Kontrola logu problemy malwarebytes

[cesarion]

Dobrý den provádel jsem rutiní kontrolu a vyskočilo na mě:

Malwarebytes
http://www.malwarebytes.com

-Log Details-
Scan Date: 7/12/19
Scan Time: 5:33 PM
Log File: 690c6648-a4ba-11e9-ad12-708bcda31ff2.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11522
License: Free

-System Information-
OS: Windows 10 (Build 17763.557)
CPU: x64
File System: NTFS
User: DESKTOP-TOP8B4Q\marys

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 331124
Threats Detected: 12
Threats Quarantined: 12
Time Elapsed: 5 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, [753], [676733],1.0.11522
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35D35B7B-2E56-40FA-99A7-C8681112CA89}, Quarantined, [753], [676733],1.0.11522
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{35D35B7B-2E56-40FA-99A7-C8681112CA89}, Quarantined, [753], [676733],1.0.11522
Trojan.FakeMS.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, [4085], [-1],0.0.0
Trojan.FakeMS.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35D35B7B-2E56-40FA-99A7-C8681112CA89}, Quarantined, [4085], [-1],0.0.0
Trojan.FakeMS.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35D35B7B-2E56-40FA-99A7-C8681112CA89}, Quarantined, [4085], [-1],0.0.0

Registry Value: 1
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|winlogui, Quarantined, [753], [646232],1.0.11522

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
Trojan.FakeMS, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, Quarantined, [753], [646232],1.0.11522
Trojan.FakeMS, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, [753], [676733],1.0.11522
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Quarantined, [4085], [676767],1.0.11522
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, [4085], [-1],0.0.0
PUP.Optional.Seznam, D:\DOWNLOAD\FLV-TO-MP4-ENCODER.EXE, Quarantined, [614], [623984],1.0.11522

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Děkuji

[Conder]

Ahoj

Urob v Malwarebytes uplny sken:

• Otvor Malwarebytes a vlavo klikni na "Skenovat"
• Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
• Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
• Klikni na Skenovat teraz a pockaj na dokoncenie
• Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
• Skopirovany log vloz do dalsej odpovede
• Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868

[cesarion]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 12.07.19
Čas skenování: 19:38
Logovací soubor: e2422938-a4cb-11e9-b26d-708bcda31ff2.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.11522
Licence: Bezplatný

-Systémová informace-
OS: Windows 10 (Build 17763.557)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-TOP8B4Q\marys

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 1775171
Zjištěné hrozby: 4
Hrozby umístěné do karantény: 0
Uplynulý čas: 17 hod, 41 min, 12 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 4
Trojan.Swrort, E:\DF\LNP\UTILITIES\DWARF MOCKUP\DWARFMOCKUP-1.2.0.EXE, Žádná uživatelská akce, [7645], [565860],1.0.11522
HackTool.FilePatch, D:\USERS\MARYS\DOWNLOADS\OBVIOUSIDEA LIGHT IMAGE RESIZER\OBVIOUSIDEA LIGHT IMAGE RESIZER V5.0.3.1.7Z, Žádná uživatelská akce, [7688], [281135],1.0.11522
Generic.Malware/Suspicious, D:\USERS\MARYS\DOWNLOADS\PRODUKEY (1).ZIP, Žádná uživatelská akce, [0], [392686],1.0.11522
Generic.Malware/Suspicious, D:\USERS\MARYS\DOWNLOADS\PRODUKEY.ZIP, Žádná uživatelská akce, [0], [392686],1.0.11522

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Conder]

Nalezy Malwarebytes mozes zmazat.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[cesarion]

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-14-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1384 octets] - [31/03/2019 16:14:03]
AdwCleaner[C00].txt - [1532 octets] - [31/03/2019 16:16:52]
AdwCleaner[S01].txt - [1371 octets] - [31/03/2019 17:53:05]
AdwCleaner[S02].txt - [1432 octets] - [15/04/2019 01:28:24]
AdwCleaner[S03].txt - [1493 octets] - [24/05/2019 14:04:16]
AdwCleaner[C03].txt - [1679 octets] - [24/05/2019 14:04:33]
AdwCleaner[S04].txt - [1615 octets] - [24/05/2019 14:08:07]
AdwCleaner[S05].txt - [1676 octets] - [14/07/2019 18:59:24]
AdwCleaner[S06].txt - [1737 octets] - [14/07/2019 19:00:18]
AdwCleaner[S07].txt - [1798 octets] - [14/07/2019 19:01:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########

[Conder]

Poprosim o obidva nove logy z FRST.

