VIRY.CZ

Ahoj, mám dva problémy:
1. Google Chrome často zobrazuje captchu s informacemi o podivné aktivitě na síti. Chápu, že to může být problém na síti a u providera (Vodafone), ale děje se tak teprve pár týdnů. S tím souvisí fakt, že skoro při každém vyhledávání mi vyskočí okno buď od AVG nebo Mallwarebytes, které mluví o blokaci nějaké webové adresy, kterou chce chrome.exe zobrazit. Většinou jde o nějaké adresy s free softwarem nebo naopak pasti s pochybným downloadem případně ruské servery atd. Okna přikládám.
2. Po pár dnech, kdy běží PC bez restartu začne proces explorer.exe vytěžovat procesor, ne moc, ale je to znatelný nárůst. Systém je relativně čerstvý (instalováno v květnu), W10 Home. Logy jsou moc velké, proto dávám do přílohy. Díky moc za kontrolu.

logs.zip: (236.39 KiB) Staženo 62 x

Zdravím!
1. Všechno jsou to hlášky o tom, že bylo něco zablokováno, což svědčí o správné funkci zabezpečení.
2. Captcha má za úkol zabránit útoku DoSS na daný web a problém může mít kterákoliv stanice v síti vašeho providera (web zvenku vidí IP adresu hraničního routeru poskytovatele).
3. Zkontrolujeme. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Děkuji, log z ADWC. Ty věci, které odstranil jsem jím předtím už několikrát nechal odstranit ale pokaždé tam jsou zas.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-28-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Bookmarks Menu - ffmdedmghpoipeldijkdlcckdpempkdi
Deleted Shortcuts for Google™ - baohinapilmkigilbbbcccncoljkdpnd
Deleted oadboiipflhobonjjffjbfekfjcgkhco

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1607 octets] - [04/07/2021 19:35:24]
AdwCleaner[C00].txt - [1741 octets] - [04/07/2021 19:35:56]
AdwCleaner[S01].txt - [1663 octets] - [04/07/2021 19:40:35]
AdwCleaner[C01].txt - [1815 octets] - [04/07/2021 19:41:57]
AdwCleaner[S02].txt - [1650 octets] - [04/07/2021 19:44:11]
AdwCleaner[S03].txt - [1912 octets] - [06/07/2021 23:55:47]
AdwCleaner[C03].txt - [2046 octets] - [06/07/2021 23:56:47]
AdwCleaner[S04].txt - [1833 octets] - [06/07/2021 23:59:29]
AdwCleaner[S05].txt - [2095 octets] - [28/07/2021 14:36:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########

OK. Teď dejte nové logy FRST+Addition.

Děkuji, tady jsou logy:

logs.zip: (32.69 KiB) Staženo 61 x

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fbe31-b502-11eb-8fd1-34c93de5f77b} - "I:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fbe3c-b502-11eb-8fd1-34c93de5f77b} - "J:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fc29e-b502-11eb-8fd1-34c93de5f77b} - "K:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {d83b4a38-b2b8-11eb-8fca-18c04d83e94f} - "D:\DTLplus_Launcher.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5F070F2A-8D74-42DE-A656-4FF3A1C3D7BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
Task: {BCEACAA6-1E16-4AF7-88C0-A0E271F3C2F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Jan\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.designer.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.designer.3 [197]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.photo.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.photo.3 [197]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.publisher.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.publisher.3 [197]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
FirewallRules: [TCP Query User{50C27A6F-B7B4-4C18-B4A4-B654E80D7712}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{FB329FCC-77CE-4B86-9155-221E1DA4AD82}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{ACB8718E-8C40-4016-B871-FF5B34F4E190}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{A6CEE827-13C2-447B-A33A-2BEAD466B91C}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{459773B7-242E-4BA5-BB67-181F5ED0D8B8}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{A3FBD55E-98C7-4E6C-A94A-1D0E36575636}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{4A4D9823-0A1A-4DE6-B358-13CA3C815DA5}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{1A17F416-14E8-4B1D-8668-63EAFDD7B9C3}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{F3B0C68C-1941-40B1-9281-B8B4BB00BFB7}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe] => (Allow) C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe => No File
FirewallRules: [UDP Query User{E510806D-9788-4F4F-BE70-2F3C13444D29}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe] => (Allow) C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe => No File
FirewallRules: [{D88E049E-2DD3-4DA2-B9C1-D10705283A36}] => (Allow) I:\Download\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe => No File
FirewallRules: [{640DD13F-AF62-4945-8E13-0E28259E6638}] => (Allow) I:\Download\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe => No File

EmptyTemp:
End

Uložte do I:\Download jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Děkuji, tady to je:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Jan (28-07-2021 19:07:12) Run:1
Running from I:\Download
Loaded Profiles: Jan
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fbe31-b502-11eb-8fd1-34c93de5f77b} - "I:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fbe3c-b502-11eb-8fd1-34c93de5f77b} - "J:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {096fc29e-b502-11eb-8fd1-34c93de5f77b} - "K:\Autoplay.exe" -auto
HKU\S-1-5-21-108142814-3075653775-322374491-1001\...\MountPoints2: {d83b4a38-b2b8-11eb-8fca-18c04d83e94f} - "D:\DTLplus_Launcher.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5F070F2A-8D74-42DE-A656-4FF3A1C3D7BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
Task: {BCEACAA6-1E16-4AF7-88C0-A0E271F3C2F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Jan\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.designer.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.designer.3 [197]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.photo.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.photo.3 [197]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.publisher.2 [240]
AlternateDataStreams: C:\Users\Jan\AppData\Local\Temp:com.affinity.publisher.3 [197]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
FirewallRules: [TCP Query User{50C27A6F-B7B4-4C18-B4A4-B654E80D7712}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{FB329FCC-77CE-4B86-9155-221E1DA4AD82}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{ACB8718E-8C40-4016-B871-FF5B34F4E190}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{A6CEE827-13C2-447B-A33A-2BEAD466B91C}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{459773B7-242E-4BA5-BB67-181F5ED0D8B8}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{A3FBD55E-98C7-4E6C-A94A-1D0E36575636}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{4A4D9823-0A1A-4DE6-B358-13CA3C815DA5}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{1A17F416-14E8-4B1D-8668-63EAFDD7B9C3}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{F3B0C68C-1941-40B1-9281-B8B4BB00BFB7}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe] => (Allow) C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe => No File
FirewallRules: [UDP Query User{E510806D-9788-4F4F-BE70-2F3C13444D29}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe] => (Allow) C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe => No File
FirewallRules: [{D88E049E-2DD3-4DA2-B9C1-D10705283A36}] => (Allow) I:\Download\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe => No File
FirewallRules: [{640DD13F-AF62-4945-8E13-0E28259E6638}] => (Allow) I:\Download\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-108142814-3075653775-322374491-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKU\S-1-5-21-108142814-3075653775-322374491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096fbe31-b502-11eb-8fd1-34c93de5f77b} => removed successfully
HKU\S-1-5-21-108142814-3075653775-322374491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096fbe3c-b502-11eb-8fd1-34c93de5f77b} => removed successfully
HKU\S-1-5-21-108142814-3075653775-322374491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096fc29e-b502-11eb-8fd1-34c93de5f77b} => removed successfully
HKU\S-1-5-21-108142814-3075653775-322374491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83b4a38-b2b8-11eb-8fca-18c04d83e94f} => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F070F2A-8D74-42DE-A656-4FF3A1C3D7BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F070F2A-8D74-42DE-A656-4FF3A1C3D7BD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCEACAA6-1E16-4AF7-88C0-A0E271F3C2F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCEACAA6-1E16-4AF7-88C0-A0E271F3C2F5}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\Jan\AppData\Local\Temp => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`20hfm" ADS removed successfully
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.designer.2" ADS not found.
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.designer.3" ADS not found.
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.photo.2" ADS not found.
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.photo.3" ADS not found.
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.publisher.2" ADS not found.
"C:\Users\Jan\AppData\Local\Temp" => ":com.affinity.publisher.3" ADS not found.
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50C27A6F-B7B4-4C18-B4A4-B654E80D7712}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB329FCC-77CE-4B86-9155-221E1DA4AD82}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ACB8718E-8C40-4016-B871-FF5B34F4E190}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A6CEE827-13C2-447B-A33A-2BEAD466B91C}C:\users\jan\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{459773B7-242E-4BA5-BB67-181F5ED0D8B8}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A3FBD55E-98C7-4E6C-A94A-1D0E36575636}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A4D9823-0A1A-4DE6-B358-13CA3C815DA5}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1A17F416-14E8-4B1D-8668-63EAFDD7B9C3}C:\users\jan\appdata\local\chia-blockchain\app-1.1.6\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F3B0C68C-1941-40B1-9281-B8B4BB00BFB7}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E510806D-9788-4F4F-BE70-2F3C13444D29}C:\users\jan\appdata\local\temp\1shbgfprjtaxbdoimxyc2u48b54\resources\miners\win32\xmrig-6.12.1\xmrig.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D88E049E-2DD3-4DA2-B9C1-D10705283A36}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{640DD13F-AF62-4945-8E13-0E28259E6638}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1276049905 B
Java, Flash, Steam htmlcache => 301655300 B
Windows/system/drivers => 1544686 B
Edge => 0 B
Chrome => 826623875 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 210340 B
NetworkService => 220252 B
Jan => 1475248 B

RecycleBin => 821955884 B
EmptyTemp: => 3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:07:48 ====

Smazáno. Nastala nějaká změna?

Zatím se nezdá, zkusil jsem opět jen namátkou dát hledat informace o addonu pro Blender a hned se ozvalo AVG s blokací, to se mi opravdu dřív u vyhledávání nestávalo:

: 2021-07-28_200718.jpg (42.54 KiB) Zobrazeno 1069 x

Captcha se také objevila.

Captcha se může objevit i po úplném vyčištění. Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Díky provedeno, zde logy:

zoek_jrt_logs.zip: (11.34 KiB) Staženo 61 x

OK. Změnilo se něco nyní?

Bohužel nic, po stejném testu vyhledávání vyskočilo stejné okno od AVG jako předtím.

: 2021-07-29_095030.jpg (54.93 KiB) Zobrazeno 1055 x

OK. Udělejte kompletní sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . V odkazu je návod na starší verzi. Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.

Díky, ale bohužel, AVPT nenašel nic, kromě reklamy v JRT scanneru.

VIRY.CZ

Chrome a trojské koně, W10 explorer, prosím o kontrolu

Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu

Re: Chrome a trojské koně, W10 explorer, prosím o kontrolu