VIRY.CZ

Dobry den.
Potreboval by som od vas pomoct s mensim nesvarom.

Po skumani problemu s nacitavanim Youtube (broken sidepanel, nenacitanie videi atd.) som zistil, ze sa mi v Proxy settings OSka objavil proxy setup skript, so script address http://127.0.0.1:86/
Proxy som smaznul z nasledujucich registrov:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies
Odmazanie obnovilo funkcionalitu YT (a predpokladam i inych webov), bohuzel proxy skript sa po restarte neustale vracia.

ProcMon pri boote mi ukazal len to, ze proxy do AutoConfigURL vzdy pri startupu zpatky nahodi svchost
(C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc)
a to do lokaci:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKLM\System\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{FA83B550-CF6A-4B62-9170-FB7B04B1BF75}\AutoConfigUrl
HKLM\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies\(Default)

Uprimne nevim jak dlho to tak uz takto pretrvava, problemy sa objavili par tyzdnov dozadu, prvykrat odmazanie proxy skriptu pomohlo, teraz za to neustale vracia.
Spybot S&D mi nieco malo precistil, Malwarebytes nic nenasiel (ten naposledy odmazaval PUP.Optional.Privoxy z %ProgramFiles(x86)%\SystemWin ale to este v 2017), ESET tiez nenasiel nic podstatne.
Bohuzial issue s proxy skriptom po restarte stale pretrvava.

Zaroven je divne, ze inetcpl.cpl mi neumozni editovat LAN settings (managed by admin, i kdyz jsem admin), moze to suvisiet s IE Restriction co nasiel FSRT?

FSRT a Addition logy prikladam do prilohy.

sionn89_1.zip: (116.62 KiB) Staženo 83 x

Budem vdacny za akukolvek pomoc.
Diky mockrat.

[EDIT] - skusil som schvalne ist na IP port co ziskam, vratil sa mi application/x-ns-proxy-autoconfig subor, otvoril som ho v notepade, ma nasledujuci obsah (na IP s portom 83 sa mi uz nevratilo nic.) :

function FindProxyForURL(url, host) {
//Ver:1.0.0.4
if (shExpMatch(url, "*/recaptcha/*")) return "DIRECT";
if (shExpMatch(host, "cse.google.*")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "www.google.*")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "*search.yahoo.com")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "www.bing.*")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "www.amazon.*")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "www.youtube.*")) return "PROXY 127.0.0.1:83";
if (shExpMatch(host, "www.ebay.*")) return "PROXY 127.0.0.1:83";
return "DIRECT";}

[EDIT 2] - resource monitor mi ukazal, ze na portoch 83 a 86 naslucha C:\Program Files (x86)\Common Files\InstallShield\Engine\8\intel 32\iKernel.exe - ten ale scany ESET atd. presiel bez viru. VirusTotal zdetekoval len 2/69, tie 2 nalezy su Generic.mg.10624ff080820515 / TScope.Trojan.MSIL - mozno to bude hlavnym vinnikom? Fake InstallShield assembly?

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Zdravim, Rudy.
Dekuji, log zde:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-05-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 7
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\Sunisoft
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2462 octets] - [05/05/2021 21:54:24]
AdwCleaner[S01].txt - [2523 octets] - [05/05/2021 21:56:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

OK. Dejte nové logy FRST+Addition.

Zdravim, Rudy.

Je to teda ono, killnul som ikernel, odstranil exe se subfoldrem, vycistil register, odobral sched.task, a proxy skript je minulostou

+ hajzel si k tomu jeste nahodil fake "Digicert Global Root G1A" medzi RootCA... Takze nuke CAcka a zmazanie vsetkych personal certificates co boli issued tou CA..
Subory mam v kopii bokom, uz som to poslal ESETu ako novy sample, je to zatim blbe, ze to nedetekuje vetsina hlavnych AVs...

Clean teda asi bude o odstraneni bordelu, co po nem ostalo, napr. ten restriction na inetcpl.cpl atd.

Logy zde:

Sionn89_2.zip: (28.08 KiB) Staženo 79 x

Dekuji

Jistě, bude to o tom. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5777CC80-D97C-4973-B2D7-E2EE9EC8AFE4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\Etiainen\AppData\Roaming\Mozilla\Firefox\Profiles\ivievfe7.default [not found] <==== ATTENTION
C:\Users\Etiainen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:CD30FA91 [109]
FirewallRules: [{223D2F13-0209-4F4E-8550-26D2E541D71B}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{0FA18F28-8181-4670-B0FA-B875862C9538}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{D665CFE4-AAAF-4C72-A675-5E2C29140347}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{9CA057A3-539A-4E6B-B6A7-53AD7D331609}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{7CF8BADD-D5FD-48DC-B679-88C18682C0EB}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\Launcher.exe => No File
FirewallRules: [{28B12CCA-1B6D-49B6-B2A7-B515152263D0}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\Launcher.exe => No File
FirewallRules: [{2D136B19-A58F-424B-9D64-388F4EBD68D6}] => (Allow) D:\Games\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{E4AB496E-C75F-4B7E-8948-F5C697CB8EA4}] => (Allow) D:\Games\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{5B971883-38B5-43B2-AFA6-D69138582C71}] => (Allow) D:\Games\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe => No File
FirewallRules: [{ADB19C70-BA1D-42C6-BB08-F4A45F7D5B7C}] => (Allow) D:\Games\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe => No File
FirewallRules: [{7D131751-0788-4275-BE41-017F7D75A934}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{2FF3AA51-5434-40B0-9462-F52D32D57134}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{50EAC000-C7CA-42F8-AA73-07B7DB386A37}] => (Allow) D:\Games\Steam\steamapps\common\Space\launcher\launcher.exe => No File
FirewallRules: [{EF209682-E7F4-4498-A5BC-4FAD21A8C2C9}] => (Allow) D:\Games\Steam\steamapps\common\Space\launcher\launcher.exe => No File
FirewallRules: [{8471EA32-2F49-437D-A3C5-B7C8D071C47C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{C71C6939-9A1A-47B1-888B-7A164D0872C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{4282067A-75B9-4116-8A58-323BC781A9DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{26693034-9C75-409F-B887-EA4268C182D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{51125E27-0965-4F3B-A7AB-12A23C617BC3}] => (Allow) D:\Games\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe => No File
FirewallRules: [{77AF504C-74FF-4E0C-BAD7-61F3B43BB54A}] => (Allow) D:\Games\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe => No File
FirewallRules: [{F5ACA3B7-825E-40CA-B379-02AE58AA6F87}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A1B12DB2-F66A-4A93-BF00-66AA1A169E05}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{D4BB83C5-55AA-4A41-AD78-D557253225B1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{1DD99989-F2A0-45C5-9474-EEB93D82DE67}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{4067C7D0-9F10-4919-A62A-A44E76744ACF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{14D87C5D-09B8-4EE1-BB48-10DA72F6617C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{6A7FBA19-84BD-4D49-94BD-BE6F16B4A7AF}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{D43AEFCA-2C16-4C7D-8520-351EAC74D159}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{7BA56C40-7504-494C-BAFE-8304FEC9C276}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{C40009F7-F487-4392-A8DD-E57F5BEF472F}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{09A879E7-C7C5-41F8-9F55-6B43ABD97B36}] => (Allow) D:\Games\Steam\Steam.exe => No File
FirewallRules: [{D1006281-25D9-4524-AD66-E351B1F21EBA}] => (Allow) D:\Games\Steam\Steam.exe => No File
FirewallRules: [{D086097B-FF10-43F5-8D37-05E83EB5F81A}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{452F6293-2F06-4CC5-BCCE-C2C092B79BBE}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{48EE311B-FD2C-4DD8-B1C9-45B321777E1D}] => (Allow) D:\Games\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{EFD4BF96-E4D1-4E2D-B5EC-6CAD434F9A19}] => (Allow) D:\Games\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{4DB8E343-20B7-4F68-ABCF-B8B1844B30C4}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{D6FC876D-3A58-455D-99E4-FAE78CE82DAE}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{74381A4C-11A6-43EC-BB6F-F102B2EA3C2C}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\Soma.exe => No File
FirewallRules: [{1FF6AEF2-D9D5-420E-A835-BBDD6C4C53EE}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\Soma.exe => No File
FirewallRules: [{81570E2C-C23D-4CA1-A0C9-BE21128A620B}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\ModLauncher.exe => No File
FirewallRules: [{6422CCC3-EAE5-4B2A-8FC0-A485CA49AEB9}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\ModLauncher.exe => No File
FirewallRules: [{A8919AB8-74C3-41EF-982E-97D0F8047C2B}] => (Allow) D:\Games\Steam\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{E625B7A8-DFC2-4E20-9AF9-BEA54DD41E94}] => (Allow) D:\Games\Steam\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{277784C8-3B1F-40B9-8504-6C58A989A148}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F85965B8-79CA-499F-9CCF-446A95476C3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3CD3387B-9842-4DB7-8C57-497BB0B121AD}] => (Allow) C:\Users\Etiainen\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{831FB275-6477-451C-8658-AC353CD27A8C}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{24CD0D7D-E1BE-432F-99FA-07E625A55AA1}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\2KLauncher\LauncherPatcher.exe => No File

