VIRY.CZ

Dobrý den. Dnes ráno jsem stahovala uTorrent ze stránky utorrent.cz a windows defender mi hlásil ihned trojského koně, konkrétně win32/tigre!rfn. Když jsem rozklikla windows defender, ochrana byla najednou vypnutá. Dala jsem to do karantény, ale raději sem přiložím log, protože mi to neustále hlásí hrozbu a to už dát do karantény nejde.

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Používání torrentů je vždy riziková záležitost.

# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-25-2019
# Duration: 00:00:35
# OS: Windows 10 Home
# Cleaned: 44
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Solvusoft

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Omlouvám se, neodeslala jsem to celé.

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-25-2019
# Duration: 00:00:35
# OS: Windows 10 Home
# Cleaned: 44
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Solvusoft

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.ASUSGiftBox
Deleted Preinstalled.ASUSLiveUpdate
Deleted Preinstalled.ASUSProductRegistration
Deleted Preinstalled.ASUSSmartGesture
Deleted Preinstalled.ASUSSplendid
Deleted Preinstalled.ASUSWebStorage
Deleted Preinstalled.HPJumpStartApps
Deleted Preinstalled.WildTangentGamesBundle

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1291 octets] - [30/05/2018 17:42:22]
AdwCleaner[C00].txt - [1396 octets] - [30/05/2018 17:43:03]
AdwCleaner[S01].txt - [1726 octets] - [25/08/2019 12:50:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

OK. Dejte nové logy FRST+Addition.

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {7689C9BA-91AD-4474-9F04-11CBDAE541EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18 => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {7EF8D36A-3DE2-4126-B258-C6381828255D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {9E02E265-8839-4898-8413-F8E1CC63F14C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {D3A5C489-CCDA-4921-ABE6-D42F54DDD8D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939 => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by Markét (25-08-2019 17:31:09) Run:1
Running from C:\Users\Markét\Desktop
Loaded Profiles: Markét (Available Profiles: Markét)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {7689C9BA-91AD-4474-9F04-11CBDAE541EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18 => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {7EF8D36A-3DE2-4126-B258-C6381828255D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {9E02E265-8839-4898-8413-F8E1CC63F14C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
Task: {D3A5C489-CCDA-4921-ABE6-D42F54DDD8D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939 => C:\Users\Markét\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-07-31] (Google Inc -> Google Inc.)
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Markét\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7689C9BA-91AD-4474-9F04-11CBDAE541EA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7689C9BA-91AD-4474-9F04-11CBDAE541EA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EF8D36A-3DE2-4126-B258-C6381828255D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EF8D36A-3DE2-4126-B258-C6381828255D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E02E265-8839-4898-8413-F8E1CC63F14C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E02E265-8839-4898-8413-F8E1CC63F14C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3A5C489-CCDA-4921-ABE6-D42F54DDD8D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3A5C489-CCDA-4921-ABE6-D42F54DDD8D8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939" => removed successfully
"HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003UA1d497e786f35939" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core1d497e786db5a18" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641528830-1985137838-3582985943-1003Core" => not found
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-3641528830-1985137838-3582985943-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B => removed successfully
HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinZip => removed successfully
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinZip => removed successfully
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinZip => removed successfully
HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55737093 B
Java, Flash, Steam htmlcache => 1110 B
Windows/system/drivers => 559547755 B
Edge => 2924014 B
Chrome => 367539461 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 11242 B
LocalService => 0 B
NetworkService => 23872 B
NetworkService => 0 B
Markét => 26234303 B

RecycleBin => 15830967 B
EmptyTemp: => 990.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:32:46 ====

Smazáno, log je již čistý. Trojáka nemáte a ani v systému nebyl.

Děkuji za pomoc

Rádo se stalo!

VIRY.CZ

Trojský kůň

Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň