Laptop wiesza się, strasznie muli, proszę o podpowiedź

pazzy · 19 Grudzień 2007 21:42

Witam.

Mam nowego laptopa ale od pewnego czasu zaczął się wieszać i nawet managerem zadań nie mogę niczego zaradzić. Mogę jedynie wyłączyć kompa od źródła zasilania. Oprócz tego strasznie muli. Wysłałam sprzęt do Warszawy do serwisu lecz niczgo nie wykryto i zasugerowano niestabilność systemu spowodowaną dodatkową pamięcią która już automatycznie dołączona do kompa przy zakupie. W sumie sprawy nie załatwili a gdy muszę wyłączyć kompa tracę wszystkie dane. Ostatnio też stacja dysków nie wykryła mi płyty. Zainstalowałam nawet serwic packa do visty ale to nie zmieniło stanu rzeczy. Komp muli strasznie i wiesz się ok. 5 razy na dobę. Zaczęłam podejrzewać istnienie wirusów. Przeczytałam uważnie artykuł o generowaniu logów, ale nie wiem od czego zacząć. Proszę o wskazanie konkretnego programu. Czy to ma być HijackThis, Combofix czy coś innego? Przy próbie zainstalowanie kodeku do filmu również dostałam informację, że może to byc spowodowane m.in. obecnością wirusa. Bardzo prosze o pomoc.

Z góry dziekuję za odpowiedź.

Gutek · 19 Grudzień 2007 22:02

Daj log z HJT + Silenta - viewtopic.php?f=16&t=36654

pazzy · 20 Grudzień 2007 14:55

Cześć.

Uczyniłam to co mi zasugerowałeś i czekam cierpliwie na odpowiedź. Jeśli zrobiłam coś niepoprawnie z wklejeniem loga to z góry przepraszam, lecz jestem niedoświadczoną użytkowniczką, ale staram się. W przypadku koniczności usunięcia pewnych plików proszę o ‘łopatologiczne’ wyjaśnienie jak mam to zrobić.

Z góry dziękuję i pozdrawiam;)

A teraz logi, z HJT i SR

oto log z HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:17, on 2007-12-20

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal


Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Sony\SonicStage\SSAAD.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Zango /fleok=1D8A83A5C5E0127D99A9682A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O13 - Gopher Prefix: 

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


--

End of file - 5502 bytes

a oto log z Silent Runnera

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"

"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]

"LG Intelligent Update" = ""C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc" [null data]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"MGSysCtrl" = "C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe" ["MSI"]

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"NeroFilterCheck" = "C:\Windows\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{07AA283A-43D7-4CBE-A064-32A21112D94D}\(Default) = "Zango /fleok=1D8A83A5C5E0127D99A9682A1FBB39BFE4976E26CAEDA120180A196D6093"

  -> {HKLM...CLSID} = "Zango"

                   \InProcServer32\(Default) = "C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll" [file not found]

{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"

  -> {HKLM...CLSID} = "My Global Search Bar BHO"

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00020d75-0000-0000-c000-000000000046}" = "lnkfile"

  -> {HKLM...CLSID} = "Microsoft Outlook"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL" [MS]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

  -> {HKLM...CLSID} = "Nokia Phone Browser"

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoCDBurning" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}


"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}


"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}


"EnableLUA" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}


"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}


"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}


"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Conrol: Switch to the secure desktop when prompting for elevation}


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Dagmara\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\ssBranded.scr" [MS]



Startup items in "Dagmara" & "All Users" startup folders:

---------------------------------------------------------


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]



Non-disabled Scheduled Tasks:

-----------------------------


C:\Windows\System32\Tasks

"User_Feed_Synchronization-{5AADB750-DD7F-41DC-8C0F-C121D8087EF2}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]

"{7756B841-CE48-4289-88B7-0BC570FDB8BC}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\SubEdit-Player\unins000.exe"" [MS]

"{AA9C365A-7210-40AE-A0D0-50A7939F582F}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Zango\bin\10.0.370.0\ZangoUnInstaller.exe" -c Web" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic

"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

  -> {HKLM...CLSID} = "HotStart User Agent"

                   \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"

  -> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

                   \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

  -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

                   \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"

  -> {HKLM...CLSID} = "Nap ITask Handler Implementation"

                   \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System

"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Shell

"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"

  -> {HKLM...CLSID} = "CrawlStartPages Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

  -> {HKLM...CLSID} = "MsCtfMonitor task handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

  -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

                   \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar

"Reminders - Dagmara" -> launches: "C:\Program Files\Windows Calendar\WinCal.exe /reminder" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Wired

"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]


C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]


C:\Windows\System32\Tasks\Microsoft\Windows Defender

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 18



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{37B85A29-692B-4205-9CAD-2626E4993404}"

  -> {HKLM...CLSID} = "My Global Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

  -> {HKLM...CLSID} = "&Links"

                   \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

"{07AA283A-43D7-4CBE-A064-32A21112D94D}"

  -> {HKLM...CLSID} = "Zango"

                   \InProcServer32\(Default) = "C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll" [file not found]


HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)

  -> {HKLM...CLSID} = "My Global Search Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

"{07AA283A-43D7-4CBE-A064-32A21112D94D}" = "Zango"

  -> {HKLM...CLSID} = "Zango"

                   \InProcServer32\(Default) = "C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll" [file not found]


Explorer Bars


HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Zango Information Window"

                   \InProcServer32\(Default) = "C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll" [file not found]


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Zango Information Window"

                   \InProcServer32\(Default) = "C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll" [file not found]



HOSTS file

----------


C:\Windows\System32\drivers\etc\HOSTS


maps: 2 domain names to IP addresses,

      1 of the IP addresses is *not* localhost!



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Agere Modem Call Progress Audio, AgereModemAudio, "C:\Windows\system32\agrsmsvc.exe" ["Agere Systems"]

Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

Evil Driver Daemon, NishService, "C:\Program Files\LG Software\System Control Manager\edd.exe" [null data]

Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

O2Micro Flash Memory, O2Flash, "C:\Windows\system32\o2flash.exe" ["O2Micro International"]

Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}

ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}



Accessibility Tools:

--------------------


HKCU\Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp\

"narrator" = dword:0x00000000


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator\

"Description" = "Screen Reader"

"StartExe" = "C:\Windows\System32\Narrator.exe" [MS]



---------- (launch time: 2007-12-20 15:35:37)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 100 seconds, including 18 seconds for message boxes)

Gutek · 20 Grudzień 2007 20:43

Najpierw automat - Daj log z ComboFix

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

pazzy · 21 Grudzień 2007 13:26

Przepraszam za brak znaczników, ale chyba nie wiem jak się je stosuje. Myślałam, że w poprzedni log dobrze nimi objęłam. Nie pozostaje mi nic innego jak niestety powtórzyć swój błąd ale mino wszystko proszę o pomoc.

Oto log z ComboFixa

ComboFix 07-12-21.4 - Dagmara 2007-12-21 13:38:23.1 - NTFSx86

Gutek · 21 Grudzień 2007 23:48

Nic nie widzę w logach

pazzy · 23 Grudzień 2007 02:29

Dzięki za pomoc. Z komputerem niestety coraz gorzej. Zawiesza się często, nawet co 15 minut, czasem wytrzymuje znacznie dłużej. Nie wiem co robić. Pytanie już pewnie nie na temat: co mi doradzasz? Czy mam przeinstalować system? Odeślę kompa do gości z serisu LG w Warszawie i znowu mi powiedzą, że przetestowali, niczego nie wykryli i ‘niestabilność sysemu może byc spowodowana dodatkową pamięcią’ (jak kupowałam laptopa to w promocji dokładali kość pamięci Kingston 512 Mb). Proszę o jakąkolwiek radę, czy sugestie, jeśli cokolwiek przychodzi Ci na myśl.

Dziękuję i pozdrawiam

Gutek · 23 Grudzień 2007 11:17

Skoro powiedzieli, że to wina pamięci to zrób test memtestem - http://hcidesign.com/memtest/