Prosím o kontrolu logu Vyřešeno

[bill.da]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:19, on 11.02.2024
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)


Boot mode: Normal

Running processes:
C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe
C:\Users\Pane\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_A3FB6F0BFA64DA3B6778F36DA538B004] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
O4 - HKCU\..\Run: [ExtreamFanV5] C:\Users\Pane\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe
O4 - HKCU\..\Run: [csrss] "C:\Windows\rss\csrss.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: PowerExpertNT.lnk = Pane\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe
O4 - Startup: qemu-ga.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_39d2a - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\GameInputSvc.exe,-101 (GameInputSvc) - Unknown owner - C:\Windows\System32\GameInputSvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\121.0.6167.161\elevation_service.exe
O23 - Service: Slu ba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Slu ba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IMAP List Mailboxes 65 - Unknown owner - C:\ProgramData\IMAP List Mailboxes 65\IMAP List Mailboxes 65.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: UTIXDCVF - Google Inc. - C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Defender Helper Service (WinDefender) - Unknown owner - C:\Windows\windefender.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11196 bytes

[Reklama]

[bill.da]

klikl jsem na nějaký odkaz a natáhl jsem nějaký bordel zakázalo mi to dostat se na antivir nějaká organizace nebo co.

[jaro3]

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/
https://www.majorgeeks.com/files/detail ... eaner.html
https://www.majorgeeks.com/mg/get/temp_ ... ner,1.html

Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

[bill.da]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-11-2024
# Duration: 00:00:07
# OS: Windows 11 (Build 22621.3085)
# Scanned: 32108
# Detected: 3


***** [ Services ] *****

PUP.Optional.Legacy WinDefender

***** [ Folders ] *****

Trojan.Agent C:\Windows\rss

***** [ Files ] *****

Trojan.Agent C:\Windows\windefender.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[bill.da]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/11/24
Scan Time: 3:19 PM
Log File: 988ca03e-c8e8-11ee-ab0d-e06995623b6a.json

-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2259
Update Package Version: 1.0.80809
License: Trial

-System Information-
OS: Windows 11 (Build 22621.3085)
CPU: x64
File System: NTFS
User: PC\Pane

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 246464
Threats Detected: 84
Threats Quarantined: 0
Time Elapsed: 1 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 10, 428246, , , , , 8E67F58837092385DCF01E8A2B4F5783, 166DDB03FF3C89BD4525AC390067E180FDD08F10FBCF4AADB0189541673C03FA
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, No Action By User, 0, 392686, , , , , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7
Generic.Malware/Suspicious, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE, No Action By User, 0, 392686, , , , , A5CE3ABA68BDB438E98B1D0C70A3D95C, 9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A

Module: 3
Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 10, 428246, , , , , 8E67F58837092385DCF01E8A2B4F5783, 166DDB03FF3C89BD4525AC390067E180FDD08F10FBCF4AADB0189541673C03FA
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, No Action By User, 0, 392686, , , , , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7
Generic.Malware/Suspicious, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE, No Action By User, 0, 392686, , , , , A5CE3ABA68BDB438E98B1D0C70A3D95C, 9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A

Registry Key: 18
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, No Action By User, 8984, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3237C137-D0D2-4470-BA99-0F5C379F93A3}, No Action By User, 8984, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{3237C137-D0D2-4470-BA99-0F5C379F93A3}, No Action By User, 8984, 781233, , , , , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE, No Action By User, 10521, 1077834, 1.0.80809, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\f1d216c9, No Action By User, 8984, 821174, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE, No Action By User, 10521, 1077833, 1.0.80809, , ame, , ,
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER, No Action By User, 10, 428246, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE, No Action By User, 10521, 1077833, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE, No Action By User, 10521, 1077834, 1.0.80809, , ame, , ,
Generic.Malware/Suspicious, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAP List Mailboxes 65, No Action By User, 0, 392686, , , , , ,
Trojan.SmokeLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 58F3C0CC335D62AE, No Action By User, 5965, 946416, , , , , ,
Trojan.SmokeLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A55921CE-A8C3-4463-8978-517B322F99F0}, No Action By User, 5965, 946416, , , , , ,
Trojan.SmokeLoader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A55921CE-A8C3-4463-8978-517B322F99F0}, No Action By User, 5965, 946416, , , , , ,
Malware.AI.2656653171, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bnhihupu, No Action By User, 1000000, -1638314125, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 44A7E37FCACBD625, No Action By User, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F087681E-ADC0-4323-BA78-B7A5F5F75DFE}, No Action By User, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{F087681E-ADC0-4323-BA78-B7A5F5F75DFE}, No Action By User, 12802, 1218032, , , , , ,
Trojan.MalPack.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UTIXDCVF, No Action By User, 1262, 1197244, , , , , ,

Registry Value: 14
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE|VERIFIERDLLS, No Action By User, 10521, 1077834, 1.0.80809, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\f1d216c9|CAMPAIGNID, No Action By User, 8984, 821174, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE|VERIFIERDLLS, No Action By User, 10521, 1077833, 1.0.80809, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3237C137-D0D2-4470-BA99-0F5C379F93A3}|PATH, No Action By User, 8984, 781231, 1.0.80809, , ame, , ,
Trojan.Agent, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CSRSS, No Action By User, 10, 196479, 1.0.80809, , ame, , ,
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, No Action By User, 10, 428246, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE|VERIFIERDLLS, No Action By User, 10521, 1077833, 1.0.80809, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{05624292-DEC0-4108-94C9-801CFE07AC30}, No Action By User, 8984, 795081, 1.0.80809, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE|VERIFIERDLLS, No Action By User, 10521, 1077834, 1.0.80809, , ame, , ,
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS|C:\WINDOWS\SYSWOW64\BNHIHUPU, No Action By User, 3534, 692398, 1.0.80809, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 8324, 676880, 1.0.80809, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 8324, 676881, 1.0.80809, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 8324, 676880, 1.0.80809, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 8324, 676881, 1.0.80809, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup\xarch, No Action By User, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector, No Action By User, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup, No Action By User, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\USERS\PANE\APPDATA\LOCAL\TEMP\CSRSS, No Action By User, 9296, 995472, 1.0.80809, , ame, , ,
Trojan.Agent, C:\PROGRAMDATA\GOOGLEDRIVEADVODRS, No Action By User, 10, 1046161, 1.0.80809, , ame, , ,

File: 41
Trojan.Glupteba.E, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, No Action By User, 8984, 781233, 1.0.80809, , ame, , C21C82DC346ECDC379391CB326D40152, 55F545309C9C5E0E412956A0A657A17C9781A5A8FA9B62F3080C7EA521D75C4D
Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 10, 428246, , , , , 8E67F58837092385DCF01E8A2B4F5783, 166DDB03FF3C89BD4525AC390067E180FDD08F10FBCF4AADB0189541673C03FA
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector\injector.exe, No Action By User, 9296, 995472, , , , , D98E33B66343E7C96158444127A117F6, 5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll, No Action By User, 9296, 995472, , , , , 09031A062610D77D685C9934318B4170, 778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup\xarch\wup.exe, No Action By User, 9296, 995472, , , , , 4F649A57B7DDF3874C9A2163A73E9B07, 830AFFFC7DD32E007736F0D97E8D02F68F80988266E68E3DE3250AA189AC8491
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe, No Action By User, 9296, 995472, , , , , 1BF850B4D9587C1017A75A47680584C4, AC470C2FA05A67DD03CDC427E9957E661CD0EC7AECD9682DDB0B32C5CFC18955
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe, No Action By User, 9296, 995472, , , , , 713674D5E968CBE2102394BE0B2BAE6F, F724B2849E7DC38BF62114C11092020073BEA509E2BC57DEA7A94A2FC9C23057
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe, No Action By User, 9296, 995472, , , , , DCB505DC2B9D8AAC05F4CA0727F5EADB, 61F9194B9F33611EC902F02755CF2E86F0BBC84C2102C6E5D1874F9BAE78E551
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7
Generic.Malware/Suspicious, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , A5CE3ABA68BDB438E98B1D0C70A3D95C, 9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\background.js, No Action By User, 10, 1046161, , , , , AA0E77EC6B92F58452BB5577B9980E6F, AAD1C9BE17F64D7700FEB2D38DF7DC7446A48BF001AE42095B59B11FD24DFCDE
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\content.js, No Action By User, 10, 1046161, , , , , F2343187C1B46588EF5AF5166CE567F6, 4A9350B01A1A2AFBA6B61E07242627BAAEB6E0754661B191E491E2FEDDCE44EA
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\icon.png, No Action By User, 10, 1046161, , , , , 2C905A6E4A21A3FA14ADC1D99B7CBC03, CC3631CED23F21AE095C1397770E685F12F6AD788C8FA2F15487835A77A380FB
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\jquery.js, No Action By User, 10, 1046161, , , , , 3C9137D88A00B1AE0B41FF6A70571615, 24262BAAFEF17092927C3DAFE764AAA52A2A371B83ED2249CCA7E414DF99FAC1
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\manifest.json, No Action By User, 10, 1046161, , , , , 2835DD0A0AEF8405D47AB7F73D82EAA5, 2AAFD1356D876255A99905FBCAFB516DE31952E079923B9DDF33560BBE5ED2F3
Trojan.SmokeLoader, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 58F3C0CC335D62AE, No Action By User, 5965, 946416, , , , , DDFDB801BA1A5653B79A058190955B53, 1190612AFAB9DC62FF88A6BF55413C123DB9821F5D0E7D6E87436758B34DC055
Trojan.SmokeLoader, C:\USERS\PANE\APPDATA\ROAMING\CHUAVIS, No Action By User, 5965, 946416, 1.0.80809, , ame, , 756C7410C660FA94398477C459AFF3C4, C56B3C16DC79EB345671ABA0403B52DC1644097B5B9FA46E65FDE3F8AF712032
Trojan.MalPack, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\PowerExpertNT.lnk, No Action By User, 142, 1219325, , , , , 21341D61F617AD09C88ECF23B56BDE36, AC669BCB85219B6410B807FFC0499CC78B639DF0189FC049239ED8BF0D3C7BAC
Trojan.MalPack, C:\USERS\PANE\APPDATA\LOCAL\TEMP\POWEREXPERTNT\POWEREXPERTNT.EXE, No Action By User, 142, 1219325, 1.0.80809, 1, dds, 02689264, 8ED85982B93ADB880090EE53525E9264, 6AFB1240C2116E26EF7462F2AACEA73F2823A25C942C7A843C228FE765077B5F
Malware.AI.2656653171, C:\WINDOWS\SYSWOW64\BNHIHUPU\TADYXRRL.EXE, No Action By User, 1000000, -1638314125, 1.0.80809, 6240650D6038623B9E594F73, dds, 02689264, B07BDF9B7600BBAD91A997545E7FC04F, 56C5034A0F7469E837ECCF572EF5A21A1265AB172DF02A5D0AD308F335FACE94
Trojan.SmokeLoader.TSK, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 44A7E37FCACBD625, No Action By User, 12802, 1218032, 1.0.80809, , ame, , 5CF8687E88F63BA6E604591989023620, 31DE37CAEE5F6177D4AB8015E9A2B7B7A95D088937358EB7A048A73CDF826C1E
Trojan.MalPack.Generic, C:\PROGRAMDATA\XCFONRCHDKAR\VUEQJGSLWYND.EXE, No Action By User, 1262, 1197244, 1.0.80809, E16BDB3F531637C899094E33, dds, 02689264, B03886CB64C04B828B6EC1B2487DF4A4, 5DFAA8987F5D0476B835140D8A24FB1D9402E390BBE92B8565DA09581BD895FC
Malware.AI.2656653171, C:\USERS\PANE\APPDATA\ROAMING\GJUAVIS, No Action By User, 23, -1638314125, 1.0.80809, 23, dds, 02689264, 937BBC4F2DF14CCA94D6964B8D2BD5B0, 878D8EDBD40E6EE4E6715BBDECAA3A41F7CB06FD2E9BF76817B4E2224CE12D68
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MSVCP140.DLL, No Action By User, 9298, 820423, 1.0.80809, , ame, , 5FF1FCA37C466D6723EC67BE93B51442, 5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\SOFTOKN3.DLL, No Action By User, 9298, 820420, 1.0.80809, , ame, , 4E52D739C324DB8225BD9AB2695F262F, 74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, No Action By User, 9298, 820422, 1.0.80809, , ame, , C8FD9BE83BC728CC04BEFFAFC2907FE9, BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\FREEBL3.DLL, No Action By User, 9298, 820418, 1.0.80809, , ame, , 550686C0EE48C386DFCB40199BD076AC, EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, No Action By User, 9298, 820421, 1.0.80809, , ame, , 1CC453CDF74F31E4D913FF9C10ACDDE2, AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\VCRUNTIME140.DLL, No Action By User, 9298, 820419, 1.0.80809, , ame, , A37EE36B536409056A86F50E67777DD7, 8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
Malware.AI.2656653171, C:\USERS\PANE\DOCUMENTS\GUARDFOX\7K1MK2SYI8WLXFLLFKJMYBIQ.EXE, No Action By User, 23, -1638314125, 1.0.80809, 23, dds, 02689264, 767BDF7B030B16C586E0ACBA1EA56A0C, B8F063C3453592D032266D062BC0ED28EF94ECA60D612714A4FA14E3E37E0225
Malware.AI.2656653171, C:\USERS\PANE\DOCUMENTS\GUARDFOX\MBDYPPHMV_WDIAEKWJEJOLQG.EXE, No Action By User, 23, -1638314125, 1.0.80809, 23, dds, 02689264, 0D799C0BEF6AE07C26EE8C5B67988E37, 711530C5E8DD85DCE4E863584D2135FC51C7603BC1DCF7A30AC8063739C7CBA3
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\63O4EL1_RF92CMAPIYLKLGNW.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , 4114A25966E1F02CA5A13A4E70BA4A8F, 5AB8767DB1BF14C77D2721E13FC8670AB42D403914E84E0453027EA67BA85554
Trojan.Crypt.MSIL.Generic, C:\USERS\PANE\DOCUMENTS\GUARDFOX\IDCESIE0E658NSYRFE82GTZW.EXE, No Action By User, 5295, 1219345, 1.0.80809, , ame, , E5B82330C30D992C9B2DF56F7453F6C4, 93B181821181DBE7E8F5E86B5AEE87A6476EFE70C0FA66E9CF0D1F18A297EE3B
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\UJABAMXSGQKQUDDSLIHBAXET.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , C1E3A028E0B9BEBE2733C7F5A275461D, B0CB0E627E438B00A347D3D1104F3F64A862D72992E40699376BECA8C98B31CB
Malware.AI.148829662, C:\USERS\PANE\DOCUMENTS\GUARDFOX\U5XZQGQILZ9GOF9LILG65KXD.EXE, No Action By User, 1, 148829662, 1.0.80809, 1, dds, 02689264, EA0F932184EF8A3D8E94880E1ECC5182, 9A2FCC6D3826EA7690E9C68D404C821746CE7DB4CBCC6BFC010428CFD39865AA
Malware.AI.1810376774, C:\USERS\PANE\DOCUMENTS\GUARDFOX\JMOPCRTT3ULUJLCM4XIDUDPO.EXE, No Action By User, 1000000, 1810376774, 1.0.80809, 3E06A5D5260B4A906BE82846, dds, 02689264, F23B91DB5B62D695EED024194E04EE74, E426483523272B12AD20E3E8CAAE7C0E2A889266B0845CACBEFA6CA5C7312388
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\FVI6_9DRDJRGWKAIEB8WL1G_.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , 22BCDFC5882494840B272828FE2267E9, 29F973EB617A2D99D19379F7045FB468AE275DCC82E07FBEF840483A65C3BC9D
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\0C7JKSNIMS7VU1PD5BTNI0UP.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , 67E7F0E16B470A40DB8717DD909B34D0, 7F8B966A40854C4FCB0CD9F6C8DDB0582D84F6C758CC75C2DD923B6B0C42427F
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\UDELC9GKNFVBBDLJDEXBGZMS.EXE, No Action By User, 0, 392686, 1.0.80809, , shuriken, , A8622B644806A3C4ADDB305C9E2138C5, 35DD7273912B1F3DA09AAFA392057BF12CAB942C3C192D3240A6C4574BF9E420
Trojan.MalPack, C:\USERS\PANE\DOCUMENTS\GUARDFOX\AD7QPPA5_1TO2I4NNP0_GICZ.EXE, No Action By User, 142, 1210631, 1.0.80809, 2E9DAD5E0EE4032E3EA54B22, dds, 02689264, D8D52A95B809C586AFE1BBF5373EDFC4, 629E031747E94B66F85F83711433A1C3D084AC0A57FBCC58F970BE04DE2D48CB
Trojan.MalPack, C:\USERS\PANE\DOCUMENTS\GUARDFOX\TMFE7ERBNZ4GBGT4HFTYHPHE.EXE, No Action By User, 142, 1219325, 1.0.80809, 1, dds, 02689264, 8ED85982B93ADB880090EE53525E9264, 6AFB1240C2116E26EF7462F2AACEA73F2823A25C942C7A843C228FE765077B5F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ do karantény“

Program provede opravu, po automatickém restartu klikni na Zobrazit logovací soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.



. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
https://www.majorgeeks.com/mg/getmirror ... ool,1.html
https://www.majorgeeks.com/mg/get/sopho ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- - klikni na „Scan“. V novém okně nic neměň a klikni dole na „Start“ ve sloupci „Quick Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Results “ , v dalším okně pak levým t. na „Report“ a vyber : „Text File“ , log nazvi třeba RK a ulož do dokumentů nebo na plochu. Otevři soubor a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

[bill.da]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-11-2024
# Duration: 00:00:06
# OS: Windows 11 (Build 22621.3085)
# Scanned: 32108
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1487 octets] - [11/02/2024 15:01:31]
AdwCleaner[S01].txt - [1598 octets] - [11/02/2024 17:25:32]
AdwCleaner[C01].txt - [1876 octets] - [11/02/2024 17:25:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

[bill.da]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Pane (Administrator) on 11.02.2024 at 17:32:21,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Pane) (Task)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.02.2024 at 17:33:41,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[bill.da]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/11/24
Scan Time: 5:38 PM
Log File: fe84ea1e-c8fb-11ee-ad6c-e06995623b6a.json

-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2259
Update Package Version: 1.0.80813
License: Trial

-System Information-
OS: Windows 11 (Build 22621.3085)
CPU: x64
File System: NTFS
User: PC\Pane

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 246465
Threats Detected: 76
Threats Quarantined: 76
Time Elapsed: 1 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, Quarantined, 0, 392686, , , , , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7

Module: 1
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, Quarantined, 0, 392686, , , , , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7

Registry Key: 17
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE, Quarantined, 10521, 1077834, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3237C137-D0D2-4470-BA99-0F5C379F93A3}, Quarantined, 8984, 781231, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\f1d216c9, Quarantined, 8984, 821174, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, Quarantined, 8984, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{3237C137-D0D2-4470-BA99-0F5C379F93A3}, Quarantined, 8984, 781233, , , , , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE, Quarantined, 10521, 1077833, 1.0.80813, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE, Quarantined, 10521, 1077834, 1.0.80813, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE, Quarantined, 10521, 1077833, 1.0.80813, , ame, , ,
Trojan.MalPack.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UTIXDCVF, Quarantined, 1262, 1197244, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 58F3C0CC335D62AE, Quarantined, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A55921CE-A8C3-4463-8978-517B322F99F0}, Quarantined, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A55921CE-A8C3-4463-8978-517B322F99F0}, Quarantined, 12802, 1218032, , , , , ,
Generic.Malware/Suspicious, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAP List Mailboxes 65, Quarantined, 0, 392686, , , , , ,
Malware.AI.2197700221, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bnhihupu, Quarantined, 1000000, -2097267075, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 44A7E37FCACBD625, Quarantined, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F087681E-ADC0-4323-BA78-B7A5F5F75DFE}, Quarantined, 12802, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{F087681E-ADC0-4323-BA78-B7A5F5F75DFE}, Quarantined, 12802, 1218032, , , , , ,

Registry Value: 13
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE|VERIFIERDLLS, Quarantined, 10521, 1077834, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3237C137-D0D2-4470-BA99-0F5C379F93A3}|PATH, Quarantined, 8984, 781231, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\f1d216c9|CAMPAIGNID, Quarantined, 8984, 821174, 1.0.80813, , ame, , ,
Trojan.Agent, HKU\S-1-5-21-2421127328-4240907721-822245617-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CSRSS, Quarantined, 10, 196479, 1.0.80813, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE|VERIFIERDLLS, Quarantined, 10521, 1077833, 1.0.80813, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{05624292-DEC0-4108-94C9-801CFE07AC30}, Quarantined, 8984, 795081, 1.0.80813, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPPEXTCOMOBJ.EXE|VERIFIERDLLS, Quarantined, 10521, 1077834, 1.0.80813, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarantined, 8324, 676880, 1.0.80813, , ame, , ,
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS|C:\WINDOWS\SYSWOW64\BNHIHUPU, Quarantined, 3534, 692398, 1.0.80813, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 8324, 676881, 1.0.80813, , ame, , ,
RiskWare.IFEOHijack.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE|VERIFIERDLLS, Quarantined, 10521, 1077833, 1.0.80813, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarantined, 8324, 676880, 1.0.80813, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 8324, 676881, 1.0.80813, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup\xarch, Quarantined, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector, Quarantined, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup, Quarantined, 9296, 995472, , , , , ,
Trojan.Ranumbot, C:\USERS\PANE\APPDATA\LOCAL\TEMP\CSRSS, Quarantined, 9296, 995472, 1.0.80813, , ame, , ,
Trojan.Agent, C:\PROGRAMDATA\GOOGLEDRIVEADVODRS, Quarantined, 10, 1046161, 1.0.80813, , ame, , ,

File: 39
Trojan.Agent, C:\PROGRAMDATA\DLLHOST.EXE, Quarantined, 10, 221861, 1.0.80813, , ame, , 3CAC4651CE934A43D65392A7E829A7FD, 58F720C7664A0EEA1E99B9293DFFBA1D45930A1ACE26BA296AE81F461D5953D1
Trojan.Glupteba.E, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, Quarantined, 8984, 781233, 1.0.80813, , ame, , C21C82DC346ECDC379391CB326D40152, 55F545309C9C5E0E412956A0A657A17C9781A5A8FA9B62F3080C7EA521D75C4D
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector\injector.exe, Quarantined, 9296, 995472, , , , , D98E33B66343E7C96158444127A117F6, 5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll, Quarantined, 9296, 995472, , , , , 09031A062610D77D685C9934318B4170, 778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\wup\xarch\wup.exe, Quarantined, 9296, 995472, , , , , 4F649A57B7DDF3874C9A2163A73E9B07, 830AFFFC7DD32E007736F0D97E8D02F68F80988266E68E3DE3250AA189AC8491
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\1bf850b4d9587c1017a75a47680584c4.exe, Quarantined, 9296, 995472, , , , , 1BF850B4D9587C1017A75A47680584C4, AC470C2FA05A67DD03CDC427E9957E661CD0EC7AECD9682DDB0B32C5CFC18955
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\713674d5e968cbe2102394be0b2bae6f.exe, Quarantined, 9296, 995472, , , , , 713674D5E968CBE2102394BE0B2BAE6F, F724B2849E7DC38BF62114C11092020073BEA509E2BC57DEA7A94A2FC9C23057
Trojan.Ranumbot, C:\Users\Pane\AppData\Local\Temp\csrss\dcb505dc2b9d8aac05f4ca0727f5eadb.exe, Quarantined, 9296, 995472, , , , , DCB505DC2B9D8AAC05F4CA0727F5EADB, 61F9194B9F33611EC902F02755CF2E86F0BBC84C2102C6E5D1874F9BAE78E551
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\background.js, Quarantined, 10, 1046161, , , , , AA0E77EC6B92F58452BB5577B9980E6F, AAD1C9BE17F64D7700FEB2D38DF7DC7446A48BF001AE42095B59B11FD24DFCDE
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\content.js, Quarantined, 10, 1046161, , , , , F2343187C1B46588EF5AF5166CE567F6, 4A9350B01A1A2AFBA6B61E07242627BAAEB6E0754661B191E491E2FEDDCE44EA
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\icon.png, Quarantined, 10, 1046161, , , , , 2C905A6E4A21A3FA14ADC1D99B7CBC03, CC3631CED23F21AE095C1397770E685F12F6AD788C8FA2F15487835A77A380FB
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\jquery.js, Quarantined, 10, 1046161, , , , , 3C9137D88A00B1AE0B41FF6A70571615, 24262BAAFEF17092927C3DAFE764AAA52A2A371B83ED2249CCA7E414DF99FAC1
Trojan.Agent, C:\ProgramData\GoogleDriveAdvodrs\manifest.json, Quarantined, 10, 1046161, , , , , 2835DD0A0AEF8405D47AB7F73D82EAA5, 2AAFD1356D876255A99905FBCAFB516DE31952E079923B9DDF33560BBE5ED2F3
Trojan.MalPack, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\PowerExpertNT.lnk, Quarantined, 142, 1219325, , , , , 21341D61F617AD09C88ECF23B56BDE36, AC669BCB85219B6410B807FFC0499CC78B639DF0189FC049239ED8BF0D3C7BAC
Trojan.MalPack, C:\USERS\PANE\APPDATA\LOCAL\TEMP\POWEREXPERTNT\POWEREXPERTNT.EXE, Quarantined, 142, 1219325, 1.0.80813, 1, dds, 02689412, 8ED85982B93ADB880090EE53525E9264, 6AFB1240C2116E26EF7462F2AACEA73F2823A25C942C7A843C228FE765077B5F
Trojan.MalPack.Generic, C:\PROGRAMDATA\XCFONRCHDKAR\VUEQJGSLWYND.EXE, Quarantined, 1262, 1197244, 1.0.80813, E16BDB3F531637C899094E33, dds, 02689412, B03886CB64C04B828B6EC1B2487DF4A4, 5DFAA8987F5D0476B835140D8A24FB1D9402E390BBE92B8565DA09581BD895FC
Trojan.SmokeLoader.TSK, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 58F3C0CC335D62AE, Quarantined, 12802, 1218032, 1.0.80813, , ame, , DDFDB801BA1A5653B79A058190955B53, 1190612AFAB9DC62FF88A6BF55413C123DB9821F5D0E7D6E87436758B34DC055
Generic.Malware/Suspicious, C:\PROGRAMDATA\IMAP LIST MAILBOXES 65\IMAP LIST MAILBOXES 65.EXE, Quarantined, 0, 392686, 1.0.80813, , shuriken, , 474BF27C014224B528392E6916516F4B, B0C5367C4812164CBCD6BD889C6256E56A9F8FC6D26236DDBAC99F5398FA57B7
Malware.AI.2197700221, C:\WINDOWS\SYSWOW64\BNHIHUPU\TADYXRRL.EXE, Quarantined, 1000000, -2097267075, 1.0.80813, 486ACAA52BF2E0C682FE3E7D, dds, 02689412, B07BDF9B7600BBAD91A997545E7FC04F, 56C5034A0F7469E837ECCF572EF5A21A1265AB172DF02A5D0AD308F335FACE94
Trojan.SmokeLoader.TSK, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 44A7E37FCACBD625, Quarantined, 12802, 1218032, 1.0.80813, , ame, , 5CF8687E88F63BA6E604591989023620, 31DE37CAEE5F6177D4AB8015E9A2B7B7A95D088937358EB7A048A73CDF826C1E
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, Quarantined, 9298, 820422, 1.0.80813, , ame, , C8FD9BE83BC728CC04BEFFAFC2907FE9, BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, Quarantined, 9298, 820421, 1.0.80813, , ame, , 1CC453CDF74F31E4D913FF9C10ACDDE2, AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\VCRUNTIME140.DLL, Quarantined, 9298, 820419, 1.0.80813, , ame, , A37EE36B536409056A86F50E67777DD7, 8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MSVCP140.DLL, Quarantined, 9298, 820423, 1.0.80813, , ame, , 5FF1FCA37C466D6723EC67BE93B51442, 5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\SOFTOKN3.DLL, Quarantined, 9298, 820420, 1.0.80813, , ame, , 4E52D739C324DB8225BD9AB2695F262F, 74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\FREEBL3.DLL, Quarantined, 9298, 820418, 1.0.80813, , ame, , 550686C0EE48C386DFCB40199BD076AC, EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Generic.Malware/Suspicious, C:\USERS\PANE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE, Quarantined, 0, 392686, 1.0.80813, , shuriken, , A5CE3ABA68BDB438E98B1D0C70A3D95C, 9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A
Malware.Heuristic.2090, C:\USERS\PANE\DOCUMENTS\GUARDFOX\FVI6_9DRDJRGWKAIEB8WL1G_.EXE, Quarantined, 1000001, 1199108, 1.0.80813, 00000000000000000000082A, dds, 02689412, 22BCDFC5882494840B272828FE2267E9, 29F973EB617A2D99D19379F7045FB468AE275DCC82E07FBEF840483A65C3BC9D
Trojan.MalPack, C:\USERS\PANE\DOCUMENTS\GUARDFOX\TMFE7ERBNZ4GBGT4HFTYHPHE.EXE, Quarantined, 142, 1219325, 1.0.80813, 1, dds, 02689412, 8ED85982B93ADB880090EE53525E9264, 6AFB1240C2116E26EF7462F2AACEA73F2823A25C942C7A843C228FE765077B5F
Malware.Heuristic.2025, C:\USERS\PANE\DOCUMENTS\GUARDFOX\63O4EL1_RF92CMAPIYLKLGNW.EXE, Quarantined, 1000001, 1163561, 1.0.80813, 0000000000000000000007E9, dds, 02689412, 4114A25966E1F02CA5A13A4E70BA4A8F, 5AB8767DB1BF14C77D2721E13FC8670AB42D403914E84E0453027EA67BA85554
Malware.Heuristic.2025, C:\USERS\PANE\DOCUMENTS\GUARDFOX\0C7JKSNIMS7VU1PD5BTNI0UP.EXE, Quarantined, 1000001, 1163561, 1.0.80813, 0000000000000000000007E9, dds, 02689412, 67E7F0E16B470A40DB8717DD909B34D0, 7F8B966A40854C4FCB0CD9F6C8DDB0582D84F6C758CC75C2DD923B6B0C42427F
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\UDELC9GKNFVBBDLJDEXBGZMS.EXE, Quarantined, 0, 392686, 1.0.80813, , shuriken, , A8622B644806A3C4ADDB305C9E2138C5, 35DD7273912B1F3DA09AAFA392057BF12CAB942C3C192D3240A6C4574BF9E420
Malware.Heuristic.2025, C:\USERS\PANE\DOCUMENTS\GUARDFOX\JMOPCRTT3ULUJLCM4XIDUDPO.EXE, Quarantined, 1000001, 1163561, 1.0.80813, 0000000000000000000007E9, dds, 02689412, F23B91DB5B62D695EED024194E04EE74, E426483523272B12AD20E3E8CAAE7C0E2A889266B0845CACBEFA6CA5C7312388
Generic.Malware/Suspicious, C:\USERS\PANE\DOCUMENTS\GUARDFOX\UJABAMXSGQKQUDDSLIHBAXET.EXE, Quarantined, 0, 392686, 1.0.80813, , shuriken, , C1E3A028E0B9BEBE2733C7F5A275461D, B0CB0E627E438B00A347D3D1104F3F64A862D72992E40699376BECA8C98B31CB
Malware.AI.2419449499, C:\USERS\PANE\DOCUMENTS\GUARDFOX\7K1MK2SYI8WLXFLLFKJMYBIQ.EXE, Quarantined, 23, -1875517797, 1.0.80813, 23, dds, 02689412, 767BDF7B030B16C586E0ACBA1EA56A0C, B8F063C3453592D032266D062BC0ED28EF94ECA60D612714A4FA14E3E37E0225
Malware.AI.2197700221, C:\USERS\PANE\DOCUMENTS\GUARDFOX\MBDYPPHMV_WDIAEKWJEJOLQG.EXE, Quarantined, 23, -2097267075, 1.0.80813, 23, dds, 02689412, 0D799C0BEF6AE07C26EE8C5B67988E37, 711530C5E8DD85DCE4E863584D2135FC51C7603BC1DCF7A30AC8063739C7CBA3
Trojan.MalPack, C:\USERS\PANE\DOCUMENTS\GUARDFOX\AD7QPPA5_1TO2I4NNP0_GICZ.EXE, Quarantined, 142, 1210631, 1.0.80813, 2E9DAD5E0EE4032E3EA54B22, dds, 02689412, D8D52A95B809C586AFE1BBF5373EDFC4, 629E031747E94B66F85F83711433A1C3D084AC0A57FBCC58F970BE04DE2D48CB
Trojan.Crypt.MSIL.Generic, C:\USERS\PANE\DOCUMENTS\GUARDFOX\IDCESIE0E658NSYRFE82GTZW.EXE, Quarantined, 5295, 1219345, 1.0.80813, , ame, , E5B82330C30D992C9B2DF56F7453F6C4, 93B181821181DBE7E8F5E86B5AEE87A6476EFE70C0FA66E9CF0D1F18A297EE3B
Malware.AI.148829662, C:\USERS\PANE\DOCUMENTS\GUARDFOX\U5XZQGQILZ9GOF9LILG65KXD.EXE, Quarantined, 1, 148829662, 1.0.80813, 1, dds, 02689412, EA0F932184EF8A3D8E94880E1ECC5182, 9A2FCC6D3826EA7690E9C68D404C821746CE7DB4CBCC6BFC010428CFD39865AA

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[bill.da]

2024-02-11 16:52:29.448 Sophos Virus Removal Tool version 2.9.0
2024-02-11 16:52:29.448 Copyright (c) 2009-2021 Sophos Limited. All rights reserved.

2024-02-11 16:52:29.448 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2024-02-11 16:52:29.448 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2024-02-11 16:52:29.448 Checking for updates...
2024-02-11 16:52:29.464 Update progress: proxy server not available
2024-02-11 16:52:31.089 Update error: failed to read remote metadata (error 4)
[V46381] SU::Handle::readRemoteMetadata + SU::Handle::readRemoteMetadata()
[V75884] SU::Metadata::readRemoteMetadata SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[V81533] SU::createCachedPackageSource creating cached package source for sophos:1:1: url=SOPHOS
[V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
[V81533] SU::createCachedPackageSource creating package source to download customer file
[E26245] Error fetching data from http://dci.sophosupd.com/update/d/8a/d8 ... 768996.dat: WinHttpSendRequest (error 12007)
[I26245] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[V81533] SU::createCachedPackageSource creating cached package source for sophos:2:1: url=SOPHOS
[V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
[V81533] SU::createCachedPackageSource creating package source to download customer file
[E26245] Error fetching data from http://dci.sophosupd.net/update/d/8a/d8 ... 768996.dat: WinHttpSendRequest (error 12007)
[I26245] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[V81533] SU::createCachedPackageSource creating cached package source for sophos:3:1: url=SOPHOS
[V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
[V81533] SU::createCachedPackageSource creating package source to download customer file
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2024-02-11 16:52:39.857 Option all = no
2024-02-11 16:52:39.857 Option recurse = yes
2024-02-11 16:52:39.857 Option archive = no
2024-02-11 16:52:39.857 Option service = yes
2024-02-11 16:52:39.857 Option confirm = yes
2024-02-11 16:52:39.857 Option sxl = yes
2024-02-11 16:52:39.857 Option max-data-age = 35
2024-02-11 16:52:39.857 Option vdl-logging = yes
2024-02-11 16:52:39.857 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2024-02-11 16:52:39.857 Machine ID: 16d317b69b594dafb964b977c881e9ec
2024-02-11 16:52:39.872 Component SVRTcli.exe version 2.9.0
2024-02-11 16:52:39.872 Component control.dll version 2.9.0
2024-02-11 16:52:39.872 Component SVRTservice.exe version 2.9.0
2024-02-11 16:52:39.872 Component engine\osdp.dll version 1.44.1.2510
2024-02-11 16:52:39.872 Component engine\veex.dll version 3.81.0.2510
2024-02-11 16:52:39.872 Component engine\savi.dll version 9.0.23.2510
2024-02-11 16:52:39.872 Component rkdisk.dll version 1.5.33.1
2024-02-11 16:52:39.872 Version info: Product version 2.9.0
2024-02-11 16:52:39.872 Version info: Detection engine 3.81.0
2024-02-11 16:52:39.872 Version info: Detection data 5.82
2024-02-11 16:52:39.872 Version info: Build date 16.02.2021
2024-02-11 16:52:39.872 Version info: Data files added 208
2024-02-11 16:52:39.872 Version info: Last successful update (not yet updated)

2024-02-11 16:54:41.560 Could not open C:\hiberfil.sys
2024-02-11 16:54:41.560 Could not open C:\pagefile.sys
2024-02-11 17:00:11.032 Could not open C:\swapfile.sys
2024-02-11 17:00:37.495 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\WindowsPackageManagerServer.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\winget.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.GamingApp_8wekyb3d8bbwe\XboxPcAppAdminServer.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.Paint_8wekyb3d8bbwe\mspaint.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.Paint_8wekyb3d8bbwe\pbrush.exe
2024-02-11 17:00:37.511 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.SkypeApp_kzf8qxf38zg5c\Skype.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsNotepad_8wekyb3d8bbwe\notepad.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsTerminal_8wekyb3d8bbwe\wt.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MicrosoftWindows.DesktopStickerEditorCentennial.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\MicrosoftWindows.DesktopStickerEditorCentennial.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\mspaint.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\notepad.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\pbrush.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\python.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\python3.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\Skype.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\WindowsPackageManagerServer.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\winget.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\wt.exe
2024-02-11 17:00:37.526 Could not open C:\Users\Pane\AppData\Local\Microsoft\WindowsApps\XboxPcAppAdminServer.exe
2024-02-11 17:00:46.622 Could not open C:\Users\Pane\AppData\Local\Packages\MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy\LocalState\EBWebView\Default\Network\Cookies
2024-02-11 17:00:46.622 Could not open C:\Users\Pane\AppData\Local\Packages\MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy\LocalState\EBWebView\Default\Network\Cookies-journal
2024-02-11 17:01:52.647 >>> Virus 'Mal/Generic-S' found in file C:\Users\Pane\AppData\Roaming\wmerror\ptMgr.dll
2024-02-11 17:02:01.277 >>> Virus 'Mal/Generic-S' found in file C:\Users\Pane\Downloads\File_Setup-7788_KéyC0de\ptMgr.dll
2024-02-11 17:03:56.735 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2024-02-11 17:03:56.735 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2024-02-11 17:03:59.158 Could not open C:\Windows\System32\config\BBI
2024-02-11 17:15:19.536 >>> Virus 'Mal/Obfus-D' found in file D:\Games\The Sims 4\Game\Bin\RldOrigin_ext.dll
2024-02-11 17:16:58.252 Could not open LOGICAL:0006:00000000
2024-02-11 17:16:58.268 Could not open G:\
2024-02-11 17:16:58.284 Could not open LOGICAL:0007:00000000
2024-02-11 17:16:58.284 Could not open H:\
2024-02-11 17:16:58.299 Could not open LOGICAL:0008:00000000
2024-02-11 17:16:58.315 Could not open I:\
2024-02-11 17:16:58.315 Could not open LOGICAL:0009:00000000
2024-02-11 17:16:58.330 Could not open J:\
2024-02-11 17:16:58.549 Could not open PHYSICAL:0083:0000:0000:0001
2024-02-11 17:16:58.565 Could not open PHYSICAL:0084:0000:0000:0001
2024-02-11 17:16:58.565 Could not open PHYSICAL:0085:0000:0000:0001
2024-02-11 17:16:58.565 Could not open PHYSICAL:0086:0000:0000:0001
2024-02-11 17:16:58.565 The following items will be cleaned up:
2024-02-11 17:16:58.565 Mal/Generic-S
2024-02-11 17:16:58.565 Mal/Obfus-D

[bill.da]

Program : RogueKiller Anti-Malware
Version : 15.14.0.0
x64 : Yes
Program Date : Jan 17 2024
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Pane
User is Admin : Yes
Date : 2024/02/11 17:22:58
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 12
Found items : 1
Total scanned : 947
Signatures Version : 20240206_085651
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize

************************* Warnings *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************
>>>>>> O23 - Services
└── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UTIXDCVF -- N/A -> Found

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

[bill.da]

Pořád se nemužu dostat na Defender