Mam problemy z dźwiękiem - log z combofixa

Nie wiem czy to komuś pomoże ale mam problemy z dźwiękiem.
Przepraszam bardzo ze zamieszczam tu caly log ale nie moge go z jakiegos nieznanego mi powodu zamiescic na wklej.eu

ComboFix 09-02-05.01 - Zabi 2009-02-21 2:18:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.295 [GMT 1:00]
Running from: c:\documents and settings\Zabi.YOUR-02910F1DF1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 02:00 . 2009-02-21 02:00 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-02-21 01:45 . 2009-02-21 01:45 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2009-02-21 01:39 . 2009-02-21 01:39 52 --a------ c:\windows\system\Cmicnfg.ini
2009-02-21 00:08 . 2009-02-21 02:13 <DIR> d-------- c:\program files\Symantec
2009-02-21 00:04 . 2009-02-21 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-20 23:51 . 2009-02-20 23:51 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\DAEMON Tools Pro
2009-02-20 23:51 . 2009-02-20 23:51 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\DAEMON Tools
2009-02-20 23:50 . 2009-02-20 23:50 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-02-20 23:21 . 2009-02-20 23:27 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-20 23:21 . 2009-02-20 23:21 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\PC Tools
2009-02-20 23:16 . 2009-02-20 23:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-20 23:08 . 2009-02-20 23:50 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-20 23:03 . 2009-02-20 23:52 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\DAEMON Tools Lite
2009-02-20 22:53 . 2009-02-20 22:53 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-20 22:49 . 2009-02-20 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2009-02-20 22:45 . 2009-02-20 22:45 <DIR> d-------- C:\Live! Cam
2009-02-20 22:34 . 2009-02-20 22:34 <DIR> d-------- c:\program files\Yahoo!
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp49177.FOT
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp48177.FOT
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp3A177.FOT
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp37977.FOT
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp2E177.FOT
2009-02-20 22:29 . 2009-02-20 22:29 1,409 --a------ c:\windows\system32\tmp03277.FOT
2009-02-20 21:37 . 2009-02-20 21:37 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\BSplayer Pro
2009-02-20 21:37 . 2009-02-20 21:39 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\BSplayer
2009-02-20 21:31 . 2009-02-20 21:31 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\skypePM
2009-02-20 21:30 . 2009-02-20 22:42 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\Skype
2009-02-20 21:21 . 2009-02-20 23:40 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\uTorrent
2009-02-20 21:19 . 2009-02-20 21:19 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\Gadu-Gadu
2009-02-20 21:12 . 2009-02-20 21:30 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Gadu-Gadu
2009-02-20 21:10 . 2009-02-20 21:10 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\OpenOfficeT72
2009-02-06 04:42 . 2009-02-21 00:23 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\Symantec
2009-02-06 04:42 . 2009-02-20 23:41 <DIR> d-------- c:\documents and settings\Zabi.YOUR-02910F1DF1
2009-02-05 21:29 . 2009-02-05 21:29 <DIR> d---s---- c:\windows\system32\Microsoft
2009-02-05 21:29 . 2004-08-04 06:00 68,608 --a------ c:\windows\system32\plugin.ocx
2009-02-05 21:29 . 2004-08-21 16:21 5,120 --a------ c:\windows\system32\Thumbs.db
2009-02-05 21:28 . 2004-12-22 17:03 16,384 --a------ c:\windows\system32\giljabiunis.exe
2009-02-05 20:21 . 2009-02-05 20:21 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-05 17:47 . 2009-02-05 17:47 <DIR> d-------- c:\documents and settings\Zabi\Application Data\PC Tools
2009-02-05 17:47 . 2008-08-25 11:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-05 17:47 . 2008-08-25 11:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-05 17:47 . 2008-08-25 11:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-05 17:47 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-05 17:37 . 2009-02-20 21:02 <DIR> d-------- c:\program files\Google
2009-02-05 17:22 . 2009-02-05 17:22 <DIR> d-------- c:\documents and settings\Zabi\DoctorWeb
2009-02-05 17:06 . 2009-02-21 01:35 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-05 15:02 . 2009-02-05 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 20:46 . 2009-01-31 10:06 <DIR> d-------- C:\DYKTANDO
2009-01-29 20:46 . 1995-01-13 01:02 21,648 --a------ c:\windows\system\CTL3DV2.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 01:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-21 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-21 00:38 --------- d-----w c:\program files\lg_swupdate
2009-02-20 22:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 22:03 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-20 21:06 --------- d-----w c:\program files\Ahead
2009-02-20 20:15 --------- d-----w c:\program files\Media Player Classic
2009-02-20 20:14 --------- d-----w c:\program files\QuickTime Alternative
2009-02-20 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-02-20 20:06 --------- d-----w c:\program files\Hewlett-Packard
2009-02-20 20:00 --------- d-----w c:\program files\Combined Community Codec Pack
2009-02-05 19:18 --------- d-----w c:\program files\Creative
2009-02-05 15:27 --------- d-----w c:\documents and settings\Zabi\Application Data\uTorrent
2009-01-31 09:03 --------- d-----w c:\program files\Java
2009-01-27 19:13 --------- d-----w c:\documents and settings\Zabi\Application Data\OpenOfficeT72
2009-01-10 21:26 --------- d-----w c:\program files\Zoom Player
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-02-09 21:03 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-06-15 53248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"KeybdUtility"="c:\program files\On Screen Display\Hotkey.exe" [2005-01-04 73728]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 335872]
"V0270Mon.exe"="c:\windows\V0270Mon.exe" [2007-08-22 28672]
"IPO3"="c:\program files\LG Software\IP Operator 2005\IP Operator 2005.exe" [2005-06-22 1028096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-20 356920]
S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [2009-02-20 227488]
S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [2009-02-20 7424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LIVEUPDATE_NOTICE_SERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6075f55d-6056-11d9-842d-000e35850151}]
\Shell\AutoRun\command - H:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af892323-6041-11d9-8427-000e35850151}]
\Shell\AutoRun\command - G:\loader.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 17:37]

2009-02-05 c:\windows\Tasks\Norton Security Scan for Zabi.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
FF - ProfilePath - c:\documents and settings\Zabi.YOUR-02910F1DF1\Application Data\Mozilla\Firefox\Profiles\e8wpo9n4.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 02:20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-21 2:21:31
ComboFix-quarantined-files.txt 2009-02-21 01:21:26

Pre-Run: 3,812,499,456 bytes free
Post-Run: 3,974,873,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

173

c:\windows\system32\bmpsap.dll
c:\windows\system32\tmp3A177.FOT

Sprawdź te pliki na ---> VIRUSSCAN
Albo na --> VIRUSTOTAL
Lub na --> VIRSCAN


==============
K.

na virustotal w pliku bmpsap.dll pojawiło się cos takiego:
Sunbelt 3.2.1847.2 2009.02.06 Trojan-Spy.Win32.Agent.gnz



Lepiej zainstalowac antywirusa i przeskanowac czy usunac samemu plik?

1. Użyj Flash Disinfector do usunięcia wirusów z Pendrive / eMPe3 (ewentualnie możesz go sFORMATować)

2. Pobierz Combofix ale nie uruchamiaj
Wklej do notatnika:

Kod:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik Zapisz jako CFScript.txt
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Rozpocznie się usuwanie i powstanie log, daj ten log na forum (log wrzuć na http://www.wklej.eu/ )

3. Na tych stronkach przeskanuj jeszcze plik:

Kod:

c:\windows\system32\giljabiunis.exe


4. Przeskanuj komputer programem >CureIT<

W giljabiunis.exe virustotal znalazl dużo wirusów różnych, cureit pomoze na to czy mam jeszcze cos z tym robic?

Więc zastosuj się do tego, gdyż to jest ważne:

1. Użyj Flash Disinfector do usunięcia wirusów z Pendrive / eMPe3 (ewentualnie możesz go sFORMATować)

2. Pobierz Combofix ale nie uruchamiaj
Wklej do notatnika:

Kod:

File::
c:\windows\system32\giljabiunis.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik Zapisz jako CFScript.txt
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Rozpocznie się usuwanie i powstanie log, daj ten log na forum (log wrzuć na http://www.wklej.eu/ )

Przeskanuj też komputer CureIT'em i podaj wyniki

Uruchomilem combo fixa z tym plikiem jak napisales. To mój log:

http://wklej.eu/index.php?id=bcd986aa95

Cureit nic nie znajduje

i drugi raz tez

http://wklej.eu/index.php?id=54d838c8eb

nadal nie mam dzwieku

Log teraz wygląda na czysty.

Usuń ręcznie folder C:\Qoobox

A dźwięku od kiedy nie masz? To jest nowy komputer?

@DOWN
sprobuj od nowa zainstalowac sterowniki do karty dzwiekowej (na plytce od plyty glownej) lub przełóż kabel do innej "dziury"

Ostatnio edytowany przez Arexe, 06 Lut 2009, 18:13, edytowano w sumie 1 raz

Komp nie jest nowy ale to pierwszy problem jaki z nim mam.

Dzwieku nie mialem jakis miesiac, wczoraj zrobilem reinstalke i przez 2 pierwsze uruchomienia byl a potem znowy wywalilo go.