VIRY.CZ

Dopředu díky.

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Tady.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-31.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-03-2019
# Duration: 00:00:07
# OS: Windows 10 Pro
# Cleaned: 56
# Failed: 0

***** [ Services ] *****

Deleted Windefender

***** [ Folders ] *****

Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Zapletalovi\AppData\Roaming\Microleaves
Deleted C:\Users\Zapletalovi\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Zapletalovi\AppData\Roaming\EpicNet Inc
Deleted C:\Program Files\RunBooster
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\Temp\Smartbar
Deleted C:\Windows\rss

***** [ Files ] *****

Deleted C:\Users\Zapletalovi\appdata\local\installationconfiguration.xml
Deleted C:\Users\Zapletalovi\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler
Deleted C:\Windows\System32\Tasks\SVC Update
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application

***** [ Registry ] *****

Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKCU\Software\mtQuoteex
Deleted HKLM\Software\Wow6432Node\mtQuoteex
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\Unicom.dll"
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Deleted HKCU\Software\EpicNet Inc.
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E78B41A-E139-4359-AB18-5AFE9240A462}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E42F556-6264-4656-BC69-B1427D00B8E7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E42F556-6264-4656-BC69-B1427D00B8E7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SVC Update
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKCU\Environment|SNP
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFA3CF45-822E-49A6-89D3-AA722D0DCE45}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA3CF45-822E-49A6-89D3-AA722D0DCE45}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKCU\Environment|SNF

***** [ Chromium (and derivatives) ] *****

Deleted Bazz Search SafeFinder

***** [ Chromium URLs ] *****

Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF4Dmb3E4aFDmCy3wuMB5bNpGPVaz5X7sywqyRBOqdblwQnS4xQPb-i5s5OBaqC2LTbr1tjmK0mhQf-fSuDaSr4SayKIHM
Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF4Dmb3E4aFDmCy3wuMB5bNpGPVaz5X7sywqyRBOqdblwQnS4xQPb-i5s5OBaqC2LTbr1tjmK0mhQf-fSuDaSr4SayKIHM

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6777 octets] - [03/02/2019 10:35:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Super.

Poprosim o nove logy z FRST + ADDITION.

Posílám.

Otstujte na virustotal.com tieto subory a vysledky dajte sem:
C:\Users\Zapletalovi\AppData\Local\Quotetam.exe
C:\Users\Zapletalovi\AppData\Local\Fixphase.exe
C:\Windows\RtCRU64.exe

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2470614023-949718001-115739811-1001\...\Run: [OldFirefly] => "C:\Windows\rss\csrss.exe" <==== ATTENTION
C:\Windows\system32\Drivers\ESETCleanersDriver.sys

GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF-7HypLFnJV4zN8WEQlMPXMmpwX7vkMqGsOZQajuZEzbIufBL151XGzFd2iW_hal93tddgbkr78LT3NgSQs-B887ei_-M&q={searchTerms}
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGJ0zTgqshouZEWuBiH7zrT0I-TTINl_TJJbIzJKMIReTCLBJbGlqr1U9xqH_f6gCIIba2HXkbCGZaJRUdFrE2R75A9JpzG
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF7N_9yqcpNpMtVPu25yIRn2uE95pg9d3UVCB460bvPVRNrA2bZU3gqldT84PPSzzrqESu6hs35Me9clvL-6RrCHQhxo-Q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
R1 3B5E0715E5D4; C:\Windows\3B5E0715E5D4.sys [621928 2019-02-02] (VxDriver)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2019-02-03] (ESET)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2019-02-03 10:53 - 2016-03-19 16:58 - 000000000 ____D C:\Users\Zapletalovi\Desktop\ESET Smart Security 64- 8.0.301.4
2019-02-03 10:48 - 2019-02-03 10:52 - 079675328 _____ C:\Users\Zapletalovi\Downloads\ESET-Smart-Security-64--8.0.301.4.rar
2019-02-03 10:45 - 2019-02-03 10:45 - 000170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2019-02-02 21:30 - 2019-02-02 21:31 - 000000000 ____D C:\Program Files (x86)\ESET
2019-02-02 21:29 - 2019-02-02 21:29 - 000489592 _____ (ESET) C:\Users\Zapletalovi\Downloads\xmlsigntool (1).exe
2019-02-02 21:28 - 2019-02-02 21:28 - 011124856 _____ (ESET) C:\Users\Zapletalovi\Downloads\avremover_nt64_enu.exe
2019-02-02 21:28 - 2019-02-02 21:28 - 000489592 _____ (ESET) C:\Users\Zapletalovi\Downloads\xmlsigntool.exe
2019-02-02 21:26 - 2019-02-02 21:26 - 002991832 _____ (ESET) C:\Users\Zapletalovi\Downloads\eraremover_x64.exe
2019-02-02 21:07 - 2019-02-02 21:08 - 104742008 _____ (ESET) C:\Users\Zapletalovi\Desktop\essp_nt64.exe
2019-02-02 21:00 - 2019-02-03 10:56 - 000000000 ____D C:\ProgramData\ESET
2019-02-02 21:00 - 2019-02-03 10:56 - 000000000 ____D C:\Program Files\ESET
2019-02-02 20:04 - 2019-02-02 20:04 - 000621928 ____N (VxDriver) C:\Windows\3B5E0715E5D4.sys
2019-02-02 20:03 - 2019-02-02 20:03 - 000103632 _____ (NirSoft) C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe
2019-02-02 20:03 - 2019-02-02 20:03 - 000003472 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-02 20:03 - 2019-02-02 20:03 - 000003348 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-02 20:02 - 2019-02-02 21:54 - 000000000 ____D C:\ProgramData\zVmiMcGqez
2019-02-02 19:58 - 2019-02-02 19:58 - 007878144 _____ C:\Users\Zapletalovi\AppData\Local\agent.dat
2019-02-02 19:58 - 2019-02-02 19:58 - 002037153 _____ C:\Users\Zapletalovi\AppData\Local\Fixphase.tst
2019-02-02 19:58 - 2019-02-02 19:58 - 001895381 _____ C:\Users\Zapletalovi\AppData\Local\Statkix.bin
2019-02-02 19:58 - 2019-02-02 19:58 - 001632256 _____ (TODO: <Company name>) C:\Users\Zapletalovi\AppData\Local\Quotetam.exe
2019-02-02 19:58 - 2019-02-02 19:58 - 001632256 _____ (TODO: <Company name>) C:\Users\Zapletalovi\AppData\Local\Fixphase.exe
2019-02-02 19:58 - 2019-02-02 19:58 - 000278508 _____ C:\Users\Zapletalovi\AppData\Local\Quotetam.tst
2019-02-02 19:58 - 2019-02-02 19:58 - 000126464 _____ C:\Users\Zapletalovi\AppData\Local\noah.dat
2019-02-02 19:00 - 2019-02-02 20:08 - 000722944 _____ C:\Users\Zapletalovi\AppData\Local\sham.db
2019-02-02 19:00 - 2019-02-02 19:00 - 000140800 _____ C:\Users\Zapletalovi\AppData\Local\installer.dat
2019-02-02 17:43 - 2019-02-02 17:43 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-02-02 20:03 - 2019-02-02 20:03 - 000103632 _____ (NirSoft) C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe
2019-02-02 19:00 - 2019-02-02 19:00 - 000375522 _____ (                                                            ) C:\Users\Zapletalovi\AppData\Local\Temp\f2hfih1ugrx.exe
2018-10-30 18:09 - 2018-10-30 18:09 - 008680984 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll
2019-02-03 10:59 - 2019-02-03 10:59 - 000372936 _____ (ESET) C:\Users\Zapletalovi\AppData\Local\Temp\InstHelper.exe
2018-10-30 18:09 - 2018-10-30 18:09 - 008680984 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll
2019-02-02 20:10 - 2019-02-02 20:03 - 000099892 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\Uninstall.exe

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Ve Virus Total vše zelené viz výstřižek.

Dále.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Zapletalovi (03-02-2019 12:21:01) Run:1
Running from C:\Users\Zapletalovi\Desktop\Logy Viry
Loaded Profiles: Zapletalovi (Available Profiles: Zapletalovi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2470614023-949718001-115739811-1001\...\Run: [OldFirefly] => "C:\Windows\rss\csrss.exe" <==== ATTENTION
C:\Windows\system32\Drivers\ESETCleanersDriver.sys

GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF-7HypLFnJV4zN8WEQlMPXMmpwX7vkMqGsOZQajuZEzbIufBL151XGzFd2iW_hal93tddgbkr78LT3NgSQs-B887ei_-M&q={searchTerms}
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGJ0zTgqshouZEWuBiH7zrT0I-TTINl_TJJbIzJKMIReTCLBJbGlqr1U9xqH_f6gCIIba2HXkbCGZaJRUdFrE2R75A9JpzG
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WticSYzInRI7kWPZcZg2Ta3w-gdOTvcGpP-RvK1fG-UNRbpKOKdjF0yKamNd8c_9OGF7N_9yqcpNpMtVPu25yIRn2uE95pg9d3UVCB460bvPVRNrA2bZU3gqldT84PPSzzrqESu6hs35Me9clvL-6RrCHQhxo-Q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
R1 3B5E0715E5D4; C:\Windows\3B5E0715E5D4.sys [621928 2019-02-02] (VxDriver)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2019-02-03] (ESET)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2019-02-03 10:53 - 2016-03-19 16:58 - 000000000 ____D C:\Users\Zapletalovi\Desktop\ESET Smart Security 64- 8.0.301.4
2019-02-03 10:48 - 2019-02-03 10:52 - 079675328 _____ C:\Users\Zapletalovi\Downloads\ESET-Smart-Security-64--8.0.301.4.rar
2019-02-03 10:45 - 2019-02-03 10:45 - 000170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2019-02-02 21:30 - 2019-02-02 21:31 - 000000000 ____D C:\Program Files (x86)\ESET
2019-02-02 21:29 - 2019-02-02 21:29 - 000489592 _____ (ESET) C:\Users\Zapletalovi\Downloads\xmlsigntool (1).exe
2019-02-02 21:28 - 2019-02-02 21:28 - 011124856 _____ (ESET) C:\Users\Zapletalovi\Downloads\avremover_nt64_enu.exe
2019-02-02 21:28 - 2019-02-02 21:28 - 000489592 _____ (ESET) C:\Users\Zapletalovi\Downloads\xmlsigntool.exe
2019-02-02 21:26 - 2019-02-02 21:26 - 002991832 _____ (ESET) C:\Users\Zapletalovi\Downloads\eraremover_x64.exe
2019-02-02 21:07 - 2019-02-02 21:08 - 104742008 _____ (ESET) C:\Users\Zapletalovi\Desktop\essp_nt64.exe
2019-02-02 21:00 - 2019-02-03 10:56 - 000000000 ____D C:\ProgramData\ESET
2019-02-02 21:00 - 2019-02-03 10:56 - 000000000 ____D C:\Program Files\ESET
2019-02-02 20:04 - 2019-02-02 20:04 - 000621928 ____N (VxDriver) C:\Windows\3B5E0715E5D4.sys
2019-02-02 20:03 - 2019-02-02 20:03 - 000103632 _____ (NirSoft) C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe
2019-02-02 20:03 - 2019-02-02 20:03 - 000003472 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-02 20:03 - 2019-02-02 20:03 - 000003348 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-02 20:02 - 2019-02-02 21:54 - 000000000 ____D C:\ProgramData\zVmiMcGqez
2019-02-02 19:58 - 2019-02-02 19:58 - 007878144 _____ C:\Users\Zapletalovi\AppData\Local\agent.dat
2019-02-02 19:58 - 2019-02-02 19:58 - 002037153 _____ C:\Users\Zapletalovi\AppData\Local\Fixphase.tst
2019-02-02 19:58 - 2019-02-02 19:58 - 001895381 _____ C:\Users\Zapletalovi\AppData\Local\Statkix.bin
2019-02-02 19:58 - 2019-02-02 19:58 - 001632256 _____ (TODO: <Company name>) C:\Users\Zapletalovi\AppData\Local\Quotetam.exe
2019-02-02 19:58 - 2019-02-02 19:58 - 001632256 _____ (TODO: <Company name>) C:\Users\Zapletalovi\AppData\Local\Fixphase.exe
2019-02-02 19:58 - 2019-02-02 19:58 - 000278508 _____ C:\Users\Zapletalovi\AppData\Local\Quotetam.tst
2019-02-02 19:58 - 2019-02-02 19:58 - 000126464 _____ C:\Users\Zapletalovi\AppData\Local\noah.dat
2019-02-02 19:00 - 2019-02-02 20:08 - 000722944 _____ C:\Users\Zapletalovi\AppData\Local\sham.db
2019-02-02 19:00 - 2019-02-02 19:00 - 000140800 _____ C:\Users\Zapletalovi\AppData\Local\installer.dat
2019-02-02 17:43 - 2019-02-02 17:43 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-02-02 20:03 - 2019-02-02 20:03 - 000103632 _____ (NirSoft) C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe
2019-02-02 19:00 - 2019-02-02 19:00 - 000375522 _____ ( ) C:\Users\Zapletalovi\AppData\Local\Temp\f2hfih1ugrx.exe
2018-10-30 18:09 - 2018-10-30 18:09 - 008680984 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll
2019-02-03 10:59 - 2019-02-03 10:59 - 000372936 _____ (ESET) C:\Users\Zapletalovi\AppData\Local\Temp\InstHelper.exe
2018-10-30 18:09 - 2018-10-30 18:09 - 008680984 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll
2019-02-02 20:10 - 2019-02-02 20:03 - 000099892 _____ () C:\Users\Zapletalovi\AppData\Local\Temp\Uninstall.exe

EmptyTemp:
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\OldFirefly" => removed successfully
C:\Windows\system32\Drivers\ESETCleanersDriver.sys => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2470614023-949718001-115739811-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
ekrn => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ekrn => could not remove, key could be protected
3B5E0715E5D4 => service not found.
HKLM\System\CurrentControlSet\Services\ESETCleanersDriver => removed successfully
ESETCleanersDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\efavdrv => removed successfully
efavdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\wfpcapture => removed successfully
wfpcapture => service removed successfully
"C:\Users\Zapletalovi\Desktop\ESET Smart Security 64- 8.0.301.4" => not found
"C:\Users\Zapletalovi\Downloads\ESET-Smart-Security-64--8.0.301.4.rar" => not found
"C:\Windows\system32\Drivers\ESETCleanersDriver.sys" => not found
C:\Program Files (x86)\ESET => moved successfully
"C:\Users\Zapletalovi\Downloads\xmlsigntool (1).exe" => not found
"C:\Users\Zapletalovi\Downloads\avremover_nt64_enu.exe" => not found
"C:\Users\Zapletalovi\Downloads\xmlsigntool.exe" => not found
"C:\Users\Zapletalovi\Downloads\eraremover_x64.exe" => not found
"C:\Users\Zapletalovi\Desktop\essp_nt64.exe" => not found

"C:\ProgramData\ESET" folder move:

Could not move "C:\ProgramData\ESET" => Scheduled to move on reboot.

"C:\Program Files\ESET" folder move:

Could not move "C:\Program Files\ESET" => Scheduled to move on reboot.

"C:\Windows\3B5E0715E5D4.sys" => not found
C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\zVmiMcGqez => moved successfully
C:\Users\Zapletalovi\AppData\Local\agent.dat => moved successfully
C:\Users\Zapletalovi\AppData\Local\Fixphase.tst => moved successfully
C:\Users\Zapletalovi\AppData\Local\Statkix.bin => moved successfully
"C:\Users\Zapletalovi\AppData\Local\Quotetam.exe" => not found
"C:\Users\Zapletalovi\AppData\Local\Fixphase.exe" => not found
C:\Users\Zapletalovi\AppData\Local\Quotetam.tst => moved successfully
C:\Users\Zapletalovi\AppData\Local\noah.dat => moved successfully
C:\Users\Zapletalovi\AppData\Local\sham.db => moved successfully
C:\Users\Zapletalovi\AppData\Local\installer.dat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Zapletalovi\AppData\Roaming\1549134206194.exe" => not found
C:\Users\Zapletalovi\AppData\Local\Temp\f2hfih1ugrx.exe => moved successfully
C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll => moved successfully
C:\Users\Zapletalovi\AppData\Local\Temp\InstHelper.exe => moved successfully
"C:\Users\Zapletalovi\AppData\Local\Temp\setup.dll" => not found
C:\Users\Zapletalovi\AppData\Local\Temp\Uninstall.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 49966 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10533258 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 253526745 B
Edge => 63604864 B
Chrome => 55865930 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 6518 B
NetworkService => 20488 B
Zapletalovi => 161902091 B

RecycleBin => 0 B
EmptyTemp: => 520.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-02-2019 12:23:57)

C:\ProgramData\ESET => Could not move
C:\Program Files\ESET => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\ekrn => could not remove, key could be protected

==== End of Fixlog 12:24:10 ====

Tie subory prosim uploadnite na havetarnu - viz. moj podpis.
C:\Users\Zapletalovi\AppData\Local\Quotetam.exe
C:\Users\Zapletalovi\AppData\Local\Fixphase.exe
C:\Windows\RtCRU64.exe

Spustite pocitac v nudzovom rezime a urobte nasledovne:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

C:\ProgramData\ESET
C:\Program Files\ESET
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Tyhle dva soubory po instalaci ESETU, již ESET odstranil a nejsou k dohledání.

C:\Users\Zapletalovi\AppData\Local\Quotetam.exe
C:\Users\Zapletalovi\AppData\Local\Fixphase.exe

Poslední soubor jsem UPNUL na požadovaný link.

Díky

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by Zapletalovi (03-02-2019 12:53:44) Run:2
Running from C:\Users\Zapletalovi\Desktop\Logy Viry
Loaded Profiles: Zapletalovi (Available Profiles: Zapletalovi)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
C:\ProgramData\ESET
C:\Program Files\ESET
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
*****************

C:\ProgramData\ESET => moved successfully
C:\Program Files\ESET => moved successfully
HKLM\System\CurrentControlSet\Services\ekrn => removed successfully
ekrn => service removed successfully

==== End of Fixlog 12:53:46 ====

Super. Ako je na tom pocitac?

Již v pořádku. Díky moc. Ještě si nechám prověřit svoje stolní PC, ale to založím nový topic můžeme LOCK.

Jasne, v pohode :]]

VIRY.CZ

Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů

Re: Prosím o kontrolu, AVG pořád vyhazuje vícero problémů