Pomalý NB a trojan Yabector

Zpráva

rcrogi · #1 Příspěvek od **rcrogi** » 11 srp 2010 22:22

Dobry,
prripojím sa s prosbou o pomoc. Dcerin NB s Vista Home basic sa hrozne spomalil. Po troch dnoch testov som objavil pomocou Microsoft Security Esentials trojana Yabector. Podľa rád na fore som urobil log s ComboFix ktory prikladám a prosím o jeho kontrolu. Vopred dakujem.
-----------------------------
ComboFix 10-08-08.03 - tinka . 08. 2010 22:18:34.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.1976.1037 [GMT 2:00]
Running from: c:\users\tinka\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 20:31 . 2010-08-09 20:39 -------- d-----w- c:\users\tinka\AppData\Local\temp
2010-08-09 20:31 . 2010-08-09 20:31 -------- d-----w- c:\users\sef\AppData\Local\temp
2010-08-09 20:31 . 2010-08-09 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-09 20:31 . 2010-08-09 20:31 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2010-08-09 20:11 . 2010-08-09 20:11 -------- d-----w- C:\32788R22FWJFW
2010-08-08 17:56 . 2010-08-08 17:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-08 17:56 . 2010-08-08 17:56 -------- d-----w- c:\users\tinka\SystemRequirementsLab
2010-08-07 23:10 . 2010-08-07 23:10 -------- d-----w- c:\users\tinka\AppData\Local\Apps
2010-08-07 16:34 . 2010-08-07 16:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-07 14:24 . 2010-08-07 14:24 -------- d-----w- c:\users\tinka\AppData\Roaming\Intel Corporation
2010-08-07 09:01 . 2010-08-07 09:01 -------- d-----w- c:\users\sef\Výsledky hledání ZME5
2010-08-07 09:01 . 2010-08-07 09:01 -------- d-----w- c:\users\sef\Alba ZME5
2010-08-07 09:00 . 2010-08-07 09:00 -------- d-----w- c:\users\sef\AppData\Roaming\Zoner
2010-08-07 07:04 . 2010-08-07 07:04 -------- d-----w- c:\users\sef\AppData\Local\Mozilla
2010-08-07 07:03 . 2010-08-07 07:03 -------- d-----w- c:\users\sef\AppData\Roaming\Winamp
2010-08-07 06:18 . 2010-08-07 06:18 -------- d-----w- c:\users\ADMINI~1
2010-08-07 06:09 . 2010-08-07 06:09 49152 ----a-r- c:\users\sef\AppData\Roaming\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe
2010-08-07 06:09 . 2010-08-07 06:09 10134 ----a-r- c:\users\sef\AppData\Roaming\Microsoft\Installer\{B79DB290-9F72-4B20-9776-848D7832705B}\ARPPRODUCTICON.exe
2010-08-06 22:35 . 2010-08-06 22:36 -------- d-----w- c:\users\sef\AppData\Roaming\IrfanView
2010-08-06 22:32 . 2010-08-06 22:32 -------- d-----w- c:\users\sef\AppData\Roaming\TMP
2010-08-06 22:32 . 2008-04-10 15:27 1804160 ------w- c:\windows\system32\drivers\snp2uvc.sys
2010-08-06 22:32 . 2007-05-10 04:16 28160 ------w- c:\windows\system32\drivers\sncduvc.sys
2010-08-06 22:29 . 2010-08-06 22:35 -------- d-----w- c:\users\sef\AppData\Roaming\Hewlett Packard
2010-08-06 18:07 . 2010-08-06 18:07 -------- d-----w- c:\users\sef\AppData\Roaming\Intel Corporation
2010-08-06 17:59 . 2010-08-06 17:59 -------- d-----w- C:\Intel
2010-08-06 17:59 . 2010-08-06 17:59 -------- d-----w- c:\users\sef\AppData\Roaming\InstallShield
2010-07-28 15:57 . 2010-07-28 15:57 52224 ----a-w- c:\users\tinka\AppData\Roaming\Mozilla\Firefox\Profiles\mft8o06i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-28 15:57 . 2010-07-28 15:57 101376 ----a-w- c:\users\tinka\AppData\Roaming\Mozilla\Firefox\Profiles\mft8o06i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-28 15:38 . 2010-07-28 15:38 -------- d-----w- c:\users\tinka\AppData\Roaming\DVDVideoSoftIEHelpers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 20:01 . 2009-09-26 11:35 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-09 20:01 . 2009-09-26 12:09 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-08-09 20:01 . 2008-08-06 02:48 -------- d-----w- c:\programdata\hpqLog
2010-08-09 19:51 . 2008-12-16 23:52 1076 ----a-w- c:\windows\bthservsdp.dat
2010-08-09 15:33 . 2009-05-04 18:13 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-08-09 15:28 . 2009-03-29 11:09 1356 ----a-w- c:\users\tinka\AppData\Local\d3d9caps.dat
2010-08-08 20:30 . 2008-08-06 03:24 -------- d-----w- c:\program files\HP
2010-08-08 20:24 . 2008-08-06 02:29 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-08 19:54 . 2008-08-06 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 19:02 . 2009-10-27 12:16 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-08 18:41 . 2009-07-03 11:17 101392 ----a-w- c:\users\sef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-08 18:03 . 2008-08-06 02:28 -------- d-----w- c:\program files\Intel
2010-08-08 04:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-08-08 04:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 23:21 . 2009-11-07 20:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-07 22:53 . 2008-12-16 17:17 101392 ----a-w- c:\users\tinka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-07 22:49 . 2008-08-06 03:08 -------- d-----w- c:\programdata\Microsoft Help
2010-08-07 21:12 . 2009-05-12 20:04 -------- d-----w- c:\program files\Microsoft
2010-08-07 20:19 . 2010-02-24 13:19 -------- d-----w- c:\program files\Roxio
2010-08-07 20:19 . 2008-08-06 03:14 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-07 20:09 . 2008-08-06 03:15 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-07 17:52 . 2009-10-27 12:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-06 22:45 . 2009-07-03 11:17 -------- d-----w- c:\users\sef\AppData\Roaming\HPQLOG
2010-08-06 22:32 . 2008-12-16 17:13 -------- d-----w- c:\program files\Common Files\SNP2UVC
2010-07-31 07:40 . 2009-01-09 22:21 -------- d-----w- c:\users\tinka\AppData\Roaming\dvdcss
2010-06-26 16:10 . 2008-12-25 18:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-01 17:37 . 2009-10-03 13:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 13:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 13:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-24 20:47 . 2009-05-24 20:47 778 ----a-w- c:\program files\Common Files\Konvertor.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-23 1434920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a0,de,1d,01,04,60,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\{7AAB7C21-7D46-47BE-959C-A1A10E6E2484}.job
- c:\program files\mozilla firefox\firefox.exe [2008-12-25 02:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\tinka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\tinka\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\tinka\AppData\Roaming\Mozilla\Firefox\Profiles\mft8o06i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2269050&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\tinka\AppData\Roaming\Mozilla\Firefox\Profiles\mft8o06i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\tinka\AppData\Roaming\Mozilla\Firefox\Profiles\mft8o06i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 22:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5308)
c:\windows\system32\btmmhook.dll
.
Completion time: 2010-08-09 22:42:17
ComboFix-quarantined-files.txt 2010-08-09 20:42

