Pomale PC ,trhavy zvuk a dalsi

Zpráva

chodnik74 · #31 Příspěvek od **chodnik74** » 01 lis 2011 20:29

Povedla se oprava nouzového režimu? jinak malwarebytes můžete pro jistotu spustit ještě jednou

zatím vymyslím co dále

chodnik74 · #32 Příspěvek od **chodnik74** » 01 lis 2011 20:32

Pokud nepojede nouzový režim, tak zkuste znovu tento krok http://www.viry.cz/forum/viewtopic.php? ... 9#p1048079 , který by měl opravit nouzový režim

VasaPasa · #33 Příspěvek od **VasaPasa** » 01 lis 2011 20:48

uz se stalo...myslim tim ten malwrebyte.... tentokrat to bylo bez nalezu

chodnik74 · #34 Příspěvek od **chodnik74** » 01 lis 2011 20:58

A jak se chová počítač? jede nouzový režim?

Udělejte údržbu pc..

TFC

Stáhneme a spustíme program
Klikneme na Start a potvrdíme OK
Program začne uklízet,poté restartuje pc
po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry

Ccleaner

Stáhneme a nainstalujeme program
Spustíme program
ČISTIČ
Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše a odškrkneme volbu Zbytky souborů v paměti
Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
>Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
Registry
>Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
>Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
>opakujte dokud nebude registr bez problémů
Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku

Defraggler

Stáhneme a nainstalujeme program
Spustíme program
Vybereme disk ( C:,D:..prostě který používáme)
Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
Proveďte se všemi používanými disky
Provádíme 1x za měsíc

3)Aktualizace programů

FileHippo.com Update Checker

Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
Spustíme program
Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
>X Updates Detected..to jsou dostupné aktualizace..
> klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
> X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
Provádíme 1x za 14 dní nebo jednou za měsíc

Poprosil bych nový RSIT

VasaPasa · #35 Příspěvek od **VasaPasa** » 02 lis 2011 00:19

pocitac se chova stale stejne. dalo by se rict zadna zmena i kdyz nevim jestli se mi to nezda ale interupt v process exploreru nevytezuje procesor tak casto jako na zacatku .nicmene hlavni problemy jsou stale tady. porad kdyz se pokusim neco spustit treba youtube pocitac se zacne strasne sekat zvuk se zacne skubat ,stale nejsem schopen nacist stranky antiviru ani udelal aktualizace windows a safe mod je porad mrtvy

Jinak ted sem skousel trikrat po sobe spustit ten skript na combo fix ale zda se ze kombo fix po aktualizaci a vytvoreni zalohy jakoby usne vypise jen ze zacina sken ktery muze trvat dlouho a pak uz se nic nedeje a to sem ho nechal jet skoro hodinu

po te sem skusil spustit combofix bez skriptu a jelo to v poradku ...neni nejaka chyba prave v tom skriptu?? tady je log ...jeste jdu provest dalsi ukony co ste tu vypsal

