VIRY.CZ

Zdravím,

chvíli jsem surfoval na netu a antivir mi začal oznamovat, že přerušil nějaké spojení kvůli potenciální hrozbě. Mohl by mi to tu nějaký odborník omrknout, jestli je to v oukeji?

Logy posílám v příloze.

Mějte se fajn...

Také zdravíl!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Rudy, registroval jsem se zde někdy kolem roku 2008 a byl jste první uživatel, který mi zde pomáhal čistit PC. Mám ve schránce ještě nějakou komunikaci mezi námi dvěma, která je z roku 2008. Jsem rád, že Vás tu zase potkávám Jsem také Plzeňák, jestli teda ještě působíte v Plzni Tak to jen pro info, jdu spustit tu utilitu

Spustil jsem dle instrukcí, akorát jsem stáhnul nějakou premium verzi, kde místo toho clean and repair bylo tlačítko Quarantine.

Program mi PC nerestartoval a log jsem vytvořil přes tlačítko Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 06/07/2020
Scan Time: 18:09
Log File: 137892ec-bfa3-11ea-9c6d-000000000000.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.972
Update Package Version: 1.0.26489
Licence: Trial

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: DESKTOP-U0TIH8Q\uzivatel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 423218
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 9 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-869847465-603479409-558572697-1001\SOFTWARE\CSASTATS\ic, Quarantined, 503, 586068, 1.0.26489, , ame,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.PrivacyFF, C:\USERS\UZIVATEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1IYRTP2Z.DEFAULT\EXTENSIONS\INFO@BROWSER-PRIVACY.COM.XPI, Quarantined, 4562, 751724, 1.0.26489, , ame,
PUP.Optional.BundleInstaller, C:\USERS\UZIVATEL\DOWNLOADS\BITTORRENT.EXE, Quarantined, 512, 790622, 1.0.26489, , ame,
PUP.Optional.Crawler, C:\USERS\UZIVATEL\DOWNLOADS\SPYWARETERMINATORSETUP.EXE, Quarantined, 609, 833584, 1.0.26489, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

To nevadí, dejte nalezené položky do karantény a pak dejte nové logy FRST+Addition.

Tak frst je v příloze... snad to k něčemu bude Můžete se na to prosím podívat, jestli je PC v pořádku?

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2DA31E22-D53D-4B1D-8057-056E47DD9B5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-07] (Google Inc -> Google Inc.)
Task: {8B7E31C4-40DB-4790-9D4E-43E02CF5C481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-07] (Google Inc -> Google Inc.)
Task: {FDCB1D8E-71AF-431B-B7BB-E56F907D07E5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-869847465-603479409-558572697-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\uzivatel\AppData\Local\GoToMeeting\16786\G2MOutlookAddin64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{3E6CE76C-2252-481B-AAEB-FD4441E9BC28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{D18EEB70-7ED4-4200-AC55-FC1F9B9EA574}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{4E4D1A1D-FD90-42CF-9104-5DD64BB76F57}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7C6C8E40-6F87-490F-B928-C295ABF63F01}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

EmptyTemp:
End

Uložte do C:\Users\uzivatel\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Po kratší pauze jsem zpět. Když to doběhlo, tak se mi to restartovalo, ale log jsem našel. Mělo by to být, myslím, toto:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by uzivatel (17-07-2020 20:54:27) Run:1
Running from C:\Users\uzivatel\Downloads
Loaded Profiles: uzivatel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2DA31E22-D53D-4B1D-8057-056E47DD9B5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-07] (Google Inc -> Google Inc.)
Task: {8B7E31C4-40DB-4790-9D4E-43E02CF5C481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-07] (Google Inc -> Google Inc.)
Task: {FDCB1D8E-71AF-431B-B7BB-E56F907D07E5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-869847465-603479409-558572697-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\uzivatel\AppData\Local\GoToMeeting\16786\G2MOutlookAddin64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{3E6CE76C-2252-481B-AAEB-FD4441E9BC28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{D18EEB70-7ED4-4200-AC55-FC1F9B9EA574}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{4E4D1A1D-FD90-42CF-9104-5DD64BB76F57}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7C6C8E40-6F87-490F-B928-C295ABF63F01}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DA31E22-D53D-4B1D-8057-056E47DD9B5D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA31E22-D53D-4B1D-8057-056E47DD9B5D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B7E31C4-40DB-4790-9D4E-43E02CF5C481}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B7E31C4-40DB-4790-9D4E-43E02CF5C481}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDCB1D8E-71AF-431B-B7BB-E56F907D07E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDCB1D8E-71AF-431B-B7BB-E56F907D07E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-869847465-603479409-558572697-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E6CE76C-2252-481B-AAEB-FD4441E9BC28}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D18EEB70-7ED4-4200-AC55-FC1F9B9EA574}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E4D1A1D-FD90-42CF-9104-5DD64BB76F57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C6C8E40-6F87-490F-B928-C295ABF63F01}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 151130834 B
Java, Flash, Steam htmlcache => 47588577 B
Windows/system/drivers => 2883038 B
Edge => 58829339 B
Chrome => 53321360 B
Firefox => 1220321237 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 99836 B
NetworkService => 99836 B
uzivatel => 31663459 B
MSSQLFDLauncher$MYSTIC => 31663459 B
MSSQLLaunchpad$MYSTIC => 31663459 B
SQLTELEMETRY$MYSTIC => 31663459 B
MSSQL$MYSTIC => 31663459 B

RecycleBin => 9045617 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:56:44 ====

Ano, to je ten správný log. Vše bylo smazáno, log by již měl být OK.