VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Adwardhotspot - mimo jiné :(

https://forum.viry.cz:443/viewtopic.php?t=134800

Stránka 2 z 2

Re: Adwardhotspot - mimo jiné :(

Napsal: 18 pro 2013 20:47
od miros1
Fixlog - P.S: Po restartu mi nešlo připojení k netu, musel jsem podle dokumentace znovu vyplňovat údaje IP a DNS.. to tak mělo být?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-12-2013 03
Ran by Mirek at 2013-12-17 20:25:29 Run:1
Running from C:\Documents and Settings\Mirek\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Documents and Settings\Mirek\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKCU - Backup.Old.DefaultScope {CCBDD7BB-8A0D-41C3-BD8C-53102FC40FF7}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\..\Interfaces\{D003D105-377B-4264-9B0C-C75902A995F2}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FF Plugin: @vizzed.com/VizzedRGR - C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll No File
FF HKLM\...\Firefox\Extensions: [4fbb328da3edd@4fbb328da3f17.info] - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\9kzx24m0.default\extensions\4fbb328da3edd@4fbb328da3f17.info
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

CHR Extension: (Better Surf Plus) - C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl\1.1_0
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx

S3 catchme; \??\C:\DOCUME~1\Mirek\LOCALS~1\Temp\catchme.sys [x]
S3 cpuz134; \??\C:\DOCUME~1\Mirek\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [x]
S2 StarOpen; No ImagePath

C:\Program Files\Lavasoft
C:\Program Files\Enigma Software Group
C:\Program Files\Better-Surf
2013-12-17 19:08 - 2013-12-17 19:08 - 01226750 _____ C:\Documents and Settings\Mirek\Plocha\adwcleaner.exe
2013-12-17 18:47 - 2013-12-17 18:47 - 01034531 _____ (Thisisu) C:\Documents and Settings\Mirek\Plocha\JRT.exe
2013-12-17 18:41 - 2013-12-17 18:41 - 00002168 _____ C:\Documents and Settings\Mirek\Plocha\removaltool-win32-en.log
2013-12-17 18:23 - 2013-12-17 18:23 - 00367616 _____ (Avira GmbH) C:\Documents and Settings\Mirek\Plocha\removaltool-win32-en.exe
2013-12-17 18:19 - 2013-12-17 18:19 - 00891200 _____ C:\Documents and Settings\Mirek\Plocha\SecurityCheck.exe
2013-12-17 18:12 - 2013-12-17 18:12 - 00490648 _____ (AVAST Software) C:\Documents and Settings\Mirek\Plocha\avastclear.exe
2013-12-06 14:57 - 2013-12-17 18:17 - 00000000 ____D C:\Documents and Settings\Mirek\Data aplikací\AVAST Software
2013-12-06 14:55 - 2013-12-08 08:55 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-12-17 19:55 - 2013-12-17 19:55 - 00029696 _____ C:\Documents and Settings\Mirek\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-17 19:55 - 2013-12-17 19:55 - 00015327 _____ C:\Documents and Settings\Mirek\Plocha\LM.bat
C:\Documents and Settings\Mirek\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Mirek\Local Settings\temp\GC_PCTOOLS.exe
C:\Documents and Settings\Mirek\Local Settings\temp\InstHelper.exe
C:\Documents and Settings\Mirek\Local Settings\temp\JiveXViewerStart1382817313.exe
C:\Documents and Settings\Mirek\Local Settings\temp\LiveSupport_setup.exe
C:\Documents and Settings\Mirek\Local Settings\temp\oi_{6B3013E7-1B16-4D16-BC10-4C54452A3608}.exe
C:\Documents and Settings\Mirek\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Mirek\Local Settings\temp\ReimagePackage.exe
C:\Documents and Settings\Mirek\Local Settings\temp\sfamcc00001.dll
C:\Documents and Settings\Mirek\Local Settings\temp\sfextra.dll
C:\Documents and Settings\Mirek\Local Settings\temp\SHSetup.exe
C:\Documents and Settings\Mirek\Local Settings\temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:3D36932D
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:CC8191DD
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_3 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D003D105-377B-4264-9B0C-C75902A995F2}\\NameServer => Value deleted successfully.
HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR => Key deleted successfully.
C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\4fbb328da3edd@4fbb328da3f17.info => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\12x3q4@3244516.com => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@bettersurfplus.com => Value deleted successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully.
C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
catchme => Service deleted successfully.
cpuz134 => Service deleted successfully.
esgiguard => Service deleted successfully.
IntelIde => Service deleted successfully.
iSafeNetFilter => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
SABKUTIL => Service deleted successfully.
SABProcEnum => Service deleted successfully.
StarOpen => Service deleted successfully.
"C:\Program Files\Lavasoft" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
"C:\Program Files\Better-Surf" => File/Directory not found.
C:\Documents and Settings\Mirek\Plocha\adwcleaner.exe => Moved successfully.
C:\Documents and Settings\Mirek\Plocha\JRT.exe => Moved successfully.
C:\Documents and Settings\Mirek\Plocha\removaltool-win32-en.log => Moved successfully.
C:\Documents and Settings\Mirek\Plocha\removaltool-win32-en.exe => Moved successfully.
C:\Documents and Settings\Mirek\Plocha\SecurityCheck.exe => Moved successfully.
C:\Documents and Settings\Mirek\Plocha\avastclear.exe => Moved successfully.
C:\Documents and Settings\Mirek\Data aplikací\AVAST Software => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software => Moved successfully.
"C:\Documents and Settings\Mirek\Local Settings\Data aplikací\MSGBOX.EXE" => File/Directory not found.
C:\Documents and Settings\Mirek\Plocha\LM.bat => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\GC_PCTOOLS.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\InstHelper.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\JiveXViewerStart1382817313.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\LiveSupport_setup.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\oi_{6B3013E7-1B16-4D16-BC10-4C54452A3608}.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\ReimagePackage.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\sfamcc00001.dll => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\sfextra.dll => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\SHSetup.exe => Moved successfully.
C:\Documents and Settings\Mirek\Local Settings\temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":3D36932D" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":430C6D84" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":CC8191DD" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

Re: Adwardhotspot - mimo jiné :(

Napsal: 18 pro 2013 20:49
od vyosek
:arrow: Sikula :clapping: On tam byl zmatek v IP nastavenich, tak jsem to nechal resetovat do vychoziho :oops:

:arrow: Jak se chova nyni nas pacient??

Re: Adwardhotspot - mimo jiné :(

Napsal: 18 pro 2013 20:54
od miros1
:-) No, zatím to ty zelené adwarehothrůzaspoty nemaluje, a co se týče bláznění, ono to dělalo jen občas, většinou po startu PC... Momentálně v pohodě! :) To je všechno?? Pokud ano, a myslíte, že je to vyléčeno, tak mnohokrát děkuji!!!! :happy: :thumbsup:

Re: Adwardhotspot - mimo jiné :(

Napsal: 18 pro 2013 20:56
od vyosek
¨Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Adwardhotspot - mimo jiné :(

Napsal: 18 pro 2013 21:00
od miros1
Díky. Provedu. Přesto ještě dotazy:

"Asi" (asi určitě) nemám nyní antivir. Jaký freeantivir opravdu odhalí viry? Jeden něco odhalil, a výsledek přesto žádný, další zase neodhalil nic, atd....

Potom - mám používat a mít v PC ten superantispyware??

A nyní co s položkami, které jsem stáhl v rámci dnešní léčby?? FRST, RSIT??

Re: Adwardhotspot - mimo jiné :(

Napsal: 19 pro 2013 13:48
od vyosek
:arrow: Provedte uklid, ten smaze pouzite programy

:arrow: Odinstalujte SuperAntiSpyware i COMODO

:arrow: Nainstalujte Avast Free
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz