Napadený počítač, prosím o pomoc :(

[DroidInDistress2]

logy.zip

(20.2 KiB) Staženo 65 x

Dobrý den,

mám tak trošku problém. Způsobem tak pitomým, že se to ani nedá popsat, jsem si zaviroval počítač. První reakce: Windows Defender, ale ten je znepřístupněný, nevím proč (virus?). Další reakce: Malwarebytes. Spustil se, odhalil asi 200 kusů malware, pročistil, ale:

- Windows Defender je pořád zablokovaný
- Ve Firefoxu se pořád objevují okna s reklamami
- Po každém restartu najde Malwarebytes pořád ten samý malware

Poradíte? Jste má poslední naděje

Logy přiloženy dle instrukcí.

[JaRon]

ahoj,
vycisti PC s ADWCleanerom - log sem

[DroidInDistress2]

ahoj,
vycisti PC s ADWCleanerom - log sem

Dobrý den, zde:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-14-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\WIFIService

***** [ Files ] *****

Deleted C:\Users\frozk\AppData\Roaming\Mozilla\Firefox\Profiles\8nqkiiwt.default\searchplugins\securesearch.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\LighteningPlayer
Deleted HKLM\Software\MGT
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Multitimer
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [15811 octets] - [14/10/2019 10:53:02]
AdwCleaner[S00].txt - [3228 octets] - [14/10/2019 10:53:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[JaRon]

OK, vycisti este s CureIT https://forum.viry.cz/viewtopic.php?f=29&t=151000

[DroidInDistress2]

Hotovo. Nalezeny dva problémy.

Log přiložen.

[JaRon]

1. vloz obsah suboru hosts
2. CCleaner moze preventivne odinstalovat

[DroidInDistress2]

1. vloz obsah suboru hosts
2. CCleaner moze preventivne odinstalovat

Odinstalováno. Log přiložen.

[JaRon]

1. nachadza MBAM nejake problemy ake ?
2. ako sa sprava PC problemy ?

[DroidInDistress2]

Děkuji moc za pomoc, zkoušel jsem další sken a už nebylo nalezeno nic. Nicméně, při startu Windows Defendera se objeví hláška:



To souvisí s virem? Nebo s instalací Malwarebytes?

[JaRon]

vloz aktualny log FRST - add. nemusis

[DroidInDistress2]

Přiloženo.

[JaRon]

citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Windows Defender <==== ATTENTION



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[DroidInDistress2]

Hotovo. Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by frozk (14-10-2019 12:05:26) Run:1
Running from C:\Download\Viry
Loaded Profiles: frozk (Available Profiles: frozk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Windows Defender <==== ATTENTION



EmptyTemp:
Reboot:
End
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 405675075 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1775332 B
Edge => 2055247 B
Chrome => 0 B
Firefox => 1108569157 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4512 B
NetworkService => 223382 B
frozk => 86024515 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:05:42 ====

[JaRon]

tiez myslim, ze hotovo

[DroidInDistress2]

tiez myslim, ze hotovo

Moc děkuji za pomoc, vypadá že vše funguje. Podpora foru taktéž odeslána