VIRY.CZ

Prosím o kontrolu možná mám podezření (adresář účtu je read only a nejde to odstranit).

viz příloha Díky

Ještě moc prosím o kontrolu logů z druhého PC kde se vyskytuje stejný problém s read only.
Děkuji.

Zdravím!
Nejprve se podíváme na 1. stroj. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Zdravím, moc děkuji za reakci a zasílám níže požadované pro 1. stroj:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-27-2020
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 15
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted AVG Secure Search - ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted AVG Secure Search
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=17.2.0.38&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=17.2.0.38&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.0.447&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.0.447&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.5.516&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.5.516&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.7.601&pid=safeguard&sg=&sap=hp
Deleted http://mysearch.avg.com?cid={EF5C0179-D ... 2014-01-02 08:28:21&v=18.1.7.601&pid=safeguard&sg=&sap=hp
Deleted https://mysearch.avg.com?cid={EF5C0179- ... 2014-01-02 08:28:21&v=18.1.9.786&pid=safeguard&sg=&sap=hp
Deleted https://mysearch.avg.com?cid={EF5C0179- ... 2014-01-02 08:28:21&v=18.1.9.786&pid=safeguard&sg=&sap=hp
Deleted https://mysearch.avg.com?cid={EF5C0179- ... 2014-01-02 08:28:21&v=18.1.9.799&pid=safeguard&sg=&sap=hp
Deleted https://mysearch.avg.com?cid={EF5C0179- ... 2014-01-02 08:28:21&v=18.1.9.799&pid=safeguard&sg=&sap=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5411 octets] - [27/10/2020 20:59:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Na stejném stroji dejte nové logy FRST+Addition.

Viz příloha Díky

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {45517117-464C-49C0-9409-A1D72F7CE333} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {9A067EA7-3B35-4752-956F-11B38035E61E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\msdownld.tmp

EmptyTemp:
End

Uložte do C:\Users\Jan Kuře\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Honza (28-10-2020 20:43:43) Run:1
Running from C:\Users\Jan Kuře\Downloads
Loaded Profiles: Honza
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {45517117-464C-49C0-9409-A1D72F7CE333} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
Task: {9A067EA7-3B35-4752-956F-11B38035E61E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-25] (Google LLC -> Google LLC)
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\msdownld.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45517117-464C-49C0-9409-A1D72F7CE333}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45517117-464C-49C0-9409-A1D72F7CE333}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A067EA7-3B35-4752-956F-11B38035E61E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A067EA7-3B35-4752-956F-11B38035E61E}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\msdownld.tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18957958 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1970279 B
Edge => 24210206 B
Chrome => 229876104 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15628 B
NetworkService => 22092 B
Jan Kuře => 119307158 B

RecycleBin => 0 B
EmptyTemp: => 382.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:44:07 ====

Smazáno. Nastala nějaká změna?

Zdá se že je to už OK. Moc díky!!!

Rádo se stalo!