ComboFix 11-11-01.04 - jan 01/11/2011 22:19:23.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.520 [GMT 0:00]
Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
c:\documents and settings\jan\Local Settings\Application Data\cxlhqfxj.log
c:\documents and settings\jan\Local Settings\Application Data\jbetfhlv.log
c:\documents and settings\jan\Local Settings\Application Data\knwfaxgp.log
c:\documents and settings\jan\Local Settings\Application Data\loxwylsm.log
c:\documents and settings\jan\Local Settings\Application Data\ohyohacq.log
c:\documents and settings\jan\Local Settings\Application Data\vqcuywtj.log
c:\documents and settings\jan\Local Settings\Application Data\xjvrlvxm.log
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\jestertb.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 17:32 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 17:32 . 2011-11-01 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 03:40 . 2011-10-31 03:40 -------- d-----w- c:\documents and settings\jan\Application Data\Avira
2011-10-31 03:22 . 2011-07-21 12:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-31 03:22 . 2011-07-21 12:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-31 03:22 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-31 03:22 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-31 03:22 . 2011-10-31 03:22 -------- d-----w- c:\program files\Avira
2011-10-31 03:22 . 2011-10-31 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-30 22:48 . 2011-10-30 22:48 -------- d-----w- c:\program files\CleanUp!
2011-10-29 22:17 . 2011-10-29 22:17 -------- d-----w- c:\documents and settings\jan\Application Data\Media Player Classic
2011-10-29 17:41 . 2011-10-29 17:41 21464 ------w- c:\program files\Mozilla Firefox\plc4.dll
2011-10-29 17:41 . 2011-10-29 17:41 20440 ------w- c:\program files\Mozilla Firefox\plds4.dll
2011-10-29 17:41 . 2011-10-29 17:41 16856 ------w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-29 17:41 . 2011-10-29 17:41 166872 ------w- c:\program files\Mozilla Firefox\softokn3.dll
2011-10-29 17:41 . 2011-10-29 17:41 109528 ------w- c:\program files\Mozilla Firefox\smime3.dll
2011-10-29 17:41 . 2011-10-29 17:41 142296 ------w- c:\program files\Mozilla Firefox\ssl3.dll
2011-10-29 17:41 . 2011-10-29 17:41 714016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-10-29 17:41 . 2011-10-29 17:41 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-10-29 17:41 . 2011-10-29 17:41 19416 ------w- c:\program files\Mozilla Firefox\xpcom.dll
2011-10-29 17:41 . 2011-10-29 17:41 15649752 ------w- c:\program files\Mozilla Firefox\xul.dll
2011-10-29 13:03 . 2011-10-29 13:03 -------- d-----w- c:\program files\trend micro
2011-10-29 13:02 . 2011-10-29 13:03 -------- d-----w- C:\rsit
2011-10-29 01:28 . 2011-10-29 01:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 00:13 . 2011-10-29 00:13 -------- d-----w- c:\documents and settings\jan\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-28 18:05 . 2011-10-28 18:05 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\Identities
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\scripting
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\l2schemas
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\en
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\bits
2011-10-28 17:00 . 2011-10-28 17:00 -------- d-----w- c:\windows\EHome
2011-10-28 15:40 . 2011-11-01 22:50 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj
2011-10-26 10:22 . 2011-10-03 04:06 476904 ------w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 21:49 . 2010-03-26 09:25 735232 ----a-w- c:\windows\system32\drivers\WlanGZXP.sys
2011-10-28 19:31 . 2011-07-11 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2011-02-27 16:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-02-27 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 17:42 . 2011-10-29 17:42 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-01 22:47 . 2011-11-01 22:47 16384 c:\windows\temp\Perflib_Perfdata_588.dat
+ 2011-11-01 02:16 . 2008-04-13 18:39 24576 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
+ 2011-11-01 02:16 . 2008-04-13 19:18 52480 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\i8042prt.sys
+ 2011-10-31 03:22 . 2010-06-17 15:27 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2011-10-28 23:42 . 2010-06-17 14:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-04 08:00 . 2008-04-13 19:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-08-04 08:00 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2004-08-04 08:00 . 2008-04-13 20:18 52480 c:\windows\system32\drivers\i8042prt.sys
- 2004-08-04 08:00 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-04 08:00 . 2008-04-13 19:39 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-04 08:00 . 2008-04-13 20:18 52480 c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-07 13:10 . 2011-11-01 00:36 27664 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-07 13:10 . 2011-11-01 00:36 85807 c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IwbCefdw"="c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 9:06 AM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2011 5:32 PM 22216]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 22:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
.
c:\documents and settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe 113840 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-11-01 23:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 23:03
ComboFix2.txt 2011-10-30 20:14
ComboFix3.txt 2011-10-30 18:41
.
Pre-Run: 20,603,277,312 bytes free
Post-Run: 20,559,470,592 bytes free
.
- - End Of File - - 9FFCC9BCEAC1628FDE83A67DAA557718

chodnik74 · #36 Příspěvek od **chodnik74** » 02 lis 2011 07:34

Mrkneme na rootkity a pak jdeme na podrobnější sken PC

Stáhněte SPTD

Vyberte si verzi svého operačního systému,jestli máte 32 bitů nebo 64 bitů
Stáhněte si program na plochu a spuste
Zvolte možnost Uninstall,poté restartujte PC (Kdyby nešlo na tlačítko Uninstall kliknou a bylo šedé,tak tento krok přeskočte

Stáhněte Defogger

Stáhněte si program a uložte na plochu
Spuste program
Kliknete na tlačítko Disable,poté restartujte PC(Kdyby nešlo na tlačítko Disable kliknou a bylo šedé,tak tento krok přeskočte

Stáhněte MBR

Přesuňte soubor mbr.exe na vaši Plochu
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: %userprofile%\plocha\mbr" -t -s a dejte enter
Na Ploše se Vám vytvoří log s názvem mbr.txt a jeho obsah mi sem vložte

Poté udělejte log z GMERu, návod na gmer naleznete v mém podpisu

VasaPasa · #37 Příspěvek od **VasaPasa** » 02 lis 2011 15:18

tady je pozadovany scan z Gmer bouzel ten maly scan jakje psane v navodu to neudelalo nevim proc

prvni dva kroky jsem splnil jen mbr jsem bohuzel nedokazal rozchodit protoze nemam potrebnou verzi NET framework a virus me nechce pustit na stranku kde se da net framework aktualizovat

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2011-11-02 14:14:46
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.12 ----

SSDT \??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys ZwCreateKey
SSDT \??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys ZwOpenKey

---- User code sections - GMER 1.0.12 ----

.text C:\Documents and Settings\jan\My Documents\Stažené soubory\gmer\gmer.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Documents and Settings\jan\My Documents\Stažené soubory\gmer\gmer.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Documents and Settings\jan\My Documents\Stažené soubory\gmer\gmer.exe[188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Documents and Settings\jan\My Documents\Stažené soubory\gmer\gmer.exe[188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\spoolsv.exe[568] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\system32\ati2evxx.exe[840] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\ati2evxx.exe[840] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\ati2evxx.exe[840] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\ati2evxx.exe[840] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[856] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1056] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A32FB
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A2F86
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 200A2FDC
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A33B6
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A281D
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A33E3
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A27E8
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 200A3410
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A31E0
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A3139
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 200A284F
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 200A3437
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 200A27A2
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 200A275C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Java\jre6\bin\jqs.exe[1148] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\system32\ati2evxx.exe[1380] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\ati2evxx.exe[1380] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\ati2evxx.exe[1380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\ati2evxx.exe[1380] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1396] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1396] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1396] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\WINDOWS\explorer.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\explorer.exe[1484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\explorer.exe[1484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\explorer.exe[1484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200A32FB
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 200A2F86
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 200A2FDC
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200A33B6
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 200A281D
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200A33E3
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200A27E8
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 200A3410
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200A31E0
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 200A3139
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 200A284F
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 200A3437
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 200A27A2
.text C:\WINDOWS\explorer.exe[1484] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 200A275C
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 200A637E
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2009A164
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200A61FA
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200A0BA0
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200A197B
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 200A1CA5
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 200A1FBE
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!send 71AB4C27 5 Bytes JMP 200A192D
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 200A1E02
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!recv 71AB676F 5 Bytes JMP 200A1C36
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 200A1D1A
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 200A1EDD
.text C:\WINDOWS\system32\svchost.exe[1512] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200A1D8B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1676] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\svchost.exe[1784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1828] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1828] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1828] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\wdfmgr.exe[1872] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\wdfmgr.exe[1872] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\wdfmgr.exe[1872] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\wdfmgr.exe[1872] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\wscntfy.exe[2320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\wscntfy.exe[2320] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\wscntfy.exe[2320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\wscntfy.exe[2320] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 200232FB
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 20022F86
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 20022FDC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 200233B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 2002281D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 200233E3
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 200227E8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 20023410
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 200231E0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 20023139
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetWriteFile 3D9A60F6 5 Bytes JMP 2002284F
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 20023437
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 200227A2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2364] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 2002275C
.text C:\WINDOWS\system32\alg.exe[2460] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\alg.exe[2460] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\alg.exe[2460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\alg.exe[2460] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2002197B
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20021CA5
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20021FBE
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002192D
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20021E02
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20021C36
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20021D1A
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20021EDD
.text C:\WINDOWS\system32\alg.exe[2460] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20021D8B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2812] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2812] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2812] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\rundll32.exe[2904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\rundll32.exe[2904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\rundll32.exe[2904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\rundll32.exe[2904] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\WINDOWS\system32\ctfmon.exe[3312] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2002637E
.text C:\WINDOWS\system32\ctfmon.exe[3312] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A164
.text C:\WINDOWS\system32\ctfmon.exe[3312] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200261FA
.text C:\WINDOWS\system32\ctfmon.exe[3312] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20020BA0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2006637E
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A164
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 200661FA
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 2006197B
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20061CA5
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20061FBE
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2006192D
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20061E02
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20061C36
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20061D1A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 20061EDD
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20061D8B
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 20060BA0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3352] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
ADS C:\Documents and Settings\jan\Favorites\Links\Suggested Sites.url:favicon
File C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
File C:\Documents and Settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\iwbcefdw.exe

