VIRY.CZ

Odinstalujte PANDORA.TV a Spyware Terminator - ten muze kolidovat s Avastem

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
  HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
  HKCU\...\Policies\system: [LogonHoursAction] 2
  HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
  HKCU\...\Policies\Explorer: [NoInstrumentation] 0
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKCU - 6BB4A58E56A9485CB9352DBEBABB5495 URL = http://searchou.com/?q={searchTerms}&id=da64a02000000000000000ffb5f14938&affilt=5&r=84
  SearchScopes: HKCU - {37EE25A4-948F-4481-A9EE-5663FB516395} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=da64a02000000000000000ffb5f14938&affilt=3&r=939
  SearchScopes: HKCU - {3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
  
  FF Plugin: @microsoft.com/GENUINE - disabled No File
  FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
  FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml
  FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml
  FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
  
  CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0
  CHR Extension: (iVidi Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef\1.0_0
  CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
  
  R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
  S3 ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
  S3 catchme; \??\C:\ComboFix\catchme.sys [x]
  S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
  S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
  S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
  S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
  S3 VGPU; System32\drivers\rdvgkmd.sys [x]
  
  C:\Program Files (x86)\PANDORA.TV\PanService
  2013-11-05 11:37 - 2013-11-05 11:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe
  2013-11-05 11:38 - 2013-11-05 12:00 - 00000000 ____D C:\Users\Ondrej\Desktop\mbar
  2013-11-04 18:37 - 2013-11-04 18:38 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ondrej\Desktop\rkill.com
  2013-11-04 18:40 - 2013-11-04 18:41 - 00004018 _____ C:\Users\Ondrej\Desktop\Rkill.txt
  
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
  AlternateDataStreams: C:\ProgramData\TEMP:A85D770C
  AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
  
  Hosts:
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Ondrej at 2013-11-05 17:22:20 Run:1
Running from C:\Users\Ondrej\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - 6BB4A58E56A9485CB9352DBEBABB5495 URL = http://searchou.com/?q={searchTerms}&id ... ilt=5&r=84
SearchScopes: HKCU - {37EE25A4-948F-4481-A9EE-5663FB516395} URL = http://search.ividi.org/?q={searchTerms ... lt=3&r=939
SearchScopes: HKCU - {3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} URL = http://search.yahoo.com/search?p={searc ... type=STDVM

FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [dhfcbmlocifngpbjdpgnkbjmgkadkjpp] - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S3 ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

C:\Program Files (x86)\PANDORA.TV\PanService
2013-11-05 11:37 - 2013-11-05 11:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe
2013-11-05 11:38 - 2013-11-05 12:00 - 00000000 ____D C:\Users\Ondrej\Desktop\mbar
2013-11-04 18:37 - 2013-11-04 18:38 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ondrej\Desktop\rkill.com
2013-11-04 18:40 - 2013-11-04 18:41 - 00004018 _____ C:\Users\Ondrej\Desktop\Rkill.txt

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:A85D770C
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\6BB4A58E56A9485CB9352DBEBABB5495 => Key deleted successfully.
HKCR\CLSID\6BB4A58E56A9485CB9352DBEBABB5495 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37EE25A4-948F-4481-A9EE-5663FB516395} => Key deleted successfully.
HKCR\CLSID\{37EE25A4-948F-4481-A9EE-5663FB516395} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} => Key deleted successfully.
HKCR\CLSID\{3AE17E74-EABE-4cce-ACB2-ACD9FBDD645C} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\ividi.xml => Moved successfully.
C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\searchplugins\privitize.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully.
C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp => Moved successfully.
C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp => Key deleted successfully.
"C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitize.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
PanService => Service not found.
ATICDSDr => Service deleted successfully.
catchme => Service deleted successfully.
dgderdrv => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Program Files (x86)\PANDORA.TV\PanService" => File/Directory not found.
C:\Users\Ondrej\Desktop\mbar-1.07.0.1007.exe => Moved successfully.
C:\Users\Ondrej\Desktop\mbar => Moved successfully.
C:\Users\Ondrej\Desktop\rkill.com => Moved successfully.
C:\Users\Ondrej\Desktop\Rkill.txt => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\TEMP => ":A85D770C" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Díky za pomoc. Zatím to vypadá OK

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat