Postupné ztrácení kontroly nad systémem

[pkeech]

hijackthis.zip

(16.37 KiB) Staženo 96 x

hijackthis.zip

(16.37 KiB) Staženo 96 x

Někdy cca již od konce srpna bojuji s Windows. Chvíli si myslím, že jde o hackery, pak to chvíli vypadá spíše jako ransomware. vždycky spybot, jindy to vypadá jen jako chyba Windowsu a nakonec mne to odzrobojí tím, že získá kontrolu doslova nad veškerou technikou v domácnosti. Zjistil jsem, že když se do toho nešťourá, tak nikdy/nebo dlouho než nastane neřešitelný kolaps (obvykle neopravitelný problém se síťovou kartou nebo přestane reagovat klávesnice. Jde to napříč zařízením od Windows 10, přes Android telefony, LG TV, O2 TV a dokonce je schopný převzít kontrolu nad Iphone SE2.
V poslední době mně připadalo, že se to zklidnilo ale dnes ráno se mi zřetelně zmenšily ikony a fonty a sama od sebe se začala zapínat a vypínat VPN Avast. Přikládám všechno co mám v přílohách.
Naprosto už netuším co s tím. Pro okolí jsem už bláznem, ale prostě opravdu mne děsí, když zničeho nic se v ruce prý nahacknutelný iphone začne zjevně reagovat na něco/někoho jiného.
Děkuji

[pkeech]

Omlouvám se...druhá příloha zde.

hijackthis-system.log.zip

(2.19 KiB) Staženo 84 x

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[pkeech]

Obavám se, že neproběhlo v pořádku.

[pkeech]

Ještě jsem zkusil udělat v nouzovém systému. Zde je asi více informací.

2020-12-12 13:12:20 : <INFO> [Button clicked] Glossary closed
2020-12-12 13:13:22 : <INFO> [Button clicked] Glossary closed
2020-12-12 13:13:32 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:13:33 : <INFO> [Button clicked] Scan
2020-12-12 13:13:33 : <INFO> [Scan] Started
2020-12-12 13:13:33 : <INFO> [Database] Downloading database
2020-12-12 13:13:36 : <INFO> [Database] Checking integrity
2020-12-12 13:13:36 : <INFO> [Database] Found 2667 families
2020-12-12 13:13:36 : <INFO> [Database] Database v "2020-11-23.1"
2020-12-12 13:13:37 : <INFO> [Loading paths] Local paths loaded
2020-12-12 13:13:37 : <INFO> [Loading paths] Chrome paths loaded
2020-12-12 13:13:37 : <INFO> [Loading paths] Firefox paths loaded
2020-12-12 13:13:37 : <INFO> [Loading paths] User Keys loaded
2020-12-12 13:13:37 : <INFO> [Module initialized] "File"
2020-12-12 13:13:37 : <INFO> [Module initialized] "Folder"
2020-12-12 13:13:37 : <INFO> [Module initialized] "RegistryKey"
2020-12-12 13:13:37 : <INFO> [Module initialized] "RegistryValue"
2020-12-12 13:13:37 : <INFO> [Module initialized] "TaskName"
2020-12-12 13:13:37 : <INFO> [Module initialized] "Service"
2020-12-12 13:13:37 : <INFO> [Module initialized] "Winlogon"
2020-12-12 13:13:38 : <INFO> [Module initialized] "URL"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegAppInit"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegClasses"
2020-12-12 13:13:38 : <INFO> [Module initialized] "DNS"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegFirewallPolicy"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegGuid"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegIEElevationPolicy"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegOther"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegProductID"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegSoftware"
2020-12-12 13:13:38 : <INFO> [Module initialized] "RegStartup"
2020-12-12 13:13:38 : <INFO> [Module initialized] "WMI"
2020-12-12 13:13:38 : <INFO> [Module initialized] "HostsFile"
2020-12-12 13:13:38 : <INFO> [Module initialized] "ChromiumExt"
2020-12-12 13:13:38 : <INFO> [Module initialized] "FirefoxExt"
2020-12-12 13:13:38 : <INFO> [Scan] Exclusions loaded
2020-12-12 13:13:53 : <INFO> [Telemetry] Sending to Influx
2020-12-12 13:13:54 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2020-12-12 13:13:54 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2020-12-12 13:13:54 : <INFO> [SslCert] Locality Name ()
2020-12-12 13:13:54 : <INFO> [SslCert] Organization ()
2020-12-12 13:13:54 : <INFO> [SslCert] Certificate EffectiveDate: "st lis 4 15:31:19 2020 GMT"
2020-12-12 13:13:54 : <INFO> [SslCert] Certificate ExpirationDate: "út úno 2 15:31:19 2021 GMT"
2020-12-12 13:13:54 : <INFO> [SslCert] ALPN: Yes
2020-12-12 13:13:54 : <INFO> [SslCert] Cipher: "ECDHE-ECDSA-AES256-GCM-SHA384"
2020-12-12 13:13:54 : <INFO> [SslCert] KXE: "ECDH"
2020-12-12 13:13:54 : <INFO> [SslCert] Protocol: "TLSv1.2"
2020-12-12 13:13:54 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2020-12-12 13:13:54 : <INFO> [Telemetry] Sending to DSE
2020-12-12 13:13:55 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2020-12-12 13:13:55 : <INFO> [SslCert] Issued to ("telemetry.malwarebytes.com")
2020-12-12 13:13:55 : <INFO> [SslCert] Locality Name ("Santa Clara")
2020-12-12 13:13:55 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2020-12-12 13:13:55 : <INFO> [SslCert] Certificate EffectiveDate: "et oíj 22 00:00:00 2020 GMT"
2020-12-12 13:13:55 : <INFO> [SslCert] Certificate ExpirationDate: "ne oíj 24 23:59:59 2021 GMT"
2020-12-12 13:13:55 : <INFO> [SslCert] ALPN: Yes
2020-12-12 13:13:55 : <INFO> [SslCert] Cipher: "ECDHE-ECDSA-AES256-GCM-SHA384"
2020-12-12 13:13:55 : <INFO> [SslCert] KXE: "ECDH"
2020-12-12 13:13:55 : <INFO> [SslCert] Protocol: "TLSv1.2"
2020-12-12 13:13:55 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2020-12-12 13:13:55 : <INFO> [Scan] Finished
2020-12-12 13:13:57 : <INFO> [Button clicked] View log
2020-12-12 13:14:04 : <INFO> [Button clicked] Log files menu item
2020-12-12 13:15:20 : <INFO> [Button clicked] Quarantine menu item
2020-12-12 13:15:20 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:15:25 : <INFO> [Button clicked] Basic repair
2020-12-12 13:15:30 : <INFO> [Button clicked] Dialog button clicked [ 2 ]
2020-12-12 13:15:30 : <INFO> [Cleaning] Started
2020-12-12 13:15:30 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0
2020-12-12 13:15:30 : <WARNING> [Cleaning] Unable to Open process - "System" 0
2020-12-12 13:15:30 : <WARNING> [Cleaning] Unable to Open process - "Registry" 0
2020-12-12 13:15:30 : <INFO> [Engine Additional Action] "Delete IFEO"
2020-12-12 13:15:31 : <INFO> [Engine Additional Action] "Delete Prefetch"
2020-12-12 13:15:31 : <INFO> [Engine Additional Action] "Delete Tracing Keys"
2020-12-12 13:15:31 : <INFO> [Engine Additional Action] "Reset BITS"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset Windows Firewall"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset Hosts File"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset IPSec"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset Chromium Policies"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset IE Policies"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset Proxy Settings"
2020-12-12 13:15:33 : <INFO> [Engine Additional Action] "Reset TCP/IP"
2020-12-12 13:15:34 : <INFO> [Engine Additional Action] "Reset Winsock"
2020-12-12 13:15:34 : <INFO> [Telemetry] Sending to Influx
2020-12-12 13:15:34 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