Pre-Run: 154 562 973 696 bytes free
Post-Run: 159 345 197 056 bytes free

- - End Of File - - A4173B1BF0BBB74E92D1223EA00BADED

#2 Příspěvek od **JaRon** » 12 srp 2010 07:05

vytvor si bootCD Avira http://www.viry.cz/forum/viewtopic.php?f=29&t=66880 a vycisti nim PC

rcrogi · #3 Příspěvek od **rcrogi** » 12 srp 2010 19:43

Dík za odpoved no nie je my jasné od čoho vyčistiť. Je tam original licencovaný a aktualizovaný ESSET SMART SECURITY v kombinácii so SPY BOOT a MICROSOFT SECURITY ESSENTIALS samozrejme nebežia súčasne. Stale je spustený ESSET a raz mesačne alebo v prípade nejakých divných stavov noteboku spuštam postupne zbytok nástrojov. Teraz my našli toho Yabectora. Niečo som odstranil no NB je stale pomalý. Je v tom priloženom logu niečo konkretne závadného? Nerad by som experimentoval s Linuxom nakolko notas je HP a vraj sú dosť náchylne na rôzne experimenty.

#4 Příspěvek od **JaRon** » 13 srp 2010 06:26

1. bootCD s Avirou na baze Linuxu iba prescanuje disk
2. ak sa bojis, pouzi cistenie s MBAM+CureIT+CCleaner
3. SpyBot je zastaraly, kludne ho mozes odinstalovat
4. v logu nie su vidiet ziadne breberky, ale prescanovanie bod 1 alebo 2 moze iba pomoct

VIRY.CZ

Pomalý NB a trojan Yabector

Pomalý NB a trojan Yabector

Re: Pomalý NB a trojan Yabector

Re: Pomalý NB a trojan Yabector

Re: Pomalý NB a trojan Yabector