VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomale PC ,trhavy zvuk a dalsi

https://forum.viry.cz:443/viewtopic.php?t=116498

Stránka 1 z 4

Pomale PC ,trhavy zvuk a dalsi

Napsal: 29 říj 2011 14:55
od VasaPasa
Dobry den

Problemy:Pomale PC ,trhavy zvuk ,nelze se pripojit na stranky ativirovych programu( chyba pri nacitani stranky) nefunguje Windows Update ,nejde stahnout combofix ( chyba pri nacitani stranky) ,nefunkcni prohlizec opera (nefunguje odebrani ani reinstall)

dosavadni akce:kontrola avirou nicmene guard se sam vypnul ,kontrola pomoci malwarebytes

Predem dekuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by jan at 2011-10-29 14:02:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (12%) free of 87 GB
Total RAM: 894 MB (34% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default

prefs.js - "keyword.URL" - "http://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-04-29 386776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-04-29 273544]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IwbCefdw"=C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe
ZyXEL G-202 Wireless Adapter Utility.lnk - C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe"="C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe:*:Enabled:ZyXEL G-202 Wireless Adapter Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2011-10-29 14:03:02 ----D---- C:\Program Files\trend micro
2011-10-29 14:02:57 ----D---- C:\rsit
2011-10-29 13:42:18 ----D---- C:\Documents and Settings\jan\Application Data\Avira
2011-10-29 02:28:14 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-29 01:13:13 ----D---- C:\Documents and Settings\jan\Application Data\Malwarebytes
2011-10-29 01:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-10-29 01:12:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-29 01:12:19 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-10-29 00:42:30 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-10-29 00:42:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-10-29 00:42:06 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-10-29 00:42:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-10-29 00:42:06 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-10-29 00:42:05 ----D---- C:\Program Files\Avira
2011-10-29 00:42:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-10-28 19:25:44 ----A---- C:\WINDOWS\system32\LuResult.txt
2011-10-28 18:33:43 ----D---- C:\WINDOWS\Prefetch
2011-10-28 18:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-10-28 18:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-10-28 18:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-10-28 18:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-10-28 18:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-10-28 18:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-10-28 18:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-10-28 18:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-10-28 18:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-10-28 18:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-10-28 18:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-10-28 18:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-10-28 18:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-10-28 18:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-10-28 18:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-10-28 18:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-10-28 18:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-10-28 18:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-10-28 18:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-10-28 18:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-10-28 18:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-10-28 18:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-10-28 18:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-10-28 18:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-10-28 18:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-10-28 18:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-10-28 18:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-10-28 18:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-10-28 18:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-10-28 18:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-10-28 18:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-10-28 18:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-10-28 18:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-10-28 18:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-10-28 18:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-10-28 18:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-10-28 18:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-10-28 18:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-10-28 18:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-10-28 18:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-10-28 18:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-10-28 18:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-10-28 18:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-10-28 18:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-10-28 18:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-10-28 18:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-10-28 18:24:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-10-28 18:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-10-28 18:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-10-28 18:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-10-28 18:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-10-28 18:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-10-28 18:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-10-28 18:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-10-28 18:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-10-28 18:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-10-28 18:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-10-28 18:22:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-10-28 18:15:43 ----D---- C:\WINDOWS\system32\scripting
2011-10-28 18:15:43 ----D---- C:\WINDOWS\l2schemas
2011-10-28 18:15:42 ----D---- C:\WINDOWS\system32\en
2011-10-28 18:15:42 ----D---- C:\WINDOWS\system32\bits
2011-10-28 18:08:18 ----D---- C:\WINDOWS\network diagnostic
2011-10-28 18:00:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-10-28 18:00:16 ----D---- C:\WINDOWS\EHome
2011-10-27 13:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-26 11:22:20 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-26 11:22:20 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-26 11:22:20 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-10-29 14:03:02 ----RD---- C:\Program Files
2011-10-29 13:31:46 ----D---- C:\WINDOWS\system32
2011-10-29 13:31:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-29 13:31:31 ----D---- C:\WINDOWS
2011-10-29 13:30:48 ----D---- C:\Program Files\Mozilla Firefox
2011-10-29 13:27:29 ----ASH---- C:\hpqp.ini
2011-10-29 13:27:06 ----A---- C:\XP_TV.ini
2011-10-29 13:26:02 ----D---- C:\WINDOWS\Temp
2011-10-29 13:25:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-29 13:20:43 ----D---- C:\WINDOWS\system32\drivers
2011-10-29 13:20:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-29 12:51:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-10-29 12:51:00 ----D---- C:\Program Files\Windows Media Player
2011-10-29 12:47:14 ----D---- C:\Program Files\Outlook Express
2011-10-29 12:44:53 ----D---- C:\Program Files\Movie Maker
2011-10-29 12:40:46 ----D---- C:\Program Files\Internet Explorer
2011-10-29 03:07:54 ----SHD---- C:\System Volume Information
2011-10-29 02:31:19 ----HD---- C:\WINDOWS\inf
2011-10-29 02:28:09 ----D---- C:\WINDOWS\repair
2011-10-29 02:27:55 ----D---- C:\WINDOWS\Registration
2011-10-29 00:45:15 ----D---- C:\WINDOWS\system32\Restore
2011-10-28 20:44:04 ----SHD---- C:\WINDOWS\Installer
2011-10-28 20:43:58 ----HD---- C:\Config.Msi
2011-10-28 20:42:35 ----D---- C:\Program Files\Common Files\Adobe
2011-10-28 20:42:22 ----D---- C:\WINDOWS\WinSxS
2011-10-28 20:41:55 ----D---- C:\Program Files\Adobe
2011-10-28 19:52:53 ----D---- C:\Program Files\Google
2011-10-28 19:49:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-28 19:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2011-10-28 19:38:06 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2011-10-28 19:37:59 ----D---- C:\Program Files\Symantec
2011-10-28 19:36:33 ----D---- C:\Program Files\Common Files
2011-10-28 19:19:24 ----SD---- C:\WINDOWS\Tasks
2011-10-28 19:00:25 ----RD---- C:\Program Files\Skype
2011-10-28 18:34:47 ----A---- C:\WINDOWS\OEWABLog.txt
2011-10-28 18:33:43 ----A---- C:\WINDOWS\setuplog.txt
2011-10-28 18:32:52 ----D---- C:\WINDOWS\system32\Setup
2011-10-28 18:32:52 ----D---- C:\WINDOWS\AppPatch
2011-10-28 18:32:52 ----D---- C:\Program Files\Messenger
2011-10-28 18:32:51 ----D---- C:\WINDOWS\system32\wbem
2011-10-28 18:32:49 ----RSD---- C:\WINDOWS\Fonts
2011-10-28 18:32:09 ----D---- C:\WINDOWS\security
2011-10-28 18:31:07 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-28 18:16:12 ----D---- C:\WINDOWS\ime
2011-10-28 18:16:12 ----D---- C:\WINDOWS\Help
2011-10-28 18:15:44 ----D---- C:\WINDOWS\system32\usmt
2011-10-28 18:15:44 ----D---- C:\WINDOWS\system32\en-US
2011-10-28 18:15:42 ----D---- C:\WINDOWS\PeerNet
2011-10-28 18:12:27 ----D---- C:\WINDOWS\ServicePackFiles
2011-10-28 18:12:19 ----D---- C:\WINDOWS\system32\npp
2011-10-28 18:12:17 ----D---- C:\WINDOWS\msagent
2011-10-28 18:12:16 ----D---- C:\WINDOWS\srchasst
2011-10-28 18:12:14 ----D---- C:\Program Files\NetMeeting
2011-10-28 18:12:13 ----D---- C:\WINDOWS\system32\Com
2011-10-28 18:12:09 ----D---- C:\Program Files\Windows NT
2011-10-28 18:12:03 ----D---- C:\Program Files\Common Files\System
2011-10-28 18:11:39 ----D---- C:\WINDOWS\system32\oobe
2011-10-28 18:11:35 ----D---- C:\WINDOWS\system
2011-10-28 18:06:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-10-27 13:57:41 ----D---- C:\Documents and Settings\jan\Application Data\AdobeUM
2011-10-26 20:33:28 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-26 11:23:37 ----D---- C:\Program Files\Common Files\Java
2011-10-26 11:22:14 ----D---- C:\Program Files\Java
2011-10-03 05:06:03 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-21 138192]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-21 66616]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 mdvrmng;Mobile IP Route Manager; \??\C:\WINDOWS\system32\drivers\mdvrmng.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver; C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2007-04-03 437760]
S0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2010-01-28 102528]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-04-03 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 BecHelperService;BecHelperService; C:\Program Files\3\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-21 269480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2011-10-29 192906]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-04-26 1119888]

-----------------EOF-----------------

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 29 říj 2011 17:35
od chodnik74
Dobrý večer :welcome:
Nastartujte pc do nouzového režimu ( při startu pc mačkejte F8)


:arrow: Stáhněte program RogueKiller
  • Spuste program
  • Stiskněte klávesu 2 a enter
  • Objeví se vám log a ten sem vložte
  • Stějně tak opakujte s volbou 3 a 4 a vložte logy

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 29 říj 2011 18:48
od VasaPasa
dobry vecer

nejsem schopen dostat pc do nouzoveho rezimu
pocitac po volbe nouzovy rezim zcne nacitat soubory ,ale po to me vrati zpet na volbu stim , ze nemuze spustit nouzovy rezim k vuli nejake zmene HW nebo SW

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 29 říj 2011 19:34
od chodnik74
Zkuste rogue Killer v normálním režimu.. :) pokračujeme zítra..dobrou noc :bye:

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 29 říj 2011 20:29
od VasaPasa
roguekiller v normalnim modu

zitra nashledanou :]

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: jan [Admin rights]
Mode: Remove -- Date : 10/29/2011 20:09:47

Bad processes: 3
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]

Registry Entries: 4
[SUSP PATH] HKCU\[...]\Run : IwbCefdw (C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\Run : IwbCefdw (C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]
SSDT[119] : NtOpenKey @ 0x8061B722 -> HOOKED (\??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys @ 0xB7785562)
SSDT[41] : NtCreateKey @ 0x8061A344 -> HOOKED (\??\C:\DOCUME~1\jan\LOCALS~1\Temp\plcjhcyj.sys @ 0xB77856AC)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

****************************** dalsi zaznam*************************************************

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: jan [Admin rights]
Mode: HOSTSFix -- Date : 10/29/2011 20:21:24

Bad processes: 2
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

*********************** dalsi zaznam****************************************

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: jan [Admin rights]
Mode: ProxyFix -- Date : 10/29/2011 20:22:03

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[4].txt >>

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 08:08
od chodnik74
Výborně :) Zkusíme nyní Combofix...


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
  • :arrow: Stáhneme si Combofix Obrázek
  • Program uložíme nejlépe na Plochu
  • Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
  • Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
  • Spustíme Combofix.exe s administrátorským oprávněním
    U Windows XP se přihlásíme pod účtem správce
    Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
  • Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
  • Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
  • Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
  • Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
  • Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
  • (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 14:53
od VasaPasa
porad ho z teto stranky nemohu spustit je nejaka jina alternativa odkud se da bezpecne stahnout ?

Jinak si ted uvedomuju ze sem zapomel uvest ze vetsina viru co sem odstranil byl w32/ramnit. a ruzne ...asi verze A,E,C

dale sem zjistil ze po dnesnim zapnuti pc nefunguje Malwarebytes' Anti-Malware s hlaskou a error has occured :
PROGRAM_ERROR_LOAD_DATABASE(2,2 CreateSDK)

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 18:34
od chodnik74
Zkuste odkazy:

http://www.forospyware.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 18:40
od VasaPasa
Ano tato stranka funguje du to hned spustit za chvili jsem z5

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 18:44
od chodnik74
Fajn, počkám :)

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 19:45
od VasaPasa
ComboFix 11-10-30.02 - jan 30/10/2011 17:54:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.508 [GMT 0:00]
Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jan\Application Data\Local
c:\documents and settings\jan\Application Data\Local\Temp\DDM\Settings\abvbinydcfby.avi.ddr
c:\documents and settings\jan\Application Data\Local\Temp\DDM\Settings\olvbaarvpizy.avi.ddr
c:\documents and settings\jan\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vog8nlcmbgvbd.avi.ddp
c:\documents and settings\jan\Application Data\Local\Temp\DDM\Settings\vog8nlcmbgvbd.avi.ddr
c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
c:\documents and settings\jan\Local Settings\Application Data\cxlhqfxj.log
c:\documents and settings\jan\Local Settings\Application Data\jbetfhlv.log
c:\documents and settings\jan\Local Settings\Application Data\knwfaxgp.log
c:\documents and settings\jan\Local Settings\Application Data\loxwylsm.log
c:\documents and settings\jan\Local Settings\Application Data\ohyohacq.log
c:\documents and settings\jan\Local Settings\Application Data\vqcuywtj.log
c:\documents and settings\jan\Local Settings\Application Data\xjvrlvxm.log
c:\program files\3
c:\program files\3\3Connect\3ConnectHelp.chm
c:\program files\3\3Connect\AceDB.encrypt
c:\program files\3\3Connect\BEC_Reset.exe
c:\program files\3\3Connect\BecHelperService.exe
c:\program files\3\3Connect\birdstepdns.cmd
c:\program files\3\3Connect\birdstepip.cmd
c:\program files\3\3Connect\birdstepping.cmd
c:\program files\3\3Connect\birdsteppingv2.cmd
c:\program files\3\3Connect\BlackListedDev.cfg
c:\program files\3\3Connect\BlacklistedProcesses.xml
c:\program files\3\3Connect\browsing1.html
c:\program files\3\3Connect\cable_image.gif
c:\program files\3\3Connect\capicom.dll
c:\program files\3\3Connect\checkdata_online.html
c:\program files\3\3Connect\CiscoApiWrapper.dll
c:\program files\3\3Connect\Config.encrypt
c:\program files\3\3Connect\Config.xml
c:\program files\3\3Connect\Config_23420.encrypt
c:\program files\3\3Connect\Config_23420.xml
c:\program files\3\3Connect\Config_27205.encrypt
c:\program files\3\3Connect\Config_27205.xml
c:\program files\3\3Connect\Config_Default.encrypt
c:\program files\3\3Connect\Config_Default.xml
c:\program files\3\3Connect\ConfigAup.encrypt
c:\program files\3\3Connect\ConfigAup.xml
c:\program files\3\3Connect\connecting1.html
c:\program files\3\3Connect\Content.css2
c:\program files\3\3Connect\Convert.xsl
c:\program files\3\3Connect\datausageguide1.html
c:\program files\3\3Connect\DeviceInstaller.exe
c:\program files\3\3Connect\Devices.xml
c:\program files\3\3Connect\Dialog.cfg