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Zdravim,

Fix dokoncen. Zatim jediny negativni impact vidim nutnost znovuvytvorit firefox profil, ale to je par minut

Jinka inetcpl.cpl jiz bez omezeni

Dekuji!

Log zde:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Etiainen (07-05-2021 19:09:50) Run:1
Running from C:\Users\Etiainen\Desktop
Loaded Profiles: Etiainen
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5777CC80-D97C-4973-B2D7-E2EE9EC8AFE4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\Etiainen\AppData\Roaming\Mozilla\Firefox\Profiles\ivievfe7.default [not found] <==== ATTENTION
C:\Users\Etiainen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:CD30FA91 [109]
FirewallRules: [{223D2F13-0209-4F4E-8550-26D2E541D71B}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{0FA18F28-8181-4670-B0FA-B875862C9538}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{D665CFE4-AAAF-4C72-A675-5E2C29140347}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{9CA057A3-539A-4E6B-B6A7-53AD7D331609}] => (Allow) D:\Games\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{7CF8BADD-D5FD-48DC-B679-88C18682C0EB}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\Launcher.exe => No File
FirewallRules: [{28B12CCA-1B6D-49B6-B2A7-B515152263D0}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\Launcher.exe => No File
FirewallRules: [{2D136B19-A58F-424B-9D64-388F4EBD68D6}] => (Allow) D:\Games\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{E4AB496E-C75F-4B7E-8948-F5C697CB8EA4}] => (Allow) D:\Games\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{5B971883-38B5-43B2-AFA6-D69138582C71}] => (Allow) D:\Games\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe => No File
FirewallRules: [{ADB19C70-BA1D-42C6-BB08-F4A45F7D5B7C}] => (Allow) D:\Games\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe => No File
FirewallRules: [{7D131751-0788-4275-BE41-017F7D75A934}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{2FF3AA51-5434-40B0-9462-F52D32D57134}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{50EAC000-C7CA-42F8-AA73-07B7DB386A37}] => (Allow) D:\Games\Steam\steamapps\common\Space\launcher\launcher.exe => No File
FirewallRules: [{EF209682-E7F4-4498-A5BC-4FAD21A8C2C9}] => (Allow) D:\Games\Steam\steamapps\common\Space\launcher\launcher.exe => No File
FirewallRules: [{8471EA32-2F49-437D-A3C5-B7C8D071C47C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{C71C6939-9A1A-47B1-888B-7A164D0872C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{4282067A-75B9-4116-8A58-323BC781A9DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{26693034-9C75-409F-B887-EA4268C182D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{51125E27-0965-4F3B-A7AB-12A23C617BC3}] => (Allow) D:\Games\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe => No File
FirewallRules: [{77AF504C-74FF-4E0C-BAD7-61F3B43BB54A}] => (Allow) D:\Games\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe => No File
FirewallRules: [{F5ACA3B7-825E-40CA-B379-02AE58AA6F87}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A1B12DB2-F66A-4A93-BF00-66AA1A169E05}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{D4BB83C5-55AA-4A41-AD78-D557253225B1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{1DD99989-F2A0-45C5-9474-EEB93D82DE67}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{4067C7D0-9F10-4919-A62A-A44E76744ACF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{14D87C5D-09B8-4EE1-BB48-10DA72F6617C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{6A7FBA19-84BD-4D49-94BD-BE6F16B4A7AF}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{D43AEFCA-2C16-4C7D-8520-351EAC74D159}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{7BA56C40-7504-494C-BAFE-8304FEC9C276}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{C40009F7-F487-4392-A8DD-E57F5BEF472F}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{09A879E7-C7C5-41F8-9F55-6B43ABD97B36}] => (Allow) D:\Games\Steam\Steam.exe => No File
FirewallRules: [{D1006281-25D9-4524-AD66-E351B1F21EBA}] => (Allow) D:\Games\Steam\Steam.exe => No File
FirewallRules: [{D086097B-FF10-43F5-8D37-05E83EB5F81A}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{452F6293-2F06-4CC5-BCCE-C2C092B79BBE}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{48EE311B-FD2C-4DD8-B1C9-45B321777E1D}] => (Allow) D:\Games\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{EFD4BF96-E4D1-4E2D-B5EC-6CAD434F9A19}] => (Allow) D:\Games\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{4DB8E343-20B7-4F68-ABCF-B8B1844B30C4}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{D6FC876D-3A58-455D-99E4-FAE78CE82DAE}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{74381A4C-11A6-43EC-BB6F-F102B2EA3C2C}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\Soma.exe => No File
FirewallRules: [{1FF6AEF2-D9D5-420E-A835-BBDD6C4C53EE}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\Soma.exe => No File
FirewallRules: [{81570E2C-C23D-4CA1-A0C9-BE21128A620B}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\ModLauncher.exe => No File
FirewallRules: [{6422CCC3-EAE5-4B2A-8FC0-A485CA49AEB9}] => (Allow) D:\Games\Steam\steamapps\common\SOMA\ModLauncher.exe => No File
FirewallRules: [{A8919AB8-74C3-41EF-982E-97D0F8047C2B}] => (Allow) D:\Games\Steam\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{E625B7A8-DFC2-4E20-9AF9-BEA54DD41E94}] => (Allow) D:\Games\Steam\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{277784C8-3B1F-40B9-8504-6C58A989A148}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F85965B8-79CA-499F-9CCF-446A95476C3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3CD3387B-9842-4DB7-8C57-497BB0B121AD}] => (Allow) C:\Users\Etiainen\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{831FB275-6477-451C-8658-AC353CD27A8C}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{24CD0D7D-E1BE-432F-99FA-07E625A55AA1}] => (Allow) D:\Games\Steam\steamapps\common\Mafia III\2KLauncher\LauncherPatcher.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5777CC80-D97C-4973-B2D7-E2EE9EC8AFE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5777CC80-D97C-4973-B2D7-E2EE9EC8AFE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Users\Etiainen\AppData\Roaming\Mozilla\Firefox\Profiles\ivievfe7.default => path removed successfully
C:\Users\Etiainen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
C:\ProgramData\TEMP => ":CD30FA91" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{223D2F13-0209-4F4E-8550-26D2E541D71B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FA18F28-8181-4670-B0FA-B875862C9538}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D665CFE4-AAAF-4C72-A675-5E2C29140347}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CA057A3-539A-4E6B-B6A7-53AD7D331609}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CF8BADD-D5FD-48DC-B679-88C18682C0EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28B12CCA-1B6D-49B6-B2A7-B515152263D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D136B19-A58F-424B-9D64-388F4EBD68D6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4AB496E-C75F-4B7E-8948-F5C697CB8EA4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B971883-38B5-43B2-AFA6-D69138582C71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADB19C70-BA1D-42C6-BB08-F4A45F7D5B7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D131751-0788-4275-BE41-017F7D75A934}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FF3AA51-5434-40B0-9462-F52D32D57134}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EAC000-C7CA-42F8-AA73-07B7DB386A37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF209682-E7F4-4498-A5BC-4FAD21A8C2C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8471EA32-2F49-437D-A3C5-B7C8D071C47C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C71C6939-9A1A-47B1-888B-7A164D0872C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4282067A-75B9-4116-8A58-323BC781A9DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26693034-9C75-409F-B887-EA4268C182D1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51125E27-0965-4F3B-A7AB-12A23C617BC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77AF504C-74FF-4E0C-BAD7-61F3B43BB54A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5ACA3B7-825E-40CA-B379-02AE58AA6F87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1B12DB2-F66A-4A93-BF00-66AA1A169E05}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4BB83C5-55AA-4A41-AD78-D557253225B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DD99989-F2A0-45C5-9474-EEB93D82DE67}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4067C7D0-9F10-4919-A62A-A44E76744ACF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14D87C5D-09B8-4EE1-BB48-10DA72F6617C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A7FBA19-84BD-4D49-94BD-BE6F16B4A7AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D43AEFCA-2C16-4C7D-8520-351EAC74D159}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BA56C40-7504-494C-BAFE-8304FEC9C276}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C40009F7-F487-4392-A8DD-E57F5BEF472F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09A879E7-C7C5-41F8-9F55-6B43ABD97B36}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1006281-25D9-4524-AD66-E351B1F21EBA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D086097B-FF10-43F5-8D37-05E83EB5F81A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{452F6293-2F06-4CC5-BCCE-C2C092B79BBE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48EE311B-FD2C-4DD8-B1C9-45B321777E1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFD4BF96-E4D1-4E2D-B5EC-6CAD434F9A19}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DB8E343-20B7-4F68-ABCF-B8B1844B30C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6FC876D-3A58-455D-99E4-FAE78CE82DAE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74381A4C-11A6-43EC-BB6F-F102B2EA3C2C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1FF6AEF2-D9D5-420E-A835-BBDD6C4C53EE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81570E2C-C23D-4CA1-A0C9-BE21128A620B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6422CCC3-EAE5-4B2A-8FC0-A485CA49AEB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8919AB8-74C3-41EF-982E-97D0F8047C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E625B7A8-DFC2-4E20-9AF9-BEA54DD41E94}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{277784C8-3B1F-40B9-8504-6C58A989A148}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F85965B8-79CA-499F-9CCF-446A95476C3D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CD3387B-9842-4DB7-8C57-497BB0B121AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{831FB275-6477-451C-8658-AC353CD27A8C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24CD0D7D-E1BE-432F-99FA-07E625A55AA1}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 14704640 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 307189924 B
Java, Flash, Steam htmlcache => 969756867 B
Windows/system/drivers => 904762 B
Edge => 47706685 B
Chrome => 509891417 B
Firefox => 1194037045 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 103516 B
NetworkService => 104710 B
Etiainen => 441798234 B

RecycleBin => 76551022 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:16:53 ====

Sionn89 píše:Zatim jediny negativni impact vidim nutnost znovuvytvorit firefox profil...

Divné, ADW profil normálně nemaže a ani jsem mu nedal žádný takový příkaz. Bylo smazáno, nemáte zač.

Rudy píše: 07 kvě 2021 19:04
Sionn89 píše:Zatim jediny negativni impact vidim nutnost znovuvytvorit firefox profil...
Divné, ADW profil normálně nemaže a ani jsem mu nedal žádný takový příkaz. Bylo smazáno, nemáte zač.

Asi nejaky mini-firefoxfart, profil tam realne fyzicky je, akurat necitelny... ale to jsem za chvilku spravil

Ted jenom doufat, ze se tohoto svinstva chyti postupne antiviraky. Nasel jsem i instalacku v TEMPu, ta ma na virustotalu zatim 3/69

Jeste jednou dik, Rudy

Posilam i donate, forum jsem vyuzil vicekrat a vicekrat jste mi uz pomohli

(pod inym nickem a nepamatuju heslo k starymu mailu

)

Krasny vecer prajem!

OK a nemáte zač!

VIRY.CZ

Proxy skript 127.0.0.1:86

Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86

Re: Proxy skript 127.0.0.1:86