VIRY.CZ

Dobry den,
pravdepodobne mam nejakeho trojana nebo podobnou mrchu, muzete mi na to kouknout?
Dekuji

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-04-2019
# Duration: 00:00:19
# OS: Windows 10 Pro
# Scanned: 31852
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Chip C:\Users\Hanka\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
PUP.Optional.DriverPack C:\Users\Hanka\AppData\Roaming\DRPSu
PUP.Optional.Solvusoft C:\Users\Hanka\AppData\Roaming\WinThruster
PUP.Optional.Solvusoft C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft C:\Users\Hanka\AppData\Roaming\Solvusoft

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Chip HKLM\SYSTEM\Setup\FirstBoot\Services\chip1click
PUP.Optional.Chip HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
PUP.Optional.DriverPack HKCU\Software\drpsu
PUP.Optional.DriverPack HKLM\Software\Wow6432Node\drpsu
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.Seznam.cz HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
PUP.Optional.Seznam.cz HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
PUP.Optional.Seznam.cz HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
PUP.Optional.Seznam.cz HKCU\Software\Seznam.cz

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.My-search my-search.com



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Nálezy ADW smažte, restartujte a dejte nové logy FRST+Addition.

provedeno, viz log

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Hanka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Hanka\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {1254A346-2A6C-4F94-B176-B49EB2F5E064} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3FA0D57F-02C8-4CD8-8FD8-A82D2C0940B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B2A1FEF2-1B42-4A74-9B5B-1F46AC5F6EF6} - System32\Tasks\{DFB8B7FD-5478-4C73-932D-6698618B5194} => C:\Windows\system32\pcalua.exe -a C:\Users\Hanka\Desktop\jre-6-windows-i586-iftw.exe -d C:\Users\Hanka\Desktop
Task: {ED67C0B0-F28F-4900-A717-0C92137C0E48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{C5E6F3F4-DC37-4EF0-A648-2EC982C059F6}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS2416\HP.EasyStart.exe No File
FirewallRules: [{E712BB6F-C2DF-4F8B-ACA7-DEA9EBE05FE3}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS4350\HP.EasyStart.exe No File
FirewallRules: [{56CC66C4-ED76-4618-B624-194DE2780F2F}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS150A\HP.EasyStart.exe No File
FirewallRules: [{D1BACEE5-2D0F-4090-A4CD-347420862354}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS32D3\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D27C720F-22FC-4B0D-B751-B6585857EAC8}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS32D3\HPDiagnosticCoreUI.exe No File
FirewallRules: [{497AF94C-85D6-4939-B57E-985E41DB76CD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BE0DBD5D-741E-4139-93C0-319DA7501432}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{6727D1AF-7D6A-4443-A5A4-8CAC58140D59}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\win-ts6100-1_1-n_mcd\win\MSetup64.exe No File
FirewallRules: [TCP Query User{6BAC49F5-BDF0-44D4-B049-09B95FD7110A}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe No File
FirewallRules: [UDP Query User{04DB2C67-DBBA-41C9-A010-E394CB8C2281}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe No File

Hosts:
EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

v priloze naleznete logy po fixlistu

OK. Potřebuji ale vidět obsah souboru fixlog.txt. Najdete ho na ploše.

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Hanka (12-03-2019 18:10:34) Run:1
Running from C:\Users\Hanka\Desktop
Loaded Profiles: Hanka (Available Profiles: defaultuser0 & Hanka & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Hanka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Hanka\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {1254A346-2A6C-4F94-B176-B49EB2F5E064} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3FA0D57F-02C8-4CD8-8FD8-A82D2C0940B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B2A1FEF2-1B42-4A74-9B5B-1F46AC5F6EF6} - System32\Tasks\{DFB8B7FD-5478-4C73-932D-6698618B5194} => C:\Windows\system32\pcalua.exe -a C:\Users\Hanka\Desktop\jre-6-windows-i586-iftw.exe -d C:\Users\Hanka\Desktop
Task: {ED67C0B0-F28F-4900-A717-0C92137C0E48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{C5E6F3F4-DC37-4EF0-A648-2EC982C059F6}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS2416\HP.EasyStart.exe No File
FirewallRules: [{E712BB6F-C2DF-4F8B-ACA7-DEA9EBE05FE3}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS4350\HP.EasyStart.exe No File
FirewallRules: [{56CC66C4-ED76-4618-B624-194DE2780F2F}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS150A\HP.EasyStart.exe No File
FirewallRules: [{D1BACEE5-2D0F-4090-A4CD-347420862354}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS32D3\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D27C720F-22FC-4B0D-B751-B6585857EAC8}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\7zS32D3\HPDiagnosticCoreUI.exe No File
FirewallRules: [{497AF94C-85D6-4939-B57E-985E41DB76CD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{BE0DBD5D-741E-4139-93C0-319DA7501432}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{6727D1AF-7D6A-4443-A5A4-8CAC58140D59}] => (Allow) C:\Users\Hanka\AppData\Local\Temp\win-ts6100-1_1-n_mcd\win\MSetup64.exe No File
FirewallRules: [TCP Query User{6BAC49F5-BDF0-44D4-B049-09B95FD7110A}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe No File
FirewallRules: [UDP Query User{04DB2C67-DBBA-41C9-A010-E394CB8C2281}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Hanka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Hanka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Hanka\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1254A346-2A6C-4F94-B176-B49EB2F5E064}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1254A346-2A6C-4F94-B176-B49EB2F5E064}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA0D57F-02C8-4CD8-8FD8-A82D2C0940B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA0D57F-02C8-4CD8-8FD8-A82D2C0940B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2A1FEF2-1B42-4A74-9B5B-1F46AC5F6EF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2A1FEF2-1B42-4A74-9B5B-1F46AC5F6EF6}" => removed successfully
C:\WINDOWS\System32\Tasks\{DFB8B7FD-5478-4C73-932D-6698618B5194} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFB8B7FD-5478-4C73-932D-6698618B5194}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED67C0B0-F28F-4900-A717-0C92137C0E48}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED67C0B0-F28F-4900-A717-0C92137C0E48}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5E6F3F4-DC37-4EF0-A648-2EC982C059F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E712BB6F-C2DF-4F8B-ACA7-DEA9EBE05FE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56CC66C4-ED76-4618-B624-194DE2780F2F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1BACEE5-2D0F-4090-A4CD-347420862354}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D27C720F-22FC-4B0D-B751-B6585857EAC8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{497AF94C-85D6-4939-B57E-985E41DB76CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE0DBD5D-741E-4139-93C0-319DA7501432}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6727D1AF-7D6A-4443-A5A4-8CAC58140D59}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6BAC49F5-BDF0-44D4-B049-09B95FD7110A}C:\program files\openshot video editor\launch.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{04DB2C67-DBBA-41C9-A010-E394CB8C2281}C:\program files\openshot video editor\launch.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 110623612 B
Java, Flash, Steam htmlcache => 1428 B
Windows/system/drivers => 7944661 B
Edge => 1185026 B
Chrome => 401917504 B
Firefox => 1128400762 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7048 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9702 B
LocalService => 0 B
NetworkService => 380356 B
NetworkService => 0 B
defaultuser0 => 7048 B
Hanka => 1149121903 B
Administrator => 88468731 B

RecycleBin => 14691784032 B
EmptyTemp: => 16.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2019 18:14:11)

C:\Users\Hanka\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:14:12 ====

OK. Nastala nějaká změna?

asi vse ok, dekuji

To jsem rád. Nemáte zač!