Witam, od kilku lat używam laptopa HP i od jakiego¶ czasu zaczęły się problemy wolnej pracy, otwierania stron, dokumentów jest to trochę uporczywe. Przeskanowałem Avastem ( wersja bezpłatna ) i nic. Laptop 3 m-cę temu po czyszczeniu formatowaniu i wymianie pasty. Poniżej w zał±cznikach logi: laptop HP dv6780 ew Vista 32
ComboFix 14-05-07.03 - OLGA 2014-05-08 12:31:07.1.2 - x86
Microsoft(R) Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.3071.1782 [GMT 2:00]
Uruchomiony z: c:\users\OLGA\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
.
((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Pliki utworzone od 2014-04-08 do 2014-05-08 )))))))))))))))))))))))))))))))
.
.
2014-05-08 10:49 . 2014-05-08 10:50 -------- d-----w- c:\users\OLGA\AppData\Local\temp
2014-05-08 10:49 . 2014-05-08 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-08 07:06 . 2014-05-08 07:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 07:03 . 2014-05-08 07:03 -------- d-----w- c:\program files\CCleaner
2014-05-08 07:02 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-08 07:02 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-08 07:02 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 07:02 . 2014-05-08 07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-08 07:02 . 2014-05-08 07:02 -------- d-----w- c:\programdata\Malwarebytes
2014-05-08 06:50 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-08 06:47 . 2014-05-08 06:47 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-08 06:47 . 2014-05-08 06:47 43152 ----a-w- c:\windows\avastSS.scr
2014-05-03 21:49 . 2014-04-29 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 06:47 . 2013-12-26 19:35 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-08 06:47 . 2013-12-26 19:35 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-08 06:47 . 2013-12-26 19:35 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-08 06:47 . 2013-12-26 19:35 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-08 06:47 . 2013-12-26 19:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 06:47 . 2013-12-26 19:35 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 06:47 . 2013-12-26 19:35 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-08 06:47 . 2013-12-26 19:35 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-29 16:22 . 2013-12-26 20:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:22 . 2013-12-26 20:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-27 15:37 . 2014-02-27 15:37 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-27 15:37 . 2014-02-27 15:37 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= " {472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 06:47 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ISUSPM " = " c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe " [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SynTPStart " = " c:\program files\Synaptics\SynTP\SynTPStart.exe " [2007-09-15 102400]
" QlbCtrl " = " c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe " [2007-09-19 202032]
" OnScreenDisplay " = " c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe " [2007-09-04 554320]
" hpWirelessAssistant " = " c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe " [2007-09-13 480560]
" WAWifiMessage " = " c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe " [2007-01-08 311296]
" HP Software Update " = " c:\program files\Hp\HP Software Update\HPWuSchd2.exe " [2005-02-16 49152]
" AvastUI.exe " = " c:\program files\AVAST Software\Avast\AvastUI.exe " [2014-05-08 3873704]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2011-10-14 2299176]
" DpAgent " = " c:\program files\DigitalPersona\Bin\dpagent.exe " [2009-12-01 842816]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2013-05-08 41056]
" Adobe ARM " = " c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [2013-04-04 958576]
" SunJavaUpdateSched " = " c:\program files\Common Files\Java\Java Update\jusched.exe " [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableLUA " = 0 (0x0)
" EnableUIADesktopToggle " = 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" aux " =wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= " Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2009-12-01 12:37 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 21:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
" DisableMonitoring " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
" DisableMonitoring " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
" DisableMonitoring " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2433039570-1569006032-1050697316-1000]
" EnableNotificationsRef " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Zawartośae folderu 'Zaplanowane zadania'
.
2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-26 16:22]
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3 & tp=iehome & locale=pl_pl & c=81 & bd=Pavilion & pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3 & tp=iehome & locale=pl_pl & c=81 & bd=Pavilion & pf=laptop
IE: Wyślij obraz do urz?dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stron? do urz?dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\OLGA\AppData\Roaming\Mozilla\Firefox\Profiles\1j4bzcie.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/
.
- - - - USUNI?TO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-08 12:50
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2433039570-1569006032-1050697316-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
" {54739D49-AC03-4C57-9264-C5195596B3A1} " =hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - & gt; 'lsass.exe'(716)
c:\windows\system32\DPPWDFLT.dll
.
Czas uko?czenia: 2014-05-08 12:54:38
ComboFix-quarantined-files.txt 2014-05-08 10:54
.
Przed: 55 302 459 392 bajtów wolnych
Po: 55 703 162 880 bajtów wolnych
.
- - End Of File - - 7848B1892602DE8B0ABCE261B3E27583
1A1A06F62E891045814007163C1C76C3