Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3645
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
27. 1. 2010 18:17:35
mbam-log-2010-01-27 (18-17-35).txt
Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 263836
Uplynutý cas: 54 minute(s), 31 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 3
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 1
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Problém s Firefoxom
Re: Problém s Firefoxom
CPU:AMD Phenom II 955+Thermalright HR-01 Plus+Noctua NF-P12 MB: Gigabyte MA790X-UD3P RAM: 4GB Patriot 800MHz DDR2 GPU: Gainward GTX260 896MB 55nm HDD: Samsung Spinpoint F3 500GB PSU: Corsair HX650 CASE: Antec P182
Re: Problém s Firefoxom
A sakra! Vírus! 
Stiahni Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe" onclick="window.open(this.href);return false;
Prihlás sa ako administrátor. Presuň na plochu. Vypni všetky rezidentné štíty a firewally. Zatvor všetky okná. Spusť combofix. Neklikaj do okna. PC sa reštartuje. Daj sem log ktorý nájdeš v C:/combofix/combofix.txt
Stiahni Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe" onclick="window.open(this.href);return false;
Prihlás sa ako administrátor. Presuň na plochu. Vypni všetky rezidentné štíty a firewally. Zatvor všetky okná. Spusť combofix. Neklikaj do okna. PC sa reštartuje. Daj sem log ktorý nájdeš v C:/combofix/combofix.txt
Re: Problém s Firefoxom
MBG napísal:Môže ísť aj o vírus/trojana/etc...
mi*so napísal:A vírus by sa prejavoval iba na FF?
mi*so napísal:A sakra! Vírus!
Re: Problém s Firefoxom
ComboFix 10-01-27.03 - pc . 01. 2010 10:25:56.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3070.2544 [GMT 1:00]
Running from: c:\documents and settings\pc\Dokumenty\Preberanie\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-27 16:20 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 16:20 . 2010-01-27 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 16:20 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 19:10 . 2010-01-25 19:11 -------- d-----w- c:\program files\trend micro
2010-01-25 19:10 . 2010-01-25 19:11 -------- d-----w- C:\rsit
2010-01-25 15:20 . 2010-01-25 15:20 -------- d--h--w- c:\windows\PIF
2010-01-25 15:08 . 2010-01-25 15:08 -------- d-----w- c:\program files\ActiveSMART 2.8
2010-01-25 12:53 . 2010-01-25 12:53 -------- d-----w- c:\program files\HDDGURU LLF Tool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 09:31 . 2008-10-02 11:48 -------- d-----w- c:\program files\Steam
2010-01-28 09:28 . 2009-03-11 16:03 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 09:16 . 2008-09-09 16:48 -------- d-----w- c:\program files\ASUS
2010-01-24 09:16 . 2008-08-27 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 09:15 . 2009-03-03 21:25 -------- d-----w- c:\program files\SpeedFan
2010-01-22 11:02 . 2009-05-07 08:21 -------- d-----w- c:\program files\HD Tune Pro
2010-01-04 10:19 . 2009-11-20 13:45 -------- d-----w- c:\program files\Rockstar Games
2009-12-07 11:34 . 2009-06-09 11:02 25 ----a-w- c:\windows\popcinfot.dat
2009-11-28 09:46 . 2008-08-27 15:40 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-27 09:12 . 2001-10-25 12:00 81110 ----a-w- c:\windows\system32\perfc005.dat
2009-11-27 09:12 . 2001-10-25 12:00 432374 ----a-w- c:\windows\system32\perfh005.dat
2008-09-02 11:05 . 2008-09-02 06:14 24 --sh--w- c:\windows\S3A3585E3.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-14 57344]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-02-03 2181672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 11:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.12.game"=
"c:\\Program Files\\Steam\\SteamApps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11. 9. 2008 18:00 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10. 11. 2008 16:18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10. 11. 2008 16:18 108552]
R2 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.8\ASmartService.exe [25. 1. 2010 16:08 586008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10. 11. 2008 16:18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10. 11. 2008 16:18 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7. 10. 2008 7:51 222456]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [27. 8. 2008 16:24 19020]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [14. 2. 2009 9:32 23600]
.
Contents of the 'Scheduled Tasks' folder
2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/" onclick="window.open(this.href);return false;
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\42oyf78p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" onclick="window.open(this.href);return false;
FF - component: c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\42oyf78p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.
-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2010-01-28 10:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprt.sys >>UNKNOWN [0x8A474938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cf2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cffa21
SendHandler -> NDIS.sys @ 0xb9cdd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1214440339-1935655697-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,d8,2d,2b,7e,a1,44,76,b5,b2,31,34,cf,10,a8,de,a9,a7,f2,9f,c8,1b,5a,
91,70,2a,d3,d3,27,13,95,6e,05,ba,1c,c1,bb,87,6d,b8,c6,6d,23,61,a3,f2,cd,25,\
"??"=hex:d1,94,49,20,e7,1e,81,30,d0,5b,27,67,ef,ec,e7,10
[HKEY_USERS\S-1-5-21-1214440339-1935655697-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2c,c7,55,03,d5,25,3f,18,cb,31,d7,0b,db,5c,3b,0e,45,7b,98,e4,7d,
db,4b,3c,5e,77,c4,21,cb,13,a7,6d,64,22,16,ab,68,c7,6f,f2,72,63,6c,3b,be,16,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ActiveSMART 2.8\ActiveSMART.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-28 10:36:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 09:36
Pre-Run: Volných bajtů: 18 303 766 528
Post-Run: Volných bajtů: 23 097 946 112
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - BC749AD49272776126C16335BEFF1CD6
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3070.2544 [GMT 1:00]
Running from: c:\documents and settings\pc\Dokumenty\Preberanie\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-27 16:20 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 16:20 . 2010-01-27 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 16:20 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 19:10 . 2010-01-25 19:11 -------- d-----w- c:\program files\trend micro
2010-01-25 19:10 . 2010-01-25 19:11 -------- d-----w- C:\rsit
2010-01-25 15:20 . 2010-01-25 15:20 -------- d--h--w- c:\windows\PIF
2010-01-25 15:08 . 2010-01-25 15:08 -------- d-----w- c:\program files\ActiveSMART 2.8
2010-01-25 12:53 . 2010-01-25 12:53 -------- d-----w- c:\program files\HDDGURU LLF Tool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 09:31 . 2008-10-02 11:48 -------- d-----w- c:\program files\Steam
2010-01-28 09:28 . 2009-03-11 16:03 -------- d-----w- c:\program files\ICQ6.5
2010-01-24 09:16 . 2008-09-09 16:48 -------- d-----w- c:\program files\ASUS
2010-01-24 09:16 . 2008-08-27 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 09:15 . 2009-03-03 21:25 -------- d-----w- c:\program files\SpeedFan
2010-01-22 11:02 . 2009-05-07 08:21 -------- d-----w- c:\program files\HD Tune Pro
2010-01-04 10:19 . 2009-11-20 13:45 -------- d-----w- c:\program files\Rockstar Games
2009-12-07 11:34 . 2009-06-09 11:02 25 ----a-w- c:\windows\popcinfot.dat
2009-11-28 09:46 . 2008-08-27 15:40 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-27 09:12 . 2001-10-25 12:00 81110 ----a-w- c:\windows\system32\perfc005.dat
2009-11-27 09:12 . 2001-10-25 12:00 432374 ----a-w- c:\windows\system32\perfh005.dat
2008-09-02 11:05 . 2008-09-02 06:14 24 --sh--w- c:\windows\S3A3585E3.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-14 57344]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-02-03 2181672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 11:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.12.game"=
"c:\\Program Files\\Steam\\SteamApps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skrewhead69\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11. 9. 2008 18:00 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10. 11. 2008 16:18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10. 11. 2008 16:18 108552]
R2 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.8\ASmartService.exe [25. 1. 2010 16:08 586008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10. 11. 2008 16:18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10. 11. 2008 16:18 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7. 10. 2008 7:51 222456]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [27. 8. 2008 16:24 19020]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [14. 2. 2009 9:32 23600]
.
