Stránka 1 z 1
Win32/Unwaders.A!ml
Napsal: 05 dub 2020 09:55
od vecerapl
Ahojte,
mám problém s PC. Prohlížím si web a vyskočí na mně stránka o tom, že je soutěž na Iphone. Defender mně před několika dny upozornil na Win32/Unwaders.A!ml
Provedl jsem scan FRST. Logy posílám v souboru RAR. Předem strašně moc děkuji za jakoukoliv výpomoc s vyčištěním.
AdwCleaner:
Kód: Vybrat vše
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-05-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted iZito.com
Not Deleted Obec Petrovice
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1545 octets] - [29/03/2020 19:25:53]
AdwCleaner[C00].txt - [1659 octets] - [29/03/2020 19:26:37]
AdwCleaner[S01].txt - [1583 octets] - [05/04/2020 10:44:09]
AdwCleaner[S02].txt - [1644 octets] - [05/04/2020 10:45:23]
AdwCleaner[S03].txt - [1705 octets] - [05/04/2020 10:48:40]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
Re: Win32/Unwaders.A!ml
Napsal: 05 dub 2020 10:26
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start
CloseProcesses:
Task: {07AA2D74-73DB-422A-A941-B97402A6E106} - System32\Tasks\GoogleUpdateTask => C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe <==== ATTENTION
Task: {55E09CA3-CA00-4DEE-A5F6-8C0863FE40B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-28] (Google LLC -> Google LLC)
Task: {65759A14-7AC0-44A8-AB90-B30313469AFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-28] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [TCP Query User{883C44BD-6499-40AC-88C2-B94F1CE98922}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe] => (Allow) D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{5C376DB6-E220-4B37-8447-9439C98617DA}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe] => (Allow) D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe No File
C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe
C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe
EmptyTemp:
End
Uložte do D:\Stažené soubory jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: Win32/Unwaders.A!ml
Napsal: 05 dub 2020 10:35
od vecerapl
Kód: Vybrat vše
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-03-2020
Ran by jsem (05-04-2020 11:50:29) Run:2
Running from D:\Stažené soubory
Loaded Profiles: jsem (Available Profiles: jsem)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {07AA2D74-73DB-422A-A941-B97402A6E106} - System32\Tasks\GoogleUpdateTask => C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe <==== ATTENTION
Task: {55E09CA3-CA00-4DEE-A5F6-8C0863FE40B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-28] (Google LLC -> Google LLC)
Task: {65759A14-7AC0-44A8-AB90-B30313469AFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-28] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [TCP Query User{883C44BD-6499-40AC-88C2-B94F1CE98922}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe] => (Allow) D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{5C376DB6-E220-4B37-8447-9439C98617DA}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe] => (Allow) D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe No File
C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe
C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07AA2D74-73DB-422A-A941-B97402A6E106}" => not found
C:\Windows\System32\Tasks\GoogleUpdateTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55E09CA3-CA00-4DEE-A5F6-8C0863FE40B4}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65759A14-7AC0-44A8-AB90-B30313469AFC}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{883C44BD-6499-40AC-88C2-B94F1CE98922}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5C376DB6-E220-4B37-8447-9439C98617DA}D:\stažené soubory\office_2016_x86_x64_cs_16.0.7571.2109\office\files\bin\kmss.exe" => not found
C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe => moved successfully
"C:\Users\jsem\AppData\Roaming\Microsoft\Network\SystemArchitectureTranslation.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12670540 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 129462 B
Edge => 0 B
Chrome => 53289792 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1598 B
jsem => 40438 B
RecycleBin => 0 B
EmptyTemp: => 72.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:50:50 ====
Re: Win32/Unwaders.A!ml
Napsal: 05 dub 2020 11:35
od Rudy
Smazáno. Nastala nějaká změna?
Re: Win32/Unwaders.A!ml
Napsal: 05 dub 2020 12:02
od vecerapl
Vypadá to, že je po problému. Hrozně moc děkuji za výpomoc.
Re: Win32/Unwaders.A!ml
Napsal: 05 dub 2020 13:07
od vecerapl
Tak bohužel problém přetrvává. Právě při prohlížení stránek (edna.cz, idnes.cz) .. otevře do nového okna adresa eu.savingexpertcreditclub.xyz/b32fd962e82280944......
