VIRY.CZ

Zdravim, včera se mi do počítače pravděpodobně dostal trojam přes soubory. Dnes jsem si všimla podezřelé aktivity na mých sociálních sítích jak v prohlížeči, tak v aplikaci. S přítelem jsme se pokusili odstranit veškeré podezřelé soubory a postupně projeli počítač bitdefenderem, malwarebytes (adaware, antivir), windows defenderem a hitmanpro. Změna hesel proběhla na jiném zařízení. Momentálně to už vypadá dobře, ale jsem paranoidní, tak prosím o kontrolu.
Předem děkuji

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 cpuz160; C:\WINDOWS\temp\cpuz160\cpuz160_x64.sys [44696 2025-11-02] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; \??\C:\WINDOWS\temp\cpuz159\cpuz159_x64.sys [X] <==== ATTENTION
AlternateDataStreams: C:\Users\kalou\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\kalou\Downloads\revosetup.exe:BDU [0]
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [{3E0890A3-F528-4A23-9BE8-5389A564328A}] => (Allow) C:\Program Files\InfinityNikkiGlobal Launcher\1.0.9\xstarter.exe => No File
FirewallRules: [{DACD9A50-445B-43E9-84E1-DA55731ECEE3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8AF87D37-00CC-432F-B279-D1BFE571E712}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F6213CB4-8D76-466F-874E-6FE1DFC51353}] => (Allow) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{00DC46E9-305D-44CC-AE9C-97F569773DB0}] => (Allow) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{34175FEA-1192-4517-AAA6-10AB6875FCB0}] => (Block) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{A2CCEF26-69D9-45E1-890B-68AF24F5BDFF}] => (Block) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by kalou (01-03-2026 22:12:39) Run:1
Running from C:\Users\kalou\Desktop
Loaded Profiles: kalou
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 cpuz160; C:\WINDOWS\temp\cpuz160\cpuz160_x64.sys [44696 2025-11-02] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; \??\C:\WINDOWS\temp\cpuz159\cpuz159_x64.sys [X] <==== ATTENTION
AlternateDataStreams: C:\Users\kalou\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\kalou\Downloads\revosetup.exe:BDU [0]
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [{3E0890A3-F528-4A23-9BE8-5389A564328A}] => (Allow) C:\Program Files\InfinityNikkiGlobal Launcher\1.0.9\xstarter.exe => No File
FirewallRules: [{DACD9A50-445B-43E9-84E1-DA55731ECEE3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8AF87D37-00CC-432F-B279-D1BFE571E712}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F6213CB4-8D76-466F-874E-6FE1DFC51353}] => (Allow) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{00DC46E9-305D-44CC-AE9C-97F569773DB0}] => (Allow) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{34175FEA-1192-4517-AAA6-10AB6875FCB0}] => (Block) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{A2CCEF26-69D9-45E1-890B-68AF24F5BDFF}] => (Block) C:\Program Files (x86)\Overwolf\0.294.1.1\OverwolfBrowser.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz160 => removed successfully
cpuz160 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz159 => removed successfully
cpuz159 => service removed successfully
C:\Users\kalou\Desktop\FRST64.exe => ":BDU" ADS removed successfully
C:\Users\kalou\Downloads\revosetup.exe => ":BDU" ADS removed successfully
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-1517938706-1828810823-68529143-1001\Software\Classes\.cmd => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E0890A3-F528-4A23-9BE8-5389A564328A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DACD9A50-445B-43E9-84E1-DA55731ECEE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AF87D37-00CC-432F-B279-D1BFE571E712}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6213CB4-8D76-466F-874E-6FE1DFC51353}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00DC46E9-305D-44CC-AE9C-97F569773DB0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34175FEA-1192-4517-AAA6-10AB6875FCB0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2CCEF26-69D9-45E1-890B-68AF24F5BDFF}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20221636 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 795715430 B
Windows/system/drivers => 11381087 B
Edge => 1163023932 B
Firefox => 0 B
Opera => 0 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 111123726 B
systemprofile32 => 0 B
LocalService => 20740 B
NetworkService => 198608 B
kalou => 417771598 B

RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:19:56 ====

Vše bylo smazáno, log již bude OK.

Moc děkuji za kontrolu. Měla bych ještě jeden dotaz. Zhruba každých 15 minut dostávám toto upozornění a chtěla jsem se zeptat, jestli je potřeba s tím něco udělat.
Jestli není nic potřeba, ještě jednou díky.

AV
Vám dává na vědomí, že blokoval podezřelé spojení. Pokud chcete, zkuste projet PC pomocí ZOEK: Stahnete Zoek.exe https://sdilej.cz/29519076/zoek.rar a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
Je možné, že v prohlížeči jsou stopy po těch spojeních a AV na ně takto reaguje. Jinak je to ovšem OK, víme, že AV pracuje, jak má.