Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zavirovaný počítač
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
zavirovaný počítač
Dobrý den, prosím o pomoc - Antivirus (AVG) detekoval výskyt Trojana v mém soukr PC, i přesto, že jej odstranil je PC pomalé, špatně se vyhledává na Internetu, pomalu se otevírají soubry, záložky. Jsem úplný laik , tuto stránku mi doporučil kamarád. Používám 32-bitový perační systém.
Předem děkuji Jitka
Předem děkuji Jitka
Re: zavirovaný počítač
Zdravim, pekne nedelni dopoledne preji a vitam vas u nas na foru
Zacneme logem z FRST dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100
Zacneme logem z FRST dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100
Re: zavirovaný počítač
No krasa, cela zoo i s babkou pokladni
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; resethosts; emptyclsid; IEdefaults; FFdefaults; CHRdefaults; emptyIEcache; emptyFFcache; emptyCHRcache; emptyalltemp; emptyflash; emptyjava; emptyrecycle.bin;
- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Re: zavirovaný počítač
Supr, poprosim o novy log z FRST
Re: zavirovaný počítač
Supr, poprosim o novy log z FRST
Re: zavirovaný počítač
Vysledne logy davejte klidne primo jako text prispevku, at to nemusite davat do raru, ono je to i pro kontrolu jednodussi
Tvorba fixlistu pro FRST
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\MountPoints2: {40c76a40-f69b-11e1-afb8-806d6172696f} - F:\setup.exe HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Harry Potter and the Goblet of Fire (2005) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0] - TBI.lnk Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Jane Eyre avi.lnk ShortcutTarget: Jane Eyre avi.lnk -> C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}\Jane Eyre avi.exe (No File) HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-1482476501-573735546-1606980848-1004] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll [2009-12-04] (AVG Technologies CZ, s.r.o.) Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll No File [] CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp" S2 SafetyNutManager2; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [X] U3 aroc3dvf; C:\WINDOWS\system32\Drivers\aroc3dvf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath C:\Program Files\Movies Toolbar C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7} 2015-04-05 12:00 - 2015-04-05 12:00 - 00012076 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.txt 2015-04-05 12:00 - 2015-04-05 12:00 - 00003340 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.rar 2015-04-05 11:57 - 2015-04-05 11:43 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe 2015-04-05 11:46 - 2015-04-05 11:58 - 00012076 _____ () C:\zoek-results.log 2015-04-05 11:42 - 2015-04-05 11:54 - 00000000 ____D () C:\zoek_backup 2015-04-05 11:40 - 2015-04-05 11:40 - 01305600 _____ () C:\Documents and Settings\Doma\Plocha\zoek.exe 2015-04-05 11:39 - 2015-04-05 11:39 - 00007564 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[R1].rar 2015-04-05 11:39 - 2015-04-05 11:39 - 00002887 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[S1].rar 2015-04-05 11:23 - 2015-04-05 11:23 - 02208768 _____ () C:\Documents and Settings\Doma\Plocha\adwcleaner_4.200.exe 2015-04-05 10:52 - 2015-04-05 10:52 - 00009061 _____ () C:\Documents and Settings\Doma\Plocha\Addition.rar 2015-04-05 10:52 - 2015-04-05 10:52 - 00007927 _____ () C:\Documents and Settings\Doma\Plocha\FRST.rar 2015-04-05 10:35 - 2015-04-05 10:36 - 00049179 _____ () C:\Documents and Settings\Doma\Plocha\Addition.txt 2015-04-05 10:34 - 2015-04-05 12:15 - 00016286 _____ () C:\Documents and Settings\Doma\Plocha\FRST.txt 2015-03-08 16:00 - 2014-03-10 10:35 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job 2015-04-05 11:58 - 2014-03-10 10:35 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job 2015-04-05 12:04 - 2014-04-05 22:45 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-05 12:08 - 2014-04-05 22:45 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job Hosts: EmptyTemp: Reboot: End
- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Re: zavirovaný počítač
Tady to je, ale mám teď nějaký problém, v průbehu mi vyskočila (a stáe i po restartu vyskakuje) hlášla "V aplikaci explorer.exe došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.
vyskakuje stále v dalších oknech a nelze se ji zbavit. \nelze ani restartovat, na Startu jsou stále přesýpací hodiny.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Doma at 2015-04-05 12:37:55 Run:2
Running from C:\Documents and Settings\Doma\Plocha
Loaded Profiles: Doma (Available profiles: Doma)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\MountPoints2: {40c76a40-f69b-11e1-afb8-806d6172696f} - F:\setup.exe
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Harry Potter and the Goblet of Fire (2005) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0] - TBI.lnk
Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Jane Eyre avi.lnk
ShortcutTarget: Jane Eyre avi.lnk -> C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}\Jane Eyre avi.exe (No File)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: [S-1-5-21-1482476501-573735546-1606980848-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll [2009-12-04] (AVG Technologies CZ, s.r.o.)
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll No File []
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
S2 SafetyNutManager2; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [X]
U3 aroc3dvf; C:\WINDOWS\system32\Drivers\aroc3dvf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
C:\Program Files\Movies Toolbar
C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}
2015-04-05 12:00 - 2015-04-05 12:00 - 00012076 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.txt
2015-04-05 12:00 - 2015-04-05 12:00 - 00003340 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.rar
2015-04-05 11:57 - 2015-04-05 11:43 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-05 11:46 - 2015-04-05 11:58 - 00012076 _____ () C:\zoek-results.log
2015-04-05 11:42 - 2015-04-05 11:54 - 00000000 ____D () C:\zoek_backup
2015-04-05 11:40 - 2015-04-05 11:40 - 01305600 _____ () C:\Documents and Settings\Doma\Plocha\zoek.exe
2015-04-05 11:39 - 2015-04-05 11:39 - 00007564 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[R1].rar
2015-04-05 11:39 - 2015-04-05 11:39 - 00002887 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[S1].rar
2015-04-05 11:23 - 2015-04-05 11:23 - 02208768 _____ () C:\Documents and Settings\Doma\Plocha\adwcleaner_4.200.exe
2015-04-05 10:52 - 2015-04-05 10:52 - 00009061 _____ () C:\Documents and Settings\Doma\Plocha\Addition.rar
2015-04-05 10:52 - 2015-04-05 10:52 - 00007927 _____ () C:\Documents and Settings\Doma\Plocha\FRST.rar
2015-04-05 10:35 - 2015-04-05 10:36 - 00049179 _____ () C:\Documents and Settings\Doma\Plocha\Addition.txt
2015-04-05 10:34 - 2015-04-05 12:15 - 00016286 _____ () C:\Documents and Settings\Doma\Plocha\FRST.txt
2015-03-08 16:00 - 2014-03-10 10:35 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-05 11:58 - 2014-03-10 10:35 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-05 12:04 - 2014-04-05 22:45 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 12:08 - 2014-04-05 22:45 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value not found.
"HKU\S-1-5-21-1482476501-573735546-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c76a40-f69b-11e1-afb8-806d6172696f}" => Key deleted successfully.
HKCR\CLSID\{40c76a40-f69b-11e1-afb8-806d6172696f} => Key not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Harry Potter and the Goblet of Fire (2005) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0] - TBI.lnk not found.
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Jane Eyre avi.lnk not found.
C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}\Jane Eyre avi.exe not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Error setting Default URLSearchHook.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => Key not found.
"HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\mhtb" => Key deleted successfully.
"HKCR\CLSID\{669A2A3A-F19C-452D-800D-1240299756C1}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
SafetyNutManager2 => Service deleted successfully.
aroc3dvf => Service not found.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Program Files\Movies Toolbar" => File/Directory not found.
"C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}" => File/Directory not found.
C:\Documents and Settings\Doma\Plocha\zoek-results.txt => Moved successfully.
C:\Documents and Settings\Doma\Plocha\zoek-results.rar => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Doma\Plocha\zoek.exe => Moved successfully.
C:\Documents and Settings\Doma\Plocha\AdwCleaner[R1].rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\AdwCleaner[S1].rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\adwcleaner_4.200.exe => Moved successfully.
C:\Documents and Settings\Doma\Plocha\Addition.rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\FRST.rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\Addition.txt => Moved successfully.
C:\Documents and Settings\Doma\Plocha\FRST.txt => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 693.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:39:32 ====
vyskakuje stále v dalších oknech a nelze se ji zbavit. \nelze ani restartovat, na Startu jsou stále přesýpací hodiny.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Doma at 2015-04-05 12:37:55 Run:2
Running from C:\Documents and Settings\Doma\Plocha
Loaded Profiles: Doma (Available profiles: Doma)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\...\MountPoints2: {40c76a40-f69b-11e1-afb8-806d6172696f} - F:\setup.exe
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Harry Potter and the Goblet of Fire (2005) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0] - TBI.lnk
Startup: C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Jane Eyre avi.lnk
ShortcutTarget: Jane Eyre avi.lnk -> C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}\Jane Eyre avi.exe (No File)
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: [S-1-5-21-1482476501-573735546-1606980848-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-573735546-1606980848-1004 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll [2009-12-04] (AVG Technologies CZ, s.r.o.)
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll No File []
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={7FFB462D-BA90-4DE3-89C8-D93B2B8C2CA9}&mid=0d4864af7171456186708d0c4f098bf9-d3f5169404cc9dc32862080b6340c5b0c2ed2114&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-20 18:15:17&v=18.0.5.292&pid=safeguard&sg=&sap=hp"
S2 SafetyNutManager2; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [X]
U3 aroc3dvf; C:\WINDOWS\system32\Drivers\aroc3dvf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
C:\Program Files\Movies Toolbar
C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}
2015-04-05 12:00 - 2015-04-05 12:00 - 00012076 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.txt
2015-04-05 12:00 - 2015-04-05 12:00 - 00003340 _____ () C:\Documents and Settings\Doma\Plocha\zoek-results.rar
2015-04-05 11:57 - 2015-04-05 11:43 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-05 11:46 - 2015-04-05 11:58 - 00012076 _____ () C:\zoek-results.log
2015-04-05 11:42 - 2015-04-05 11:54 - 00000000 ____D () C:\zoek_backup
2015-04-05 11:40 - 2015-04-05 11:40 - 01305600 _____ () C:\Documents and Settings\Doma\Plocha\zoek.exe
2015-04-05 11:39 - 2015-04-05 11:39 - 00007564 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[R1].rar
2015-04-05 11:39 - 2015-04-05 11:39 - 00002887 _____ () C:\Documents and Settings\Doma\Plocha\AdwCleaner[S1].rar
2015-04-05 11:23 - 2015-04-05 11:23 - 02208768 _____ () C:\Documents and Settings\Doma\Plocha\adwcleaner_4.200.exe
2015-04-05 10:52 - 2015-04-05 10:52 - 00009061 _____ () C:\Documents and Settings\Doma\Plocha\Addition.rar
2015-04-05 10:52 - 2015-04-05 10:52 - 00007927 _____ () C:\Documents and Settings\Doma\Plocha\FRST.rar
2015-04-05 10:35 - 2015-04-05 10:36 - 00049179 _____ () C:\Documents and Settings\Doma\Plocha\Addition.txt
2015-04-05 10:34 - 2015-04-05 12:15 - 00016286 _____ () C:\Documents and Settings\Doma\Plocha\FRST.txt
2015-03-08 16:00 - 2014-03-10 10:35 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-05 11:58 - 2014-03-10 10:35 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-05 12:04 - 2014-04-05 22:45 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 12:08 - 2014-04-05 22:45 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value not found.
"HKU\S-1-5-21-1482476501-573735546-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c76a40-f69b-11e1-afb8-806d6172696f}" => Key deleted successfully.
HKCR\CLSID\{40c76a40-f69b-11e1-afb8-806d6172696f} => Key not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Harry Potter and the Goblet of Fire (2005) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0] - TBI.lnk not found.
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění\Jane Eyre avi.lnk not found.
C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}\Jane Eyre avi.exe not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Error setting Default URLSearchHook.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1482476501-573735546-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => Key not found.
"HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\mhtb" => Key deleted successfully.
"HKCR\CLSID\{669A2A3A-F19C-452D-800D-1240299756C1}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
SafetyNutManager2 => Service deleted successfully.
aroc3dvf => Service not found.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Program Files\Movies Toolbar" => File/Directory not found.
"C:\Documents and Settings\All Users\Data aplikací\{dfc539a9-f529-6651-dfc5-539a9f52e6a7}" => File/Directory not found.
C:\Documents and Settings\Doma\Plocha\zoek-results.txt => Moved successfully.
C:\Documents and Settings\Doma\Plocha\zoek-results.rar => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Doma\Plocha\zoek.exe => Moved successfully.
C:\Documents and Settings\Doma\Plocha\AdwCleaner[R1].rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\AdwCleaner[S1].rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\adwcleaner_4.200.exe => Moved successfully.
C:\Documents and Settings\Doma\Plocha\Addition.rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\FRST.rar => Moved successfully.
C:\Documents and Settings\Doma\Plocha\Addition.txt => Moved successfully.
C:\Documents and Settings\Doma\Plocha\FRST.txt => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 693.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:39:32 ====
Re: zavirovaný počítač
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Re: zavirovaný počítač
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/05/2015 06:43:37 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Disabled
* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/05/2015 06:44:27 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/05/2015 06:43:37 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Disabled
* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/05/2015 06:44:27 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)