VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Malware v počítači

https://forum.viry.cz:443/viewtopic.php?t=155926

Stránka 1 z 1

Malware v počítači

Napsal: 12 kvě 2019 21:32
od poetix_
Dobrý den, ráda bych se zeptala zda je můj počítač v pořádku. Narazila jsem již na pár virů při použití zmíněného AdwCleaneru od Malwarebytes, ale pořád mám pocit, že tam někde něco je. Disk jede na 100% po zapnutí počítače, neklesá ani po pár hodinách. Díky za odpověď.
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-12-2019
# Duration: 00:00:22
# OS: Windows 10 Home
# Cleaned: 73
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\ProxyGate
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\ByteFence
Deleted C:\ProgramData\FileViewPro
Deleted C:\ProgramData\Host App Service
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted C:\ProgramData\Solvusoft
Deleted C:\ProgramData\ytd video downloader
Deleted C:\Users\tucek\AppData\Local\Host App Service
Deleted C:\Users\tucek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\tucek\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\tucek\AppData\Roaming\SPI
Deleted C:\Users\tucek\AppData\Roaming\Seznam.cz
Deleted C:\Users\tucek\AppData\Roaming\Solvusoft
Deleted C:\Users\tucek\AppData\Roaming\WinThruster
Deleted C:\Windows\Installer\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\simpliclean.lnk
Deleted C:\Users\tucek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youtube.lnk
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\POWER SUITE
Deleted C:\Windows\System32\Tasks\POWER SUITE (TRAY)
Deleted C:\Windows\Tasks\POWER SUITE (TRAY).JOB
Deleted C:\Windows\Tasks\POWER SUITE.JOB

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_00769fdd5a07b61dba64e72f56b32b63abc9fd44
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_322460fb8f47d8cb14cd883b17b5e0dd233a7768
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_40aecc4d902a9b7ddffa8a0a80a9b1aeb54021df
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_eadb86253068dc3c9bb0f55c26248e321f071368
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\AppDataLow\Software\Seznam.cz
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B087C78-B89D-446F-B401-8565FED383C2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B087C78-B89D-446F-B401-8565FED383C2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3095FBD3-2A3D-40E6-B570-889E232E6F40}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Suite
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Suite (Tray)
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\Software\Classes\IsLicense50.IsLicenseMgr
Deleted HKLM\Software\Common Toolkit Suite
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Seznam.cz
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKU\.DEFAULT\Software\ByteFence
Deleted HKU\S-1-5-18\Software\ByteFence

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8196 octets] - [12/05/2019 22:07:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Malware v počítači

Napsal: 13 kvě 2019 09:06
od Rudy
Zdravím!
To, co smazal ADW jsou převážně AdWary. K dočištění dejte ještě logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Malware v počítači

Napsal: 15 kvě 2019 08:07
od poetix_
Přikládám jako archiv.

Re: Malware v počítači

Napsal: 15 kvě 2019 09:42
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\...\MountPoints2: {35eafb50-374c-11e9-afe9-4ccc6a1559ae} - "D:\HiSuiteDownLoader.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {72386265-1BDF-4544-8E98-EA1DB1D24A6B} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {7B86A38E-FEE2-46D0-A178-474D2AB895C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {F01083D7-3A49-48FB-A4FA-FB6F27D9AC41} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8AAF2CD-91F3-4625-91E3-DC4E96120F79} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> DefaultScope {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:86A2B03C [147]
AlternateDataStreams: C:\ProgramData\Temp:ADAB671B [264]
AlternateDataStreams: C:\ProgramData\Temp:B3ED3AFF [286]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [382]
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD [120]
AlternateDataStreams: C:\ProgramData\Temp:EF794BCD [116]
AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
FirewallRules: [{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Malware v počítači

Napsal: 15 kvě 2019 10:18
od poetix_
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
Ran by tucek (15-05-2019 11:07:30) Run:1
Running from C:\Users\tucek\Desktop
Loaded Profiles: tucek (Available Profiles: tucek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\...\MountPoints2: {35eafb50-374c-11e9-afe9-4ccc6a1559ae} - "D:\HiSuiteDownLoader.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {72386265-1BDF-4544-8E98-EA1DB1D24A6B} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {7B86A38E-FEE2-46D0-A178-474D2AB895C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {F01083D7-3A49-48FB-A4FA-FB6F27D9AC41} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8AAF2CD-91F3-4625-91E3-DC4E96120F79} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> DefaultScope {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:86A2B03C [147]
AlternateDataStreams: C:\ProgramData\Temp:ADAB671B [264]
AlternateDataStreams: C:\ProgramData\Temp:B3ED3AFF [286]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [382]
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD [120]
AlternateDataStreams: C:\ProgramData\Temp:EF794BCD [116]
AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
FirewallRules: [{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35eafb50-374c-11e9-afe9-4ccc6a1559ae} => removed successfully
HKLM\Software\Classes\CLSID\{35eafb50-374c-11e9-afe9-4ccc6a1559ae} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72386265-1BDF-4544-8E98-EA1DB1D24A6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72386265-1BDF-4544-8E98-EA1DB1D24A6B}" => removed successfully
C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B86A38E-FEE2-46D0-A178-474D2AB895C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B86A38E-FEE2-46D0-A178-474D2AB895C3}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F01083D7-3A49-48FB-A4FA-FB6F27D9AC41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F01083D7-3A49-48FB-A4FA-FB6F27D9AC41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AAF2CD-91F3-4625-91E3-DC4E96120F79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AAF2CD-91F3-4625-91E3-DC4E96120F79}" => removed successfully
C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core" => removed successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CA72B27-7D65-4881-A5B9-70283716CD7F} => removed successfully
HKLM\Software\Classes\CLSID\{8CA72B27-7D65-4881-A5B9-70283716CD7F} => not found
"HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\ProgramData\Temp => ":86A2B03C" ADS removed successfully
C:\ProgramData\Temp => ":ADAB671B" ADS removed successfully
C:\ProgramData\Temp => ":B3ED3AFF" ADS removed successfully
C:\ProgramData\Temp => ":CB959782" ADS removed successfully
C:\ProgramData\Temp => ":DDEB08FD" ADS removed successfully
C:\ProgramData\Temp => ":EF794BCD" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 755943301 B
Java, Flash, Steam htmlcache => 267739364 B
Windows/system/drivers => 4434416 B
Edge => 13349280 B
Chrome => 15641803 B
Firefox => 0 B
Opera => 391477476 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33554 B
LocalService => 0 B
NetworkService => 33294 B
NetworkService => 0 B
tucek => 139908194 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:12:06 ====

Re: Malware v počítači

Napsal: 15 kvě 2019 13:21
od Rudy
Smazáno. Nastala nějaká změna?
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz