VIRY.CZ

Dobrý den, potřeboval bych poradit. Mám Win 7 a stáhl jsem keygen na bandicam, nejspíše v tom byl vir a ten mi nainstaloval samovolně nějaké ruské programy. Část z nich jsem již odstranil, ale zbytek mi znemožňuje stavování, nebo připojení na účty, píše mi to: "502 Bad gateway". Děkuji za odpovědi. Log mi bohužel nejde poslat.

Zdravím!
Proč vám nejde poslat log? Bez něj toho moc nezmůžeme.

Nepochopil jsem kam ho mám vložit a pokud ho zkopíruji do "Tělo zprávy", tak mi to napíše, že jsem překročil limit znaků. Log jsem Vám zaslal emailem.

Zabalte do raru a přiložte k vašemu příštímu postu jako přílohu.

ok, tady to je.

1. Odinstalujte AdvancedSystemCare. Tento optimizer občas vidí problémy i tam, kde nejsou a laik si jím snadno může poškodit systém.

2. Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 13 06:24:59 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-12-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, mrupdsrv
PUP.Optional.Legacy, SvcHost Service Host
Adware.RuKometa, SvcHost Service Host
PUP.Optional.Mail.Ru, Updater.Mail.Ru
PUP.Optional.ProxyGate, pgt_svc


***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Jakub\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Jakub\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Users\Jakub\AppData\Roaming\..\Local\wupdate
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate
PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate
PUP.Optional.Legacy, C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета
Adware.NeoBar, C:\Program Files (x86)\AvMVIUoBwtUn
PUP.Optional.ScriptWriter, C:\Users\Jakub\AppData\Local\ScriptWriter
PUP.Optional.Mail.Ru, C:\ProgramData\Mail.Ru
PUP.Optional.Mail.Ru, C:\ProgramData\Application Data\Mail.Ru
PUP.Optional.Mail.Ru, C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
PUP.Optional.Mail.Ru, C:\Program Files (x86)\Mail.Ru
PUP.Optional.Mail.Ru, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
PUP.Optional.Mail.Ru, C:\Users\All Users\Mail.Ru
PUP.Optional.ProxyGate, C:\Program Files (x86)\ProxyGate
PUP.Optional.EnjoyWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi
PUP.Optional.MirageISO, C:\Users\Public\Documents\XMUpdate


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Jakub\Favorites\Mail.Ru.url
PUP.Optional.Legacy, C:\Users\Jakub\Favorites\Mail.Ru Агент - используй для общения!.url
PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys
Adware.RuKometa, C:\Users\Jakub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Kometa.lnk
Adware.RuKometa, C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kometa.lnk
PUP.Optional.Mail.Ru, C:\Users\Jakub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
PUP.Optional.CPUMiner, C:\Windows\Microsoft\svchost.exe.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy, C:\Users\Jakub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk - url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=811008"
PUP.Optional.Legacy, C:\Users\Jakub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk - url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=811008"


***** [ Tasks ] *****

PUP.Optional.Legacy, MailRuUpdater
Adware.NeoBar, jJKowXmxzIFxIuj
Adware.NeoBar, jJKowXmxzIFxIuj2
Adware.NeoBar, LSjUFtTofwjkxN
PUP.Optional.ScriptWriter, ScriptWriter


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [http:\\mail.ru\cnt\10445?gp=811013]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [http:\\mail.ru\cnt\10445?gp=811013]
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4113FF8F-F333-4FB9-9979-BE31F7E67EED}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {84541A23-4AF5-40A6-AAA4-BB1E22D57D18}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearchq
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\Microsoft\Gosearch
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Gosearch
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\Microsoft\Windows\CurrentVersion\Run | MailRuUpdater
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | MailRuUpdater
PUP.Optional.Kometa, [Key] - HKLM\SOFTWARE\NetBox
PUP.Optional.Kometa, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\NetBox
PUP.Optional.Kometa, [Key] - HKCU\Software\NetBox
Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Adware.NeoBar, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Adware.RuKometa, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\MICROSOFT\KometaInstaller
Adware.RuKometa, [Key] - HKCU\Software\MICROSOFT\KometaInstaller
Adware.RuKometa, [Key] - HKLM\SOFTWARE\NETBOX\Kometa
Adware.RuKometa, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\NETBOX\Kometa
Adware.RuKometa, [Key] - HKCU\Software\NETBOX\Kometa
PUP.Optional.NeoBar.ChrPRST, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
PUP.Optional.Mail.Ru, [Key] - HKLM\SOFTWARE\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\.DEFAULT\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-18\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.ProxyGate, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
PUP.Optional.Yontoo, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\Amigo
PUP.Optional.Yontoo, [Key] - HKCU\Software\Amigo
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-1022301317-3172571395-1102472026-1000\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
PUP.Optional.EnjoyWiFi, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8948C1BE-92B8-4276-8803-DC71CC78203A}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

V ADW ještě klikněte na mazání a pak dejte nový log RSIT.

Mohl by jste mi doporučit nějaký antivirový program a program na čištění PC? Děkuji.


# AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 13 19:42:13 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-13-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, SvcHost Service Host
Adware.RuKometa, SvcHost Service Host


***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.CPUMiner, C:\Windows\Microsoft\svchost.exe.exe


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Adware.NeoBar, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7945 B] - [2017/10/13 6:25:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [9090 B] - [2017/10/13 6:24:59]
C:/AdwCleaner/AdwCleaner[S1].txt - [1375 B] - [2017/10/13 6:32:20]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

Chtěl jsem log RSIT. Toto je ADW. Antivir free buď Avast, nebo Avira. Placený pak Kaspersky, Norton, nebo Eset. K čištění CCleaner (pouze poslední verzi - ty starší jsou napadnutelné).

Omlouvám se, toto by mělo být ono

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 14 17:13:16 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: SvcHost Service Host
Deleted: SvcHost Service Host


***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\\Microsoft\svchost.exe.exe


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7945 B] - [2017/10/13 6:25:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [9090 B] - [2017/10/13 6:24:59]
C:/AdwCleaner/AdwCleaner[S1].txt - [1375 B] - [2017/10/13 6:32:20]
C:/AdwCleaner/AdwCleaner[S2].txt - [1443 B] - [2017/10/13 19:42:13]
C:/AdwCleaner/AdwCleaner[S3].txt - [1512 B] - [2017/10/14 17:12:44]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Opět ADW. RSIT je to, co jste dal do přílohy ve vašm 3. přípěvku.

Snad je to správně.

Teď je to správně. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\Jakub\AppData\Local\yc\Application\yc.exe
C:\Windows\Microsoft\svchost.exe.exe
C:\Windows\SYSWOW64\xvidvfw.dll
C:\Windows\SYSWOW64\xvidcore.dll
C:\Windows\SYSWOW64\x264vfw.dll
C:\Windows\SYSWOW64\lagarith.dll
C:\Windows\system32\xvidvfw.dll
C:\Windows\system32\xvidcore.dll
C:\Windows\system32\x264vfw64.dll
C:\Windows\system32\lagarith.dll
C:\Windows\SYSWOW64\ff_vfw.dll
C:\Windows\system32\ff_vfw.dll


:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"rklwghgezt"=-
"ycAutoLaunch_9B1C22150BED44D1DAEBD35544D0C053"=-


:commands
[Purity]
[Emptytemp]
[Emptyflash]

Zkopíroval jsem to, dal jsem cleanUP a restartoval PC, ale nic se nestalo problém nadále přetrvává. Reklamy se zobrazují v prohlížeči Opera, ve firefoxu se pouze mění domovská stránka. Při startu počítače a naběhnutí systému se automaticky spustí prohlížeč opera na domovské stránce "Time to read" ( http://time-to-read.ru/?utm_source=star ... d=20171006 ). Po vypnutí prohlížeče a opětovném spuštění se dostanu na "Rychlý přístup" (což mám nastaveno jako domovskou stránku).