Trojan
Re: Trojan
Jdu do RogueKillera
Re: Trojan
Sken z RogueKilleru:
Program : RogueKiller Anti-Malware
Version : 15.2.0.0
x64 : Yes
Program Date : Jan 20 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : PC
User is Admin : Yes
Date : 2022/01/25 19:29:26
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 28
Found items : 0
Total scanned : 971
Signatures Version : 20220124_132125
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize
************************* Warnings *************************
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
Program : RogueKiller Anti-Malware
Version : 15.2.0.0
x64 : Yes
Program Date : Jan 20 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : PC
User is Admin : Yes
Date : 2022/01/25 19:29:26
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 28
Found items : 0
Total scanned : 971
Signatures Version : 20220124_132125
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize
************************* Warnings *************************
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
Re: Trojan
Sophos bohužel nejde, viz příloha printscreen
- Přílohy
-
- Print_Sophos.doc1.docx
- (256.33 KiB) Staženo 15 x
Re: Trojan
Každopádně mooooc děkuji, myslím, že můj problém byl vyřešen.
Příkazové řádky přestaly vyskakovat.
Mám ještě PC nějak otestovat, případně dát něčím do kondice?
Děkuji
Příkazové řádky přestaly vyskakovat.
Mám ještě PC nějak otestovat, případně dát něčím do kondice?
Děkuji
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
sophos zkus ještě jednou , spusť jako správce. Jsi přitom připojený k síti?
Ještě tohle:
Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.
Vlož nový log z HJT + informuj o problémech
Ještě tohle:
Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.
Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
Bohužel nejde spustit ani jako správce, připojen jsem!
Re: Trojan
Zoek mi nejde také stáhnout, první odkaz nefunguje a druhý mě blokuje Chrom, hlásí Soubor zoek.rar je nebezpečný, vše ostatní jsem povypínal
Re: Trojan
Log z Zemana:
Informace o kontroly
Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 25. 1. 2022 21:22:01
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:53
Zkontrolované objekty : 2018
Zjištěné objekty : 1
Vyloučené objekty : 0
Automatické odesílání : Ano
Operační systém : Windows 10 x64
Procesor : 4X AMD Phenom(tm) II X4 965 Processor
Režim systému BIOS : UEFI
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 122E5BA88CD10D8A18A1E5
Odhalení
MD5 :
Stav : Zkontrolováno
Objekt : centrum.cz
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxHomepage
Akce : Vymazat
-----------------------------------------------------------------------
Informace o kontroly
Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 25. 1. 2022 21:22:01
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:53
Zkontrolované objekty : 2018
Zjištěné objekty : 1
Vyloučené objekty : 0
Automatické odesílání : Ano
Operační systém : Windows 10 x64
Procesor : 4X AMD Phenom(tm) II X4 965 Processor
Režim systému BIOS : UEFI
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 122E5BA88CD10D8A18A1E5
Odhalení
MD5 :
Stav : Zkontrolováno
Objekt : centrum.cz
Vydavatel :
Velikost : 0
Odhalení : Hijack:Browser/FirefoxHomepage
Akce : Vymazat
-----------------------------------------------------------------------
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Není nebezpečný. Musíš jiným prohlížečem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
Tak se mě podařilo stáhnout a nainstalovat toho Sophose, teď provádím sken, pak ho dám sem.
Restartoval jsem PC a zase problikly dva rámečky příkazových řádků.
Nevím, dnes už ale musím končit, když tak zítra budu rád za pokračování.
Zatím moc díky!
Restartoval jsem PC a zase problikly dva rámečky příkazových řádků.
Nevím, dnes už ale musím končit, když tak zítra budu rád za pokračování.
Zatím moc díky!
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Jasně!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
Zdravím.
Tak dnes snad úspěšně
Včera jsem tedy skenoval Sophosem a výsledky žádné, log přidám.
Teď jsem provedl sken vybraných Zoekem, log zde:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by PC on st 26. 01. 2022 at 7:38:42,28.
Microsoft Windows 10 Home 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\AppData\Local\Temp\Rar$EXa0.762\zoek1\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26. 1. 2022 7:46:06 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\GIGABYTE deleted successfully
C:\Program Files\GIGABYTE deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\PC\AppData\Roaming\MPC-HC deleted successfully
C:\Users\PC\AppData\Local\GHISLER deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CFBB1D0-6EC5-4A6D-8EF6-79E0EE0ABC50} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B52FD21-BFA9-484F-89D8-E6A10AD22011} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{370BD13A-F6AA-4ECE-8B1A-EFB85964C123} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D0B041D-C330-4ED2-9B8E-7CC81F790CC4} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{411AEC64-9C69-46CF-BFFB-90C6B04ED549} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ACA2FCF-A8AF-4F29-A974-558822DC4794} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD52A50-97C2-4D11-89FD-37A4D75869EF} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B5E3E84-1ECF-4F17-A5FC-A970FEBEAD33} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5211A5FA-5675-4B69-9182-2355CBD8CC32} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5692EEDC-0348-42D8-B64E-C2806FEBF9A2} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BFB0594-DE7E-46FC-8062-DD2025DCDFC7} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ECD950B-42B1-4BB0-A543-671722975228} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B61CFF-517A-420A-A661-661D1B4E97E8} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67967BAD-8756-436D-A74D-9D6B3AE163A6} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CD598CC-2AE8-45DD-A001-18B7F6AEF6F5} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF39583-26A5-4D27-9E49-8A849275A60B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F7CF076-5464-4479-8B45-1EF8C21ACAE6} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{729F532D-414A-4A73-946D-29CA35FB28D7} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75942395-4712-47FF-A03B-324E87623C3C} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7769B7D6-D596-4FC4-92BB-27A375240B3B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79D0ED53-6C24-4059-B55F-009896CDE668} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D089241-BB53-410F-8666-0E17E17028B1} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F3A90BD-B85C-4556-BCA6-89B3591231E8} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80CA1806-5635-4235-98DA-DA44239B65BE} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8278B2CF-1864-4B2A-87C3-8A3673386F9B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84A290ED-2A97-41AC-A334-0B808F744201} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87DE36E4-C340-43FE-8FFC-C6873369B4DB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89E55731-9C8F-4474-B61B-C5DFBF827BEB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90DD1696-D0C2-4B1D-9B3C-E3686D39FD85} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9483435A-A443-477E-A52C-079FF8F5F3C4} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94ECE33A-B092-4ACE-A10A-D9E1C63CAC11} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96FF50CB-92AB-4181-8B74-CC93B43AAB12} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4F5F8C-2050-46BC-9B3E-E701AE72FDBA} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1124755-548E-4FD6-A538-A5B5D96ED000} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3256360-6E93-4A33-89E1-A3894F8B99AB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A395D15E-EBD0-458B-B3A6-5D3E4EF6067B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A432DD62-9901-47C5-9D4D-856456D64A1C} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A84047F5-FCE5-4B9E-965A-988E6E5FC1CC} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0207226-983D-4D4E-91BE-675479CBB95D} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1054CA3-40C0-4732-9CC7-D9BCF7598491} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6153FF6-117F-48B9-80CA-279BCC427FDB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD40B267-5B24-4AB8-9343-94F5320EBC6E} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C23D6406-F41D-462A-A05C-75FC4EF4ACF1} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5CABC9B-96F4-4DDF-9D49-3B5E68CC0A3A} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C68EB65C-C803-4935-A58F-7151B34EB184} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C96F19A4-A83F-4D53-B79C-0D636BAAE58D} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE4FB9B-CB67-40D2-8B61-9ECD3D48774B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D073CF85-A06C-4C54-8F68-7731EE797CC0} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D255F0AD-0EF9-4DA2-926F-3D78CDDAA673} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5680916-E763-4C82-AF47-4E4A67C0D597} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF98FB9C-547F-4C55-AB5B-B41E4FB8CD28} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFAC7232-7C75-49FB-9675-EB1B8EF0D134} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18EDFA4-409B-4C19-869F-F4DFFB90E586} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED4BEA65-10C9-44AB-B196-147AE2BCFBE2} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE16EBD6-1758-40C3-879F-EEB8A18D719F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD46EDD4-FCEE-46AD-9FAD-DB20971CC19D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q=");
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default
user.js not found
---- FireFox user.js and prefs.js backups ----
Tak dnes snad úspěšně
Včera jsem tedy skenoval Sophosem a výsledky žádné, log přidám.
Teď jsem provedl sken vybraných Zoekem, log zde:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by PC on st 26. 01. 2022 at 7:38:42,28.
Microsoft Windows 10 Home 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\AppData\Local\Temp\Rar$EXa0.762\zoek1\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26. 1. 2022 7:46:06 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\GIGABYTE deleted successfully
C:\Program Files\GIGABYTE deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\PC\AppData\Roaming\MPC-HC deleted successfully
C:\Users\PC\AppData\Local\GHISLER deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{53707962-6F74-2D53-2644-206D7942484F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CFBB1D0-6EC5-4A6D-8EF6-79E0EE0ABC50} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B52FD21-BFA9-484F-89D8-E6A10AD22011} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{370BD13A-F6AA-4ECE-8B1A-EFB85964C123} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D0B041D-C330-4ED2-9B8E-7CC81F790CC4} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{411AEC64-9C69-46CF-BFFB-90C6B04ED549} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ACA2FCF-A8AF-4F29-A974-558822DC4794} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD52A50-97C2-4D11-89FD-37A4D75869EF} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B5E3E84-1ECF-4F17-A5FC-A970FEBEAD33} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5211A5FA-5675-4B69-9182-2355CBD8CC32} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5692EEDC-0348-42D8-B64E-C2806FEBF9A2} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BFB0594-DE7E-46FC-8062-DD2025DCDFC7} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ECD950B-42B1-4BB0-A543-671722975228} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B61CFF-517A-420A-A661-661D1B4E97E8} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67967BAD-8756-436D-A74D-9D6B3AE163A6} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CD598CC-2AE8-45DD-A001-18B7F6AEF6F5} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF39583-26A5-4D27-9E49-8A849275A60B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F7CF076-5464-4479-8B45-1EF8C21ACAE6} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{729F532D-414A-4A73-946D-29CA35FB28D7} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75942395-4712-47FF-A03B-324E87623C3C} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7769B7D6-D596-4FC4-92BB-27A375240B3B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79D0ED53-6C24-4059-B55F-009896CDE668} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D089241-BB53-410F-8666-0E17E17028B1} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F3A90BD-B85C-4556-BCA6-89B3591231E8} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80CA1806-5635-4235-98DA-DA44239B65BE} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8278B2CF-1864-4B2A-87C3-8A3673386F9B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84A290ED-2A97-41AC-A334-0B808F744201} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87DE36E4-C340-43FE-8FFC-C6873369B4DB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89E55731-9C8F-4474-B61B-C5DFBF827BEB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90DD1696-D0C2-4B1D-9B3C-E3686D39FD85} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9483435A-A443-477E-A52C-079FF8F5F3C4} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94ECE33A-B092-4ACE-A10A-D9E1C63CAC11} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96FF50CB-92AB-4181-8B74-CC93B43AAB12} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A4F5F8C-2050-46BC-9B3E-E701AE72FDBA} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1124755-548E-4FD6-A538-A5B5D96ED000} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3256360-6E93-4A33-89E1-A3894F8B99AB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A395D15E-EBD0-458B-B3A6-5D3E4EF6067B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A432DD62-9901-47C5-9D4D-856456D64A1C} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A84047F5-FCE5-4B9E-965A-988E6E5FC1CC} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0207226-983D-4D4E-91BE-675479CBB95D} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1054CA3-40C0-4732-9CC7-D9BCF7598491} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6153FF6-117F-48B9-80CA-279BCC427FDB} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD40B267-5B24-4AB8-9343-94F5320EBC6E} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C23D6406-F41D-462A-A05C-75FC4EF4ACF1} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5CABC9B-96F4-4DDF-9D49-3B5E68CC0A3A} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C68EB65C-C803-4935-A58F-7151B34EB184} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C96F19A4-A83F-4D53-B79C-0D636BAAE58D} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE4FB9B-CB67-40D2-8B61-9ECD3D48774B} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D073CF85-A06C-4C54-8F68-7731EE797CC0} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D255F0AD-0EF9-4DA2-926F-3D78CDDAA673} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5680916-E763-4C82-AF47-4E4A67C0D597} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF98FB9C-547F-4C55-AB5B-B41E4FB8CD28} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFAC7232-7C75-49FB-9675-EB1B8EF0D134} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18EDFA4-409B-4C19-869F-F4DFFB90E586} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED4BEA65-10C9-44AB-B196-147AE2BCFBE2} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE16EBD6-1758-40C3-879F-EEB8A18D719F} deleted successfully
HKEY_USERS\S-1-5-21-2292173371-2852632103-4251059972-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD46EDD4-FCEE-46AD-9FAD-DB20971CC19D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q=");
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default
user.js not found
---- FireFox user.js and prefs.js backups ----
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 74 hostů