VIRY.CZ

Dobrý den, prosím o preventivní kontrolu, pomalý rozjezd, internet se seká.

Log RSIT pro svůj velký obsah vložen zde http://leteckaposta.cz/959489479

Děkují za pomoc

Zdravim

Odinstalujte

• McAfee Security Scan - adware z instalace Adobe Flash Playeru http://forum.viry.cz/viewtopic.php?p=1374437#p1374437

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Tady to je

# AdwCleaner v4.111 - Logfile created 27/02/2015 at 22:10:21
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : ventil&pobor - POBOR
# Running from : C:\Users\ventil&pobor\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609


-\\ Mozilla Firefox v36.0 (x86 cs)


*************************

AdwCleaner[R0].txt - [1376 bytes] - [27/02/2015 22:07:23]
AdwCleaner[S0].txt - [1315 bytes] - [27/02/2015 22:10:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1374 bytes] ##########

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

opět uložen zde http://leteckaposta.cz/203294301

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by ventil&pobor at 2015-03-01 12:30:49 Run:1
Running from C:\Users\ventil&pobor\Desktop
Loaded Profiles: ventil&pobor (Available profiles: ventil&pobor)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2680930136-258757702-4039921453-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)

HKU\S-1-5-21-2680930136-258757702-4039921453-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKU\S-1-5-21-2680930136-258757702-4039921453-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searc ... 8&fr=b1ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2680930136-258757702-4039921453-1000 -> {5EBFC9B2-C8D2-4251-A77E-C7F36AADCDEB} URL = http://search.yahoo.com/search?p={searc ... 8&fr=b1ie7

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006

2015-02-28 14:00 - 2015-02-28 14:00 - 00112640 _____ (forum.viry.cz) C:\Users\ventil&pobor\Desktop\FRSTLauncher.exe
2015-02-27 22:07 - 2015-02-27 22:10 - 00000000 ____D () C:\AdwCleaner
2015-02-27 22:00 - 2015-02-27 22:00 - 02126848 _____ () C:\Users\ventil&pobor\Desktop\adwcleaner_4.111.exe
2015-02-27 18:04 - 2015-02-27 18:05 - 00000000 ____D () C:\rsit
2015-02-27 18:04 - 2015-02-27 18:05 - 00000000 ____D () C:\Program Files\trend micro
2015-02-27 18:03 - 2015-02-27 18:04 - 01107968 _____ () C:\Users\ventil&pobor\Downloads\RSIT.exe
2015-02-27 17:35 - 2015-02-27 17:35 - 00112107 _____ (forum.viry.cz) C:\Users\ventil&pobor\Downloads\VerzeOS.exe
2015-01-30 18:28 - 2015-01-30 18:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\Tasks\SlimDrivers Startup.job => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-2680930136-258757702-4039921453-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-2680930136-258757702-4039921453-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2680930136-258757702-4039921453-1000\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2680930136-258757702-4039921453-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EBFC9B2-C8D2-4251-A77E-C7F36AADCDEB}" => Key deleted successfully.
HKCR\CLSID\{5EBFC9B2-C8D2-4251-A77E-C7F36AADCDEB} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Users\ventil&pobor\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\AdwCleaner => Moved successfully.
C:\Users\ventil&pobor\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\ventil&pobor\Downloads\RSIT.exe => Moved successfully.
C:\Users\ventil&pobor\Downloads\VerzeOS.exe => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:39:50 ====

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Děkují za Vaší pomoc a mala podpora putuje na Váš účet.

Nemate zac, rad jsem pomohl

Za prispevek na chod fora jmenem celeho tymu dekuji.


Mejte se krasne a treba zase nekdy