Grzechu Opublikowano 23 Września 2009 Opublikowano 23 Września 2009 cześć mam problemy z nowym lapkiem. Na nim jest XP SP3. Otóż, gry i aplikacje same się wyłączają, bez żądnych wyskakujących błędów... ot po prostu jakbym sam wyłączał... czytałem ebooka, to dosyć rzadko, ale jak odpaliłem symulator to co chwilę... wygoglowałem że to wina RAMu, dobrze myślę? Wolałbym już reinstalkę niż oddawanie lapka do serwisu podczas gdy na studia wyjeżdzam...
Air Opublikowano 23 Września 2009 Opublikowano 23 Września 2009 Na początek zrób jakiś burn-in test pamięci - np. za pomocą programu memtest86 http://www.memtest86.com/ Dziwne jest to, że programy wyłączają się bez błędów (jesteś pewien, że komputer wolny jest od wirusów, trojanów itp? jakiego oprogramowania antywirusowego używasz?). Sterowniki do sprzętu są aktualne czy jedynie te co były dostarczone z komputerem?
jary14 Opublikowano 23 Września 2009 Opublikowano 23 Września 2009 Ja też miałem same problemy SP3, więc zrobiłem format i już zaznaczyłem "odrzucam" na SP3, bo u mnie sie to nie sprawdziło
neilpryde Opublikowano 23 Września 2009 Opublikowano 23 Września 2009 a ja bym sprawdzil cos innego... sciagnij program OTL z podannego adresu http://oldtimer.geekstogo.com/OTL.exe, wykonaj skonowanie i wkej na forum log'a. wykluczymy infekcje.
Grzechu Opublikowano 23 Września 2009 Autor Opublikowano 23 Września 2009 lapek jest nowy, sterowniki mi sklep powgrywał. Na nim jest Avast. Miał na początku jakiegoś wirusika autorun (pedrive zawinił), ale combofixem usunąłem... memtest zrobię jutro bo nie mam wolnej płytki by wypalić. a to logi z OTL OTL logfile created on: 2009-09-23 21:57:13 - Run 1 OTL by OldTimer - Version 3.0.14.0 Folder = G:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 53,07 Gb Free Space | 90,57% Space Free | Partition Type: NTFS Drive D: | 239,49 Gb Total Space | 206,85 Gb Free Space | 86,37% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3,72 Gb Total Space | 2,17 Gb Free Space | 58,35% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SPECIAL-XP Current User Name: 1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-09-08 17:20:42 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-09-08 17:20:42 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2008-10-10 23:17:50 | 00,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-07-17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2008-09-09 18:39:24 | 16,851,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-06-11 18:16:12 | 01,454,080 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-08-30 15:14:09 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009-07-01 18:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe PRC - [2009-01-06 19:11:08 | 02,360,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007-07-17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2009-01-07 11:23:32 | 00,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008-07-24 11:24:24 | 00,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2009-01-13 11:01:14 | 00,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2009-09-23 21:52:50 | 00,514,560 | ---- | M] (OldTimer Tools) -- G:\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2008-09-08 17:20:42 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running]) SRV - [2008-10-10 23:17:50 | 00,132,456 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2008-09-18 19:44:38 | 01,326,528 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416 [On_Demand | Running]) DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2008-09-08 18:10:50 | 03,300,864 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-09-09 18:07:36 | 04,813,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009-04-28 22:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2001-08-17 23:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-05-02 08:48:55 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112 [Boot | Running]) DRV - [2008-03-03 12:00:00 | 00,043,392 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys -- (SiSGbeXP [On_Demand | Running]) DRV - [2008-06-11 18:23:12 | 01,097,856 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running]) DRV - [2009-08-02 14:46:02 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2008-03-25 13:54:02 | 00,041,472 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running]) DRV - [2008-10-06 17:56:38 | 00,137,984 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (Tosrfbd [On_Demand | Stopped]) DRV - [2007-11-29 09:45:44 | 00,036,608 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Stopped]) DRV - [2008-08-22 13:50:34 | 00,064,000 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running]) DRV - [2008-08-27 18:01:56 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped]) DRV - [2005-01-07 05:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped]) DRV - [2008-12-11 18:02:20 | 00,054,272 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\tosrfsnd.sys -- (TosRfSnd [On_Demand | Stopped]) DRV - [2009-01-15 14:01:56 | 00,042,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pawcom.sfk.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-30 15:14:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-30 15:14:28 | 00,000,000 | ---D | M] [2009-08-30 15:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\mozilla\Extensions [2009-08-30 15:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-30 15:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1\Dane aplikacji\mozilla\Firefox\Profiles\qudhxza0.default\extensions [2009-08-30 15:12:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-30 15:12:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-07-16 03:02:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-07-16 03:02:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-07-16 03:02:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-08-30 15:14:15 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-08-30 15:14:28 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-08-30 15:14:13 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [AlcoholAutomount] D:\Programy\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-07-30 18:58:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-09-04 16:36:02 | 00,000,053 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{1d210250-908b-11de-925f-002185e8b789}\Shell\AutoRun\command - "" = G:\wbj.exe -- File not found O33 - MountPoints2\{1d210250-908b-11de-925f-002185e8b789}\Shell\open\Command - "" = G:\wbj.exe -- File not found O33 - MountPoints2\{859f846e-901d-11de-9261-002185e8b789}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found O33 - MountPoints2\{859f846e-901d-11de-9261-002185e8b789}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found O33 - MountPoints2\{859f846e-901d-11de-9261-002185e8b789}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found O33 - MountPoints2\{dc0caa0e-96fb-11de-926e-002185e8b789}\Shell\AutoRun\command - "" = G:\wbj.exe -- File not found O33 - MountPoints2\{dc0caa0e-96fb-11de-926e-002185e8b789}\Shell\open\Command - "" = G:\wbj.exe -- File not found O33 - MountPoints2\{fc033fc8-7d22-11de-9253-002185e8b789}\Shell\AutoRun\command - "" = wbj.exe O33 - MountPoints2\{fc033fc8-7d22-11de-9253-002185e8b789}\Shell\open\Command - "" = wbj.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-09-23 18:02:40 | 00,000,000 | ---D | C] -- C:\ComboFix [2009-09-23 17:51:24 | 00,000,497 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AeroFly Professional Deluxe.lnk [2009-09-23 11:19:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Ashampoo [2009-09-23 11:19:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Pulpit\Ashampoo [2009-09-07 22:17:53 | 00,120,568 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2009-09-07 22:17:53 | 00,118,256 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2009-09-07 22:17:52 | 00,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Photoshop Lightroom 2.4.lnk [2009-09-07 22:15:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Pulpit\Adobe [2009-09-06 22:44:46 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2009-09-06 22:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bibble Labs [2009-09-04 22:51:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2009-09-04 22:51:34 | 00,000,000 | ---D | C] -- C:\Program Files\xerox [2009-09-04 22:51:34 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2009-09-04 16:35:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-09-04 16:35:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-09-04 16:35:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-09-04 16:35:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-09-04 16:35:15 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2009-09-04 16:35:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-09-04 16:35:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-09-04 16:35:15 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2009-09-04 16:35:15 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-09-04 16:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-09-04 16:35:06 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-09-01 22:47:12 | 12,589,1955 | ---- | C] () -- C:\Documents and Settings\1\Pulpit\Obudz_w_sobie_olbrzyma.pdf [2009-09-01 22:47:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Adobe [2009-09-01 22:47:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Adobe [2009-09-01 22:46:43 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-09-01 22:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2009-09-01 22:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009-09-01 22:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009-08-31 11:19:31 | 04,826,610 | -H-- | C] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-31 11:13:30 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll [2009-08-31 11:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Activision [2009-08-31 11:05:14 | 00,000,483 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) - World at War(TM) Multiplayer.lnk [2009-08-31 11:05:14 | 00,000,477 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) - World at War(TM) Solo - Co-op.lnk [2009-08-31 10:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Macromedia [2009-08-31 10:19:28 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2009-08-30 15:21:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Braid [2009-08-30 15:21:46 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2009-08-30 15:21:45 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll [2009-08-30 15:21:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs [2009-08-30 15:15:36 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2009-08-30 15:15:27 | 01,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2009-08-30 15:15:27 | 00,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2009-08-30 15:15:27 | 00,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2009-08-30 15:15:27 | 00,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2009-08-30 15:15:27 | 00,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2009-08-30 15:15:27 | 00,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2009-08-30 15:15:27 | 00,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2009-08-30 15:15:27 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2009-08-30 15:15:27 | 00,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2009-08-30 