VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosim pomoc s odstranenim adw cityweb, IDT, omiga-search

https://forum.viry.cz:443/viewtopic.php?t=142781

Stránka 2 z 2

Re: prosim pomoc s odstranenim adw cityweb, IDT, omiga-searc

Napsal: 02 úno 2015 21:02
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4079492530-175248744-790326412-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4079492530-175248744-790326412-1001\...\MountPoints2: {995e232c-4c4f-11e4-b854-d5e58b3b5eb4} - F:\Autorun.exe

SearchScopes: HKLM-x32 -> {B713938B-C7A5-46E5-92A2-10BEB25FE21E} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4079492530-175248744-790326412-1001 -> URL http://www.trovigo.com/Results.aspx?gd= ... 51E21D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4079492530-175248744-790326412-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}

2015-02-02 20:43 - 2015-02-02 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Desktop\FRSTLauncher.exe
2015-02-02 20:12 - 2015-02-02 20:45 - 00017625 _____ () C:\Users\on a nat\Desktop\FRST.txt
2015-02-02 20:10 - 2015-02-02 20:10 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Desktop\FRSTLauncher (1).exe
2015-02-02 20:09 - 2015-02-02 20:09 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Downloads\Nepotvrzeno 694142.crdownload
2015-02-02 19:58 - 2015-02-02 18:40 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-02 19:57 - 2015-02-02 20:00 - 00003000 _____ () C:\zoek-results.log
2015-02-02 18:42 - 2015-02-02 17:29 - 00002431 _____ () C:\zoek-results2015-02-02-162922.log
2015-02-02 17:07 - 2015-02-02 19:55 - 00000000 ____D () C:\zoek_backup
2015-02-02 16:57 - 2015-02-02 17:02 - 00000000 ____D () C:\AdwCleaner
2015-02-02 16:56 - 2015-02-02 16:56 - 01295360 _____ () C:\Users\on a nat\Desktop\zoek.exe
2015-02-02 16:54 - 2015-02-02 16:55 - 02194432 _____ () C:\Users\on a nat\Desktop\adwcleaner_4.109.exe
2015-02-02 16:41 - 2015-02-02 16:44 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 16:41 - 2015-02-02 16:42 - 00000000 ____D () C:\rsit
2015-02-02 16:40 - 2015-02-02 16:41 - 01222144 _____ () C:\Users\on a nat\Downloads\RSITx64.exe
2015-02-01 23:01 - 2015-02-02 00:42 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2015-02-01 23:00 - 2015-02-01 23:00 - 08025568 _____ (Crawler Group ) C:\Users\on a nat\Downloads\SpywareTerminatorSetup.exe
2015-02-01 22:57 - 2015-02-01 22:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-01 22:56 - 2015-02-01 22:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 19:57 - 2015-02-01 19:57 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\on a nat\Downloads\SpyHunter-Installer.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: prosim pomoc s odstranenim adw cityweb, IDT, omiga-searc

Napsal: 02 úno 2015 21:55
od deziderdezo
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by on a nat at 2015-02-02 21:20:34 Run:1
Running from C:\Users\on a nat\Desktop
Loaded Profiles: on a nat (Available profiles: on a nat)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4079492530-175248744-790326412-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4079492530-175248744-790326412-1001\...\MountPoints2: {995e232c-4c4f-11e4-b854-d5e58b3b5eb4} - F:\Autorun.exe

SearchScopes: HKLM-x32 -> {B713938B-C7A5-46E5-92A2-10BEB25FE21E} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4079492530-175248744-790326412-1001 -> URL http://www.trovigo.com/Results.aspx?gd= ... 51E21D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4079492530-175248744-790326412-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}

2015-02-02 20:43 - 2015-02-02 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Desktop\FRSTLauncher.exe
2015-02-02 20:12 - 2015-02-02 20:45 - 00017625 _____ () C:\Users\on a nat\Desktop\FRST.txt
2015-02-02 20:10 - 2015-02-02 20:10 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Desktop\FRSTLauncher (1).exe
2015-02-02 20:09 - 2015-02-02 20:09 - 00112640 _____ (forum.viry.cz) C:\Users\on a nat\Downloads\Nepotvrzeno 694142.crdownload
2015-02-02 19:58 - 2015-02-02 18:40 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-02 19:57 - 2015-02-02 20:00 - 00003000 _____ () C:\zoek-results.log
2015-02-02 18:42 - 2015-02-02 17:29 - 00002431 _____ () C:\zoek-results2015-02-02-162922.log
2015-02-02 17:07 - 2015-02-02 19:55 - 00000000 ____D () C:\zoek_backup
2015-02-02 16:57 - 2015-02-02 17:02 - 00000000 ____D () C:\AdwCleaner
2015-02-02 16:56 - 2015-02-02 16:56 - 01295360 _____ () C:\Users\on a nat\Desktop\zoek.exe
2015-02-02 16:54 - 2015-02-02 16:55 - 02194432 _____ () C:\Users\on a nat\Desktop\adwcleaner_4.109.exe
2015-02-02 16:41 - 2015-02-02 16:44 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 16:41 - 2015-02-02 16:42 - 00000000 ____D () C:\rsit
2015-02-02 16:40 - 2015-02-02 16:41 - 01222144 _____ () C:\Users\on a nat\Downloads\RSITx64.exe
2015-02-01 23:01 - 2015-02-02 00:42 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2015-02-01 23:00 - 2015-02-01 23:00 - 08025568 _____ (Crawler Group ) C:\Users\on a nat\Downloads\SpywareTerminatorSetup.exe
2015-02-01 22:57 - 2015-02-01 22:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-01 22:56 - 2015-02-01 22:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 19:57 - 2015-02-01 19:57 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\on a nat\Downloads\SpyHunter-Installer.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
HKU\S-1-5-21-4079492530-175248744-790326412-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
"HKU\S-1-5-21-4079492530-175248744-790326412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{995e232c-4c4f-11e4-b854-d5e58b3b5eb4}" => Key deleted successfully.
HKCR\CLSID\{995e232c-4c4f-11e4-b854-d5e58b3b5eb4} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B713938B-C7A5-46E5-92A2-10BEB25FE21E}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B713938B-C7A5-46E5-92A2-10BEB25FE21E} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4079492530-175248744-790326412-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://www.trovigo.com/Results.aspx?gd= ... => Value not found.
HKU\S-1-5-21-4079492530-175248744-790326412-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... => Value not found.
"C:\Users\on a nat\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\on a nat\Desktop\FRST.txt => Moved successfully.
"C:\Users\on a nat\Desktop\FRSTLauncher (1).exe" => File/Directory not found.
C:\Users\on a nat\Downloads\Nepotvrzeno 694142.crdownload => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek-results2015-02-02-162922.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\on a nat\Desktop\zoek.exe => Moved successfully.
C:\Users\on a nat\Desktop\adwcleaner_4.109.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\on a nat\Downloads\RSITx64.exe => Moved successfully.
C:\Program Files (x86)\Spyware Terminator => Moved successfully.
C:\Users\on a nat\Downloads\SpywareTerminatorSetup.exe => Moved successfully.
C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028 (1).exe => Moved successfully.
C:\Users\on a nat\Downloads\mbam-setup-2.0.4.1028.exe => Moved successfully.
C:\Users\on a nat\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 63.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:21:29 ====

Re: prosim pomoc s odstranenim adw cityweb, IDT, omiga-searc

Napsal: 02 úno 2015 22:05
od vyosek
Tak jeste uklidime :James008:

:arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remote disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: prosim pomoc s odstranenim adw cityweb, IDT, omiga-searc

Napsal: 03 úno 2015 00:08
od deziderdezo
mockrat vam dekuji. At se dari.

Re: prosim pomoc s odstranenim adw cityweb, IDT, omiga-searc

Napsal: 03 úno 2015 09:22
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek


A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz