Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware v počítači

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
poetix_
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 12 kvě 2019 21:27

Malware v počítači

#1 Příspěvek od poetix_ »

Dobrý den, ráda bych se zeptala zda je můj počítač v pořádku. Narazila jsem již na pár virů při použití zmíněného AdwCleaneru od Malwarebytes, ale pořád mám pocit, že tam někde něco je. Disk jede na 100% po zapnutí počítače, neklesá ani po pár hodinách. Díky za odpověď.
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-12-2019
# Duration: 00:00:22
# OS: Windows 10 Home
# Cleaned: 73
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\ProxyGate
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\ByteFence
Deleted C:\ProgramData\FileViewPro
Deleted C:\ProgramData\Host App Service
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted C:\ProgramData\Solvusoft
Deleted C:\ProgramData\ytd video downloader
Deleted C:\Users\tucek\AppData\Local\Host App Service
Deleted C:\Users\tucek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\tucek\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\tucek\AppData\Roaming\SPI
Deleted C:\Users\tucek\AppData\Roaming\Seznam.cz
Deleted C:\Users\tucek\AppData\Roaming\Solvusoft
Deleted C:\Users\tucek\AppData\Roaming\WinThruster
Deleted C:\Windows\Installer\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\simpliclean.lnk
Deleted C:\Users\tucek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youtube.lnk
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\POWER SUITE
Deleted C:\Windows\System32\Tasks\POWER SUITE (TRAY)
Deleted C:\Windows\Tasks\POWER SUITE (TRAY).JOB
Deleted C:\Windows\Tasks\POWER SUITE.JOB

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_00769fdd5a07b61dba64e72f56b32b63abc9fd44
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_322460fb8f47d8cb14cd883b17b5e0dd233a7768
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_40aecc4d902a9b7ddffa8a0a80a9b1aeb54021df
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HostAppService_eadb86253068dc3c9bb0f55c26248e321f071368
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\AppDataLow\Software\Seznam.cz
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B087C78-B89D-446F-B401-8565FED383C2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B087C78-B89D-446F-B401-8565FED383C2}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3095FBD3-2A3D-40E6-B570-889E232E6F40}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Suite
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Suite (Tray)
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\Software\Classes\IsLicense50.IsLicenseMgr
Deleted HKLM\Software\Common Toolkit Suite
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Seznam.cz
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKU\.DEFAULT\Software\ByteFence
Deleted HKU\S-1-5-18\Software\ByteFence

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8196 octets] - [12/05/2019 22:07:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112204
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware v počítači

#2 Příspěvek od Rudy »

Zdravím!
To, co smazal ADW jsou převážně AdWary. K dočištění dejte ještě logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

poetix_
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 12 kvě 2019 21:27

Re: Malware v počítači

#3 Příspěvek od poetix_ »

Přikládám jako archiv.
Přílohy
logy.rar
(48.04 KiB) Staženo 28 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112204
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware v počítači

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\...\MountPoints2: {35eafb50-374c-11e9-afe9-4ccc6a1559ae} - "D:\HiSuiteDownLoader.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {72386265-1BDF-4544-8E98-EA1DB1D24A6B} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {7B86A38E-FEE2-46D0-A178-474D2AB895C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {F01083D7-3A49-48FB-A4FA-FB6F27D9AC41} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8AAF2CD-91F3-4625-91E3-DC4E96120F79} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> DefaultScope {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:86A2B03C [147]
AlternateDataStreams: C:\ProgramData\Temp:ADAB671B [264]
AlternateDataStreams: C:\ProgramData\Temp:B3ED3AFF [286]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [382]
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD [120]
AlternateDataStreams: C:\ProgramData\Temp:EF794BCD [116]
AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
FirewallRules: [{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

poetix_
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 12 kvě 2019 21:27

Re: Malware v počítači

#5 Příspěvek od poetix_ »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
Ran by tucek (15-05-2019 11:07:30) Run:1
Running from C:\Users\tucek\Desktop
Loaded Profiles: tucek (Available Profiles: tucek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\...\MountPoints2: {35eafb50-374c-11e9-afe9-4ccc6a1559ae} - "D:\HiSuiteDownLoader.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {72386265-1BDF-4544-8E98-EA1DB1D24A6B} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {7B86A38E-FEE2-46D0-A178-474D2AB895C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {F01083D7-3A49-48FB-A4FA-FB6F27D9AC41} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8AAF2CD-91F3-4625-91E3-DC4E96120F79} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => C:\Users\tucek\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-07] (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> DefaultScope {8CA72B27-7D65-4881-A5B9-70283716CD7F} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-233674013-3920218495-3203650620-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:86A2B03C [147]
AlternateDataStreams: C:\ProgramData\Temp:ADAB671B [264]
AlternateDataStreams: C:\ProgramData\Temp:B3ED3AFF [286]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [382]
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD [120]
AlternateDataStreams: C:\ProgramData\Temp:EF794BCD [116]
AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
FirewallRules: [{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35eafb50-374c-11e9-afe9-4ccc6a1559ae} => removed successfully
HKLM\Software\Classes\CLSID\{35eafb50-374c-11e9-afe9-4ccc6a1559ae} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B4122D5-D4B6-4FD1-9B67-7E3D57693D7E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72386265-1BDF-4544-8E98-EA1DB1D24A6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72386265-1BDF-4544-8E98-EA1DB1D24A6B}" => removed successfully
C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B86A38E-FEE2-46D0-A178-474D2AB895C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B86A38E-FEE2-46D0-A178-474D2AB895C3}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F01083D7-3A49-48FB-A4FA-FB6F27D9AC41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F01083D7-3A49-48FB-A4FA-FB6F27D9AC41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AAF2CD-91F3-4625-91E3-DC4E96120F79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AAF2CD-91F3-4625-91E3-DC4E96120F79}" => removed successfully
C:\WINDOWS\System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskUserS-1-5-21-233674013-3920218495-3203650620-1001Core" => removed successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CA72B27-7D65-4881-A5B9-70283716CD7F} => removed successfully
HKLM\Software\Classes\CLSID\{8CA72B27-7D65-4881-A5B9-70283716CD7F} => not found
"HKU\S-1-5-21-233674013-3920218495-3203650620-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-233674013-3920218495-3203650620-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\tucek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\ProgramData\Temp => ":86A2B03C" ADS removed successfully
C:\ProgramData\Temp => ":ADAB671B" ADS removed successfully
C:\ProgramData\Temp => ":B3ED3AFF" ADS removed successfully
C:\ProgramData\Temp => ":CB959782" ADS removed successfully
C:\ProgramData\Temp => ":DDEB08FD" ADS removed successfully
C:\ProgramData\Temp => ":EF794BCD" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACAFBB01-A93B-4F31-9051-8E3A9DB07D87}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 755943301 B
Java, Flash, Steam htmlcache => 267739364 B
Windows/system/drivers => 4434416 B
Edge => 13349280 B
Chrome => 15641803 B
Firefox => 0 B
Opera => 391477476 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 33554 B
LocalService => 0 B
NetworkService => 33294 B
NetworkService => 0 B
tucek => 139908194 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:12:06 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 112204
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware v počítači

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět