Dziwne zwiechy kompa/długie włączanie/wyłączanie. Logi


(Kilik) #1

Prosiłbym o sprawdzenie logów i ewentualną radę co należy usunąć.

Po 1 ostatnio zauważyłem ze dość często mi rozłącza neta bez powodu i później długo próbuje nawiązać połączenie.

Po 2 system często łapie paro sekundowe zwiechy.

Po 3 wyłączanie systemu trwa strasznie długo a czasem w ogóle sie nie chce wyłączyć tylko zostaje na ekranie Wylogowywania.

Logi z Combo: http://www.wklej.org/id/84818/

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.


((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-4-30 )))))))))))))))))))))))))))))))

.


2009-04-30 12:40 . 2009-04-30 12:40	--------	d-----w	c:\program files\Spybot - Search & Destroy

2009-04-30 12:40 . 2009-04-30 12:48	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-04-26 21:38 . 2009-04-26 21:41	--------	d-----w	c:\documents and settings\KILIK\Dane aplikacji\Ventrilo

2009-04-26 21:22 . 2009-04-26 21:22	--------	d-----w	c:\program files\Ventrilo

2009-04-26 21:20 . 2009-04-26 21:20	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-04-21 22:48 . 2009-04-21 22:48	--------	d-----w	c:\program files\GoldWave

2009-04-21 22:33 . 2009-04-30 12:25	--------	d-----w	c:\program files\RelevantKnowledge

2009-04-21 22:32 . 2009-04-21 23:17	--------	d-----w	c:\program files\MP3MyMP3 3.0

2009-04-21 19:01 . 2009-04-21 19:01	--------	d-----w	c:\program files\Micro Machines

2009-04-14 22:13 . 2009-04-29 12:13	--------	d-----w	c:\program files\Galaxy Online

2009-04-12 14:21 . 2009-04-12 14:21	--------	d-----w	c:\program files\Common Files\Adobe AIR

2009-04-09 22:14 . 2009-04-09 22:15	--------	d-----w	c:\program files\Vuze

2009-04-09 11:08 . 2009-04-09 11:08	--------	d-----w	c:\program files\Any Audio Converter

2009-04-06 12:11 . 1998-09-02 08:28	38160	----a-w	c:\windows\system32\LMRTREND.dll

2009-04-06 12:11 . 1998-08-27 04:51	182032	----a-w	c:\windows\system32\dxtmsft3.dll

2009-04-06 12:11 . 1998-09-02 08:28	63488	----a-w	c:\windows\system32\unam4ie.exe

2009-04-06 12:11 . 1998-08-17 09:21	10240	----a-w	c:\windows\system32\vidx16.dll

2009-04-06 12:11 . 1998-08-17 09:21	11776	----a-w	c:\windows\system32\mciqtz.drv

2009-04-06 12:11 . 1998-09-02 08:02	194320	----a-w	c:\windows\system32\qcut.dll

2009-04-06 12:11 . 2009-04-06 12:11	4608	----a-w	c:\windows\system32\w95inf32.dll

2009-04-06 12:11 . 2009-04-06 12:11	2272	----a-w	c:\windows\system32\w95inf16.dll

2009-04-03 15:48 . 2009-04-03 15:48	--------	d-----w	c:\program files\KONAMI Software

2009-04-02 12:05 . 2007-01-16 11:52	17664	----a-w	c:\windows\system32\drivers\ZDPSp50.sys

2009-04-02 12:05 . 2007-01-16 11:52	20608	----a-w	c:\windows\system32\drivers\BRGSp50.sys

2009-04-02 12:05 . 2009-04-02 12:05	--------	d-----w	c:\program files\SAGEM WiFi manager

2009-04-02 12:04 . 2009-04-02 12:04	--------	d-----w	c:\program files\SAGEM

2009-04-02 12:03 . 2007-01-10 08:14	450560	----a-w	c:\windows\system32\drivers\WlanBZXP.sys

2009-04-02 12:02 . 2005-06-17 08:26	114688	----a-w	c:\windows\system32\WLANUTL.dll

2009-04-02 12:02 . 2005-06-17 08:26	61440	----a-w	c:\windows\system32\W32N50.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-30 12:55 . 2008-02-14 01:33	--------	d-----w	c:\program files\PeerGuardian2

2009-04-30 12:07 . 2008-02-14 01:53	--------	d-----w	c:\program files\eMule

2009-04-29 17:44 . 2008-12-25 22:36	--------	d-----w	c:\program files\PokerStars

2009-04-27 18:22 . 2009-01-06 19:09	--------	d-----w	c:\program files\JDownloader

2009-04-03 16:04 . 2008-02-13 23:28	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-03-30 21:41 . 2009-03-30 21:41	--------	d-----w	c:\program files\Acro Software

2009-03-30 21:41 . 2009-03-30 21:41	--------	d-----w	c:\program files\GPLGS

2009-03-29 21:21 . 2001-10-26 16:15	89166	----a-w	c:\windows\system32\perfc015.dat

2009-03-29 21:21 . 2001-10-26 16:15	500826	----a-w	c:\windows\system32\perfh015.dat

2009-03-26 23:33 . 2009-03-12 23:34	--------	d-----w	c:\program files\PartyGaming

2009-03-26 23:32 . 2009-03-02 13:43	--------	d-----w	c:\program files\OpenTTD

2009-03-26 20:40 . 2008-04-05 22:49	21840	----atw	c:\windows\system32\SIntfNT.dll

2009-03-26 20:40 . 2008-04-05 22:49	17212	----atw	c:\windows\system32\SIntf32.dll

2009-03-26 20:40 . 2008-04-05 22:49	12067	----atw	c:\windows\system32\SIntf16.dll

2009-03-26 12:31 . 2009-03-26 12:24	29166	----a-w	c:\windows\DIIUnin.dat

2009-03-26 12:24 . 2009-03-26 12:24	2829	----a-w	c:\windows\DIIUnin.pif

2009-03-26 12:24 . 2009-03-26 12:24	106496	----a-w	c:\windows\DIIUnin.exe

2009-03-08 22:15 . 2008-02-14 01:18	--------	d-----w	c:\program files\Gadu-Gadu

2009-03-03 06:36 . 2008-02-13 22:30	30120	----a-w	c:\documents and settings\KILIK\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-02-25 13:36 . 2004-07-17 09:36	12400	----a-w	c:\windows\system32\drivers\secdrv.sys

2009-02-17 23:19 . 2008-04-21 18:15	28512	----a-w	c:\documents and settings\KILIK\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-02-16 13:59 . 2009-02-16 13:59	24616	----a-w	c:\windows\system32\drivers\ggsemc.sys

2009-02-16 13:59 . 2009-02-16 13:59	13224	----a-w	c:\windows\system32\drivers\ggflt.sys

2009-02-16 13:59 . 2009-02-16 13:59	1107296	----a-w	c:\windows\system32\WdfCoInstaller01007.dll

2009-01-16 15:39 . 2009-01-14 23:38	67688	----a-w	c:\program files\mozilla firefox\components\jar50.dll

2009-01-16 15:39 . 2009-01-14 23:38	54368	----a-w	c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-16 15:39 . 2009-01-14 23:38	34944	----a-w	c:\program files\mozilla firefox\components\myspell.dll

2009-01-16 15:39 . 2009-01-14 23:38	46712	----a-w	c:\program files\mozilla firefox\components\spellchk.dll

2009-01-16 15:39 . 2009-01-14 23:38	172136	----a-w	c:\program files\mozilla firefox\components\xpinstal.dll

2008-07-04 02:22 . 2008-07-04 02:22	23	--sha-w	c:\windows\system32\becfcffdf7_z.dll

.


------- Sigcheck -------


[-] 2007-08-13 17:54	809472	F284A6225A3057A1E19985E1D4B47ADA	c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2007-08-13 17:54	809472	F284A6225A3057A1E19985E1D4B47ADA	c:\windows\system32\wininet.dll

[-] 2007-08-13 17:54	809472	F284A6225A3057A1E19985E1D4B47ADA	c:\windows\system32\dllcache\wininet.dll


[-] 2007-06-13 13:12	976896	AD872DD75E625C2473717561BECD6FD1	c:\windows\explorer.exe

[-] 2007-06-13 13:12	976896	AD872DD75E625C2473717561BECD6FD1	c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 13:12	976896	AD872DD75E625C2473717561BECD6FD1	c:\windows\system32\dllcache\explorer.exe


[-] 2004-08-03 22:44	101888	6DB9EBC8D26603F3B04C7C2809AAF935	c:\windows\ServicePackFiles\i386\wuauclt.exe

[-] 2004-08-03 22:44	101888	6DB9EBC8D26603F3B04C7C2809AAF935	c:\windows\system32\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


c:\documents and settings\KILIK\Menu Start\Programy\Autostart\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave1"= serwvdrv.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\program files\\relevantknowledge\\rlvknlg.exe"=


R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-16 13224]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 ZDCndis5;ZDCndis5 Protocol Driver; [x]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20560]

S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]


.

Zawartość folderu 'Zaplanowane zadania'


2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\KILIK\Dane aplikacji\Mozilla\Firefox\Profiles\hiysct93.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.pl

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-30 15:07

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(2328)

c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

c:\program files\relevantknowledge\rlls.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

Czas ukończenia: 2009-04-30 15:09

ComboFix-quarantined-files.txt 2009-04-30 13:09


Przed: 2 016 108 544 bajtów wolnych

Po: 2 114 588 672 bajtów wolnych


196

[/code]






Log z HiJackThis: http://www.wklej.org/id/84819/

[code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:53, on 2009-04-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\program files\relevantknowledge\rlvknlg.exe C:\WINDOWS\explorer.exe C:\Program Files\Total Commander\TOTALCMD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM..\Run: [nwiz] nwiz.exe /install O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5708 bytes

Tak apropo przy startowaniu ComboFixa ten dźwięk wydobywający sie z komputera to normalne? ;]

Edit: o sorry dawno mnie tu nie było nie wiedziałem o wklej.org ;]


(Gutek) #2

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Wklej do Notatnika:

Folder::

C:\program files\relevantknowledge


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\RelevantKnowledge\\rlvknlg.exe"=-

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->

cfscript10uc2.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo oraz skan http://www.kaspersky.pl/virusscanner.html


(Kilik) #3

Skan się właśnie robi. Dzięki za odpowiedź.

Nowy log z Combo http://www.wklej.org/id/84896/


(Gutek) #4

Czekam na wyniki skanu. W Combo nic nie widzę.