Contents of the 'Scheduled Tasks' folder
2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/" onclick="window.open(this.href);return false;
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\42oyf78p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" onclick="window.open(this.href);return false;
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" onclick="window.open(this.href);return false;
FF - component: c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\42oyf78p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.
-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2010-01-28 10:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprt.sys >>UNKNOWN [0x8A474938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cf2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cffa21
SendHandler -> NDIS.sys @ 0xb9cdd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1214440339-1935655697-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,d8,2d,2b,7e,a1,44,76,b5,b2,31,34,cf,10,a8,de,a9,a7,f2,9f,c8,1b,5a,
91,70,2a,d3,d3,27,13,95,6e,05,ba,1c,c1,bb,87,6d,b8,c6,6d,23,61,a3,f2,cd,25,\
"??"=hex:d1,94,49,20,e7,1e,81,30,d0,5b,27,67,ef,ec,e7,10
[HKEY_USERS\S-1-5-21-1214440339-1935655697-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2c,c7,55,03,d5,25,3f,18,cb,31,d7,0b,db,5c,3b,0e,45,7b,98,e4,7d,
db,4b,3c,5e,77,c4,21,cb,13,a7,6d,64,22,16,ab,68,c7,6f,f2,72,63,6c,3b,be,16,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ActiveSMART 2.8\ActiveSMART.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-28 10:36:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 09:36
Pre-Run: Volných bajtů: 18 303 766 528
Post-Run: Volných bajtů: 23 097 946 112
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - BC749AD49272776126C16335BEFF1CD6
CPU:AMD Phenom II 955+Thermalright HR-01 Plus+Noctua NF-P12 MB: Gigabyte MA790X-UD3P RAM: 4GB Patriot 800MHz DDR2 GPU: Gainward GTX260 896MB 55nm HDD: Samsung Spinpoint F3 500GB PSU: Corsair HX650 CASE: Antec P182
Re: Problém s Firefoxom
Sú tam aj rootkity.
A napadnutý je atapi.sys .
Bude to veľmi ťažké. Ale mám jedno riešenie:
Poprosím o log Z GMER: http://www.gmer.net/gmer.zip" onclick="window.open(this.href);return false;
Spusť. Daj scan. Daj save. Ulož. Daj sem celý log.
A napadnutý je atapi.sys .
Bude to veľmi ťažké. Ale mám jedno riešenie:
Poprosím o log Z GMER: http://www.gmer.net/gmer.zip" onclick="window.open(this.href);return false;
Spusť. Daj scan. Daj save. Ulož. Daj sem celý log.
Re: Problém s Firefoxom
nebude jednoduchšie preinštalovať celý windows a zaopatriť si nejaký poriadny antivír?
CPU:AMD Phenom II 955+Thermalright HR-01 Plus+Noctua NF-P12 MB: Gigabyte MA790X-UD3P RAM: 4GB Patriot 800MHz DDR2 GPU: Gainward GTX260 896MB 55nm HDD: Samsung Spinpoint F3 500GB PSU: Corsair HX650 CASE: Antec P182
Re: Problém s Firefoxom
Podľa toho či si chceš zachovať súbory alebo formátovať a nainštalovať Windows-
Re: Problém s Firefoxom
súbory čo budem potrebovať si vypálim a cca o týždeň, dva prechádzam na Windows 7...ešte taká vec, aký antivírus odporúčaš?
ďalšia vec, že ten program mi cca po 10 minútach spadol, preblikla modrá obrazovka a drb...reštart
ďalšia vec, že ten program mi cca po 10 minútach spadol, preblikla modrá obrazovka a drb...reštart
CPU:AMD Phenom II 955+Thermalright HR-01 Plus+Noctua NF-P12 MB: Gigabyte MA790X-UD3P RAM: 4GB Patriot 800MHz DDR2 GPU: Gainward GTX260 896MB 55nm HDD: Samsung Spinpoint F3 500GB PSU: Corsair HX650 CASE: Antec P182
Re: Problém s Firefoxom
GMER spusť v núdzovom režime.
Free Avast 5.0 . Z platených Norton Internet Security 2010.
Free Avast 5.0 . Z platených Norton Internet Security 2010.