15:15:27 | 00,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2009-08-30 15:15:27 | 00,044,944 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys [2009-08-30 15:15:27 | 00,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2009-08-30 15:15:27 | 00,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2009-08-30 15:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp [2009-08-30 15:15:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Winamp [2009-08-30 15:14:58 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-08-30 15:14:25 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\RealPlayer.lnk [2009-08-30 15:14:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2009-08-30 15:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real [2009-08-30 15:14:07 | 00,000,000 | ---D | C] -- C:\Program Files\Real [2009-08-30 15:13:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Real [2009-08-30 15:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip [2009-08-30 15:12:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-08-30 15:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Mozilla [2009-08-30 15:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1\Dane aplikacji\Mozilla [2009-08-30 15:12:18 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-08-30 15:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009-08-30 14:17:11 | 00,104,790 | RHS- | C] () -- C:\wbj.exe [2009-08-07 18:45:17 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-08-07 18:45:16 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-08-07 18:45:15 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-08-07 18:45:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-08-07 18:45:14 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-07 18:45:12 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-08-07 18:45:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-08-02 14:46:02 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-07-30 20:09:48 | 00,001,581 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2009-07-30 17:46:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\install.dll [2009-07-30 17:46:26 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll [2008-05-03 09:24:01 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001-07-22 00:16:20 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-09-23 21:56:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-23 21:56:07 | 00,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-09-23 21:56:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-23 18:35:57 | 04,826,610 | -H-- | M] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-23 18:03:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-23 17:51:24 | 00,000,497 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AeroFly Professional Deluxe.lnk [2009-09-23 11:02:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-07 22:17:52 | 00,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Photoshop Lightroom 2.4.lnk [2009-09-01 22:46:43 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-09-01 17:56:26 | 12,589,1955 | ---- | M] () -- C:\Documents and Settings\1\Pulpit\Obudz_w_sobie_olbrzyma.pdf [2009-09-01 15:32:56 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-31 11:05:14 | 00,000,483 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) - World at War(TM) Multiplayer.lnk [2009-08-31 11:05:14 | 00,000,477 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) - World at War(TM) Solo - Co-op.lnk [2009-08-30 15:15:36 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2009-08-30 15:14:58 | 00,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2009-08-30 15:14:25 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\RealPlayer.lnk [2009-08-30 15:14:16 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2009-08-30 15:14:11 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2009-08-30 15:14:11 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2009-08-30 15:14:10 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2009-08-30 15:12:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2009-08-30 15:12:18 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk < End of report >
Marcus Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 Nie wiem skąd te problemy z SP3, ja go właśnie mam i wszystko pięknie chodzi...(XP Pro.) :shock:
Ładziak Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 Jak się nie ma na co zwalić, to się zwala na SP3 - podobnie jak na zakłócenia w RC
KaliN Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 No jasne A ja tam w ogóle stwierdzam że XP jest gorsze od Visty !! :twisted: [Joke]
Air Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 Jak się nie ma na co zwalić, to się zwala na SP3 - podobnie jak na zakłócenia w RC Taaa... tak samo mi się wydaje... śmieszne są takie "teorie" :]
Marcus Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 A ja tam w ogóle stwierdzam że XP jest gorsze od Visty !! :twisted: Bluźnierca! :twisted: @Grzechu- nie wiem, czy to ma znaczenie, ale podaj specyfikację swego kompa?
Grzechu Opublikowano 24 Września 2009 Autor Opublikowano 24 Września 2009 Jak się nie ma na co zwalić, to się zwala na SP3 - podobnie jak na zakłócenia w RC to Ty ponoć miałeś ostatnio zakłócenia na drążkach... i Parkmaster polegl :devil: a lapka zaniosłem do sklepu, na jutro obejrzą i zobaczą co mu jest
Ładziak Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 to Ty ponoć miałeś ostatnio zakłócenia na drążkach... i Parkmaster polegl :devil:Dokładnie! Czyli bezsprzecznie moja wina, a nie jakichś wyimaginowanych "zakłóceń". Źle pomachałem drągami i tyle - no ale robi się OT. Zrobiłeś testy pamięci?
KaliN Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 KaliN napisał/a: A ja tam w ogóle stwierdzam że XP jest gorsze od Visty !! :twisted: Bluźnierca! :twisted: Heh... A masz angielski ?? (joke znaczy żart) Była to ironia ... :wink:
Grzechu Opublikowano 24 Września 2009 Autor Opublikowano 24 Września 2009 Zrobiłeś testy pamięci? nie, wolałem zanieść do sklepu, a że sprzedawca jest w miarę znany mi i miły obiecał że na jutro powie co jest nie tak
Marcus Opublikowano 24 Września 2009 Opublikowano 24 Września 2009 KaliN napisał/a: A ja tam w ogóle stwierdzam że XP jest gorsze od Visty !! :twisted: Bluźnierca! :twisted: Heh... A masz angielski ?? (joke znaczy żart) Była to ironia ... :wink: Znam angielski. Ja także odpowiedziałem ironią. :devil: Dobra, koniec OT. 8)
neilpryde Opublikowano 25 Września 2009 Opublikowano 25 Września 2009 Wywalimy jeszcze kilka smieci po infekcji z pendriv'a Utworz na pulpicie plik CFScript.txt, wklej do niego: File:: G:\autorun.inf C:\WINDOWS\System32\unrar.dll C:\wbj.exe G:\wbj.exe C:\WINDOWS\NIRCMD.exe C:\WINDOWS\SWXCACLS.exe C:\WINDOWS\SWREG.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\sed.exe C:\WINDOWS\fdsv.exe C:\WINDOWS\grep.exe C:\WINDOWS\zip.exe C:\WINDOWS\VFIND.exe Folder:: C:\WINDOWS\ERDNT Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{1d210250-908b-11de-925f-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{1d210250-908b-11de-925f-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{859f846e-901d-11de-9261-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{859f846e-901d-11de-9261-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{dc0caa0e-96fb-11de-926e-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{dc0caa0e-96fb-11de-926e-002185e8b789}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\MountPoints2\{fc033fc8-7d22-11de-9253-002185e8b789}] Zapisz go i przeciagnij na ikone combofix.exe Wklej wygenerowany log z Combofixa Zastanawiam sie jeszcze czy 30.08.2009 roku od godziny 15:13 przez troche ponad minute zdazyles zaintalowac 7-zip, real player'a i winamap'a pozdo!
Grzechu Opublikowano 25 Września 2009 Autor Opublikowano 25 Września 2009 Ano zdążyłem, miałem te kilka programów na płytce te pliki zostały pousuwane, zaraz zobaczę, może już nic się nie wyłącza FILE :: C:\wbj.exe c:\windows\fdsv.exe c:\windows\grep.exe c:\windows\NIRCMD.exe c:\windows\sed.exe c:\windows\SWREG.exe c:\windows\SWSC.exe c:\windows\SWXCACLS.exe c:\windows\System32\unrar.dll c:\windows\VFIND.exe c:\windows\zip.exe G:\autorun.inf G:\wbj.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\wbj.exe c:\windows\ERDNT c:\windows\ERDNT\Hiv-backup\default c:\windows\ERDNT\Hiv-backup\ERDNT.CON c:\windows\ERDNT\Hiv-backup\ERDNT.EXE c:\windows\ERDNT\Hiv-backup\ERDNT.INF c:\windows\ERDNT\Hiv-backup\ERDNTDOS.LOC c:\windows\ERDNT\Hiv-backup\ERDNTWIN.LOC c:\windows\ERDNT\Hiv-backup\SAM c:\windows\ERDNT\Hiv-backup\SECURITY c:\windows\ERDNT\Hiv-backup\software c:\windows\ERDNT\Hiv-backup\system c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT c:\windows\ERDNT\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat c:\windows\fdsv.exe c:\windows\grep.exe c:\windows\NIRCMD.exe c:\windows\sed.exe c:\windows\SWREG.exe c:\windows\SWSC.exe c:\windows\SWXCACLS.exe c:\windows\System32\unrar.dll c:\windows\VFIND.exe c:\windows\zip.exe G:\autorun.inf G:\wbj.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-25 do 2009-09-25 ))))))))))))))))))))))))))))))) . 2009-09-25 10:15 . 2009-09-25 10:15 <DIR> d-------- c:\documents and settings\Administrator 2009-09-23 11:19 . 2009-09-23 11:19 <DIR> d-------- c:\documents and settings\1\Dane aplikacji\Ashampoo 2009-09-07 22:17 . 2009-06-04 09:40 120,568 --------- c:\windows\system32\pxcpyi64.exe 2009-09-07 22:17 . 2009-06-04 09:40 118,256 --------- c:\windows\system32\pxinsi64.exe 2009-09-06 22:44 . 2009-09-06 22:44 <DIR> d-------- c:\program files\Common Files\Bibble Labs 2009-09-06 22:44 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe 2009-09-04 22:51 . 2009-09-04 22:51 <DIR> d-------- c:\windows\system32\xircom 2009-09-04 22:51 . 2009-09-04 22:51 <DIR> d-------- c:\program files\microsoft frontpage 2009-09-01 22:46 . 2009-09-01 22:46 <DIR> d-------- c:\program files\Common Files\Adobe 2009-08-31 11:13 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll 2009-08-31 10:19 . 2009-08-31 10:19 <DIR> d--hs---- c:\windows\ftpcache 2009-08-30 15:21 . 2009-08-30 15:21 <DIR> d-------- c:\windows\Logs 2009-08-30 15:21 . 2009-08-30 15:22 <DIR> d-------- c:\documents and settings\1\Dane aplikacji\Braid 2009-08-30 15:21 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-08-30 15:21 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll 2009-08-30 15:15 . 2009-08-30 15:15 <DIR> d-------- c:\program files\Winamp 2009-08-30 15:15 . 2009-09-24 16:09 <DIR> d-------- c:\documents and settings\1\Dane aplikacji\Winamp 2009-08-30 15:14 . 2009-08-30 15:14 <DIR> d-------- c:\program files\Real 2009-08-30 15:14 . 2009-08-30 15:14 <DIR> d-------- c:\program files\Common Files\xing shared 2009-08-30 15:14 . 2009-08-30 15:14 <DIR> d-------- c:\program files\Common Files\Real 2009-08-30 15:14 . 2009-08-30 15:14 25 --a------ c:\windows\cdplayer.ini 2009-08-30 15:13 . 2009-08-30 15:13 <DIR> d-------- c:\program files\7-Zip 2009-08-30 15:12 . 2009-08-30 15:12 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-23 15:51 --------- d--h--w c:\program files\InstallShield Installation Information 2009-09-04 12:33 --------- d-----w c:\program files\RALINK 2009-08-07 16:45 --------- d-----w c:\program files\K-Lite Codec Pack 2009-08-07 16:45 --------- d-----w c:\documents and settings\1\Dane aplikacji\Media Player Classic 2009-08-02 12:46 721,904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-07-31 06:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TOSHIBA 2009-07-30 18:06 --------- d-----w c:\program files\Toshiba 2009-07-30 16:57 --------- d-----w c:\program files\Usługi online 2009-07-30 16:54 --------- d-----w c:\program files\Windows Media Connect 2 2009-07-30 12:35 --------- d-----w c:\program files\Alwil Software 2009-07-30 12:27 --------- d-----w c:\program files\Motorola 2009-07-30 12:23 --------- d-----w c:\program files\Atheros 2009-07-30 12:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Atheros 2009-07-30 12:23 --------- d-----w c:\documents and settings\1\Dane aplikacji\InstallShield 2009-07-30 12:18 --------- d-----w c:\program files\Realtek 2009-07-30 12:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2009-07-30 12:13 --------- d-----w c:\documents and settings\1\Dane aplikacji\ATI 2009-07-30 12:12 --------- d-----w c:\program files\ATI Technologies 2009-07-30 12:11 --------- d-----w c:\program files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AlcoholAutomount"="d:\programy\Alcohol 52\axcmd.exe" [2009-04-24 203416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-30 198160] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RTHDCPL"="RTHDCPL.EXE" [2008-09-09 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-03-01 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2008-07-23 427336] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Rozrywka\\Gry\\ET\\ET.exe"= "d:\\Rozrywka\\Gry\\cod 5\\CoDWaWmp.exe"= "d:\\Rozrywka\\Gry\\cod 5\\CoDWaW.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-07-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-07-30 20560] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.pawcom.sfk.pl/ FF - ProfilePath - c:\documents and settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\qudhxza0.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-25 16:56:31 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(540) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-09-25 16:56:55 ComboFix-quarantined-files.txt 2009-09-25 14:56:53 ComboFix2.txt 2009-09-23 16:03:36 ComboFix3.txt 2009-09-17 20:45:57 ComboFix4.txt 2009-09-04 14:36:39 Przed: 57,261,748,224 bajtów wolnych Po: 57,227,665,408 bajtów wolnych 167
neilpryde Opublikowano 25 Września 2009 Opublikowano 25 Września 2009 ja bym wywalil jeszcze to: File:: c:\windows\system32\advpack.dll Folder:: C:\WINDOWS\TEMP Register:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] nltide_3"="advpack.dll" i zastanawiam sie jeszcze nad tym: c:\windows\system32\pxcpyi64.exe c:\windows\system32\pxinsi64.exe , ale to jeszcze zobaczymy reszta log'a jest czysta, sciagnij sobie jeszcze darmowa wersje http://www.malwarebytes.org/mbam.php przeskanuj i pokaz wyniki pozdro!
Rekomendowane odpowiedzi
Zarchiwizowany
Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.