c:\program files\3\3Connect\ElevatedShell.exe
c:\program files\3\3Connect\endpoint.css
c:\program files\3\3Connect\endpoint2.css
c:\program files\3\3Connect\Flash.ocx
c:\program files\3\3Connect\homepage1.html
c:\program files\3\3Connect\HuaweiE220.dll
c:\program files\3\3Connect\ImportConfiguration.exe
c:\program files\3\3Connect\improve.htm
c:\program files\3\3Connect\incompatiblesoft.htm
c:\program files\3\3Connect\InstallHelpers.dll
c:\program files\3\3Connect\installservice.exe
c:\program files\3\3Connect\Killautorun.exe
c:\program files\3\3Connect\LanDevice.dll
c:\program files\3\3Connect\lastbill.htm
c:\program files\3\3Connect\live.css
c:\program files\3\3Connect\Logger.dll
c:\program files\3\3Connect\Mbb_abroad.htm
c:\program files\3\3Connect\mfc80u.dll
c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files\3\3Connect\modemcust.cfg
c:\program files\3\3Connect\modeminfo.cfg
c:\program files\3\3Connect\Modems\Huawei Modems_v3.09.00.00.exe
c:\program files\3\3Connect\msvcp80.dll
c:\program files\3\3Connect\msvcr80.dll
c:\program files\3\3Connect\NetworkCodes.cfg
c:\program files\3\3Connect\OperatorList.xml
c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files\3\3Connect\PatchInfo.ini
c:\program files\3\3Connect\ping1.html
c:\program files\3\3Connect\pingtest.JPG
c:\program files\3\3Connect\proxy.JPG
c:\program files\3\3Connect\Res.dll
c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\tretab.swf
c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\program files\3\3Connect\Skins\FlexSkin\state.xml
c:\program files\3\3Connect\Sms.xml
c:\program files\3\3Connect\SmsApp2.dll
c:\program files\3\3Connect\SocketMgr.dll
c:\program files\3\3Connect\SoftOpt.encrypt
c:\program files\3\3Connect\speed.htm
c:\program files\3\3Connect\status.htm
c:\program files\3\3Connect\Strings.txt
c:\program files\3\3Connect\SysConfig.dat
c:\program files\3\3Connect\SystemInfo.txt
c:\program files\3\3Connect\topup.html
c:\program files\3\3Connect\Update\ConfigAup.encrypt
c:\program files\3\3Connect\Update\ConfigAup.xml
c:\program files\3\3Connect\UserGuide.chm
c:\program files\3\3Connect\Version.encrypt
c:\program files\3\3Connect\WelcomeApp.exe
c:\program files\3\3Connect\WelcomeApp.ini
c:\program files\3\3Connect\Wilog.exe
c:\program files\3\3Connect\wilogapp.exe
c:\program files\3\3Connect\WWanDevice.dll
c:\program files\3\3Connect\ZTE620.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
-------\Legacy_BecHelperService
-------\Legacy_BecHelperService
-------\Service_BecHelperService
-------\Service_BecHelperService
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-29 22:17 . 2011-10-29 22:17 -------- d-----w- c:\documents and settings\jan\Application Data\Media Player Classic
2011-10-29 20:26 . 2011-10-29 20:26 20992 ----a-w- c:\windows\jestertb.dll
2011-10-29 17:41 . 2011-10-29 17:41 21464 ------w- c:\program files\Mozilla Firefox\plc4.dll
2011-10-29 17:41 . 2011-10-29 17:41 20440 ------w- c:\program files\Mozilla Firefox\plds4.dll
2011-10-29 17:41 . 2011-10-29 17:41 16856 ------w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-29 17:41 . 2011-10-29 17:41 166872 ------w- c:\program files\Mozilla Firefox\softokn3.dll
2011-10-29 17:41 . 2011-10-29 17:41 109528 ------w- c:\program files\Mozilla Firefox\smime3.dll
