Witam. Mam taki probem kiedy uruchamiam kompa to włącza mi sie bardzo dlugo w tych momencie kiedy wyswieta logo systemu windows a czasem pokazuje mi sie obraz czarny i dalej juz nic nie idzie. z gory thx dołączam loga.
ComboFix 07-08-09.3 - “xp” 2007-12-11 20:53:19.7 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.493 [GMT 1:00] ((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))) 2007-12-11 18:43 2007-12-11 18:27 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 18:27 2007-12-11 17:39 2007-12-11 17:29 2007-12-11 16:22 2007-11-28 16:57 2007-11-15 16:07 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2060-08-18 19:02 1496064 --------- C:\WINDOWS\system32\CC3250MT.DLL 2060-08-18 18:40 909824 --------- C:\WINDOWS\system32\cp3245mt.dll 2060-08-18 18:40 24064 --------- C:\WINDOWS\system32\borlndmm.dll 2007-12-11 18:26 1497 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2007-10-16 20:20 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-07-03 19:32 2855 --a------ C:\WINDOWS\pif\setup.PIF 2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-07-11 11:21:16 88 --sh–r C:\WINDOWS\system32\BABB994F71.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 22:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “KAVPersonal50”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” [2004-11-26 14:32] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2003-06-25 11:24] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-10-23 19:51] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-09-01 13:42] “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2003-05-21 18:37] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-02-24 07:32] “nwiz”=“nwiz.exe” [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-02-24 07:32] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “AAWTray”=“C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe” [2007-08-30 11:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “PowerBar”="" [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT-Watch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys R2 SPF4;Sunbelt Personal Firewall 4;“C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” R3 ids001b8;ids001b8;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids001b8.sys R3 klstm;klstm;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys S3 ids00026;ids00026;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys S3 ids00118;ids00118;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys S3 ids0014f;ids0014f;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys S3 ids0015d;ids0015d;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys S3 ids00180;ids00180;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys S3 ids0018a;ids0018a;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys S3 ids00196;ids00196;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 STIrUsb;Klucz szyfrujący SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-11 20:56:38 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … C:\WINDOWS\system32\cmd.exe [2392] 0x8204C020 scanning hidden autostart entries … HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ???<???4@?h???w???h???2??w(???wt?@?l?@??6c???,???w???w???w???w???w???4@???/???w???l?@???.??w???t?@?X?b???l?@?l?@???w???t?@???l?@?8?@?l?@?3??s???8?@?_??s8?@?8?@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-12-11 20:59:17 C:\ComboFix2.txt … 2007-12-11 19:42 — E O F —
Gutek
(Gutek)
11 Grudzień 2007 21:00
#2
usuń wpis HJT
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
Gutek
(Gutek)
12 Grudzień 2007 23:16
#4