VIRY.CZ

Dobrý den,
chtěl bych moc poprosit o kontrolu logu z FRST. Došlo k zablokování správce úloh, internetu, antiviru.
Děkuji za pomoc

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-10-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 20
# Failed: 0


***** [ Services ] *****

Deleted Update service

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\DusanPC\AppData\LocalLow\IObit\Advanced SystemCare V7

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{881EB97F-6A95-4F03-9587-211FB60748A0}C:\program files (x86)\popcorn time\nodejs\node.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5524D55D-52AA-47FC-BBB8-A04EBB06FEDF}C:\program files (x86)\popcorn time\nodejs\node.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{06E7F811-7009-406F-9225-C06A5784E78C}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0ECBAC0A-580E-42CB-B02F-9C4190335BEF}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6E3C3680-0349-4CEC-8EC6-7F42E54DFA21}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{82A94B38-EA00-4559-B80C-76C167F6698E}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BC7DD0FF-5168-4401-A50E-AED9557FDE7D}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C3E0A720-7214-4620-887C-978D420722A4}
Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Conduit Search
Deleted banggood.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\DusanPC\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [24281 octets] - [10/11/2019 20:14:21]
AdwCleaner[S00].txt - [3743 octets] - [10/11/2019 20:15:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Dejte nové logy FRST+Addition.

log

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\MountPoints2: {2aa66b17-b76b-11e9-9121-902b34aab214} - "E:\HiSuiteDownLoader.exe"
C:\WINDOWS\d.exe
C:\WINDOWS\d.bat
C:\WINDOWS\mgr_n.reg
C:\WINDOWS\mgr_f.reg
C:\WINDOWS\e.reg
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
C:\Users\DusanPC\AppData\Local\Temp
AlternateDataStreams: C:\Users\DusanPC\Data aplikací:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\DusanPC\Desktop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\IMG_20130915_124350.jpg:com.dropbox.attributes [320]
AlternateDataStreams: C:\Users\DusanPC\ntuser.ini:NTV [11520]
AlternateDataStreams: C:\Users\DusanPC\Desktop\Adam Č. Performance training:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\ISPTool:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\šit:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\škola:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [221]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [234]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by DusanPC (10-11-2019 22:28:06) Run:1
Running from C:\Users\DusanPC\Desktop
Loaded Profiles: DusanPC (Available Profiles: DusanPC & NeroMediaHomeUser.4 & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\...\MountPoints2: {2aa66b17-b76b-11e9-9121-902b34aab214} - "E:\HiSuiteDownLoader.exe"
C:\WINDOWS\d.exe
C:\WINDOWS\d.bat
C:\WINDOWS\mgr_n.reg
C:\WINDOWS\mgr_f.reg
C:\WINDOWS\e.reg
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
C:\Users\DusanPC\AppData\Local\Temp
AlternateDataStreams: C:\Users\DusanPC\Data aplikací:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\DusanPC\Desktop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\IMG_20130915_124350.jpg:com.dropbox.attributes [320]
AlternateDataStreams: C:\Users\DusanPC\ntuser.ini:NTV [11520]
AlternateDataStreams: C:\Users\DusanPC\Desktop\Adam Č. Performance training:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\ISPTool:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\šit:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\Desktop\škola:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\DusanPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [221]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [234]

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
"HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKU\S-1-5-21-1602816107-2827203955-2615402800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2aa66b17-b76b-11e9-9121-902b34aab214} => removed successfully
C:\WINDOWS\d.exe => moved successfully
C:\WINDOWS\d.bat => moved successfully
C:\WINDOWS\mgr_n.reg => moved successfully
C:\WINDOWS\mgr_f.reg => moved successfully
C:\WINDOWS\e.reg => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully

"C:\Users\DusanPC\AppData\Local\Temp" folder move:

Could not move "C:\Users\DusanPC\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Users\DusanPC\Data aplikací => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS removed successfully
C:\Users\DusanPC\Desktop => ":com.dropbox.attributes" ADS removed successfully
C:\Users\DusanPC\IMG_20130915_124350.jpg => ":com.dropbox.attributes" ADS removed successfully
C:\Users\DusanPC\ntuser.ini => ":NTV" ADS removed successfully
C:\Users\DusanPC\Desktop\Adam Č. Performance training => ":com.dropbox.attributes" ADS removed successfully
C:\Users\DusanPC\Desktop\ISPTool => ":com.dropbox.attributes" ADS removed successfully
C:\Users\DusanPC\Desktop\šit => ":com.dropbox.attributes" ADS removed successfully
C:\Users\DusanPC\Desktop\škola => ":com.dropbox.attributes" ADS removed successfully
"C:\Users\DusanPC\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 125018758 B
Java, Flash, Steam htmlcache => 225607243 B
Windows/system/drivers => 10397764 B
Edge => 1344223 B
Chrome => 326303996 B
Firefox => 0 B
Opera => 401050982 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 34484 B
NetworkService => 363014 B
DusanPC => 497827168 B
NeroMediaHomeUser.4 => 497833824 B
Administrator => 498129194 B
Guest.DPC => 498136842 B

RecycleBin => 187024224 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-11-2019 22:30:27)

C:\Users\DusanPC\AppData\Local\Temp => Is moved successfully

==== End of Fixlog 22:30:27 ====

Smazáno. Nastala nějaká změna?

Zdá se, že začal fungovat správce úloh, ale internet a antivirus stále blokovaný...
edit: například eset nejde ani odinstalovat
edit2: tak eset se mi již povedlo odinstalovat přes nouzový režim, ale defender a firewall stále nejde nahodit
edit3: tak firewall nasuplován opětovnou instalací ESETu, takže problém plně vyřešen. moc děkuji za pomoc

OK, rádo se stalo!