Zavirovaný počítač

Zpráva

#16 Příspěvek od **vyosek** » 05 lis 2013 17:14

Odinstalujte PANDORA.TV a Spyware Terminator - ten muze kolidovat s Avastem

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - 6BB4A58E56A9485CB9352DBEBABB5495 URL = http://searchou.com/?q={searchTerms}&id=da64a02000000000000000ffb5f14938&affilt=5&r=84
SearchScopes: HKCU - {37EE25A4-948F-4481-A9EE-5663FB516395} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=da64a02000000000000000ffb5f14938&affilt=3&r=939
SearchScopes: HKCU - {3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM

FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S3 ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

C:\Program Files (x86)\PANDORA.TV\PanService
2013-11-05 11:37 - 2013-11-05 11:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe
2013-11-05 11:38 - 2013-11-05 12:00 - 00000000 ____D C:\Users\Ondrej\Desktop\mbar
2013-11-04 18:37 - 2013-11-04 18:38 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ondrej\Desktop\rkill.com
2013-11-04 18:40 - 2013-11-04 18:41 - 00004018 _____ C:\Users\Ondrej\Desktop\Rkill.txt

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:A85D770C
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f

Hosts:

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

DalrondX · #17 Příspěvek od **DalrondX** » 05 lis 2013 17:33

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Ondrej at 2013-11-05 17:22:20 Run:1
Running from C:\Users\Ondrej\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - 6BB4A58E56A9485CB9352DBEBABB5495 URL = http://searchou.com/?q={searchTerms}&id ... ilt=5&r=84
SearchScopes: HKCU - {37EE25A4-948F-4481-A9EE-5663FB516395} URL = http://search.ividi.org/?q={searchTerms ... lt=3&r=939
SearchScopes: HKCU - {3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} URL = http://search.yahoo.com/search?p={searc ... type=STDVM

FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S3 ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

C:\Program Files (x86)\PANDORA.TV\PanService
2013-11-05 11:37 - 2013-11-05 11:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe
2013-11-05 11:38 - 2013-11-05 12:00 - 00000000 ____D C:\Users\Ondrej\Desktop\mbar
2013-11-04 18:37 - 2013-11-04 18:38 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ondrej\Desktop\rkill.com
2013-11-04 18:40 - 2013-11-04 18:41 - 00004018 _____ C:\Users\Ondrej\Desktop\Rkill.txt

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:A85D770C
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\6BB4A58E56A9485CB9352DBEBABB5495 => Key deleted successfully.
HKCR\CLSID\6BB4A58E56A9485CB9352DBEBABB5495 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37EE25A4-948F-4481-A9EE-5663FB516395} => Key deleted successfully.
HKCR\CLSID\{37EE25A4-948F-4481-A9EE-5663FB516395} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} => Key deleted successfully.
HKCR\CLSID\{3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml => Moved successfully.
C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully.
C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp => Moved successfully.
C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp => Key deleted successfully.
"C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
PanService => Service not found.
ATICDSDr => Service deleted successfully.
catchme => Service deleted successfully.
dgderdrv => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Program Files (x86)\PANDORA.TV\PanService" => File/Directory not found.
C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe => Moved successfully.
C:\Users\Ondrej\Desktop\mbar => Moved successfully.
C:\Users\Ondrej\Desktop\rkill.com => Moved successfully.
C:\Users\Ondrej\Desktop\Rkill.txt => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\TEMP => ":A85D770C" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

#18 Příspěvek od **vyosek** » 05 lis 2013 17:38

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

DalrondX · #19 Příspěvek od **DalrondX** » 05 lis 2013 18:05

Díky za pomoc. Zatím to vypadá OK

#20 Příspěvek od **vyosek** » 05 lis 2013 18:18

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Zavirovaný počítač

Re: Zavirovaný počítač

Re: Zavirovaný počítač

Re: Zavirovaný počítač

Re: Zavirovaný počítač

Re: Zavirovaný počítač