Długie uruchamienie i powolna praca


(Michalzbr) #1

Siema.

Mam taki problem, że komputer długo się uruchamia i wolno chodzi. Próbowałem już programem Bootvis (czy jak mu tam), ale nic to nie dało. Nie wiem co zrobić żeby chodził szybciej.


(Pawel Pieczyrak) #2

Usunąć zbędne programy z autostratu, defragmentacja dysku, odinstalowanie niepotrzebnych programów, optymalizacja rejestru oraz jego defragmentacja. Oczyszczenie dysku ze śmieci. To powinno pomóc.


(Michalzbr) #3

Już to robiłem nic nie dało komputer dalej uruchamia się ponad 2 min


(Pawel Pieczyrak) #4

Daj logi z ComboFix oraz HijackThis. Być może jakiś syf siedzi. A tak na marginesie to jaki system ??


(Michalzbr) #5

Win Xp SP2 jak mam zrobić te logi?


(Pawel Pieczyrak) #6

viewtopic.php?f=16&t=36654

Poczytaj.


(Michalzbr) #7

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:42:52, on 2009-04-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Google\Update\GoogleUpdate.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

F:\PROGRA~1\AVG\AVG8\avgtray.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\system32\ctfmon.exe

F:\Program Files\AutoConnect\AutoConnect.exe

F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\PROGRA~1\AVG\AVG8\avgrsx.exe

F:\PROGRA~1\AVG\AVG8\avgnsx.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\wbem\wmiapsrv.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Documents and Settings\Michał\Pulpit\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Windows Internet Explorer dostarczony przez Grupę Onet.pl S.A.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - F:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - F:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AutoConnect] F:\Program Files\AutoConnect\AutoConnect.exe

O4 - HKCU..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [Nokia.PCSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{4FA94CBE-66DD-4031-A680-B823B03AAE2C}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: crypt - crypts.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Google Update Service (gupdate1c988fc502180e0) (gupdate1c988fc502180e0) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - F:\WINDOWS\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7129 bytes


(Mancunian) #8

Wklej jeszcze loga z ComboFix.


(Michalzbr) #9

ComboFix 09-04-29.07 - Michał 2009-04-30 19:28.1 - NTFSx86

Uruchomiony z: f:\documents and settings\Michał\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

f:\program files\myglobalsearch

f:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

f:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

f:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

f:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

f:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

f:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL

f:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

f:\program files\myglobalsearch\bar\Cache\00262E68

f:\program files\myglobalsearch\bar\Cache\00264C69

f:\program files\myglobalsearch\bar\Cache\00267875.bin

f:\program files\myglobalsearch\bar\Cache\0026A084.bin

f:\program files\myglobalsearch\bar\Cache\0026B55D.bin

f:\program files\myglobalsearch\bar\Cache\files.ini

f:\program files\myglobalsearch\bar\History\search

f:\program files\myglobalsearch\bar\Settings\prevcfg.htm

f:\windows\system32\wpv461231225630.cpx

f:\windows\system32\wpv611231225542.cpx

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_POWERMANAGER

-------\Service_PowerManager

((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-4-30 )))))))))))))))))))))))))))))))

.

2009-04-27 17:10 . 2002-06-06 12:38 139264 ----a-w f:\windows\system32\eax.dll

2009-04-27 17:10 . 2009-04-27 17:14 -------- d-----w f:\windows\system32\embedded

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-30 17:37 . 2007-08-08 16:17 -------- d-----w f:\program files\AutoConnect

2009-04-28 13:56 . 2008-10-05 09:00 -------- d-----w f:\program files\AIMP2

2009-04-26 12:47 . 2008-05-12 10:51 -------- d-----w f:\program files\Counter Strike 1.6 - www.lagownia.pl

2009-04-25 15:04 . 2001-10-26 14:15 49712 ----a-w f:\windows\system32\perfc015.dat

2009-04-25 15:04 . 2001-10-26 14:15 355830 ----a-w f:\windows\system32\perfh015.dat

2009-04-16 15:44 . 2009-02-26 13:59 -------- d-----w f:\program files\Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy

2009-04-10 10:38 . 2007-10-16 19:18 -------- d-----w f:\program files\Ares

2009-03-16 14:54 . 2009-03-16 14:54 -------- d-----w f:\program files\Opera 10 Preview

2009-03-16 13:41 . 2008-07-01 08:48 -------- d-----w f:\program files\Nowe Gadu-Gadu

2009-03-11 18:11 . 2009-03-11 18:11 -------- d-----w f:\program files\GIMP-2.0

2009-03-08 02:34 . 2004-08-03 22:44 914944 ----a-w f:\windows\system32\wininet.dll

2009-03-08 02:34 . 2004-08-03 22:44 43008 ----a-w f:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2004-08-03 22:43 18944 ----a-w f:\windows\system32\corpol.dll

2009-03-08 02:33 . 2004-08-03 22:44 420352 ----a-w f:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2004-08-03 22:43 72704 ----a-w f:\windows\system32\admparse.dll

2009-03-08 02:32 . 2004-08-03 22:44 71680 ----a-w f:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2004-08-03 22:44 34816 ----a-w f:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2004-08-03 22:42 48128 ----a-w f:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2004-08-03 22:44 45568 ----a-w f:\windows\system32\mshta.exe

2009-03-08 02:22 . 2001-10-26 15:26 156160 ----a-w f:\windows\system32\msls31.dll

2009-03-03 20:34 . 2009-03-03 20:34 -------- d-----w f:\program files\Lavalys

2009-02-14 18:41 . 2009-02-14 18:41 10520 ----a-w f:\windows\system32\avgrsstx.dll

2009-02-14 18:41 . 2009-02-14 18:41 107272 ----a-w f:\windows\system32\drivers\avgtdix.sys

2009-02-14 18:41 . 2009-02-14 18:41 325128 ----a-w f:\windows\system32\drivers\avgldx86.sys

2004-10-01 13:00 . 2007-08-09 19:13 40960 ----a-w f:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"AutoConnect"="f:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="f:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]

"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-14 1601304]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-14 18:41 10520 ----a-w f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=f:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

backup=f:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=f:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"f:\WINDOWS\system32\sessmgr.exe"=

R2 gupdate1c988fc502180e0;Google Update Service (gupdate1c988fc502180e0);f:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

R2 ksi32sk;ksi32sk; [x]

R3 V0090VID;Creative WebCam Vista Plus;f:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\System32\Drivers\avgldx86.sys [2009-02-14 325128]

S1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\System32\Drivers\avgtdix.sys [2009-02-14 107272]

S2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\WM0453F.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4f751560-1821-11dd-af82-000e50d4e675}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{98a23747-fcdc-11dd-b444-000e50d4e675}]

\Shell\AutoRun\command - H:\WM0453F.exe

.

Zawartość folderu 'Zaplanowane zadania'

2009-04-30 f:\windows\Tasks\GoogleUpdateTaskMachine.job

  • f:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 08:15]

.

  • USUNIĘTO PUSTE WPISY - - - -

HKU-Default-Run-Nokia.PCSync - f:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensaver - f:\windows\system32\GPhotos.scr/200

Trusted Zone: com.pl\www.mks

TCP: {4FA94CBE-66DD-4031-A680-B823B03AAE2C} = 194.204.159.1 217.98.63.164

DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://arcaonline.arcabit.com/ArcaOnline.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - f:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\uld54jst.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - component: f:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\uld54jst.default\extensions{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: f:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\uld54jst.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: f:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: f:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - component: f:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: f:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\NPDARTS.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\NPNAVY.dll

FF - plugin: f:\program files\Opera 10 Preview\program\plugins\npdsplay.dll

FF - plugin: f:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-30 19:41

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-436374069-1606980848-854245398-1003\RemoteAccess\Profile\x *]

"EnableAutodisconnect"=dword:00000001

"EnableExitDisconnect"=dword:00000001

"DisconnectIdleTime"=dword:00000014

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'explorer.exe'(1092)

f:\progra~1\WINDOW~2\wmpband.dll

f:\windows\system32\ieframe.dll

f:\windows\system32\webcheck.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

f:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

f:\program files\Java\jre6\bin\jqs.exe

f:\windows\system32\nvsvc32.exe

f:\windows\system32\wdfmgr.exe

f:\program files\AVG\AVG8\avgrsx.exe

f:\progra~1\AVG\AVG8\avgnsx.exe

f:\windows\system32\rundll32.exe

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-30 19:43 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-30 17:43

Przed: 21 649 199 104 bajtów wolnych

Po: 21 598 482 432 bajtów wolnych

190


(Olixxx94) #10

Fix w HijackThis.


(Michalzbr) #11

Jak mam to zrobic?


(Olixxx94) #12

W programie do a system scan only->zaznaczasz->klik na fix checked.


(Gutek) #13

Daj nowy log z Combo


(Michalzbr) #14

Z ComboFix już dałem


(Gutek) #15

Daj nowy coś widzę już tworzyłeś w HJT. Czekam na log


(Michalzbr) #16

http://wklej.org/id/85456/


(deFco247) #17

Usuń infekcje z pendrive.

Wklej do notatnika:

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f751560-1821-11dd-af82-000e50d4e675}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98a23747-fcdc-11dd-b444-000e50d4e675}]


Driver::

ksi32sk

Plik zapisz jako CFScript.txt , najlepiej w tym samym folderze co Combofix.exe

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe

Powinno się rozpocząć usuwanie.

Potem dajesz log z usuwania Combofix.