VIRY.CZ

Dobrý deň... Od včera mi začali naskakovať popupy v Chrome tak som ako klasicky vyskúšal nástroje na odstránenie vírusov. Skúšal som nástroj na vyčistenie chromu, skúšal som TDSKiller, Zemana, Malware-bytes, JRT, Hitman, Rkill, ADWcleaner, Emsisoft emergency kit, TSA adware removal tool, aj keď niečo našlo stále to nevyriešilo môj problém a keďže už neviem čo mám robiť tak sa obraciam na vás.
TSA našiel toto, ale nič viac sa nenašlo. Po vyčistení sa nič nedeje.


FRST:

https://www.dropbox.com/s/s97kkqzvizrtzph/FRST.zip?dl=1

RSIT:
https://www.dropbox.com/s/3933vhcnaz5d46s/rsit.zip?dl=1

DDS:

https://www.dropbox.com/s/xtk15416vyau8rf/dds.zip?dl=1

Ďakujem.

Zdravím!
Nálezy ADW smažte. Log FRST je před smazáním nálezů FRST, že? Pak dejte nový po té, co budou nálezy ADW smazány.

To už je log po vyčistení týmto programom.

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-1950568586-686396476-2031099585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 iswSvc; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\cmdres.dll
C:\Users\Public\VOIP.dat
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File

EmptyTemp:
End

Uložte do D:\Software\Anti-Malware jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Hotovo.


Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by Števo (06-05-2017 21:52:27) Run:1
Running from D:\Software\Anti-Malware
Loaded Profiles: Števo (Available Profiles: Števo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-1950568586-686396476-2031099585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 iswSvc; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\cmdres.dll
C:\Users\Public\VOIP.dat
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\cmdres.dll => moved successfully
C:\Users\Public\VOIP.dat => moved successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 271050610 B
Java, Flash, Steam htmlcache => 714 B
Windows/system/drivers => 9555465 B
Edge => 7585772 B
Chrome => 297900555 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 17194 B
NetworkService => 1684 B
Števo => 396252556 B

RecycleBin => 6471685 B
EmptyTemp: => 950.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:53:43 ====

Smazáno. Nastala nějaká změna?

Reklamy prestali vyskakovať... aspoň zatiaľ som nič nespozoroval.
Ďakujem veľmi pekne... ja som sa s tým babral celý deň a nič nepomohlo a hľa

Nemáte zač!