VIRY.CZ

Zdravim

Mam poslednu dobu celkom spomalený počitač a nedavnomi malwarebyte našiel virus bitcoinminer a začali mi vyhadzovať chaty v prehliadači vedeli by ste mi pomôcť

Dakujem

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Logy su v .rar

OK. Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

prikladam log a adwcleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-21-2019
# Duration: 00:00:07
# OS: Windows 7 Professional N
# Cleaned: 10
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Cain
Deleted C:\Program Files\WiperSoft
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
Deleted C:\Users\Michal\AppData\Local\PCBooster

***** [ Files ] *****

Deleted C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\WIPERSOFT STARTUP

***** [ Registry ] *****

Deleted HKCU\Software\cain
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F13EB071-91BA-4C2E-9BD8-FE0C56EE195E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiperSoft Startup

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted SaveFrom.net helper

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1964 octets] - [21/04/2019 11:05:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Dejte nové logy FRST+Addition.

prikladam scan

Otevřte poznámkový blok a zkopírujte do něj:

Start

ClosePOrocesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {6E890349-D6FB-48DE-B625-83C85A8E8CFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
Task: {8B2EEC35-3855-4167-B850-E4457E550FF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
Task: {21DD45ED-374F-4302-8419-07AA962B7424} - System32\Tasks\{E8E26F00-F565-4AFD-A6BD-2D88B78EB8B1} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\VirtualBox-6.0.4-128413-Win.exe -d C:\Users\Michal\Downloads
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe" [X]
C:\Program Files\McAfee Security Scan
U3 aswbdisk; no ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michal\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Michal\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{DBFB37C4-8084-4B5B-9506-FFC4D6E80914}] => (Allow) C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{11524A14-D0D9-4E08-A44C-E08CABFEC03A}] => (Allow) C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [TCP Query User{F91A0F44-FF36-42AD-9DF1-02F6C80AB08E}C:\program files (x86)\sopas et\sopaset.exe] => (Allow) C:\program files (x86)\sopas et\sopaset.exe No File
FirewallRules: [UDP Query User{34D06BC0-15A4-40D8-A626-2CC59E6C539D}C:\program files (x86)\sopas et\sopaset.exe] => (Allow) C:\program files (x86)\sopas et\sopaset.exe No File
FirewallRules: [TCP Query User{B04622E6-355B-4A03-816D-12943F7EC95A}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [UDP Query User{1991B7C5-AB84-4F6B-B6FA-7AE86C27C3AD}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [TCP Query User{7990059F-CEC9-414E-A0F7-AD5A70689D9B}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [UDP Query User{AC03F8D6-9832-4404-AEC1-C46ACE6E8FD5}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [{27E7FABB-41FA-4AEF-AE84-E44AA0924AE1}] => (Allow) C:\Users\Michal\AppData\Local\Programs\Opera\58.0.3135.118\opera.exe No File
FirewallRules: [{600A5088-72BE-4343-92A1-0CE5A3665D63}] => (Allow) C:\Users\Michal\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe No File
FirewallRules: [{7B633400-26EC-4D9C-A440-323D449CCE2F}] => (Block) C:\Program Files\ESET\ESET Security\ekrn.exe No File

EmptyTemp:
End

Uložte do C:\Users\Michal\Desktop\FRST jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

prikladam fix log

Fix result of Farbar Recovery Scan Tool (x64) Version: 22.04.2019
Ran by Michal (23-04-2019 17:41:45) Run:1
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

ClosePOrocesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {6E890349-D6FB-48DE-B625-83C85A8E8CFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
Task: {8B2EEC35-3855-4167-B850-E4457E550FF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.)
Task: {21DD45ED-374F-4302-8419-07AA962B7424} - System32\Tasks\{E8E26F00-F565-4AFD-A6BD-2D88B78EB8B1} => C:\Windows\system32\pcalua.exe -a C:\Users\Michal\Downloads\VirtualBox-6.0.4-128413-Win.exe -d C:\Users\Michal\Downloads
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe" [X]
C:\Program Files\McAfee Security Scan
U3 aswbdisk; no ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michal\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Michal\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{DBFB37C4-8084-4B5B-9506-FFC4D6E80914}] => (Allow) C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{11524A14-D0D9-4E08-A44C-E08CABFEC03A}] => (Allow) C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [TCP Query User{F91A0F44-FF36-42AD-9DF1-02F6C80AB08E}C:\program files (x86)\sopas et\sopaset.exe] => (Allow) C:\program files (x86)\sopas et\sopaset.exe No File
FirewallRules: [UDP Query User{34D06BC0-15A4-40D8-A626-2CC59E6C539D}C:\program files (x86)\sopas et\sopaset.exe] => (Allow) C:\program files (x86)\sopas et\sopaset.exe No File
FirewallRules: [TCP Query User{B04622E6-355B-4A03-816D-12943F7EC95A}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [UDP Query User{1991B7C5-AB84-4F6B-B6FA-7AE86C27C3AD}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [TCP Query User{7990059F-CEC9-414E-A0F7-AD5A70689D9B}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [UDP Query User{AC03F8D6-9832-4404-AEC1-C46ACE6E8FD5}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe] => (Allow) C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe No File
FirewallRules: [{27E7FABB-41FA-4AEF-AE84-E44AA0924AE1}] => (Allow) C:\Users\Michal\AppData\Local\Programs\Opera\58.0.3135.118\opera.exe No File
FirewallRules: [{600A5088-72BE-4343-92A1-0CE5A3665D63}] => (Allow) C:\Users\Michal\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe No File
FirewallRules: [{7B633400-26EC-4D9C-A440-323D449CCE2F}] => (Block) C:\Program Files\ESET\ESET Security\ekrn.exe No File

EmptyTemp:
End
*****************

ClosePOrocesses: => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E890349-D6FB-48DE-B625-83C85A8E8CFC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E890349-D6FB-48DE-B625-83C85A8E8CFC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B2EEC35-3855-4167-B850-E4457E550FF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B2EEC35-3855-4167-B850-E4457E550FF3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21DD45ED-374F-4302-8419-07AA962B7424}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DD45ED-374F-4302-8419-07AA962B7424}" => removed successfully
C:\Windows\System32\Tasks\{E8E26F00-F565-4AFD-A6BD-2D88B78EB8B1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E8E26F00-F565-4AFD-A6BD-2D88B78EB8B1}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => removed successfully
McComponentHostService => service removed successfully
"C:\Program Files\McAfee Security Scan" => not found
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found

"C:\Users\Michal\AppData\Local\Temp" folder move:

Could not move "C:\Users\Michal\AppData\Local\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
HKU\S-1-5-21-2180884660-450883477-2478548842-1000_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBFB37C4-8084-4B5B-9506-FFC4D6E80914}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11524A14-D0D9-4E08-A44C-E08CABFEC03A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F91A0F44-FF36-42AD-9DF1-02F6C80AB08E}C:\program files (x86)\sopas et\sopaset.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34D06BC0-15A4-40D8-A626-2CC59E6C539D}C:\program files (x86)\sopas et\sopaset.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B04622E6-355B-4A03-816D-12943F7EC95A}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1991B7C5-AB84-4F6B-B6FA-7AE86C27C3AD}C:\programdata\sick\sopas\softsensors\inspectorpim60_v2.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7990059F-CEC9-414E-A0F7-AD5A70689D9B}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AC03F8D6-9832-4404-AEC1-C46ACE6E8FD5}C:\programdata\sick\sopas\softsensors\inspectorpim60_v1.0.0_3778_softsensor\softsensor\device\inspectorpim60.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27E7FABB-41FA-4AEF-AE84-E44AA0924AE1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{600A5088-72BE-4343-92A1-0CE5A3665D63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B633400-26EC-4D9C-A440-323D449CCE2F}" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 87088538 B
Java, Flash, Steam htmlcache => 2722 B
Windows/system/drivers => 931496669 B
Edge => 0 B
Chrome => 421479064 B
Firefox => 1073652134 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 266150 B
Michal => 4360220472 B

RecycleBin => 41061 B
EmptyTemp: => 6.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-04-2019 17:50:05)

C:\Users\Michal\AppData\Local\Temp => moved successfully

==== End of Fixlog 17:50:07 ====

Smazáno. Nastala nějaká změna?

Ano dialógové okno zmizlo aj PC už ide celkom v poriadku

Ďakujem

Nemáte zač!

VIRY.CZ

Zpomalený počitač a chatove okienka v prehliadači

Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači

Re: Zpomalený počitač a chatove okienka v prehliadači