Preventívna Kontrola

[vyosek]

Vydrzte, poradim se s kolegy...

[vyosek]

Vytvorte si bod obnoveni: Ovladaci panely-System-vlevo je Ochrana systemu-vytvorit

Zkusime to opravit pomoci navodu od microsoftu http://support.microsoft.com/kb/314060 - pouzijte navod pro Win Vista

[P.Varga]

Hotovo, mechaniky fungujú.

[vyosek]

Uuuf, ani nevite jak jsem si oddychl Jsem se vice potil z nervu jestli to zapusobi ci nikoliv nez z toho horka

Zpatky tedy k puvodnimu problemu - Firefox stale zlobi

[P.Varga]

Naneštastie áno.

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Mozna za to muze to velke mnozstvi rozsireni - asi byl zcela odinstaloval FF a udelal cisty reinstal a dal tam pluginy opravdu nezbytne

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 13:17:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/28 13:17:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/19 12:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/11 16:02:26 | 000,000,000 | ---D | M]

[2010/04/11 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Extensions
[2009/12/09 16:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\7g3kg2b6.default\extensions
[2010/07/12 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions
[2010/06/11 18:16:43 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010/04/28 07:36:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/08 12:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/04/11 14:04:41 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/06/19 07:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010/01/05 12:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/15 16:40:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 22:25:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/29 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\artur.dubovoy@gmail.com
[2010/04/15 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\personas@christopher.beard
[2010/07/10 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\staged-xpis
[2010/04/25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\Strata40@SpewBoy.au
[2010/04/26 11:28:30 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\StrataBuddy@ReduxTeam
[2010/04/11 14:04:40 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/04/25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2009/10/22 06:40:14 | 000,002,257 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\askcom.xml
[2010/06/10 15:08:15 | 000,005,310 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\footiefox.xml
[2010/05/12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\icqplugin.xml
[2009/12/06 14:20:23 | 000,001,945 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\myiptest---ip-lookup.xml
[2010/05/22 15:44:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/02 11:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/22 15:44:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/22 15:44:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

[P.Varga]

No neviem či toto robia plug-iny pretože toto isté robí aj thunderbird a tam mám len plug-in od esetu pre AV.

[vyosek]

OK, pockame co ukaze MBAM...Jakou mate verzi FF a TB

[P.Varga]

FF 3.6.6 a TB 3.0.5 (kvôli AV)

[vyosek]

Oki, pockame na MBAM...

[P.Varga]

tak tu je
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4308

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13. 7. 2010 14:15:29
mbam-log-2010-07-13 (14-15-29).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 132735
Uplynulý čas: 3 min, 50 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 2
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
C:\directory\CyberGate (Trojan.PWS) -> No action taken.
C:\directory\CyberGate\install (Trojan.PWS) -> No action taken.

Infikované súbory:
C:\Users\Varga\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.

[vyosek]

Tohle C:\directory\CyberGate a C:\directory\CyberGate\install znate Pokud ne tak vse smazat a udelejte kompletni kontrolu

[vyosek]

Jeste procistete PC timhle:
TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

[P.Varga]

Hotovo, ale Firefox a Thunderbird stále štrajkujú.

[vyosek]

Pri rychlem skenu (jak jste dal log), jste vse smazal, nebo ty dve slozky nechal

Pracujete na kompletnim skenu