---- EOF - GMER 1.0.12 ----

chodnik74 · #38 Příspěvek od **chodnik74** » 02 lis 2011 16:36

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)

Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit

Kód: Vybrat vše


:Files
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\jan\Favorites\Links\Suggested Sites.url
C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\
C:\Documents and Settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\iwbcefdw.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

:Commands
[ClearAllRestorePoints]
[EmptyFlash]
[EmptyTemp]
[ResetHosts]

Po restartu pc se vám objeví log z OTL,ten mi sem prosím vložte..

Udělal jste log z MBR.exe? rád bych ho viděl

VasaPasa · #39 Příspěvek od **VasaPasa** » 02 lis 2011 17:05

tady je log

jak sem psal vyse ten program nejsem schopen spustit protoze vyzaduje aktualizaci net framework a ten nemohu stahnout protoze mi vir nedovoli jit na pozadovane stranky s aktualizaci

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully.
C:\Documents and Settings\jan\Favorites\Links\Suggested Sites.url moved successfully.
C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj folder moved successfully.
File\Folder C:\Documents and Settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe not found.
File\Folder C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\iwbcefdw.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\"AlternateShell"|"cmd.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys\\@|"FSFilter System Recovery" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}\\@|"Universal Serial Bus controllers" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}\\@|"CD-ROM Drive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}\\@|"DiskDrive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}\\@|"Standard floppy disk controller" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}\\@|"Hdc" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}\\@|"Keyboard" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}\\@|"Mouse" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}\\@|"PCMCIA Adapters" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}\\@|"SCSIAdapter" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}\\@|"System" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}\\@|"Floppy disk drive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\\@|"Volume" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\\@|"Human Interface Devices" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys\\@|"FSFilter System Recovery" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI\\@|"Driver Group" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys\\@|"Driver" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC\\@|"Service" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}\\@|"Universal Serial Bus controllers" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}\\@|"CD-ROM Drive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\\@|"DiskDrive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}\\@|"Standard floppy disk controller" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}\\@|"Hdc" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\\@|"Keyboard" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\\@|"Mouse" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\\@|"Net" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\\@|"NetClient" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\\@|"NetService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\\@|"NetTrans" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}\\@|"PCMCIA Adapters" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}\\@|"SCSIAdapter" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}\\@|"System" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}\\@|"Floppy disk drive" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\\@|"Volume" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\\@|"Human Interface Devices" /E : value set successfully!
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: Default User

User: jan
->Flash cache emptied: 644 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jan
->Temp folder emptied: 51297274 bytes
->Temporary Internet Files folder emptied: 977382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64984077 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 2075853 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_154411

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

chodnik74 · #40 Příspěvek od **chodnik74** » 02 lis 2011 19:04

Nyní by měl fungovat nouzový režim..vyzkoušejte jak je tomu

Zkuste jít na stránky http://www.avast.com třeba... vyzkoušejte na to různé prohlížeče

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým
tlačítkem myši a dejte ,,Spustit jako správce,,)
Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být
nezaškrknutá
Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
Staří souborů změňte z 30 dnů na 7 dnů

Do spodního okýnka Vlastní skenování/opravy vložte následující script:

Kód: Vybrat vše

netsvcs
safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
*crack* /s
*keygen* /s
*nocd* /s
*nodvd* /s
*AutoKMS* /s
*AutoRearm* /s
*Loader* /s
*w7lxe* /s
*Legalizator* /s
*GenuineXP* /s
*minodlogin* /s
serial.txt /s
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSucces
sTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikněte na tlačítko Prohledat
Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty
mě sem vložte

VasaPasa · #41 Příspěvek od **VasaPasa** » 04 lis 2011 19:57

nevim proc ale vzdycky po nejakem delsim case se ten program kousne a prestane reagovat scusim scan bez toho scriptu co to udela

jen dodam na stranky antiviru se porad nedostanu

chodnik74 · #42 Příspěvek od **chodnik74** » 04 lis 2011 20:13

Upravím vám script...

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým
tlačítkem myši a dejte ,,Spustit jako správce,,)
Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být
nezaškrknutá
Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
Staří souborů změňte z 30 dnů na 7 dnů

Do spodního okýnka Vlastní skenování/opravy vložte následující script:

Kód: Vybrat vše

netsvcs
safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
*crack* /s
*keygen* /s
*nocd* /s
*nodvd* /s
*AutoKMS* /s
*AutoRearm* /s
*Loader* /s
*w7lxe* /s
*Legalizator* /s
*GenuineXP* /s
*minodlogin* /s
serial.txt /s
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSucces
sTime /rs
%SystemDrive%\PhysicalMBR.bin /md5

Klikněte na tlačítko Prohledat
Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty
mě sem vložte

VasaPasa · #43 Příspěvek od **VasaPasa** » 17 lis 2011 18:57

po delsi odmlce jsem o5 z5 :] jdu vyskouset ten upraveny skript

VasaPasa · #44 Příspěvek od **VasaPasa** » 17 lis 2011 21:22

tak skript se opet zasel; nicmene zacalfungovat save mod takze nahazuju reporty udelane v save moodu

ComboFix 11-11-17.03 - jan 17/11/2011 19:35:25.4.1 - x86 DSREPAIR
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.615 [GMT 0:00]
Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
c:\documents and settings\jan\Local Settings\Application Data\cxlhqfxj.log
c:\documents and settings\jan\Local Settings\Application Data\jbetfhlv.log
c:\documents and settings\jan\Local Settings\Application Data\knwfaxgp.log
c:\documents and settings\jan\Local Settings\Application Data\loxwylsm.log
c:\documents and settings\jan\Local Settings\Application Data\ohyohacq.log
c:\documents and settings\jan\Local Settings\Application Data\vqcuywtj.log
c:\documents and settings\jan\Local Settings\Application Data\xjvrlvxm.log
c:\program files\Internet Explorer\IEXPLOREmgr.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\jbetfhlv.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-02 18:50 . 2011-11-17 18:01 512 ----a-w- C:\PhysicalMBR.bin
2011-11-02 15:53 . 2011-11-17 19:59 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj
2011-11-02 15:44 . 2011-11-02 15:44 -------- d-----w- C:\_OTL
2011-11-02 13:06 . 2011-11-02 13:20 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-02 00:59 . 2011-11-02 00:59 -------- d-----w- c:\program files\Defraggler
2011-11-02 00:51 . 2011-11-02 01:27 -------- d-----w- c:\program files\FileHippo.com
2011-11-01 17:32 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 17:32 . 2011-11-01 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-29 22:17 . 2011-11-02 00:47 -------- d-----w- c:\documents and settings\jan\Application Data\Media Player Classic
2011-10-29 17:41 . 2011-10-29 17:41 21464 ------w- c:\program files\Mozilla Firefox\plc4.dll
2011-10-29 17:41 . 2011-10-29 17:41 20440 ------w- c:\program files\Mozilla Firefox\plds4.dll
2011-10-29 17:41 . 2011-10-29 17:41 16856 ------w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-29 17:41 . 2011-10-29 17:41 166872 ------w- c:\program files\Mozilla Firefox\softokn3.dll
2011-10-29 17:41 . 2011-10-29 17:41 109528 ------w- c:\program files\Mozilla Firefox\smime3.dll
2011-10-29 17:41 . 2011-10-29 17:41 142296 ------w- c:\program files\Mozilla Firefox\ssl3.dll
2011-10-29 17:41 . 2011-10-29 17:41 714016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-10-29 17:41 . 2011-10-29 17:41 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-10-29 17:41 . 2011-10-29 17:41 19416 ------w- c:\program files\Mozilla Firefox\xpcom.dll
2011-10-29 17:41 . 2011-10-29 17:41 15649752 ------w- c:\program files\Mozilla Firefox\xul.dll
2011-10-29 13:03 . 2011-10-29 13:03 -------- d-----w- c:\program files\trend micro
2011-10-29 13:02 . 2011-10-29 13:03 -------- d-----w- C:\rsit
2011-10-29 01:28 . 2011-10-29 01:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 00:13 . 2011-10-29 00:13 -------- d-----w- c:\documents and settings\jan\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-28 18:05 . 2011-10-28 18:05 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\Identities
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\scripting
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\l2schemas
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\en
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\bits
2011-10-28 17:00 . 2011-10-28 17:00 -------- d-----w- c:\windows\EHome
2011-10-26 10:22 . 2011-10-03 04:06 476904 ------w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 21:49 . 2010-03-26 09:25 735232 ----a-w- c:\windows\system32\drivers\WlanGZXP.sys
2011-10-28 19:31 . 2011-07-11 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2011-02-27 16:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-02-27 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 17:42 . 2011-10-29 17:42 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-17 19:56 . 2011-11-17 19:56 16384 c:\windows\temp\Perflib_Perfdata_514.dat
+ 2011-11-01 02:16 . 2008-04-13 18:39 24576 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
+ 2011-11-01 02:16 . 2008-04-13 19:18 52480 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\i8042prt.sys
+ 2004-08-04 08:00 . 2008-04-13 19:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-08-04 08:00 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-08-04 08:00 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-04 08:00 . 2008-04-13 20:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2011-11-02 13:50 . 2011-11-02 13:50 68961 c:\windows\system32\drivers\gmer.sys
+ 2004-08-04 08:00 . 2008-04-13 19:39 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-04 08:00 . 2008-04-13 20:18 52480 c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-07 13:10 . 2011-11-01 00:36 27664 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-07 13:10 . 2011-11-01 00:36 85807 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2004-08-07 13:02 . 2011-11-02 02:01 231984 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-29 01:14 . 2011-10-29 01:14 113840 c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\iwbcefdw.exe
+ 2011-11-02 13:50 . 2006-11-28 15:23 573440 c:\windows\gmer.exe
+ 2011-11-02 13:50 . 2011-11-02 13:50 565311 c:\windows\gmer.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IwbCefdw"="c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/1/2011 5:32 PM 366152]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 9:06 AM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2011 5:32 PM 22216]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [3/26/2010 9:25 AM 735232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1846480603-2172275746-2226194086-1006Core.job
- c:\documents and settings\jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 00:52]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1846480603-2172275746-2226194086-1006UA.job
- c:\documents and settings\jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-02 00:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-11-17 20:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 20:11
ComboFix2.txt 2011-11-01 23:03
ComboFix3.txt 2011-10-30 20:14
ComboFix4.txt 2011-10-30 18:41
.
Pre-Run: 11,777,409,024 bytes free
Post-Run: 11,734,315,008 bytes free
.
- - End Of File - - AB2C51B318D14D3263B16E2724265F25

VasaPasa · #45 Příspěvek od **VasaPasa** » 17 lis 2011 21:25

a tady rogue killrer

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in :
User: jan [Admin rights]
Mode: Remove -- Date : 11/17/2011 19:11:15

Bad processes: 2
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]

Registry Entries: 3
[SUSP PATH] HKCU\[...]\Run : IwbCefdw (C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[IFEO] HKLM\[...]\Image File Execution Options : taskmgr.exe ("C:\DOCUMENTS AND SETTINGS\JAN\MY DOCUMENTS\STAžENé SOUBORY\PROCESSEXPLORER\PROCEXP.EXE") -> DELETED

Particular Files / Folders:

Driver: [LOADED]
SSDT[119] : NtOpenKey @ 0x80568D48 -> HOOKED (\??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys @ 0xF7A26562)
SSDT[41] : NtCreateKey @ 0x80570833 -> HOOKED (\??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys @ 0xF7A266AC)

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in :
User: jan [Admin rights]
Mode: HOSTSFix -- Date : 11/17/2011 19:11:42

Bad processes: 0

Driver: [LOADED]

HOSTS File:
ÿþ1

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in :
User: jan [Admin rights]
Mode: ProxyFix -- Date : 11/17/2011 19:12:00

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

VIRY.CZ

Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi

Re: Pomale PC ,trhavy zvuk a dalsi