Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojan:Script/Cloxer.A!cl
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Trojan:Script/Cloxer.A!cl
Dobrý den, Windows Defender nalezl a zlikvidoval Trojan:Script/Cloxer.A!cl, file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk ale po offline kontrole se hajzlík objevil znovu. What to do?
- Přílohy
-
- FRST.rar
- (55.21 KiB) Staženo 76 x
Re: Trojan:Script/Cloxer.A!cl
Ahoj
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
- Nechaj zaskrtnute vsetky nalezy
- Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Trojan:Script/Cloxer.A!cl
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-13-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 9
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Deleted C:\Program Files (x86)\Free Video Converter
Deleted C:\Program Files (x86)\DriverDoc
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-13-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 9
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Deleted C:\Program Files (x86)\Free Video Converter
Deleted C:\Program Files (x86)\DriverDoc
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
Re: Trojan:Script/Cloxer.A!cl
Poprosim o obidva nove logy z FRST.
Instaloval si nejaky program tykajuci sa I2P siete?
Instaloval si nejaky program tykajuci sa I2P siete?
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Trojan:Script/Cloxer.A!cl
Netuším co je to I2P síť počítač sdílím tak se zkusím optat
- Přílohy
-
- FRST.rar
- (43.04 KiB) Staženo 60 x
Re: Trojan:Script/Cloxer.A!cl
prý tam něco s I2P sítí instaloval ale moc mu to nefungovalo, furt pořádně nevím o co se jedná
Re: Trojan:Script/Cloxer.A!cl
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\Policies\Explorer: [] HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> DefaultScope {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL = SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL = 2019-03-12 23:11 - 2019-03-12 23:25 - 000000000 ____D C:\rsit 2019-03-12 23:11 - 2019-03-12 23:22 - 000000000 ____D C:\Program Files\trend micro 2019-03-12 23:05 - 2019-03-12 23:06 - 001222144 _____ C:\Users\petal219\Desktop\RSITx64.exe 2019-02-28 01:07 - 2019-02-28 01:07 - 000000000 __SHD C:\AI_RecycleBin 2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536 2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc 2019-02-12 14:53 - 2019-02-12 14:53 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785 2019-02-12 14:51 - 2019-02-12 14:51 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330 2019-02-12 14:49 - 2019-02-12 14:49 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7 2019-02-12 14:42 - 2019-02-12 14:42 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053 CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll => No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION IE trusted site: HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk EmptyTemp: End
- Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Trojan:Script/Cloxer.A!cl
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by petal219 (14-03-2019 14:59:28) Run:1
Running from C:\Users\petal219\Desktop
Loaded Profiles: petal219 (Available Profiles: petal219)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\Policies\Explorer: []
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> DefaultScope {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
2019-03-12 23:11 - 2019-03-12 23:25 - 000000000 ____D C:\rsit
2019-03-12 23:11 - 2019-03-12 23:22 - 000000000 ____D C:\Program Files\trend micro
2019-03-12 23:05 - 2019-03-12 23:06 - 001222144 _____ C:\Users\petal219\Desktop\RSITx64.exe
2019-02-28 01:07 - 2019-02-28 01:07 - 000000000 __SHD C:\AI_RecycleBin
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc
2019-02-12 14:53 - 2019-02-12 14:53 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785
2019-02-12 14:51 - 2019-02-12 14:51 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330
2019-02-12 14:49 - 2019-02-12 14:49 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7
2019-02-12 14:42 - 2019-02-12 14:42 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
Count : 1390
Average :
Sum : 2840993835
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe ========================
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (Access Denied)
Creation and modification date: 2018-08-26 17:15 - 2016-01-19 06:15
Size: 001222664
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte
====== End of File: ======
========================= File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk ========================
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
====== End of File: ======
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P ========================
not found.
====== End of Folder: ======
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => removed successfully
HKLM\Software\Classes\CLSID\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => not found
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\petal219\Desktop\RSITx64.exe => moved successfully
C:\AI_RecycleBin => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053 => moved successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43714716 B
Java, Flash, Steam htmlcache => 227754699 B
Windows/system/drivers => 2863487 B
Edge => 2571772 B
Chrome => 239233695 B
Firefox => 0 B
Opera => 407673429 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1704 B
NetworkService => 0 B
petal219 => 17848632 B
RecycleBin => 2356707 B
EmptyTemp: => 910.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:00:56 ====
Ran by petal219 (14-03-2019 14:59:28) Run:1
Running from C:\Users\petal219\Desktop
Loaded Profiles: petal219 (Available Profiles: petal219)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\Policies\Explorer: []
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> DefaultScope {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
2019-03-12 23:11 - 2019-03-12 23:25 - 000000000 ____D C:\rsit
2019-03-12 23:11 - 2019-03-12 23:22 - 000000000 ____D C:\Program Files\trend micro
2019-03-12 23:05 - 2019-03-12 23:06 - 001222144 _____ C:\Users\petal219\Desktop\RSITx64.exe
2019-02-28 01:07 - 2019-02-28 01:07 - 000000000 __SHD C:\AI_RecycleBin
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc
2019-02-12 14:53 - 2019-02-12 14:53 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785
2019-02-12 14:51 - 2019-02-12 14:51 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330
2019-02-12 14:49 - 2019-02-12 14:49 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7
2019-02-12 14:42 - 2019-02-12 14:42 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
Count : 1390
Average :
Sum : 2840993835
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe ========================
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (Access Denied)
Creation and modification date: 2018-08-26 17:15 - 2016-01-19 06:15
Size: 001222664
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte
====== End of File: ======
========================= File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk ========================
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
====== End of File: ======
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P ========================
not found.
====== End of Folder: ======
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => removed successfully
HKLM\Software\Classes\CLSID\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => not found
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\petal219\Desktop\RSITx64.exe => moved successfully
C:\AI_RecycleBin => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053 => moved successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43714716 B
Java, Flash, Steam htmlcache => 227754699 B
Windows/system/drivers => 2863487 B
Edge => 2571772 B
Chrome => 239233695 B
Firefox => 0 B
Opera => 407673429 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1704 B
NetworkService => 0 B
petal219 => 17848632 B
RecycleBin => 2356707 B
EmptyTemp: => 910.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:00:56 ====
Re: Trojan:Script/Cloxer.A!cl
Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Trojan:Script/Cloxer.A!cl
Snad v pořádku
Re: Trojan:Script/Cloxer.A!cl
Tak este upraceme po pouzitych nastrojoch:
Spusti kontrolu integrity systemovych suborov:
- Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
- Uloz na plochu a spusti
- Nechaj oznacenu moznost "Remove disinfection tools"
- Klikni na "Run"
Spusti kontrolu integrity systemovych suborov:
- Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
- Skopiruj a spusti prikaz:
Kód: Vybrat vše
DISM.exe /Online /Cleanup-image /Restorehealth
- Po dokonceni skopiruj a spusti druhy prikaz:
Kód: Vybrat vše
sfc /scannow
- Restartuj PC
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!