-510404611-1270143056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1798616249-510404611-1270143056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6678263 B
Java, Flash, Steam htmlcache => 150748489 B
Windows/system/drivers => 236657 B
Edge => 0 B
Chrome => 397726947 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Vojta => 5197494 B

RecycleBin => 0 B
EmptyTemp: => 542.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:52:26 ====

[Conder]

Ano, logy vyzeraju OK. Su s PC este nejake problemy?

[Vojtěch Bednařík]

Ne, děkuji za ochotu a váš čas.

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[Vojtěch Bednařík]

Dobrý den, tak mám zase ten problém s hláškou "Nepodařilo se připojení ke službě systému Windows" nevím proč se zase objevila. Vyřešil jem to smazáním celého logu a pak jsem několikrát restartoval a vše bylo v pohodě a dnes po zapnutí se objevila znovu. Nevíte čím to je? Jak to zpravit? Nejde nějak zakázat ať vyskakuje a mění rozhraní?

[Vojtěch Bednařík]

Dobrý den, tak mám zase ten problém s hláškou "Nepodařilo se připojení ke službě systému Windows" nevím proč se zase objevila. Vyřešil jem to smazáním celého logu a pak jsem několikrát restartoval a vše bylo v pohodě a dnes po zapnutí se objevila znovu. Nevíte čím to je? Jak to zpravit? Nejde nějak zakázat ať vyskakuje a mění rozhraní?

Ještě jsem zkusil další akce které lidi doporučovali. Před chvilkou jsem vymazal cely log pomocí CCleaner a Windows pořád hlásí výše uvedenou hlášku. Takže logem to asi nebylo.

[Conder]

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"

• Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC a napis ako sa chova PC