VIRY.CZ

Změnilo se něco teď?

Ne, pořád mě vyskakují okna, stránky mě přesměrovávají na jiný weby, podtrhávaj se slova s odkazem na jiný stránky.

Zkuste ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Log ze Zoek:


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Administrator on so 20.02.2016 at 12:53:26,76.

Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

Failed to create System Restore Point

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\c68b4040-2d85-0 deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\c68b4040-34c3-1 deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Redirected deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Documents and Settings\Administrator\Application Data\AVI ReComp deleted successfully
C:\Documents and Settings\Administrator\Application Data\QipGuard deleted successfully
C:\Documents and Settings\Administrator\Application Data\Solveig Multimedia deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\prefs.js:

Added to C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivX deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\bin deleted
C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin deleted
C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt deleted
C:\Documents and Settings\Administrator\Application Data\GetRightToGo deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Package Cache deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE deleted
C:\WINDOWS\SET17.tmp deleted
C:\WINDOWS\SET18.tmp deleted
C:\WINDOWS\SET19.tmp deleted
C:\WINDOWS\SET1A.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET35.tmp deleted
C:\WINDOWS\SET38.tmp deleted
C:\WINDOWS\SET3E.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET5B.tmp deleted
C:\WINDOWS\SET5C.tmp deleted
C:\WINDOWS\SET5D.tmp deleted
C:\WINDOWS\SET6.tmp deleted
C:\WINDOWS\SET60.tmp deleted
C:\WINDOWS\Syswow64\AUTOEXEC.TMP deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\extensions
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ExtDir: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions
- Mixcloud Downloader - %ExtDir%\mixcloud@web-gadget.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
6FE651F6E3025AD51CC1D54913AEEADC - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Tampermonkey - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Firebug Lite Beta for Google Chrome™ - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj

==== Chromium Fix ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_savevideo.me_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_savevideo.me_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ad.lkqd.net_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ad.lkqd.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_adelaandtessie.blogspot.cz_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_adelaandtessie.blogspot.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ads.prntscr.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ads.prntscr.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_advertising-support.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_advertising-support.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.ad.libimseti.cz_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.ad.libimseti.cz_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://search.qip.ru/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=208 folders=37 52889525 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on so 20.02.2016 at 13:24:25,43 ======================



Log ze JRT:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Microsoft Windows XP x64
Ran by Administrator (Administrator) on so 20.02.2016 at 13:26:41,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\tuneup utilities 2014.lnk (Shortcut)
Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\tuneup utilities 2014 (Folder)
Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 20.02.2016 at 13:27:52,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Problém zmizel?

Inu, vypadá to, že v Chromu a Firefoxu už to nedělá, ovšem v Operě, kterou nejvíc používám, to ještě pořád občas dělá.

Operu zazálohujte pomocí OperaBackup: http://www.stahuj.centrum.cz/utility_a_ ... ra-backup/ . Pak Operu odinstalujte vč. jejího profilu. Znovu naisntalujte a zpět ze zálohy nakopírujte pouze záložky a hesla.

Paráda, vypadá to, že už to nedělá. Děkuji za vyřešení problému.

Mám všechny programy odinstalovat/smazat?
Jak můžu v budoucnu tomuto problému zabránit?
Řekl ste, že můj operační systém je poškozený, můžu ho nějak opravit?
Řekl ste, že mi chybí ServicePack3. Ovšem pokud dobře vím, na Windows XP x64 nevyšel SP3.

ADW spusťte a klikněte na >uninstall<, FRST a vše, co vytvořil smažte a MBAM odinstalujte přes programy. Přehlédl jsem, že máte XP/64. To je dost vzácnost. Jak předejít? Mít stále aktuální a funkční antivir, nechodit do "temných zákoutí" internetu a než na něco klinete 2x si to rozmyslete. Pokud vše nyní funguje, jak má, není třeba nic opravovat. Nemáte zač.