2020-12-12 13:15:34 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2020-12-12 13:15:34 : <INFO> [SslCert] Locality Name ()
2020-12-12 13:15:34 : <INFO> [SslCert] Organization ()
2020-12-12 13:15:34 : <INFO> [SslCert] Certificate EffectiveDate: "st lis 4 15:31:19 2020 GMT"
2020-12-12 13:15:34 : <INFO> [SslCert] Certificate ExpirationDate: "út úno 2 15:31:19 2021 GMT"
2020-12-12 13:15:34 : <INFO> [SslCert] ALPN: Yes
2020-12-12 13:15:34 : <INFO> [SslCert] Cipher: "ECDHE-ECDSA-AES256-GCM-SHA384"
2020-12-12 13:15:34 : <INFO> [SslCert] KXE: "ECDH"
2020-12-12 13:15:34 : <INFO> [SslCert] Protocol: "TLSv1.2"
2020-12-12 13:15:34 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2020-12-12 13:15:34 : <INFO> [Telemetry] Sending to DSE
2020-12-12 13:15:35 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2020-12-12 13:15:35 : <INFO> [SslCert] Issued to ("telemetry.malwarebytes.com")
2020-12-12 13:15:35 : <INFO> [SslCert] Locality Name ("Santa Clara")
2020-12-12 13:15:35 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2020-12-12 13:15:35 : <INFO> [SslCert] Certificate EffectiveDate: "et oíj 22 00:00:00 2020 GMT"
2020-12-12 13:15:35 : <INFO> [SslCert] Certificate ExpirationDate: "ne oíj 24 23:59:59 2021 GMT"
2020-12-12 13:15:35 : <INFO> [SslCert] ALPN: Yes
2020-12-12 13:15:35 : <INFO> [SslCert] Cipher: "ECDHE-ECDSA-AES256-GCM-SHA384"
2020-12-12 13:15:35 : <INFO> [SslCert] KXE: "ECDH"
2020-12-12 13:15:35 : <INFO> [SslCert] Protocol: "TLSv1.2"
2020-12-12 13:15:35 : <INFO> [Telemetry] Status code: QVariant(int, 201)
2020-12-12 13:15:35 : <INFO> [Cleaning] Finished
2020-12-12 13:15:35 : <CRITICAL> [TaskMan] Failed to save the task ( 0 )
2020-12-12 13:15:38 : <INFO> [Button clicked] Dialog button clicked [ 6 ]
2020-12-12 13:15:38 : <INFO> [Application] Closing AdwCleaner
2020-12-12 13:40:34 : <INFO> [Application] AdwCleaner 8 . 0 . 8 launched
2020-12-12 13:40:38 : <INFO> [AdwUpgrade] Checking application updates
2020-12-12 13:40:38 : <WARNING> Type conversion already registered from type QList<QPair<QByteArray,QByteArray> > to type QtMetaTypePrivate::QSequentialIterableImpl
2020-12-12 13:40:38 : <INFO> [Telemetry] Status code: QVariant(Invalid)
rkReply::UnknownNetworkError )
2020-12-12 13:40:38 : <WARNING> QIODevice::read (QDisabledNetworkReply): device not open
2020-12-12 13:40:40 : <INFO> [Button clicked] Scan
2020-12-12 13:40:40 : <INFO> [Scan] Started
2020-12-12 13:40:40 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::UnknownNetworkError )
2020-12-12 13:40:40 : <WARNING> QIODevice::read (QDisabledNetworkReply): device not open
2020-12-12 13:40:40 : <INFO> [Scan] Loading local database
2020-12-12 13:40:40 : <INFO> [Database] Checking integrity
2020-12-12 13:40:40 : <INFO> [Database] Found 2659 families
2020-12-12 13:40:40 : <INFO> [Database] Database v "2020-09-29.1"
2020-12-12 13:40:41 : <INFO> [Loading paths] Local paths loaded
2020-12-12 13:40:41 : <INFO> [Loading paths] Chrome paths loaded
2020-12-12 13:40:41 : <INFO> [Loading paths] Firefox paths loaded
2020-12-12 13:40:41 : <INFO> [Loading paths] User Keys loaded
2020-12-12 13:40:41 : <INFO> [Module initialized] "File"
2020-12-12 13:40:41 : <INFO> [Module initialized] "Folder"
2020-12-12 13:40:41 : <INFO> [Module initialized] "RegistryKey"
2020-12-12 13:40:41 : <INFO> [Module initialized] "RegistryValue"
2020-12-12 13:40:41 : <INFO> [Module initialized] "TaskName"
2020-12-12 13:40:41 : <INFO> [Module initialized] "Service"
2020-12-12 13:40:41 : <INFO> [Module initialized] "Winlogon"
2020-12-12 13:40:42 : <INFO> [Module initialized] "URL"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegAppInit"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegClasses"
2020-12-12 13:40:42 : <INFO> [Module initialized] "DNS"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegFirewallPolicy"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegGuid"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegIEElevationPolicy"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegOther"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegProductID"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegSoftware"
2020-12-12 13:40:42 : <INFO> [Module initialized] "RegStartup"
2020-12-12 13:40:42 : <INFO> [Module initialized] "WMI"
2020-12-12 13:40:42 : <INFO> [Module initialized] "HostsFile"
2020-12-12 13:40:42 : <INFO> [Module initialized] "ChromiumExt"
2020-12-12 13:40:42 : <INFO> [Module initialized] "FirefoxExt"
2020-12-12 13:40:42 : <INFO> [Scan] Exclusions loaded
2020-12-12 13:40:57 : <INFO> [Telemetry] Sending to Influx
2020-12-12 13:40:57 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:40:57 : <INFO> [Telemetry] Sending to DSE
2020-12-12 13:40:57 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:40:57 : <INFO> [Scan] Finished
2020-12-12 13:41:56 : <INFO> [Button clicked] Cancel
2020-12-12 13:41:58 : <INFO> [Button clicked] Scan
2020-12-12 13:41:58 : <INFO> [Scan] Started
2020-12-12 13:41:58 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::UnknownNetworkError )
2020-12-12 13:41:58 : <WARNING> QIODevice::read (QDisabledNetworkReply): device not open
2020-12-12 13:41:58 : <INFO> [Scan] Loading local database
2020-12-12 13:41:58 : <INFO> [Database] Checking integrity
2020-12-12 13:41:58 : <INFO> [Database] Found 2659 families
2020-12-12 13:41:58 : <INFO> [Database] Database v "2020-09-29.1"
2020-12-12 13:41:59 : <INFO> [Loading paths] Local paths loaded
2020-12-12 13:41:59 : <INFO> [Loading paths] Chrome paths loaded
2020-12-12 13:41:59 : <INFO> [Loading paths] Firefox paths loaded
2020-12-12 13:41:59 : <INFO> [Loading paths] User Keys loaded
2020-12-12 13:41:59 : <INFO> [Module initialized] "File"
2020-12-12 13:41:59 : <INFO> [Module initialized] "Folder"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegistryKey"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegistryValue"
2020-12-12 13:41:59 : <INFO> [Module initialized] "TaskName"
2020-12-12 13:41:59 : <INFO> [Module initialized] "Service"
2020-12-12 13:41:59 : <INFO> [Module initialized] "Winlogon"
2020-12-12 13:41:59 : <INFO> [Module initialized] "URL"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegAppInit"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegClasses"
2020-12-12 13:41:59 : <INFO> [Module initialized] "DNS"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegFirewallPolicy"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegGuid"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegIEElevationPolicy"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegOther"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegProductID"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegSoftware"
2020-12-12 13:41:59 : <INFO> [Module initialized] "RegStartup"
2020-12-12 13:41:59 : <INFO> [Module initialized] "WMI"
2020-12-12 13:41:59 : <INFO> [Module initialized] "HostsFile"
2020-12-12 13:41:59 : <INFO> [Module initialized] "ChromiumExt"
2020-12-12 13:41:59 : <INFO> [Module initialized] "FirefoxExt"
2020-12-12 13:41:59 : <INFO> [Scan] Exclusions loaded
2020-12-12 13:42:03 : <INFO> [Button clicked] Log files menu item
2020-12-12 13:42:04 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:42:07 : <INFO> [Button clicked] Quarantine menu item
2020-12-12 13:42:08 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:42:09 : <INFO> [Button clicked] Quarantine menu item
2020-12-12 13:42:10 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:42:13 : <INFO> [Telemetry] Sending to Influx
2020-12-12 13:42:14 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:42:14 : <INFO> [Telemetry] Sending to DSE
2020-12-12 13:42:14 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:42:14 : <INFO> [Scan] Finished
2020-12-12 13:42:47 : <INFO> [Button clicked] Quarantine menu item
2020-12-12 13:42:48 : <INFO> [Button clicked] Log files menu item
2020-12-12 13:42:48 : <INFO> [Button clicked] Settings menu item
2020-12-12 13:42:54 : <INFO> [Button clicked] Help menu item
2020-12-12 13:42:55 : <INFO> [Button clicked] Settings menu item
2020-12-12 13:42:57 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:42:58 : <INFO> [Button clicked] Log files menu item
2020-12-12 13:43:01 : <INFO> [Button clicked] Settings menu item
2020-12-12 13:43:05 : <INFO> [Button clicked] Dashboard menu item
2020-12-12 13:43:06 : <INFO> [Button clicked] Basic repair
2020-12-12 13:43:10 : <INFO> [Button clicked] Dialog button clicked [ 2 ]
2020-12-12 13:43:10 : <INFO> [Cleaning] Started
2020-12-12 13:43:10 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0
2020-12-12 13:43:10 : <WARNING> [Cleaning] Unable to Open process - "System" 0
2020-12-12 13:43:10 : <WARNING> [Cleaning] Unable to Open process - "Registry" 0
2020-12-12 13:43:10 : <WARNING> [Cleaning] Unable to Open process - "Memory Compression" 0
2020-12-12 13:43:11 : <WARNING> [Cleaning] Unable to Open process - "NisSrv.exe" 0
2020-12-12 13:43:11 : <WARNING> [Cleaning] Unable to Open process - "SgrmBroker.exe" 0
2020-12-12 13:43:11 : <WARNING> [Cleaning] Unable to Open process - "SecurityHealthService.exe" 0
2020-12-12 13:43:11 : <WARNING> [Cleaning] Unable to Open process - "sppsvc.exe" 0
2020-12-12 13:43:11 : <INFO> [Engine Additional Action] "Delete IFEO"
2020-12-12 13:43:11 : <INFO> [Engine Additional Action] "Delete Prefetch"
2020-12-12 13:43:11 : <INFO> [Engine Additional Action] "Delete Tracing Keys"
2020-12-12 13:43:16 : <INFO> [Engine Additional Action] "Reset BITS"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset Windows Firewall"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset Hosts File"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset IPSec"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset Chromium Policies"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset IE Policies"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset Proxy Settings"
2020-12-12 13:43:17 : <INFO> [Engine Additional Action] "Reset TCP/IP"
2020-12-12 13:43:18 : <INFO> [Engine Additional Action] "Reset Winsock"
2020-12-12 13:43:18 : <INFO> [Telemetry] Sending to Influx
2020-12-12 13:43:18 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:43:18 : <INFO> [Telemetry] Sending to DSE
2020-12-12 13:43:18 : <INFO> [Telemetry] Status code: QVariant(Invalid)
2020-12-12 13:43:18 : <INFO> [Cleaning] Finished
2020-12-12 13:43:21 : <INFO> [Button clicked] Dialog button clicked [ 6 ]
2020-12-12 13:43:21 : <INFO> [Application] Closing AdwCleaner
2020-12-12 13:44:53 : <INFO> [Application] AdwCleaner 8 . 0 . 8 launched
2020-12-12 13:45:08 : <INFO> [MBBanner] Checking Iris
2020-12-12 13:45:08 : <INFO> [IRIS] Making request
2020-12-12 13:45:08 : <INFO> [Telemetry] Sending hello
ication updates
2020-12-12 13:45:10 : <INFO> [Button clicked] View Log
2020-12-12 13:45:11 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::UnknownNetworkError )
2020-12-12 13:45:11 : <WARNING> QIODevice::read (QDisabledNetworkReply): device not open
2020-12-12 13:45:11 : <WARNING> QIODevice::read (QDisabledNetworkReply): device not open
2020-12-12 13:45:11 : <INFO> [IRIS] Failed

[Rudy]

Toto je log z čeho? Pro čištění PC mají význam jen ty logy, o které si řekneme. ADW nenašel nic. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

EmptyTemp:
End

Uložte C:\Users\Leech\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[pkeech]

Na disku jsem našel skrytou složku, ke které mám standardně odepřený přístup. Myslím si, že to naprosto souvisí s nemožností zbavit se škodlivého kódu reinstalací systému.Je zde setupact.log a posílám i celý obsah adresáře. Soubor nešel přiložit pro velikost (2.5 MB), posílám přes https://we.tl/t-FD16dFwwhL
Děkuji

[pkeech]

Jednalo se o LOG AdwCleaner_Debug
Provedl jsem FIX a přikládám log.

[Rudy]

OK. Přes tyto logy naprosto nemohu zbavit váš PC škodlivého kódu. Zatím jsem nepřišel na žádný. Dávejte sem jen ty logy, o něž vás požádám. Zo, co jste poslal před vaším posledním příspěvkem neřeší nic. Nic nenašel ani FRST, to jsme mazali, byly jen zbytečnosti. Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . V odkazu stáhnete jinou verzi, než tu, která se uvádí ve vláknu. Utilitu stáhněte, spusťte a nechte pracovat. Po skončení akce smažte vše, co eventuálně najde.

[pkeech]

Dobrý den, omlouvám se za pozdní odpověď a prosím o ukončení vlákna. PC se následně zhroutilo a Já zapomněl dát zprávu.

[Rudy]

OK, zamykám.