VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomale nacitavanie, sekanie zvuku...

https://forum.viry.cz:443/viewtopic.php?t=143115

Stránka 2 z 2

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 22 úno 2015 20:50
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 22 úno 2015 22:51
od mkoko1
Pocas scanu s ComboFix mi vybehlo okno: "PEV.exe has encountered a problem and needs to close. ..."
Tu je log z ComboFix:


ComboFix 15-02-16.01 - Martina 22/02/2015 22:17:26.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1526.1087 [GMT 2:00]
Running from: c:\documents and settings\Martina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\Martina\My Documents\Downloads\PowerPointViewer.exe
c:\documents and settings\Martina\System
c:\documents and settings\Martina\System\win_qs8.jqx
c:\program files\Setup.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-01-22 to 2015-02-22 )))))))))))))))))))))))))))))))
.
.
2015-02-22 21:08 . 2015-02-22 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2015-02-21 23:45 . 2015-02-21 23:45 -------- d-----w- c:\documents and settings\Martina\Application Data\AVAST Software
2015-02-21 23:44 . 2015-02-21 23:44 -------- d-----w- c:\windows\jumpshot.com
2015-02-21 23:35 . 2015-02-21 23:35 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-02-21 23:35 . 2015-02-21 23:35 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-21 23:35 . 2015-02-21 23:39 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-02-21 23:35 . 2015-02-21 23:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-21 23:35 . 2015-02-21 23:39 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-21 23:35 . 2015-02-21 23:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-21 23:35 . 2015-02-21 23:35 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-02-21 23:35 . 2015-02-21 23:39 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-21 23:35 . 2015-02-21 23:34 291352 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-21 23:34 . 2015-02-21 23:34 43152 ----a-w- c:\windows\avastSS.scr
2015-02-21 23:23 . 2015-02-21 23:23 -------- d-----w- c:\program files\AVAST Software
2015-02-21 16:08 . 2015-02-22 21:17 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-21 15:51 . 2014-11-21 04:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-21 15:51 . 2014-11-21 04:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-21 15:51 . 2015-02-21 15:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-20 16:23 . 2015-02-20 17:08 -------- d-----w- C:\AdwCleaner
2015-01-30 12:40 . 2015-01-30 12:40 -------- d-----w- c:\documents and settings\Martina\Application Data\TeamViewer
2015-01-30 12:39 . 2015-01-30 12:39 -------- d-----w- c:\documents and settings\Martina\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-17 11:45 . 2012-05-04 07:08 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-17 11:45 . 2011-06-06 07:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-13 09:13 . 2012-08-13 09:13 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-21 23:34 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30872168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"snppro"="c:\windows\vsnppro.exe" [2005-01-14 339968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-21 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Mobile\\Update Engine\\Sony Mobile Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22/2/2015 01:35 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22/2/2015 01:35 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [22/2/2015 01:35 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [22/2/2015 01:35 423784]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [26/1/2012 11:20 251560]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [22/2/2015 01:35 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22/2/2015 01:35 73480]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [26/1/2012 11:20 160576]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [26/1/2012 11:18 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [26/1/2012 11:18 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [26/1/2012 11:18 125248]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [27/5/2014 09:04 23168]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [27/5/2014 09:04 27776]
S3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/9/2014 16:56 13528]
S3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\drivers\ggsomc.sys [4/9/2014 16:56 26328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/2/2015 17:51 23256]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [26/1/2012 11:18 57536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 19:13 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-21 23:34]
.
2015-02-22 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2013-07-05 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.centrum.sk
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.sk/Genoogle/Components/A ... eQuery.dll
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
FF - ProfilePath - c:\documents and settings\Martina\Application Data\Mozilla\Firefox\Profiles\8jqfkz73.default\
FF - prefs.js: browser.startup.homepage - www.centrum.sk
FF - ExtSQL: !HIDDEN! 2010-04-12 07:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-22 23:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1216)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-02-22 23:37:08 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-22 21:36
.
Pre-Run: 12.562.419.712 bytes free
Post-Run: 12.550.057.984 bytes free
.
- - End Of File - - FF1763104D81A427027F7CDA9022C668
8F558EB6672622401DA993E1E865C861

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 17:48
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 21:09
od mkoko1
Posielam novy log z ComboFix:


ComboFix 15-02-16.01 - Martina 23/02/2015 20:40:03.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1526.951 [GMT 2:00]
Running from: c:\documents and settings\Martina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martina\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-01-23 to 2015-02-23 )))))))))))))))))))))))))))))))
.
.
2015-02-23 19:26 . 2015-02-23 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2015-02-23 16:40 . 2015-02-23 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2015-02-23 16:40 . 2015-02-23 16:40 -------- d-----w- c:\documents and settings\Martina\Application Data\Spyware Terminator
2015-02-23 16:39 . 2015-02-23 16:45 -------- d-----w- c:\program files\Spyware Terminator
2015-02-21 23:45 . 2015-02-21 23:45 -------- d-----w- c:\documents and settings\Martina\Application Data\AVAST Software
2015-02-21 23:44 . 2015-02-21 23:44 -------- d-----w- c:\windows\jumpshot.com
2015-02-21 23:35 . 2015-02-21 23:35 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-02-21 23:35 . 2015-02-21 23:35 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-21 23:35 . 2015-02-21 23:39 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-02-21 23:35 . 2015-02-21 23:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-21 23:35 . 2015-02-21 23:39 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-21 23:35 . 2015-02-21 23:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-21 23:35 . 2015-02-21 23:35 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-02-21 23:35 . 2015-02-21 23:39 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-21 23:35 . 2015-02-21 23:34 291352 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-21 23:34 . 2015-02-21 23:34 43152 ----a-w- c:\windows\avastSS.scr
2015-02-21 23:23 . 2015-02-21 23:23 -------- d-----w- c:\program files\AVAST Software
2015-02-21 16:08 . 2015-02-23 16:32 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-21 15:51 . 2014-11-21 04:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-21 15:51 . 2014-11-21 04:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-21 15:51 . 2015-02-21 15:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-20 16:23 . 2015-02-20 17:08 -------- d-----w- C:\AdwCleaner
2015-01-30 12:40 . 2015-01-30 12:40 -------- d-----w- c:\documents and settings\Martina\Application Data\TeamViewer
2015-01-30 12:39 . 2015-01-30 12:39 -------- d-----w- c:\documents and settings\Martina\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-17 11:45 . 2012-05-04 07:08 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-17 11:45 . 2011-06-06 07:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-13 09:13 . 2012-08-13 09:13 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-21 23:34 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30872168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"snppro"="c:\windows\vsnppro.exe" [2005-01-14 339968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-21 5227112]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2015-02-05 3860304]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2015-02-05 5456720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Mobile\\Update Engine\\Sony Mobile Update Engine.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22/2/2015 01:35 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22/2/2015 01:35 206248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/4/2009 10:58 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [22/2/2015 01:35 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [22/2/2015 01:35 423784]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [26/1/2012 11:20 251560]
R1 sp_rsdrv2;Spyware Terminator 2015 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [28/2/2012 19:18 32768]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [22/2/2015 01:35 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22/2/2015 01:35 73480]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [21/2/2015 17:51 1871160]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [26/1/2012 11:20 160576]
R2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [23/2/2015 18:39 1998672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/2/2015 17:51 23256]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [26/1/2012 11:18 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [26/1/2012 11:18 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [26/1/2012 11:18 125248]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [21/2/2015 17:51 969016]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/12/2014 10:30 315496]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [27/5/2014 09:04 23168]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [27/5/2014 09:04 27776]
S3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/9/2014 16:56 13528]
S3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\drivers\ggsomc.sys [4/9/2014 16:56 26328]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [26/1/2012 11:18 57536]
S3 SNPPRO;USB PC Camera (snppro);c:\windows\system32\drivers\snppro.sys [8/1/2008 11:53 8664448]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [22/1/2015 16:16 155824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 19:13 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-21 23:34]
.
2015-02-23 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2013-07-05 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.centrum.sk
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.sk/Genoogle/Components/A ... eQuery.dll
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
FF - ProfilePath - c:\documents and settings\Martina\Application Data\Mozilla\Firefox\Profiles\8jqfkz73.default\
FF - prefs.js: browser.startup.homepage - www.centrum.sk
FF - ExtSQL: !HIDDEN! 2010-04-12 07:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-23 21:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-02-23 21:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-23 19:55
ComboFix2.txt 2015-02-22 21:37
.
Pre-Run: 12.248.240.128 bytes free
Post-Run: 12.037.152.768 bytes free
.
- - End Of File - - DBF251E2792B61B4541FA1BBCBC6EF8D
8F558EB6672622401DA993E1E865C861

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 21:45
od Rudy
Vše smazáno. Nastala nějaká změna?

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 21:51
od mkoko1
Zda sa mi, ze nacitavanie sa o trochu zlepsilo, ale sekanie zvuku vobec...

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 21:57
od Rudy
Co jste instaloval těsně před tím, než se problém objevil?

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 22:02
od mkoko1
Update Adobe Flash player a update Avast.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 23 úno 2015 22:04
od Rudy
Zkuste ten flashplyer přeinstalovat.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 24 úno 2015 10:36
od mkoko1
Uz sa mi to podarilo preinstalovat, ale ziadna zmena. Po odinstalovani, ked som ho chcela znovu instalovat mi zamrzol pc asi 4x ...

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 24 úno 2015 17:53
od Rudy
Zkuste defragmentovat disk.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 25 úno 2015 11:40
od mkoko1
Defragmentovala som, zda sa mi, ze v rychlosti to nieco pomohlo, v sekani zvuku nie.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 25 úno 2015 12:25
od Rudy
Zkuste přeinstalovat ovladač zv. karty. Pokud to nepomůže, zřejmě v PC vadí nekterá regulérní aplikace, která spotřebovává hodně syst. prostředků. Po stránce malware je systém čistý.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 25 úno 2015 18:17
od mkoko1
Ok skusim to, dakujem velmi pekne za vasu pomoc.

Re: Pomale nacitavanie, sekanie zvuku...

Napsal: 25 úno 2015 19:25
od Rudy
Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz