VIRY.CZ

1) ZOEK log:

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Petr on ne 25.02.2024 at 19:57:09,35.
Microsoft Windows 10 Home 10.0.19045 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\oem\Desktop\Antispyware\VYČIŠTĚNÍ PROHLÍŽEČE\ZOEK\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 19:57:56,15 =====

--- Create Environment Variables 19:57:58,10
--- Create System Restore Point 19:58:20,35
--- Checking Input 19:58:42,63
--- Reset Hosts File 19:58:56,39
--- AU AppData Check 19:58:57,84
--- Remove From Windows Installer 19:59:03,06
--- Empty Folders Check 20:05:22,31
--- Registry HKLM Software Check 20:05:22,34
--- Quick Launch Shortcut Check 20:05:46,14
--- IE Startpage Check 20:06:00,40
--- Program Files DB Check 20:06:41,26
--- C:\Users\42060\AppData DB Check 20:07:23,79
--- C:\Users\Administrator\AppData DB Check 20:07:23,79
--- C:\Users\Default\AppData DB Check 20:07:23,79
--- C:\Users\Default.migrated\AppData DB Check 20:07:23,79
--- C:\Users\DefaultAppPool\AppData DB Check 20:07:23,79
--- C:\Users\defaultuser100000\AppData DB Check 20:07:23,79
--- C:\Users\MAC\AppData DB Check 20:07:23,79
--- C:\Users\oem\AppData DB Check 20:07:23,79
--- C:\Users\Petr Marek\AppData DB Check 20:07:23,79
--- C:\Users\TEMP\AppData DB Check 20:07:23,79
--- C:\Users\Veronika\AppData DB Check 20:07:23,79
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check 20:07:23,79
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check 20:07:23,79
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check 20:07:23,79
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check 20:07:23,79
--- C:\Users\oem DB Check 20:11:43,56
--- C:\PROGRA~3 DB Check 20:12:04,72
--- C:\Users\42060\AppData\Local DB Check 20:19:18,69
--- C:\Users\Administrator\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default User\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default.migrated\AppData\Local DB Check 20:19:18,69
--- C:\Users\DefaultAppPool\AppData\Local DB Check 20:19:18,69
--- C:\Users\defaultuser100000\AppData\Local DB Check 20:19:18,69
--- C:\Users\MAC\AppData\Local DB Check 20:19:18,69
--- C:\Users\oem\AppData\Local DB Check 20:19:18,69
--- C:\Users\TEMP\AppData\Local DB Check 20:19:18,69
--- C:\Users\Veronika\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 20:19:18,69
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:22:27,23
--- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 20:22:35,32
--- Tasks DB Check 20:22:40,70
--- Tasks2 DB Check 20:22:43,99
--- Documents DB Check 20:23:08,57
--- Documents2 DB Check 20:23:18,88
--- C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\c3ows1zr.default DB Check 20:23:20,84
--- C:\Users\MAC\AppData\Roaming\Thunderbird\Profiles\mjxic9d3.default DB Check 20:23:20,84
--- C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default DB Check 20:23:20,84
--- C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default DB Check 20:23:20,84
--- C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\q5g3b1od.default DB Check 20:23:20,84
--- C:\Users\Veronika\AppData\Roaming\Thunderbird\Profiles\47xbx4i5.default DB Check 20:23:20,84
--- C:\Users\Public\Desktop DB Check 20:23:33,81
--- C:\Users\oem\Desktop DB Check 20:23:49,37
--- Services DB Check 20:24:04,90
--- FF prefs.js DB Check 20:24:36,29
--- Emptyclsid 20:28:17,34
--- Del by CLSID 20:28:21,25
--- Delete Services 20:29:33,65
--- Firefox Fix 20:29:37,81
--- Delete files\folders 20:29:43,86
--- Create Backups 20:29:48,28
--- Firefox Extensions 20:36:43,23

To je celé? Log by měl být asi tak 3x dlouhý. A kde je JRT?

1) ZOEK log:

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Petr on ne 25.02.2024 at 19:57:09,35.
Microsoft Windows 10 Home 10.0.19045 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\oem\Desktop\Antispyware\VYČIŠTĚNÍ PROHLÍŽEČE\ZOEK\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 19:57:56,15 =====

--- Create Environment Variables 19:57:58,10
--- Create System Restore Point 19:58:20,35
--- Checking Input 19:58:42,63
--- Reset Hosts File 19:58:56,39
--- AU AppData Check 19:58:57,84
--- Remove From Windows Installer 19:59:03,06
--- Empty Folders Check 20:05:22,31
--- Registry HKLM Software Check 20:05:22,34
--- Quick Launch Shortcut Check 20:05:46,14
--- IE Startpage Check 20:06:00,40
--- Program Files DB Check 20:06:41,26
--- C:\Users\42060\AppData DB Check 20:07:23,79
--- C:\Users\Administrator\AppData DB Check 20:07:23,79
--- C:\Users\Default\AppData DB Check 20:07:23,79
--- C:\Users\Default.migrated\AppData DB Check 20:07:23,79
--- C:\Users\DefaultAppPool\AppData DB Check 20:07:23,79
--- C:\Users\defaultuser100000\AppData DB Check 20:07:23,79
--- C:\Users\MAC\AppData DB Check 20:07:23,79
--- C:\Users\oem\AppData DB Check 20:07:23,79
--- C:\Users\Petr Marek\AppData DB Check 20:07:23,79
--- C:\Users\TEMP\AppData DB Check 20:07:23,79
--- C:\Users\Veronika\AppData DB Check 20:07:23,79
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check 20:07:23,79
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check 20:07:23,79
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check 20:07:23,79
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check 20:07:23,79
--- C:\Users\oem DB Check 20:11:43,56
--- C:\PROGRA~3 DB Check 20:12:04,72
--- C:\Users\42060\AppData\Local DB Check 20:19:18,69
--- C:\Users\Administrator\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default User\AppData\Local DB Check 20:19:18,69
--- C:\Users\Default.migrated\AppData\Local DB Check 20:19:18,69
--- C:\Users\DefaultAppPool\AppData\Local DB Check 20:19:18,69
--- C:\Users\defaultuser100000\AppData\Local DB Check 20:19:18,69
--- C:\Users\MAC\AppData\Local DB Check 20:19:18,69
--- C:\Users\oem\AppData\Local DB Check 20:19:18,69
--- C:\Users\TEMP\AppData\Local DB Check 20:19:18,69
--- C:\Users\Veronika\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 20:19:18,69
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 20:19:18,69
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:22:27,23
--- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 20:22:35,32
--- Tasks DB Check 20:22:40,70
--- Tasks2 DB Check 20:22:43,99
--- Documents DB Check 20:23:08,57
--- Documents2 DB Check 20:23:18,88
--- C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\c3ows1zr.default DB Check 20:23:20,84
--- C:\Users\MAC\AppData\Roaming\Thunderbird\Profiles\mjxic9d3.default DB Check 20:23:20,84
--- C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default DB Check 20:23:20,84
--- C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default DB Check 20:23:20,84
--- C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\q5g3b1od.default DB Check 20:23:20,84
--- C:\Users\Veronika\AppData\Roaming\Thunderbird\Profiles\47xbx4i5.default DB Check 20:23:20,84
--- C:\Users\Public\Desktop DB Check 20:23:33,81
--- C:\Users\oem\Desktop DB Check 20:23:49,37
--- Services DB Check 20:24:04,90
--- FF prefs.js DB Check 20:24:36,29
--- Emptyclsid 20:28:17,34
--- Del by CLSID 20:28:21,25
--- Delete Services 20:29:33,65
--- Firefox Fix 20:29:37,81
--- Delete files\folders 20:29:43,86
--- Create Backups 20:29:48,28
--- Firefox Extensions 20:36:43,23

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2) JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Petr (Administrator) on ne 25.02.2024 at 21:52:50,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\ProgramData\esellerate (Folder)

Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{268221E8-9E6B-48a1-934F-96D20B542E66} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25.02.2024 at 21:55:31,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHoek je nějaký krátký a není v něm nic o mazání. Spustil jste ho jako správce? JRT mazal, ten je OK.

ZOEK spuštěn podruhé a zase se SEKNUL na stejném místě. Nechal jsem ho běžet 4 hodiny.
t Nic se neměnilo.
Je alternativa k ZOECu - co bych ještě zkusil ??
Problém s nesmyslnými znaky v Chrome trvá dále.

Log:

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Petr on po 26.02.2024 at 20:47:48,02.
Microsoft Windows 10 Home 10.0.19045 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\oem\Desktop\Antispyware\VYČIŠTĚNÍ PROHLÍŽEČE\ZOEK\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 20:49:39,47 =====

--- Create Environment Variables 20:49:41,33
--- Checking Input 20:50:09,61
--- Reset Hosts File 20:50:18,48
--- AU AppData Check 20:50:19,77
--- Remove From Windows Installer 20:50:23,80
--- Empty Folders Check 20:51:59,55
--- Registry HKLM Software Check 20:51:59,55
--- Quick Launch Shortcut Check 20:52:21,81
--- IE Startpage Check 20:52:34,43
--- Program Files DB Check 20:53:02,01
--- C:\Users\42060\AppData DB Check 20:53:43,90
--- C:\Users\Administrator\AppData DB Check 20:53:43,90
--- C:\Users\Default\AppData DB Check 20:53:43,90
--- C:\Users\Default.migrated\AppData DB Check 20:53:43,90
--- C:\Users\DefaultAppPool\AppData DB Check 20:53:43,90
--- C:\Users\defaultuser100000\AppData DB Check 20:53:43,90
--- C:\Users\MAC\AppData DB Check 20:53:43,90
--- C:\Users\oem\AppData DB Check 20:53:43,90
--- C:\Users\Petr Marek\AppData DB Check 20:53:43,90
--- C:\Users\TEMP\AppData DB Check 20:53:43,90
--- C:\Users\Veronika\AppData DB Check 20:53:43,90
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check 20:53:43,90
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check 20:53:43,90
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check 20:53:43,90
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check 20:53:43,90
--- C:\Users\oem DB Check 20:57:57,43
--- C:\PROGRA~3 DB Check 20:58:17,25
--- C:\Users\42060\AppData\Local DB Check 20:58:32,94
--- C:\Users\Administrator\AppData\Local DB Check 20:58:32,94
--- C:\Users\Default\AppData\Local DB Check 20:58:32,94
--- C:\Users\Default User\AppData\Local DB Check 20:58:32,94
--- C:\Users\Default.migrated\AppData\Local DB Check 20:58:32,94
--- C:\Users\DefaultAppPool\AppData\Local DB Check 20:58:32,94
--- C:\Users\defaultuser100000\AppData\Local DB Check 20:58:32,94
--- C:\Users\MAC\AppData\Local DB Check 20:58:32,94
--- C:\Users\oem\AppData\Local DB Check 20:58:32,94
--- C:\Users\TEMP\AppData\Local DB Check 20:58:32,94
--- C:\Users\Veronika\AppData\Local DB Check 20:58:32,94
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 20:58:32,94
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 20:58:32,94
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 20:58:32,94
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 20:58:32,94
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 21:01:21,94
--- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 21:01:29,70
--- Tasks DB Check 21:01:34,92
--- Tasks2 DB Check 21:01:38,15
--- Documents DB Check 21:02:02,37
--- Documents2 DB Check 21:02:12,39
--- C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\c3ows1zr.default DB Check 21:02:14,29
--- C:\Users\MAC\AppData\Roaming\Thunderbird\Profiles\mjxic9d3.default DB Check 21:02:14,29
--- C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default DB Check 21:02:14,29
--- C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default DB Check 21:02:14,29
--- C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\q5g3b1od.default DB Check 21:02:14,29
--- C:\Users\Veronika\AppData\Roaming\Thunderbird\Profiles\47xbx4i5.default DB Check 21:02:14,29
--- C:\Users\Public\Desktop DB Check 21:02:26,93
--- C:\Users\oem\Desktop DB Check 21:02:43,53
--- Services DB Check 21:02:52,50
--- FF prefs.js DB Check 21:03:22,96
--- Emptyclsid 21:06:59,37
--- Del by CLSID 21:07:02,78
--- Delete Services 21:08:11,56
--- Firefox Fix 21:08:13,62
--- Delete files\folders 21:08:19,71
--- Create Backups 21:08:19,84
--- Firefox Extensions 21:08:24,57

Bohužel není. Zoek a JRT jsou jedinými existujícími čističi prohlížečů. Z kuste se podívat na syst. soubory. Do přík řádku napište:

sfc /scannow

a odentrujte proběhne sken a příp. oprava systémových souborů. Pak znovu zkuste Toek. Je možné ho spustit i v nouz. režimu.

sfc /scannow jsem provedl.
Zoek se zaseknul na stejném místě i nouzovém režimu Windows.

Zkusíme to jinak. Pokud nevíte, k čemu patří C:\sw\clipboard_recorder_portable\$RGCBVYN.exe a C:\Program Files (x86)\PhraseExpress\phraseexpress.exe , oba soubory smažte. Bylko by dobře si je zazálohovat na nějakou flešku.

Oba programy používám už řadu let. Ten problém vznikl později. Tady příčina nebude.

Copy Recorder je aplikace určená pro správu dat ve schránce (clipboardu). Zaznamenává data, která byla přidána do schránky během práce v jiných programech. Tato data je možné kdykoli obnovit jejich vybráním z historie.
https://www.stahuj.cz/utility_a_ostatni ... -portable/

PhraseExpress je užitečná pomůcka pro správu a snadné vkládání nejčastěji používaných slov, frází či textových řetězců.
https://www.slunecnice.cz/sw/phraseexpress/

V podstatě mi jde o tohle:

ShortcutTarget: $RGCBVYN – zástupce.lnk -> C:\sw\clipboard_recorder_portable\$RGCBVYN.exe (LW-WORKS Software) [File not signed]

Ten program neznám a dosud jsem ho (co tu pamatuji) v jiné instalaci neviděl. No když víte o co go, nebudeme to řešit. Zkuste tedy obnovu systému k datu, kdy korektně fungoval. Obávám se, že toto způsobuje nějaká kombinace nainstalovaných programů, které se navzájem nesnáší. Ledaže byste si vzpomenul, co jste instaloval těsně před tím, než se problém objevil. Standardní čističe na nic závadného nenarazily.

VIRY.CZ

Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger

Re: Prosím o kontrolu logu FRST, podezření na Keylogger