proszę o sprawdzenie loga.

**Posty:** 64 · przez **rafcioz** 03 Lut 2007, 18:27

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:16:19, on 2007-02-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\Program Files\CofSpeed\spd.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\CofSpeed\cFosSpeed.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE D:\Program Files\Opera\Opera.exe C:\Documents and Settings\rafal\Pulpit\hijackthis_199\HijackThis.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=d:\slownik\watch.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\CofSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Pro\ErrorRepairPro.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://*.mks.com.pl O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A602B3A5-1D6C-472C-990E-A4B778229299}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\CofSpeed\spd.exe" -service (file missing) O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Podejrzewam zainfekowanie komputera, poprzez samo restartowanie, wylaczenie z autostartu avast!

**Posty:** 18165 · przez **wojtas** 03 Lut 2007, 19:35

otwierasz link>> http://www.silentrunners.org/Silent%20Runners.vbs >>zapisujesz jako na pulpicie>>klikasz dwa razy >>masz wybor i wybierasz no>>i czekasz troszke az wygeneruje sie cały log do konca
wrzucasz na forum

**Posty:** 64 · przez **rafcioz** 03 Lut 2007, 19:54

sory ale zawsze generuje mi sie taki maly:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "cFosSpeed" = "D:\Program Files\CofSpeed\cFosSpeed.exe" ["cFos Software GmbH"] "SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch5 Class" \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [null data] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "gFlash Class" \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\getflash.dll" [null data]

A jak klikne No (bo tak zrobilem

) wyskakuje mi jeszcze jedno pytanie biore Yes i wlasnie taki wychodzi

**Posty:** 1861 · przez **skowrona** 03 Lut 2007, 20:00

rafcioz napisał(a):biore Yes

weś "NO"

**Posty:** 18165 · przez **wojtas** 03 Lut 2007, 20:00

poczekaj na komunikat i dopiero daj loga

**Posty:** 64 · przez **rafcioz** 03 Lut 2007, 20:04

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "cFosSpeed" = "D:\Program Files\CofSpeed\cFosSpeed.exe" ["cFos Software GmbH"] "SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch5 Class" \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"] {C08DF07A-3E49-4E25-9AB0-D3882835F153}\(Default) = (no title provided) -> {HKLM...CLSID} = "QUICKfind BHO Object" \InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [null data] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "gFlash Class" \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\getflash.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoResolveSearch" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\rafal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "rafal" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "EPSON Status Monitor 3 Environment Check" -> shortcut to: "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE" ["SEIKO EPSON CORPORATION"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" [file not found] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] cFosSpeed System Service, cFosSpeedS, ""D:\Program Files\CofSpeed\spd.exe" -service" ["cFos Software GmbH"] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 158 seconds. ---------- (total run time: 303 seconds)

**Posty:** 3854 · przez **Dzi@dek** 04 Lut 2007, 10:26

1. Sprawdź Ctrl+Alt+Del czy masz w procesach Avasta.
2. Przeinstaluj program.

**Posty:** 64 · przez **rafcioz** 04 Lut 2007, 12:02

A w logach jest czysto? Np. odpalam ewido wyskakuje blad aplikacji, a potem okinko w stylu win98 ze pamiec nie moze byc read.

Przy kazdym starcie komputera sprawdzany jest dysk chksdk czy cos takiego.

**Posty:** 3854 · przez **Dzi@dek** 04 Lut 2007, 12:12

Sprawdź pamięci ( memtest) sterowniki ( czy instalowałeś jakiś sprzęt dodatkowy bądź aktualizację sterów - grafika )
Logi czyste.

**Posty:** 64 · przez **rafcioz** 04 Lut 2007, 12:15

Instalowalem z omegi nowe stery ale to jakis miesiac temu i wszystko lux chodzilo. Gdzie sie robi ten memtest?

**Posty:** 18165 · przez **wojtas** 04 Lut 2007, 12:26

daj loga z tego programu:
http://download.bleepingcomputer.com/sUBs/combofix.exe

**Posty:** 3854 · przez **Dzi@dek** 04 Lut 2007, 12:28

rafcioz napisał(a):Gdzie sie robi ten memtest?

http://www.programosy.pl/program,memtest.html

rafcioz napisał(a):a potem okinko w stylu win98 ze pamiec nie moze byc read.

Pokaż zrzut ekranu - ale to na 90% wina sterów.

**Posty:** 64 · przez **rafcioz** 04 Lut 2007, 12:33

Skanowalem combofix.exe wyskoczyl blad ze Aplikacja zostala nie wlasciwie zainicjowana czy cos. Błąd CMD.exe

[/img]

**Posty:** 18165 · przez **wojtas** 04 Lut 2007, 12:35

pokaz screena z bledem

**Posty:** 64 · przez **rafcioz** 04 Lut 2007, 12:49

[img=http://img206.imageshack.us/img206/1149/beztytuuwd9.th.jpg] to jest blad z memtest, niestety wcisnelem print scrn ale komputer znowu sie sam z resetowal (chcialem zrobic screena z tego combofix.exe) co robic

"rafal" - 07-02-04 11:41:34 Dodatek Service Pack 2
ComboFix 07.02.04 - Running from: "C:\Documents and Settings\rafal\Pulpit"

((((((((((((((((((((((((((((((( Files Created from 2007-01-04 to 2007-02-04 ))))))))))))))))))))))))))))))))))

2007-02-04 11:22 609 --a------ C:\Combo.bat
2007-02-03 17:44 <DIR> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-02-02 19:45 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-02 19:45 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-02 19:45 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-02-02 19:45 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-02-02 18:04 32,768 --a------ C:\WINDOWS\HLH-RECODED.exe
2007-02-02 18:04 14,848 --a------ C:\WINDOWS\HLH-RECODED.dll
2007-01-28 19:26 <DIR> d-------- C:\DOCUME~1\rafal\Dane aplikacji\Deluxe Ski Jump 3 Patch
2007-01-28 18:50 421,888 --a------ C:\WINDOWS\system32\windowsdlls.exe
2007-01-26 16:44 <DIR> d-------- C:\Program Files\Error Repair Pro
2007-01-18 17:52 <DIR> d-------- C:\Program Files\AutoPatcher
2007-01-18 15:45 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2007-01-17 10:11 <DIR> d-------- C:\Program Files\GanymedeNet
2007-01-15 13:05 <DIR> d-------- C:\games
2007-01-09 15:17 <DIR> d-------- C:\DOCUME~1\rafal\.borland
2007-01-09 15:01 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-01-09 15:01 <DIR> d-------- C:\DOCUME~1\rafal\Dane aplikacji\MegauploadToolbar
2007-01-08 19:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-07 20:10 223 --a------ C:\12345.BAT
2007-01-05 19:56 98,192 --a------ C:\WINDOWS\system32\vjreg.exe
2007-01-05 19:56 345,604 --a------ C:\WINDOWS\system32\msinfhlp.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-03 17:33 -------- d-------- C:\Program Files\regdoctor
2007-02-03 17:14 -------- d-------- C:\Program Files\spyware terminator
2007-02-02 20:59 -------- d-------- C:\DOCUME~1\rafal\Dane aplikacji\azureus
2007-01-31 19:25 -------- d--h----- C:\Program Files\installshield installation information
2007-01-18 11:38 -------- d-------- C:\DOCUME~1\rafal\Dane aplikacji\skype
2007-01-17 15:44 -------- d-------- C:\Program Files\java
2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 18:26 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-15 18:25 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-01 13:56 -------- d-------- C:\Program Files\google
2006-12-30 16:26 -------- d-------- C:\DOCUME~1\rafal\Dane aplikacji\internetcalls
2006-12-28 12:22 -------- d-------- C:\Program Files\pc inspector file recovery
2006-12-27 21:22 -------- d-------- C:\Program Files\day of defeat source
2006-12-26 16:17 -------- d-------- C:\Program Files\Common Files\systemrequirementslab
2006-12-26 14:58 -------- d-------- C:\Program Files\counter-strike source
2006-12-21 00:56 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-12-21 00:56 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-12-21 00:51 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-12-17 15:58 -------- d-------- C:\Program Files\multires
2006-12-17 15:57 451072 --a------ C:\WINDOWS\radeon omega drivers v3.8.291 uninstall.exe
2006-12-17 15:52 -------- d-------- C:\Program Files\radeon omega drivers
2006-12-17 15:26 -------- d-------- C:\Program Files\dirext
2006-12-16 21:43 -------- d-------- C:\Program Files\Common Files\thraex software
2006-12-11 17:16 -------- d-------- C:\Program Files\fdrlab
2006-12-03 17:35 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-18 19:51 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2006-11-05 15:10 171520 --a------ C:\WINDOWS\system32\cncs32.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"cFosSpeed"="D:\\Program Files\\CofSpeed\\cFosSpeed.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"="RadExe Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\launch.exe

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-04 11:45:22
C:\ComboFix2.txt ... 07-02-04 11:22

proszę o sprawdzenie loga.

Proszę o sprawdzenie loga.

Kto jest na forum