VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojsky kôň

https://forum.viry.cz:443/viewtopic.php?t=145910

Stránka 1 z 1

Trojsky kôň

Napsal: 03 zář 2015 07:40
od ddankoo
Prosím o pomoc s trojským koňom, ktorý sa mi stiahol po nainštalovaní magic.iso ako update na winrar a môj AVG antivirus to detekovla ako trojskeho koňa a tým že vírusy neodstránilo ale ich iba zabezpečilo, nainštalovalo mi to operu a stále mi to zapína reklamy na hry a plus mnmi to vytvorilo nové ikony na plochu pre facebook a neaku online hru, odinštaloval som magic.iso a aj inštalačku som vymazal spolu s inymá vecami čo som v tej dobe nasťahoval pre istotu a tak Vás prosím o pomoc ako mám postupovať pri vymazaní tohto trojskeho koňa, za pomoc vopred dakujem.

Re: Trojsky kôň

Napsal: 03 zář 2015 07:56
od JaRon
ahoj,
na zaciatok vycisti PC s MBAM a ADWCleanerom - oba logy sem :)

Re: Trojsky kôň

Napsal: 03 zář 2015 18:42
od ddankoo
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>-<header><date>2015/09/03 09:14:05 +0200</date><logfile>mbam-log-2015-09-03 (09-14-05).xml</logfile><isadmin>yes</isadmin></header>-<engine><version>2.01.6.1022</version><malware-database>v2015.03.09.05</malware-database><rootkit-database>v2015.08.16.01</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine>-<system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Tomas</username><filesys>NTFS</filesys></system>-<summary><type>threat</type><result>completed</result><objects>353335</objects><time>567</time><processes>0</processes><modules>0</modules><keys>2</keys><values>0</values><datas>4</datas><folders>3</folders><files>10</files><sectors>0</sectors></summary>-<options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options>-<items>-<key><path>HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>86f3fe456d1d8ea8123deedab44f0000</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></key>-<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND</path><valuename/><vendor>PUP.Optional.IStartSurf.A</vendor><action>replaced</action><valuedata>"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... NET\GOOGLE CHROME\SHELL\OPEN\COMMAND</path><valuename/><vendor>PUP.Optional.IStartSurf.A</vendor><action>replaced</action><valuedata>"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... hrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>92e73e05c6c485b135c84f66996a8f71</hash></file>-<file><path>C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>93e633104149f73fe01d24910bf8837d</hash></file>-<file><path>C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>delete-on-reboot</action><hash>a5d498ab4446ca6cd58ff641669f18e8</hash></file>-<file><path>C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>delete-on-reboot</action><hash>7900380b5832ca6c1450a19618edeb15</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\OpenCandy\2C9E4DE67528451BB2353E92C24EE25D\AVG-PC-TuneUp2014.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>5128a59e0387dc5af08f71f89f64f30d</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\istartsurf\593.json</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\istartsurf\bnd</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\istartsurf\un.ini</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\istartsurf\uninstallDlg2.xml</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></file>-<file><path>C:\Users\Tomas\AppData\Roaming\istartsurf\UninstallManager.exe</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>8ced340f92f874c23ddce8a0897afc04</hash></file></items></mbam-log>


# AdwCleaner v5.005 - Logfile created 03/09/2015 at 14:36:42
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Tomas - THE_RAIN
# Running from : C:\Users\Tomas\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.1.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb

***** [ Files ] *****

[-] File Deleted : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
[-] File Deleted : C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire\GoodGameEmpire.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGameEmpire.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Tomas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : GoodGameEmpire NextW1
[-] Task Deleted : GoodGameEmpire NextW2
[-] Task Deleted : GoodGameEmpire W1
[-] Task Deleted : GoodGameEmpire W2

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : HKU\S-1-5-21-2076506187-709730704-4252266147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.istartsurf.com/web/?type=ds&ts=1441 ... earchTerms}

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5739 bytes] ##########

Re: Trojsky kôň

Napsal: 04 zář 2015 05:59
od JaRon
ak nie su problemy, mame hotovo
ak su este problemy, vloz log FRST
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz