Mój problem -długi start systemu i niestabilność zaraz po starcie .Do tematu dodaje log z combofix. z góry dziękuje za zainteresowanie.
ComboFix 09-01-02.01 - Krzysiek 2009-01-04 13:58:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.684 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Krzysiek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Krzysiek\Dane aplikacji\EurekaLog
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-04 do 2009-01-04 )))))))))))))))))))))))))))))))
.
2009-01-02 10:39 . 2009-01-02 10:39
2009-01-02 10:39 . 2009-01-02 10:39
2009-01-01 17:35 . 2009-01-04 13:32
2008-12-31 19:48 . 2001-05-11 12:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-12-31 19:48 . 2001-05-16 16:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-12-06 23:20 . 2008-12-06 23:20
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 12:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-04 08:54 360,480 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-04 08:54 3,360 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-04 08:54 13,916 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-04 08:54 1,508,896 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-29 18:21 214 ----a-w c:\documents and settings\Krzysiek\Dane aplikacji\wklnhst.dat
2008-12-22 19:27 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu
2008-12-21 19:40 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\XnView
2008-12-02 21:18 --------- d-----w c:\program files\Java
2008-12-01 20:43 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\vlc
2008-11-26 20:15 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2008-11-26 20:14 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-26 20:14 --------- d-----w c:\program files\LG Soft India
2008-11-26 20:14 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-26 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-08 19:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ashampoo
2008-11-05 20:07 --------- d-----w c:\documents and settings\Krzysiek\Dane aplikacji\SmartKite Software
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2008-04-25 201992]
“SoundMan”=“SOUNDMAN.EXE” [2006-11-17 c:\windows\soundman.exe]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-11-26 1126400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveTrack”= 1 (0x1)
“NoFileAssociate”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveTrack”= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete
[HKLM~\startupfolder\C:^Documents and Settings^Krzysiek^Menu Start^Programy^Autostart^Trojan Remover Updater.exe]
backup=c:\windows\pss\Trojan Remover Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
–a------ 2004-08-03 23:44 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2004-04-17 12:41 196608 c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
–a------ 2004-04-13 06:07 69632 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
–a------ 2008-07-28 10:12 1741184 d:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“ctfmon.exe”=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“TrojanScanner”=d:\program files\Trojan Remover\Trjscan.exe /boot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\WINDOWS\system32\sessmgr.exe”=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\windows\system32\drivers\pe3ajbeb.sys [2007-08-22 64632]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\windows\system32\drivers\ps7ajbeb.sys [2007-08-22 68736]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-11-26 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-11-26 13312]
S4 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);c:\windows\system32\pr2ajbeb.exe svc --> c:\windows\system32\pr2ajbeb.exe svc [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Zawartość folderu ‘Zaplanowane zadania’
2008-11-12 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\tuneup2007\SystemOptimizer.exe [2007-08-02 17:35]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\rn02qdx8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 13:59:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(636)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Czas ukończenia: 2009-01-04 14:00:28
ComboFix-quarantined-files.txt 2009-01-04 13:00:26
Przed: 13 566 767 104 bajtów wolnych
Po: 13,557,985,280 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
157 — E O F — 2008-12-18 19:33:36