Špatné načítání stránek v Opeře

[vyosek]

Kdyz vidim cim si PC krmite (od cracknuteho antiviru az po bezne cracky), tak se nedivim ze je PC ve stavu v jakem je

Dodelejte ten MBAM a pujdeme dale...

[petulkag]

Zde je log:

Kód: Vybrat vše

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.10.2010 22:28:09
mbam-log-2010-10-17 (22-28-09).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 341945
Uplynulý čas: 3 hodina(y), 16 minuta(y), 50 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 19
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované složky: 1
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{730ceab8-d22b-4a64-8a3f-d3baaa911992} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fb9f522e-9480-4952-9cfd-2faec7de51dc} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1934633e-e72d-4691-ad5f-93af7ed0ff3a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a48d29f7-cac4-4c17-8ae5-7e2ff6684676}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.33,93.188.160.103 -> No action taken.

Infikované složky:
C:\Documents and Settings\Petra Gottwaldová\Nabídka Start\Programy\System Security (Rogue.SystemSecurity) -> No action taken.

Infikované soubory:
C:\Program Files\Alarm\Prevod.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Get Styles\enlbrdr.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Petra Gottwaldová\Data aplikací\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Documents and Settings\Petra Gottwaldová\Plocha\Nepoužívané odkazy plochy\HRY\Call of Duty 4 - Modern Warfare\Crack\rzr-cod4.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\Petra Gottwaldová\Nabídka Start\Programy\System Security\System Security (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\Petra Gottwaldová\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Petra Gottwaldová\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

[vyosek]

Presne jak jsem si myslel, DNS Changer - vse smazat

Prosim nedavejte logy do code, spatne se to lusti a boli z toho oci

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[petulkag]

Flash disk u sebe zrovna nemám. Nevím jak mam udělat tento bod: "Pokud mate Win XP spustte pod uctem Spravce\Administratora" ... mám se tedy odhlásit a přihlásit jako administrátor? Problem bude asi ten, že nevim heslo na toho administrátora...?

[vyosek]

Pokud jste ted na ucte a muzete instalovat programy, tak na nem zustante...

Flash disk tedy nezkontrolujem, no neda se nic delat...

[petulkag]

Tak log je hotový... Ještě jedna otázka...Jak jsem dělala ten scan v programu MBAM, tak sem žádný soubory přes ten program nemazala (a teď si nejsem jistá, jeslti sem to měla udělat...) Já sem tožiž pochopila tak, že se to bude mazat přes ten Combofix...

ComboFix 10-10-16.04 - Petra Gottwaldová 17.10.2010 23:21:04.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.585 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petra Gottwaldová\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101017-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Petra Gottwaldová\Data aplikací\Desktopicon
c:\documents and settings\Petra Gottwaldová\Data aplikací\Desktopicon\config.ini
c:\documents and settings\Petra Gottwaldová\Data aplikací\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Petra Gottwaldová\Nabídka Start\Programy\System Security
c:\documents and settings\Petra Gottwaldová\Nabídka Start\Programy\System Security\System Security
c:\program files\DaemonTools_WhenUSave_Installer
c:\windows\system32\ReadMe.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-17 do 2010-10-17 )))))))))))))))))))))))))))))))
.

2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2010-10-17 16:56 . 2010-10-17 16:56 -------- d-----w- c:\documents and settings\Petra Gottwaldová\Data aplikací\Malwarebytes
2010-10-17 16:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 16:56 . 2010-10-17 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-17 16:56 . 2010-10-17 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 16:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 19:20 . 2010-10-15 19:20 -------- d-----w- C:\_OTM
2010-10-15 18:23 . 2010-10-15 18:23 -------- d-----w- C:\rsit
2010-10-09 20:17 . 2006-02-05 20:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2010-10-09 20:17 . 2006-02-05 20:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2010-10-09 20:17 . 2010-10-09 20:18 -------- d-----w- c:\program files\ScreenVCR
2010-10-08 19:43 . 2010-10-08 19:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-19 09:25 . 2010-09-19 09:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2010-09-19 09:10 . 2010-09-19 09:11 -------- d-----w- C:\CAB Install
2010-09-19 09:08 . 2010-09-19 09:08 -------- d-----w- c:\program files\Matt Kirby Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-14 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"nwiz"="nwiz.exe" [2005-12-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 1836544]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 659456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Alarm.exe"="c:\program files\Alarm\Alarm.exe" [2006-10-11 1012736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petra Gottwaldov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Automatick‚ vypnutˇ poźˇtaźe.lnk - c:\program files\Automatick‚ vypnutˇ poźˇtaźe\avp.exe [2004-12-28 443392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 07:12 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Commandos II\\comm2.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\petra883\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Petra Gottwaldová\\Plocha\\Nepoužívané odkazy plochy\\HRY\\F.E.A.R\\F.E.A.R_www.bat-yam1.com\\game\\FEAR.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Opera 10.10 Beta\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7508:TCP"= 7508:TCP:BitComet 7508 TCP
"7508:UDP"= 7508:UDP:BitComet 7508 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [12.2.2009 18:55 2915944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.11.2008 17:29 114768]
R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [6.9.2010 19:37 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10.10.2006 14:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 13:39 66632]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [8.8.2009 10:56 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.11.2008 17:29 20560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [8.8.2009 10:56 65576]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 18:51 12872]
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\program files\Unlocker\UnlockerDriver4.sys --> c:\program files\Unlocker\UnlockerDriver4.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.1.2007 17:41 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://apps.facebook.com/texas_holdem/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\Petra Gottwaldová\Data aplikací\Mozilla\Firefox\Profiles\1thdis46.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search-styles.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-HijackThis - c:\documents and settings\Petra Gottwaldová\Plocha\Nepoužívané odkazy plochy\HiJackThis_v2\HijackThis.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-842925246-1303643608-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-842925246-1303643608-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,5f,b4,74,aa,a6,28,f1,21,3c,db,2c,b8,c1,2d,4a,af,cc,82,66,78,7c,4a,
f6,78,00,4b,b7,ee,d0,9e,3c,e5,94,f7,89,cb,ef,8a,a4,17,12,49,11,3e,58,56,79,\
"??"=hex:44,10,e3,6f,ae,7a,ee,bc,bf,9c,c5,b8,85,5e,8a,92

[HKEY_USERS\S-1-5-21-842925246-1303643608-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,f1,1a,7f,27,08,18,db,26,84,29,df,84,b0,e1,ed,b8,10,45,b3,2b,
43,30,4c,72,5b,6c,11,16,00,34,e1,c2,4b,09,d8,52,01,54,82,ea,47,13,85,f7,d7,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2010-10-17 23:36:07
ComboFix-quarantined-files.txt 2010-10-17 21:36

Před spuštěním: Volných bajtů: 14 536 339 456
Po spuštění: Volných bajtů: 14 498 721 792

- - End Of File - - C3533ADBBF85BDC8C69D8CA7628A65ED

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\program files\Alarm\Alarm.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[vyosek]

A jeste prosim tyhle soubory hodte na VirusTotal

• C:\Documents and Settings\Petra Gottwaldová\Plocha\Nepoužívané odkazy plochy\HRY\Call of Duty 4 - Modern Warfare\Crack\rzr-cod4.exe
  C:\Program Files\Get Styles\enlbrdr.dll
  C:\Documents and Settings\Petra Gottwaldová\Data aplikací\wiaserva.log

[petulkag]

Tady: http://www.virustotal.com/file-scan/rep ... 1287352305

[vyosek]

A jeste ty tri dalsi soubory, jak jsem psal v dalsim prispevku, prosim...

[petulkag]

http://www.virustotal.com/file-scan/rep ... 1287352542

http://www.virustotal.com/file-scan/rep ... 1287352667

http://www.virustotal.com/file-scan/rep ... 1287352696

[vyosek]

Zkuste provest aktualizaci MBAMu - pokud nepujde, pokracujte dale

Provedte opet kompletni sken pomoci MBAM a nalezene polozky smazte krome nize uvedenych - log opet sem

• C:\Documents and Settings\Petra Gottwaldová\Data aplikací\wiaserva.log
  c:\program files\Alarm\Alarm.exe

[petulkag]

Aktualizace byla provedena v pořádku... odstranila jsem vše kromě: C:\Documents and Settings\Petra Gottwaldová\Data aplikací\wiaserva.log
Tato položka: c:\program files\Alarm\Alarm.exe .... už v seznamu nebyla.
Jinak stránky v Opeře se načítají už dobře Mockrát Vám děkuji za pomoc.



Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4878

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.10.2010 11:25:31
mbam-log-2010-10-19 (11-25-31).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 365063
Uplynulý čas: 1 hodina(y), 45 minuta(y), 51 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{730ceab8-d22b-4a64-8a3f-d3baaa911992} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fb9f522e-9480-4952-9cfd-2faec7de51dc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3cf7606-e683-4375-a372-96b75da0aef7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Get Styles\enlbrdr.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Petra Gottwaldová\Data aplikací\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\Petra Gottwaldová\Plocha\Nepoužívané odkazy plochy\HRY\Call of Duty 4 - Modern Warfare\Crack\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA8A1C1D-26AE-4D9D-85B5-25B97257F61C}\RP395\A0057112.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\Petra Gottwaldová\Data aplikací\wiaserva.log (Malware.Trace) -> Not selected for removal.
C:\Documents and Settings\Petra Gottwaldová\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

[vyosek]

Zkontrolujte zda-li mate spravne nastavene pripojeni k internetu, ci tam ten DNS Changer neco nepozmenil - Start - Ovladaci panely - Sitova pripojeni - Pripojeni k mistni siti - Vlastnosti - zde zkontrolujte nastaveni TCP\IP a DNS zda jsou v souladu se smlouvou s Vasim providerem