Problem ze stabilnością kompa


(Jarek7d) #1

Witam.

Jest problem napewno związany z plikiem WPV081240382188.exe ponieważ panda cały czas chce wysyłać go do laboratorium ale się nie da.

Nie da się również uruchomić jakiegokolwiek skanera online.

Połączenia WiFi bardzo często się urywają.

Poniżej logi z combofixa

http://wklejto.pl/32312

Z góry dzięki za pomoc.


(Gutek) #2

Wklej do Notatnika:

File::

c:\windows\system32\wpv081240382188.exe

c:\windows\system32\3088906498.dat

c:\windows\system32\drivers\str.sys

c:\windows\system32\drivers\uqlryaypmrntkx.sys


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->

cfscript10uc2.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo oraz skan http://www.kaspersky.pl/virusscanner.html