2011-10-29 17:41 . 2011-10-29 17:41 142296 ------w- c:\program files\Mozilla Firefox\ssl3.dll
2011-10-29 17:41 . 2011-10-29 17:41 714016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-10-29 17:41 . 2011-10-29 17:41 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-10-29 17:41 . 2011-10-29 17:41 19416 ------w- c:\program files\Mozilla Firefox\xpcom.dll
2011-10-29 17:41 . 2011-10-29 17:41 15649752 ------w- c:\program files\Mozilla Firefox\xul.dll
2011-10-29 13:03 . 2011-10-29 13:03 -------- d-----w- c:\program files\trend micro
2011-10-29 13:02 . 2011-10-29 13:03 -------- d-----w- C:\rsit
2011-10-29 12:42 . 2011-10-29 12:42 -------- d-----w- c:\documents and settings\jan\Application Data\Avira
2011-10-29 01:28 . 2011-10-29 01:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 00:13 . 2011-10-29 00:13 -------- d-----w- c:\documents and settings\jan\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-29 00:12 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 23:42 . 2011-07-21 11:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-28 23:42 . 2011-07-21 11:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-28 23:42 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-28 23:42 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-28 23:42 . 2011-10-28 23:42 -------- d-----w- c:\program files\Avira
2011-10-28 23:42 . 2011-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-28 18:05 . 2011-10-28 18:05 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\Identities
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\scripting
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\l2schemas
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\en
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\bits
2011-10-28 17:00 . 2011-10-28 17:00 -------- d-----w- c:\windows\EHome
2011-10-28 15:40 . 2011-10-30 18:25 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj
2011-10-26 10:22 . 2011-10-03 04:06 476904 ------w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 21:49 . 2010-03-26 09:25 735232 ----a-w- c:\windows\system32\drivers\WlanGZXP.sys
2011-10-28 19:31 . 2011-07-11 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2011-02-27 16:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-02-27 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 17:42 . 2011-10-29 17:42 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 627112]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-29 273544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/28/2011 11:42 PM 136360]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 9:06 AM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 12:12 AM 22216]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [3/26/2010 9:25 AM 735232]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 12:12 AM 366152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 09:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-IwbCefdw - c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
.
c:\documents and settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe 113840 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2011-10-30 18:41:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 18:41
.
Pre-Run: 7,957,700,608 bytes free
Post-Run: 13,850,226,688 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2BF67127960DC629C3C291B3CC1E9FCD

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 20:12
od chodnik74
:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    KillAll::

File::
c:\windows\jestertb.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=-
"HP Software Update"=-
"TkBellExe"=-
"DivXUpdate"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"Malwarebytes' Anti-Malware"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

Firefox::
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
FF - user.js: keyword.enabled - 1

Reboot::
  • Soubor uložíme na Plochu jako CFScript.txt
  • Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme

    Obrázek
  • Poté Combofix provede všechny operace a udělá nový log,který sem vložte
:!: Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 21:17
od VasaPasa
kombofix ted dojel podle instrukci a vyplivnul na mne tohle:

ComboFix 11-10-30.03 - jan 30/10/2011 19:33:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.478 [GMT 0:00]
Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jan\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\jestertb.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe
c:\documents and settings\jan\Local Settings\Application Data\cxlhqfxj.log
c:\documents and settings\jan\Local Settings\Application Data\jbetfhlv.log
c:\documents and settings\jan\Local Settings\Application Data\knwfaxgp.log
c:\documents and settings\jan\Local Settings\Application Data\loxwylsm.log
c:\documents and settings\jan\Local Settings\Application Data\ohyohacq.log
c:\documents and settings\jan\Local Settings\Application Data\vqcuywtj.log
c:\documents and settings\jan\Local Settings\Application Data\xjvrlvxm.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-29 22:17 . 2011-10-29 22:17 -------- d-----w- c:\documents and settings\jan\Application Data\Media Player Classic
2011-10-29 20:26 . 2011-10-29 20:26 20992 ----a-w- c:\windows\jestertb.dll
2011-10-29 17:41 . 2011-10-29 17:41 21464 ------w- c:\program files\Mozilla Firefox\plc4.dll
2011-10-29 17:41 . 2011-10-29 17:41 20440 ------w- c:\program files\Mozilla Firefox\plds4.dll
2011-10-29 17:41 . 2011-10-29 17:41 16856 ------w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-29 17:41 . 2011-10-29 17:41 166872 ------w- c:\program files\Mozilla Firefox\softokn3.dll
2011-10-29 17:41 . 2011-10-29 17:41 109528 ------w- c:\program files\Mozilla Firefox\smime3.dll
2011-10-29 17:41 . 2011-10-29 17:41 142296 ------w- c:\program files\Mozilla Firefox\ssl3.dll
2011-10-29 17:41 . 2011-10-29 17:41 714016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-10-29 17:41 . 2011-10-29 17:41 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-10-29 17:41 . 2011-10-29 17:41 19416 ------w- c:\program files\Mozilla Firefox\xpcom.dll
2011-10-29 17:41 . 2011-10-29 17:41 15649752 ------w- c:\program files\Mozilla Firefox\xul.dll
2011-10-29 13:03 . 2011-10-29 13:03 -------- d-----w- c:\program files\trend micro
2011-10-29 13:02 . 2011-10-29 13:03 -------- d-----w- C:\rsit
2011-10-29 12:42 . 2011-10-29 12:42 -------- d-----w- c:\documents and settings\jan\Application Data\Avira
2011-10-29 01:28 . 2011-10-29 01:28 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 00:13 . 2011-10-29 00:13 -------- d-----w- c:\documents and settings\jan\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-29 00:12 . 2011-10-29 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-29 00:12 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 23:42 . 2011-07-21 11:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-28 23:42 . 2011-07-21 11:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-28 23:42 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-28 23:42 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-28 23:42 . 2011-10-28 23:42 -------- d-----w- c:\program files\Avira
2011-10-28 23:42 . 2011-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-28 18:05 . 2011-10-28 18:05 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\Identities
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\l2schemas
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\en
2011-10-28 17:15 . 2011-10-28 17:15 -------- d-----w- c:\windows\system32\bits
2011-10-28 17:00 . 2011-10-28 17:00 -------- d-----w- c:\windows\EHome
2011-10-28 15:40 . 2011-10-30 20:00 -------- d-----w- c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj
2011-10-26 10:22 . 2011-10-03 04:06 476904 ------w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 21:49 . 2010-03-26 09:25 735232 ----a-w- c:\windows\system32\drivers\WlanGZXP.sys
2011-10-28 19:31 . 2011-07-11 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2011-02-27 16:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-02-27 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 17:42 . 2011-10-29 17:42 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_18.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-30 19:58 . 2011-10-30 19:58 16384 c:\windows\temp\Perflib_Perfdata_368.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IwbCefdw"="c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 627112]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\jan\Local Settings\Application Data\aqjptfwj\iwbcefdw.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/28/2011 11:42 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 12:12 AM 366152]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 9:06 AM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 12:12 AM 22216]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [3/26/2010 9:25 AM 735232]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\jan\LOCALS~1\Temp\plcjhcyj.sys --> c:\docume~1\jan\LOCALS~1\Temp\plcjhcyj.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 09:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\mfye0i26.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
.
c:\documents and settings\jan\Start Menu\Programs\Startup\iwbcefdw.exe 113840 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2011-10-30 20:14:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 20:13
ComboFix2.txt 2011-10-30 18:41
.
Pre-Run: 13,725,380,608 bytes free
Post-Run: 13,657,767,936 bytes free
.
- - End Of File - - 6565B76A62A037917C67C8AE3812D592

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 21:30
od chodnik74
:arrow: Stáhněte program SafeBootKeyRepair
-stačí jen spustit, popřípade potvrdit výzvy programu.

Re: Pomale PC ,trhavy zvuk a dalsi

Napsal: 30 říj 2011 21:42
od VasaPasa
opet me to nechce pustit na tu stranku je nejaka jina bezpecna alternativa ?mam strach abych nestahnul neco co bude zavirovane
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz