Problém s malwarem

[linda_23]

Prosím o pomoc, pokaždé když nechám naskenovat tak se objeví stejné viry (viz obrázek). Antimalware je vymaže a upraví, ale stejně hned se potom objeví. Už si s tím nevím rady. Před instalací ZEMANA jsem se ani nedostala na internet, měla jsem proxy virus podle googlu. Ještě jedna věc je, že se na některé weby nedostanu a hází mi to ERROR 524 Cloudflare, ale na mobilu se dostanu normálně.

[Rudy]

Zdravím!
Zemana je pěkný šmejd. Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

[linda_23]

Tady je můj log, byl překročen povolený počet znaků tak jsem to zabalila do zipu.

[linda_23]

a addition

[Rudy]

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[linda_23]

zde je log

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 03 13:11:26 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Linh\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Linh\AppData\Roaming\IObit\Advanced SystemCare


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Driver Booster Scheduler


***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1120 B] - [2018/3/3 13:10:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[Rudy]

Dejte nový log FRST.

[linda_23]

dobre...

[Rudy]

U logu FRST chybí začátek. Není kompletní.

[linda_23]

omlouvám se, tady je to celé..

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C:\Program Files (x86)\Zemana AntiMalware
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR DefaultSearchURL: Default -> hxxps://www.google.com.vn/search?source=hp&ei=M ... w_ppYj-kRY
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-03-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-02] (Zemana Ltd.)
C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.dll
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Linh\AppData\Roaming\sp_data.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {42E79FC5-7B48-4AC3-8C55-DBE118D770F0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[linda_23]

tady prosím

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Linh (03-03-2018 22:40:35) Run:1
Running from C:\Users\Linh\Desktop
Loaded Profiles: Linh (Available Profiles: Linh & Khuê)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Program Files (x86)\Zemana AntiMalware
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3886838271-1226896516-3056264495-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR DefaultSearchURL: Default -> hxxps://www.google.com.vn/search?source ... %BA%BFm&q={searchTerms}&oq=ERROR+524+&gs_l=psy-ab.1.0.0i19k1l10.9009.12898.0.14394.10.8.0.0.0.0.919.1365.3j1j1j6-1.6.0....0...1c.1.64.psy-ab..4.6.1363...0j0i131k1j0i22i30k1.0.Mw_ppYj-kRY
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-03-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-02] (Zemana Ltd.)
C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.dll
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Linh\AppData\Roaming\sp_data.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {42E79FC5-7B48-4AC3-8C55-DBE118D770F0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Program Files (x86)\Zemana AntiMalware => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-3886838271-1226896516-3056264495-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3886838271-1226896516-3056264495-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKU\S-1-5-21-3886838271-1226896516-3056264495-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"Chrome DefaultSearchURL" => removed successfully
"HKLM\System\CurrentControlSet\Services\ZAMSvc" => removed successfully
ZAMSvc => service removed successfully
ZAM => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
ZAM_Guard => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
C:\WINDOWS\SECOH-QAD.exe => moved successfully
C:\WINDOWS\SECOH-QAD.dll => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Linh\AppData\Roaming\sp_data.sys => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42E79FC5-7B48-4AC3-8C55-DBE118D770F0} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42E79FC5-7B48-4AC3-8C55-DBE118D770F0} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove key. ErrorCode1: 0x00000001
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92826776 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 11803620 B
Edge => 16080 B
Chrome => 23098826 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4980 B
NetworkService => 76084 B
Linh => 8922665 B
Khuê => 42931501 B

RecycleBin => 261121 B
EmptyTemp: => 180.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-03-2018 22:44:09)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42E79FC5-7B48-4AC3-8C55-DBE118D770F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42E79FC5-7B48-4AC3-8C55-DBE118D770F0}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key removed successfully

==== End of Fixlog 22:44:09 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[linda_23]

Anooooo, moc Vám děkuji. U proxy serveru už tam není žádná adresa a stránky které předtím házeli error 524 se dá načíst.

[Rudy]

OK. Rádo se stalo!