[cesarion]

Děkuju posílám

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  VirusTotal: C:\ProgramData\{ybvuwci.uhn
  File: C:\ProgramData\{ybvuwci.uhn
  
  2019-06-29 21:55 - 2019-06-29 21:55 - 000012554 _____ C:\ProgramData\{ybvuwci.uhn
  2019-06-29 21:55 - 2019-06-29 21:55 - 000000000 _____ C:\ProgramData\678759991
  CustomCLSID: HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\marys\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
  ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
  ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
  ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
  ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
  ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
  ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
  AlternateDataStreams: C:\Users\marys\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
  AlternateDataStreams: C:\Users\marys\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
  AlternateDataStreams: C:\Users\marys\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
  AlternateDataStreams: C:\Users\marys\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
  AlternateDataStreams: C:\Users\marys\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
  AlternateDataStreams: C:\Users\marys\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
  AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
  FirewallRules: [TCP Query User{C7BCC820-BD93-4AD8-8EEE-7513DC6DCECE}C:\users\marys\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\marys\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
  FirewallRules: [UDP Query User{B0CDF0B1-4659-4FCA-BA58-BAA4AD0F4473}C:\users\marys\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\marys\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[cesarion]

Restart si nevyzadal fixlog byl tento


Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by marys (16-07-2019 17:57:29) Run:2
Running from C:\Users\marys\Desktop
Loaded Profiles: marys (Available Profiles: marys & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses
CreateRestorePoint

PowerShell Get-ChildItem -Path $ENVUSERPROFILEDesktop -Recurse -Force Measure-Object -Property Length -Sum
VirusTotal CProgramData{ybvuwci.uhn
File CProgramData{ybvuwci.uhn

2019-06-29 2155 - 2019-06-29 2155 - 000012554 _____ CProgramData{ybvuwci.uhn
2019-06-29 2155 - 2019-06-29 2155 - 000000000 _____ CProgramData678759991
CustomCLSID HKUS-1-5-21-1410936417-1045171731-3576322853-1001_ClassesCLSID{62634D95-960B-4834-8E71-A70408AD8FD9}InprocServer32 - CUsersmarysAppDataLocalGoogleUpdate1.3.34.7psuser_64.dll = No File
ContextMenuHandlers1 [7-Zip] - {23170F69-40C1-278A-1000-000100020000} = - No File
ContextMenuHandlers1 [ANotepad++64] - {B298D29A-A6ED-11DE-BA8C-A68E55D89593} = - No File
ContextMenuHandlers1 [BriefcaseMenu] - {85BBD920-42A0-1069-A2E4-08002B30309D} = - No File
ContextMenuHandlers3 [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] - {4A7C4306-57E0-4C0C-83A9-78C1528F618C} = - No File
ContextMenuHandlers4 [7-Zip] - {23170F69-40C1-278A-1000-000100020000} = - No File
ContextMenuHandlers6 [BriefcaseMenu] - {85BBD920-42A0-1069-A2E4-08002B30309D} = - No File
AlternateDataStreams CUsersmarysApplication Data00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams CUsersmarysApplication Data6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams CUsersmarysData aplikac�00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams CUsersmarysData aplikac�6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams CUsersmarysAppDataRoaming00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams CUsersmarysAppDataRoaming6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams CUsersPublicShared FilesVersionCache [480]
FirewallRules [TCP Query User{C7BCC820-BD93-4AD8-8EEE-7513DC6DCECE}Cusersmarysappdatalocalgooglechromeapplicationchrome.exe] = (Block) Cusersmarysappdatalocalgooglechromeapplicationchrome.exe (Google LLC - Google LLC)
FirewallRules [UDP Query User{B0CDF0B1-4659-4FCA-BA58-BAA4AD0F4473}Cusersmarysappdatalocalgooglechromeapplicationchrome.exe] = (Block) Cusersmarysappdatalocalgooglechromeapplicationchrome.exe (Google LLC - Google LLC)

Hosts
EmptyTemp
End
*****************

CloseProcesses => Error: No automatic fix found for this entry.
CreateRestorePoint => Error: No automatic fix found for this entry.
PowerShell Get-ChildItem -Path $ENVUSERPROFILEDesktop -Recurse -Force Measure-Object -Property Length -Sum => Error: No automatic fix found for this entry.
VirusTotal CProgramData{ybvuwci.uhn => Error: No automatic fix found for this entry.
File CProgramData{ybvuwci.uhn => Error: No automatic fix found for this entry.
"2019-06-29 2155 - 2019-06-29 2155 - 000012554 _____ CProgramData{ybvuwci.uhn" => not found
"2019-06-29 2155 - 2019-06-29 2155 - 000000000 _____ CProgramData678759991" => not found
CustomCLSID HKUS-1-5-21-1410936417-1045171731-3576322853-1001_ClassesCLSID{62634D95-960B-4834-8E71-A70408AD8FD9}InprocServer32 - CUsersmarysAppDataLocalGoogleUpdate1.3.34.7psuser_64.dll = No File => Error: No automatic fix found for this entry.
ContextMenuHandlers1 [7-Zip] - {23170F69-40C1-278A-1000-000100020000} = - No File => Error: No automatic fix found for this entry.
ContextMenuHandlers1 [ANotepad++64] - {B298D29A-A6ED-11DE-BA8C-A68E55D89593} = - No File => Error: No automatic fix found for this entry.
ContextMenuHandlers1 [BriefcaseMenu] - {85BBD920-42A0-1069-A2E4-08002B30309D} = - No File => Error: No automatic fix found for this entry.
ContextMenuHandlers3 [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] - {4A7C4306-57E0-4C0C-83A9-78C1528F618C} = - No File => Error: No automatic fix found for this entry.
ContextMenuHandlers4 [7-Zip] - {23170F69-40C1-278A-1000-000100020000} = - No File => Error: No automatic fix found for this entry.
ContextMenuHandlers6 [BriefcaseMenu] - {85BBD920-42A0-1069-A2E4-08002B30309D} = - No File => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysApplication Data00e481b5e22dbe1f649fcddd505d3eb7 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysApplication Data6699d3ee8dd9cf775caae782c8f44f03 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysData aplikac�00e481b5e22dbe1f649fcddd505d3eb7 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysData aplikac�6699d3ee8dd9cf775caae782c8f44f03 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysAppDataRoaming00e481b5e22dbe1f649fcddd505d3eb7 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersmarysAppDataRoaming6699d3ee8dd9cf775caae782c8f44f03 [394] => Error: No automatic fix found for this entry.
AlternateDataStreams CUsersPublicShared FilesVersionCache [480] => Error: No automatic fix found for this entry.
FirewallRules [TCP Query User{C7BCC820-BD93-4AD8-8EEE-7513DC6DCECE}Cusersmarysappdatalocalgooglechromeapplicationchrome.exe] = (Block) Cusersmarysappdatalocalgooglechromeapplicationchrome.exe (Google LLC - Google LLC) => Error: No automatic fix found for this entry.
FirewallRules [UDP Query User{B0CDF0B1-4659-4FCA-BA58-BAA4AD0F4473}Cusersmarysappdatalocalgooglechromeapplicationchrome.exe] = (Block) Cusersmarysappdatalocalgooglechromeapplicationchrome.exe (Google LLC - Google LLC) => Error: No automatic fix found for this entry.
Hosts => Error: No automatic fix found for this entry.
EmptyTemp => Error: No automatic fix found for this entry.

==== End of Fixlog 17:57:29 ====

[Conder]

Fixlist bol zle skopirovany, chybaju v nom lomitka a dvojbodky. Je potrebne to spustit este raz.

[cesarion]

aha omlouvám se

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by marys (16-07-2019 23:01:23) Run:3
Running from C:\Users\marys\Desktop
Loaded Profiles: marys (Available Profiles: marys & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
VirusTotal: C:\ProgramData\{ybvuwci.uhn
File: C:\ProgramData\{ybvuwci.uhn

2019-06-29 21:55 - 2019-06-29 21:55 - 000012554 _____ C:\ProgramData\{ybvuwci.uhn
2019-06-29 21:55 - 2019-06-29 21:55 - 000000000 _____ C:\ProgramData\678759991
CustomCLSID: HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\marys\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\Users\marys\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\marys\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
FirewallRules: [TCP Query User{C7BCC820-BD93-4AD8-8EEE-7513DC6DCECE}C:\users\marys\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\marys\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{B0CDF0B1-4659-4FCA-BA58-BAA4AD0F4473}C:\users\marys\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\marys\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 123
Average :
Sum : 9052863
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

VirusTotal: C:\ProgramData\{ybvuwci.uhn => https://www.virustotal.com/file/d0a2586 ... 563310903/

========================= File: C:\ProgramData\{ybvuwci.uhn ========================

C:\ProgramData\{ybvuwci.uhn
File not signed
MD5: 05D7668666B718C41F8CE57C65F5265E
Creation and modification date: 2019-06-29 21:55 - 2019-06-29 21:55
Size: 000012554
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

C:\ProgramData\{ybvuwci.uhn => moved successfully
C:\ProgramData\678759991 => moved successfully
HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
C:\Users\marys\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\marys\Application Data => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
"C:\Users\marys\Data aplikací" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\marys\Data aplikací" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
"C:\Users\marys\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\marys\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7BCC820-BD93-4AD8-8EEE-7513DC6DCECE}C:\users\marys\appdata\local\google\chrome\application\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B0CDF0B1-4659-4FCA-BA58-BAA4AD0F4473}C:\users\marys\appdata\local\google\chrome\application\chrome.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 221651323 B
Java, Flash, Steam htmlcache => 417382243 B
Windows/system/drivers => 46484063 B
Edge => 3592743 B
Chrome => 487859922 B
Firefox => 113205581 B
Opera => 36231344 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 44092 B
LocalService => 0 B
NetworkService => 3614 B
NetworkService => 0 B
marys => 661431521 B
Administrator => 48702065 B

RecycleBin => 215142 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:04:25 ====

[Conder]

Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

[cesarion]

Tak jediný problém bylo, že mi malwarebytes vyhodil ten první nález co je v prvním příspěvku, který me hodně vyděsil pc zatím jede v pohodě. Děkuji

[Conder]

Ano, tie nalezy vyzerali na malware, ale PC by uz mal byt cisty.

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[cesarion]

Super šikovné děkuji log asi neni potreba smazalo to všechny nástroje a nic navíc.