VIRY.CZ

Dobrý den, prosím o kontrolu,včera na mě začal z esetu vyskakovat hláška odkazující na (win64/coinminer.ap). Jelikož netěžím a nejsem toho příznivcem tak nevím co s tím proto se obracím sem a přikládám logy: Děkuji

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-20-2022
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [20/02/2022 18:42:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
Task: {89E850B4-FFDF-4CA6-81C2-CF1FEA4D884E} - System32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-11] (Google LLC -> Google LLC)
Task: {A086E02B-FE90-44CD-B444-395612B7E43F} - System32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-11] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A}
FirewallRules: [{63226EAC-5660-4491-BC6A-B4CB6C9EF6D7}] => (Allow) F:\uTorrent\uTorrent.exe => No File
FirewallRules: [{A892D62F-9F1F-4851-B5D1-06F4FDA58E18}] => (Allow) F:\uTorrent\uTorrent.exe => No File

EmptyTemp:
End

Uložte do C:\Users\Kubis\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by Kubis (20-02-2022 19:20:21) Run:1
Running from C:\Users\Kubis\Downloads
Loaded Profiles: Kubis
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {89E850B4-FFDF-4CA6-81C2-CF1FEA4D884E} - System32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-11] (Google LLC -> Google LLC)
Task: {A086E02B-FE90-44CD-B444-395612B7E43F} - System32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-11] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A}
FirewallRules: [{63226EAC-5660-4491-BC6A-B4CB6C9EF6D7}] => (Allow) F:\uTorrent\uTorrent.exe => No File
FirewallRules: [{A892D62F-9F1F-4851-B5D1-06F4FDA58E18}] => (Allow) F:\uTorrent\uTorrent.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89E850B4-FFDF-4CA6-81C2-CF1FEA4D884E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E850B4-FFDF-4CA6-81C2-CF1FEA4D884E}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A086E02B-FE90-44CD-B444-395612B7E43F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A086E02B-FE90-44CD-B444-395612B7E43F}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399}" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{EDB16118-3D7E-4974-AFC6-BD0780648399}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{3DBD671B-FD46-430E-A5AD-AF8D5AD3242A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63226EAC-5660-4491-BC6A-B4CB6C9EF6D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A892D62F-9F1F-4851-B5D1-06F4FDA58E18}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120833283 B
Java, Flash, Steam htmlcache => 390370379 B
Windows/system/drivers => 65741313 B
Edge => 0 B
Chrome => 527090002 B
Firefox => 1172796044 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 104473 B
systemprofile32 => 104473 B
LocalService => 223073 B
NetworkService => 223835 B
Kubis => 896678259 B

RecycleBin => 985165778 B
EmptyTemp: => 3.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:20:58 ====

Smazáno. Hláška se již neobjevuje?

Zatím na mě nic nevyskočilo tak snad to bude v pohodě. Ještě jednou děkuji

Rádo se stalo!