VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Fakepolice

https://forum.viry.cz:443/viewtopic.php?t=135532

Stránka 2 z 2

Re: Fakepolice

Napsal: 29 led 2014 16:55
od karelfritz
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by Kuba at 2014-01-29 16:53:47 Run:1
Running from C:\Users\Kuba\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-13] (Adobe Systems Incorporated)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM - {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKCU - DefaultScope {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL =
SearchScopes: HKCU - {6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} URL =
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
BHO-x32: Torntv V7.0 - {11111111-1111-1111-1111-110411901140} - C:\Program Files (x86)\Torntv V7.0\Torntv V7.0-bho.dll No File
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll No File
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File

FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)
FF Plugin-x32: @WeatherBlink.com/Plugin - C:\Program Files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll No File
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF Extension: VideoDownloadConverter - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\84fmc42q.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-15]
FF Extension: WeatherBlink - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\84fmc42q.default\Extensions\gcffxtbr@WeatherBlink.com [2014-01-22]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

2014-01-28 22:25 - 2014-01-28 22:25 - 00112640 _____ (forum.viry.cz) C:\Users\Kuba\Desktop\FRSTLauncher.exe
2014-01-28 22:24 - 2014-01-28 22:24 - 00112640 _____ (forum.viry.cz) C:\Users\Kuba\Downloads\Nepotvrzeno 239438.crdownload
2014-01-28 22:23 - 2014-01-28 22:23 - 00112640 _____ (forum.viry.cz) C:\Users\Kuba\Downloads\Nepotvrzeno 558986.crdownload
2014-01-27 19:00 - 2014-01-27 19:00 - 00018756 _____ C:\ComboFix.txt
2014-01-27 18:50 - 2014-01-27 18:50 - 00001204 _____ C:\CF-Submit.htm
2014-01-23 14:22 - 2014-01-23 14:22 - 00001986 _____ C:\Users\Kuba\Desktop\Rkill.txt
2014-01-23 14:18 - 2014-01-23 14:19 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Kuba\Desktop\rkill.com
2014-01-16 22:46 - 2014-01-16 22:46 - 00000848 _____ C:\Users\Kuba\Desktop\TornTV.lnk
2014-01-16 14:19 - 2014-01-16 14:19 - 00935175 _____ C:\Users\Kuba\Downloads\RSITx64.exe
2014-01-11 01:04 - 2013-12-10 22:25 - 00005453 ____N C:\windows\SysWOW64\msqmrljg.vbe
2014-01-11 01:04 - 2013-12-10 22:25 - 00001645 ____N C:\windows\SysWOW64\msiknm.vbe
2014-01-11 01:04 - 2013-12-10 22:25 - 00000583 ____N C:\windows\SysWOW64\mswrmcvi.vbe
2014-01-28 22:25 - 2014-01-28 22:25 - 00112640 _____ (forum.viry.cz) C:\Users\Kuba\Desktop\FRSTLauncher.exe
2014-01-27 18:50 - 2014-01-27 18:50 - 00001204 _____ C:\CF-Submit.htm
2014-01-26 20:17 - 2012-07-26 06:26 - 75087872 _____ C:\windows\system32\config\SOFTWARE.bak
2014-01-26 20:17 - 2012-07-26 06:26 - 12582912 _____ C:\windows\system32\config\SYSTEM.bak
2014-01-26 20:17 - 2012-07-26 06:26 - 00737280 _____ C:\windows\system32\config\DEFAULT.bak
2014-01-26 20:17 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-26 20:17 - 2012-07-26 06:26 - 00028672 _____ C:\windows\system32\config\SAM.bak
2014-01-26 20:17 - 2012-07-26 06:26 - 00024576 _____ C:\windows\system32\config\SECURITY.bak

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

U3 catchme; \??\C:\ComboFix\catchme.sys [x]

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key deleted successfully.
HKCR\CLSID\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key deleted successfully.
HKCR\CLSID\{6BB1FB1E-3AA3-42BB-8AA8-AB55F0610203} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key deleted successfully.
HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901140} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901140} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@WeatherBlink.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll not found.
HKCU\Software\MozillaPlugins\intel.com/AppUp => Key deleted successfully.
C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll not found.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\84fmc42q.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com => Moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\84fmc42q.default\Extensions\gcffxtbr@WeatherBlink.com => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
"C:\Users\Kuba\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\Users\Kuba\Downloads\Nepotvrzeno 239438.crdownload" => File/Directory not found.
"C:\Users\Kuba\Downloads\Nepotvrzeno 558986.crdownload" => File/Directory not found.
C:\ComboFix.txt => Moved successfully.
C:\CF-Submit.htm => Moved successfully.
C:\Users\Kuba\Desktop\Rkill.txt => Moved successfully.
C:\Users\Kuba\Desktop\rkill.com => Moved successfully.
C:\Users\Kuba\Desktop\TornTV.lnk => Moved successfully.
C:\Users\Kuba\Downloads\RSITx64.exe => Moved successfully.
C:\windows\SysWOW64\msqmrljg.vbe => Moved successfully.
C:\windows\SysWOW64\msiknm.vbe => Moved successfully.
C:\windows\SysWOW64\mswrmcvi.vbe => Moved successfully.
"C:\Users\Kuba\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\CF-Submit.htm" => File/Directory not found.
C:\windows\system32\config\SOFTWARE.bak => Moved successfully.
C:\windows\system32\config\SYSTEM.bak => Moved successfully.
C:\windows\system32\config\DEFAULT.bak => Moved successfully.
Could not move "C:\windows\system32\config\BBI" => Scheduled to move on reboot.
C:\windows\system32\config\SAM.bak => Moved successfully.
C:\windows\system32\config\SECURITY.bak => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
catchme => Service deleted successfully.
"C:\windows\tasks\GoogleUpdateTaskMachineCore.job" => File/Directory not found.
"C:\windows\tasks\GoogleUpdateTaskMachineUA.job" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-29 16:54:32)<=

C:\windows\system32\config\BBI => Is moved successfully.

==== End of Fixlog ====

Re: Fakepolice

Napsal: 29 led 2014 20:19
od karelfritz
Omlouvám se, neuvědomil jsem si druhou stránku, proto jsem poslal log 3x :(. Děkuju vám.

Re: Fakepolice

Napsal: 29 led 2014 22:31
od vyosek
:arrow: Procistil jsem to :wink:

Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz