VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prevence

https://forum.viry.cz:443/viewtopic.php?t=158669

Stránka 1 z 1

Prevence

Napsal: 13 čer 2022 08:03
od ceasare
Dobrý deň. Prosím o kontrolu.
Desktop.rar
(38.04 KiB) Staženo 73 x
Díky moc

Re: Prevence

Napsal: 14 čer 2022 09:48
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-756748957-2859518009-1461303838-1001\...\Policies\Explorer: []
Task: {5623D56B-8F64-4F40-983B-9D6E9E728B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-28] (Google LLC -> Google LLC)
Task: {6CF6B668-1E1F-4A8D-992E-54F246A0F4D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-28] (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\evamr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\en-US\acadficn.dll => No File
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll -> No File
CContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll -> No File
C:\Users\evamr\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [143]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [141]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [152]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [158]
AlternateDataStreams: C:\ProgramData\TEMP:D735933A [205]
AlternateDataStreams: C:\ProgramData\TEMP:EFDFF94D [344]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7096]
FirewallRules: [{CE72FCBB-F600-4EFE-89F4-5BEE6A60157A}] => (Allow) C:\Users\evamr\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{67BE1233-FE41-41AC-910F-A1CF62948D07}] => (Allow) C:\Users\evamr\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{942DDD74-D734-447D-BBE8-F33442047EA5}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{261AF1C7-1A83-496B-A644-DE6F3BF4E65C}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [UDP Query User{262CFD91-7B44-4C4D-ACAC-49FB2EB84635}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [TCP Query User{38B6127D-3120-4541-B026-DDFCDA6940AC}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [{EF3EAECE-DF26-4A47-9FB4-E106FCBD0808}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe => No File
FirewallRules: [{B6B9CD1A-CDAB-4177-B87B-60F1C15AECFB}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe => No File
FirewallRules: [{90262CF0-BBC4-4356-AC77-E1A21F1D89D5}] => (Allow) D:\Steam\steamapps\common\Old School RuneScape\bin\win64\osclient.exe => No File
FirewallRules: [{FEB69A9A-85F3-4359-9DF3-D468C568CE65}] => (Allow) D:\Steam\steamapps\common\Old School RuneScape\bin\win64\osclient.exe => No File
FirewallRules: [{E45298A7-8D93-4783-BF40-CF7EA2E32F39}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{694974F2-0B9B-440D-B247-CA9BA6B0C097}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe => No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prevence

Napsal: 14 čer 2022 10:22
od ceasare
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-06-2022
Ran by evamr (14-06-2022 11:16:30) Run:1
Running from C:\Users\evamr\OneDrive\Desktop
Loaded Profiles: evamr
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-756748957-2859518009-1461303838-1001\...\Policies\Explorer: []
Task: {5623D56B-8F64-4F40-983B-9D6E9E728B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-28] (Google LLC -> Google LLC)
Task: {6CF6B668-1E1F-4A8D-992E-54F246A0F4D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-28] (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\evamr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\en-US\acadficn.dll => No File
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll -> No File
CContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll -> No File
C:\Users\evamr\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [143]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [141]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [152]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [158]
AlternateDataStreams: C:\ProgramData\TEMP:D735933A [205]
AlternateDataStreams: C:\ProgramData\TEMP:EFDFF94D [344]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7096]
FirewallRules: [{CE72FCBB-F600-4EFE-89F4-5BEE6A60157A}] => (Allow) C:\Users\evamr\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{67BE1233-FE41-41AC-910F-A1CF62948D07}] => (Allow) C:\Users\evamr\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{942DDD74-D734-447D-BBE8-F33442047EA5}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{261AF1C7-1A83-496B-A644-DE6F3BF4E65C}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [UDP Query User{262CFD91-7B44-4C4D-ACAC-49FB2EB84635}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [TCP Query User{38B6127D-3120-4541-B026-DDFCDA6940AC}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [{EF3EAECE-DF26-4A47-9FB4-E106FCBD0808}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe => No File
FirewallRules: [{B6B9CD1A-CDAB-4177-B87B-60F1C15AECFB}] => (Allow) D:\Steam\steamapps\common\Mafia II\pc\mafia2.exe => No File
FirewallRules: [{90262CF0-BBC4-4356-AC77-E1A21F1D89D5}] => (Allow) D:\Steam\steamapps\common\Old School RuneScape\bin\win64\osclient.exe => No File
FirewallRules: [{FEB69A9A-85F3-4359-9DF3-D468C568CE65}] => (Allow) D:\Steam\steamapps\common\Old School RuneScape\bin\win64\osclient.exe => No File
FirewallRules: [{E45298A7-8D93-4783-BF40-CF7EA2E32F39}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{694974F2-0B9B-440D-B247-CA9BA6B0C097}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-756748957-2859518009-1461303838-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5623D56B-8F64-4F40-983B-9D6E9E728B4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5623D56B-8F64-4F40-983B-9D6E9E728B4C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CF6B668-1E1F-4A8D-992E-54F246A0F4D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CF6B668-1E1F-4A8D-992E-54F246A0F4D8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8} => removed successfully
HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3} => removed successfully
HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5} => removed successfully
HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-756748957-2859518009-1461303838-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\EzCd => removed successfully
HKLM\Software\Classes\CLSID\{E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\EzCd => not found

"C:\Users\evamr\AppData\Local\Temp" folder move:

Could not move "C:\Users\evamr\AppData\Local\Temp" => Scheduled to move on reboot.

C:\ProgramData\TEMP => ":0888F409" ADS removed successfully
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully
C:\ProgramData\TEMP => ":66633281" ADS removed successfully
C:\ProgramData\TEMP => ":93433455" ADS removed successfully
C:\ProgramData\TEMP => ":D735933A" ADS removed successfully
C:\ProgramData\TEMP => ":EFDFF94D" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE72FCBB-F600-4EFE-89F4-5BEE6A60157A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67BE1233-FE41-41AC-910F-A1CF62948D07}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{942DDD74-D734-447D-BBE8-F33442047EA5}C:\games\world_of_tanks_eu\win64\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{261AF1C7-1A83-496B-A644-DE6F3BF4E65C}C:\games\world_of_tanks_eu\win64\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{262CFD91-7B44-4C4D-ACAC-49FB2EB84635}C:\programdata\wargaming.net\gamecenter\wgc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{38B6127D-3120-4541-B026-DDFCDA6940AC}C:\programdata\wargaming.net\gamecenter\wgc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF3EAECE-DF26-4A47-9FB4-E106FCBD0808}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6B9CD1A-CDAB-4177-B87B-60F1C15AECFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90262CF0-BBC4-4356-AC77-E1A21F1D89D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEB69A9A-85F3-4359-9DF3-D468C568CE65}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E45298A7-8D93-4783-BF40-CF7EA2E32F39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694974F2-0B9B-440D-B247-CA9BA6B0C097}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 628523939 B
Java, Discord, Steam htmlcache => 1094087980 B
Windows/system/drivers => 349975 B
Edge => 0 B
Chrome => 1752716541 B
Firefox => 1104501038 B
Opera => 45851021 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 756274 B
NetworkService => 807700 B
evamr => 2459987053 B

RecycleBin => 0 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-06-2022 11:21:15)

C:\Users\evamr\AppData\Local\Temp => moved successfully

==== End of Fixlog 11:21:15 ====

Re: Prevence

Napsal: 14 čer 2022 13:23
od Rudy
Smazáno, log by již měl být OK.

Re: Prevence

Napsal: 14 čer 2022 21:22
od ceasare
Díky moc :idea:

Re: Prevence

Napsal: 15 čer 2022 09:20
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz