Problém s otvorením stránky

[vyosek]

Zkuste ten s lupou, mel by se spustit odinstalacni program Spybotu, pokud ne, tak pouzijte ten s pocitacem

[zuzanamolnarova]

Ok, spravila som

[vyosek]

Fajn, tak pujdem s haveti zatocit poradne

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Spustte jej
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize (cely ten zeleny text)

• Kód: Vybrat vše

  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50A4B344-4FDF-4EA6-B7B7-8D86AF6E7E4F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "WinampAgent"=-
  "QuickTime Task"=-
  "iTunesHelper"=-
  "Samsung PanelMgr"=-
  "SunJavaUpdateSched"=-
  "tray_ico"=-
  "tray_ico1"=-
  "tray_ico2"=-
  "tray_ico3"=-
  "tray_ico4"=-
  "avast"=-
  "MSConfig"=-
  "MSC"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "OEXPRESS"=-
  "ctfmon.exe"=-
  "SpybotSD TeaTimer"=-
  "Spyware Doctor"=-
  "Skype"=-
  "GameXN (update)"=-
  "GameXN (news)"=-
  "GameXN"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ttohzbbz]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtutrqo]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbue32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5}"=-
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\DOCUME~1\pc\LOCALS~1\Temp\win11.exe"=-
  "C:\WINDOWS\services32.exe"=-
  "C:\WINDOWS\update.1\svchost.exe"=-
  "C:\WINDOWS\update.2\7857.exe"=-
  "C:\WINDOWS\update.2\svchost.exe"=-
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"=hex(7):6D,00,73,00,76,00,31,00,5F,00,30,00,00,00,6E,00,\
  77,00,70,00,72,00,6F,00,76,00,61,00,75,00,00,00,00,00
  
  :services
  gupdate
  gupdatem
  JavaQuickStarterService
  NBService
  NMIndexingService
  Cyberlink RichVideo Service(CRVS)
  
  :files
  C:\WINDOWS\system32\jkklj*.*
  C:\WINDOWS\system32\jkklj
  C:\WINDOWS\update.tray-8-0-lnk
  C:\WINDOWS\update.2
  C:\WINDOWS\update.5.0
  C:\WINDOWS\update.tray-8-0
  C:\WINDOWS\update.1
  C:\WINDOWS\UPGRADE.TXT
  C:\WINDOWS\btc_client_iplist.txt
  C:\WINDOWS\iecheck_iplist.txt
  C:\WINDOWS\services32.exe
  C:\WINDOWS\update.1
  C:\WINDOWS\update.2
  ttohzbbz.dll /s
  vtutrqo.dll /s
  winbue32.dll /s
  C:\Program Files\Spyware Doctor
  C:\Program Files\Spybot - Search & Destroy
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\Norton Security Scan for pc.job
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\BearShareWebSearch.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\conduit.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\daemon-search.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\icqplugin-*.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\Mp3Tube.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\MyFunCardsbar.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\winamp-search.xml
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[zuzanamolnarova]

no lenze to okienko mi zmrzlo a neviem s tym pohnut, skončila som pri tom, že som dala to červene tlačitko

[vyosek]

Aha, takze na to budem muset jinak...

Pokud nejde ukoncit, tak restartujte PC

Stahnete si tento soubor http://leteckaposta.cz/818227614 a ulozte jej primo na disk c:\ tak aby nebyl v zadne slozce

Ujiste se, ze soubor oprava.reg je opravdu primo na disku c:\

Stahnete Avenger (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Begin copying here:
  
  Drivers to delete:
  gupdate
  gupdatem
  JavaQuickStarterService
  NBService
  NMIndexingService
  Cyberlink RichVideo Service(CRVS)
  
  Files to delete:
  C:\WINDOWS\UPGRADE.TXT
  C:\WINDOWS\btc_client_iplist.txt
  C:\WINDOWS\iecheck_iplist.txt
  C:\WINDOWS\services32.exe
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\Norton Security Scan for pc.job
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\BearShareWebSearch.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\conduit.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\daemon-search.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\Mp3Tube.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\MyFunCardsbar.xml
  C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\p49mvndc.default\searchplugins\winamp-search.xml
  
  Folders to delete:
  C:\Program Files\Spyware Doctor
  C:\Program Files\Spybot - Search & Destroy
  C:\WINDOWS\update.tray-8-0-lnk
  C:\WINDOWS\update.2
  C:\WINDOWS\update.5.0
  C:\WINDOWS\update.tray-8-0
  C:\WINDOWS\update.1
  
  Programs to launch on reboot:
  c:\oprava.reg

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

[zuzanamolnarova]

ako si stiahnem ten avenger?

[vyosek]

Primy odkaz na stazeni je zde http://swandog46.geekstogo.com/avenger.exe

Ale pujdu s dovolenim uz spat, uz tak jsem tu daleko vice nez jsem chtel a ve 4 rano vstavam

[zuzanamolnarova]

Velmi pekne Vám dakujem, dobru noc, ste velmi zlatý

[vyosek]

Zatim neni zac, jeste to musime dokoncit, zkuste udelat ten Avenger, ja na to pripadne jeste rano mrknu a napsal bych dalsi postup.

Jinak tu budu odpoledne tak kolem ctvrte.

Peknou noc a klidne sny i vam...

[vyosek]

Dobre rano

Tak snad se nam bude darit dnes lepe. Zkuste aplikovat ten Avenger, jak jsem psal a uvidime

[zuzanamolnarova]

Dobrý večer, mne ten awenger sa nedá stiahnut, ani otvorit

[vyosek]

Jaktoze jej nemuzete odsud http://swandog46.geekstogo.com/avenger.exe stahnout a ulozit

[zuzanamolnarova]

stiahla som si to, otvorilo sa mi okno, kde bolo napisane It appear that the av. has already been qued for execution on next reboot. Ked som dala ok, počítač sa resetoval, a otvoril sa mi poznámkový blok avanger, prepošlem Vám hoLogfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "fdtrsy" found!
ImagePath: system32\drivers\padurf.sys
Start Type: 0 (Boot)

Rootkit scan completed.


Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!


Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

[vyosek]

vlozila jste do Avengeru ten skript (zeleny text)

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

[zuzanamolnarova]

spravila som tak ako ste povedali, počítač nevyzadoval restart, klikla som na close, ale report sa mi neobjavil a ani žiaden blog tu nemám