Laptop po oczyszczaniu z wirusów, Windows xp 32bit

Spawn85 · 4 Styczeń 2015 15:36

Wtam

Proszę o sprawdzenie logów z laptopa który już był spisany na straty. Problemem okazało się zbyt zawalony dysk C do granic pojemności który już nie odpalał systemu i powodował blokowanie botowania z napędów. Pomogło wyciągnięcie dysku z laptopa i podpięcie do drugiego kompa i zwolnienie troche miejsca. System to Windows XP 32bit już odpala, sprawdzony został avastem już brak wirusów i oczyszczony AdwClenerem.

Acorus · 4 Styczeń 2015 15:46

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16377344 2007-11-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS\ALCMTR.EXE [69632 2007-11-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM] = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NBKeyScan] = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\Run: [AlcoholAutomount] = C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [217544 2008-03-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {42c1cc9c-b9bd-11dd-85bf-00a0d1c81df8} - xk2n.bat
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {65e773aa-c281-11e1-8728-00a0d1c81df8} - G:\AutoRun.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {669980c7-8535-11e3-8782-00a0d1c81df8} - G:\Nokia_Ovi_Suite_3_0_0_291_ALL.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {6c8c9222-06a3-11de-85e1-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {8111d504-bc53-11e1-8720-00a0d1c81df8} - G:\AutoRun.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {8111d507-bc53-11e1-8720-00a0d1c81df8} - G:\AutoRun.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {9860e602-1171-11e2-8733-00a0d1c81df8} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {a966e388-4fd5-11df-8620-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {b0d29b9e-d023-11de-8615-00a0d1c81df8} - G:\RECYCLER\S-8-4-60-2025856740-5600387576-728270318-4785\asr_62371.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {b0d29b9f-d023-11de-8615-00a0d1c81df8} - I:\RECYCLER\S-3-6-35-7650544541-0652447327-361551273-2632\asr_10502.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {bc1572ce-3d78-11dd-85b3-00a0d1c81df8} - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {ceeffdf1-66a0-11e0-8649-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {cf8694aa-6519-11e0-8646-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {d6700e8a-d001-11de-8614-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {d6700e8b-d001-11de-8614-00a0d1c81df8} - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {f24deea0-02d8-11e0-862d-00a0d1c81df8} - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
HKU\S-1-5-21-1454471165-1390067357-682003330-1004\...\MountPoints2: {ff2788c7-9ce3-11dc-b00a-806d6172696f} - E:\setupSNK.exe
Startup: C:\Documents and Settings\Siemens\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Search-Results Toolbar - C:\Documents and Settings\Siemens\Dane aplikacji\Mozilla\Firefox\Profiles\b6ki6iju.default\Extensions\{15a0413e-9f45-4d45-9a75-2c20b15b5b51} [2013-01-05]
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Windows Hosts Controller; "C:\WINDOWS\Fonts\unwise_.exe" [X]
S3 axskbus; system32\DRIVERS\axskbus.sys [X]
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
S2 zntport; \\C:\WINDOWS\system32\drivers\zntport.sys [X]
2015-01-04 14:40 - 2015-01-04 14:43 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Spawn85 · 4 Styczeń 2015 16:02

Zrobione. Fixlog i nowe logi w załączniku. Coś jeszcze?? Zrobic scan jeszcze Malwarebytes Anti-Malware ??

Acorus · 4 Styczeń 2015 16:25

Skasuj folder C:\FRST

Możesz przeskanować.