Blastoise
(Blastoise)
12 Marzec 2007 18:39
#1
Witam,coś zaczyna sie dziać z moi kompem:(
Jestem na internecie i nagle zaczyna myśleć i słychac odgłos taki jak jest przy właczaniu kompa :o Jak sie system loguje to takie pik jest to takie samo mi sie robi jak jestem w internecie ;/
Raz mi zaczęło tak świirow i sie komp zawiesił ;/
Częściej mi sie neostrada rozłącza :((
Mam avast i daje logi:
Logfile of HijackThis v1.99.1 Scan saved at 19:24:52, on 2007-03-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Abyss Web Server\abyssws.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Abyss Web Server\abyssws.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Opera\Opera.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Kuba\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{3A274792-AB3E-4230-8510-A493B2FC28A7}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{3A274792-AB3E-4230-8510-A493B2FC28A7}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{3A274792-AB3E-4230-8510-A493B2FC28A7}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
silent:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL” [“Emsi Software GmbH”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL” [“Emsi Software GmbH”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL” [“Emsi Software GmbH”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\sspipes.scr” [MS] Startup items in “Kuba” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Abyss Web Server, AbyssWebServer, “C:\Program Files\Abyss Web Server\abyssws.exe --service” [“Aprelium Technologies”] Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 51 seconds, including 4 seconds for message boxes)
JNJN
(JNJN)
12 Marzec 2007 18:49
#2
Proszę zmienić temat postu na konkretny,opcja zmień i popraw.JNJN
Blastoise
(Blastoise)
12 Marzec 2007 19:13
#3
http://img470.imageshack.us/img470/7986/netstataar4.png
niepokoi mnie tam ten adres rekin4.go2.pl ale prosze o wypowiedź fachowca!
Dodam jeszcze że komp cały czas myśli
adam9870
(adam9870)
12 Marzec 2007 19:28
#4
Logi są czyste.
Poszukaj plików minidump, a jeśli będą to wklej najlepiej zawartość kilku.
http://forum.dobreprogramy.pl/viewtopic … 977#797977
Domena go2.pl jest jak najbardziej poprawna i nie przejmują się nią. Połączenie z nią mogło pojawić się ponieważ korzystasz z komunikatora Tlen lub jego jakiegoś klienta bądź odwiedzałeś w tym momencie portal go2.pl.
Proszę pokazać jeszcze log z ComboScan oraz dwa logi z Gmer’a wykonane przy takich ustawieniach:
Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.
http://forum.dobreprogramy.pl/viewtopic.php?t=96929
Blastoise
(Blastoise)
13 Marzec 2007 06:26
#5
http://img84.imageshack.us/img84/9450/usbze8.png
Wyskakuje mi takie komunikat nie wiem co on oznacza ;/
Pozatym gdy robie start>>>ustawienia>>> i klikne panel sterowania to sie pasek zadań zawiesi :? ale po jakieś 2 min sie odwisi ;/
oto logi z combosa:
ComboScan v20070306.20 run by Kuba on 2007-03-13 at 07:25:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Kuba.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 07:25:31, on 2007-03-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe D:\Program Files\Opera\Opera.exe C:\PROGRA~1\NEOSTR~1\Watch.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Kuba\Pulpit\Programy\comboscan.exe C:\DOCUME~1\Kuba\Pulpit\HIJACK~1\Kuba.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{3A274792-AB3E-4230-8510-A493B2FC28A7}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{3A274792-AB3E-4230-8510-A493B2FC28A7}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe – Files created between 2007-02-13 and 2007-03-13 ----------------------------- 2007-03-13 07:10:04 0 d-------- C:\Program Files\Debugging Tools for Windows 2007-03-12 20:16:27 0 d-------- C:\Program Files\Sunbelt Software 2007-03-10 15:29:28 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2007-03-10 15:29:28 32285 --a------ C:\WINDOWS\system32\HSFCISP2.dll 2007-03-10 15:29:28 11868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-03-10 15:29:28 685056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys 2007-03-10 15:29:28 220032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys 2007-03-10 15:29:24 1041536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys 2007-02-25 07:22:13 0 d-------- C:\WINDOWS\speech 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\UC.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\RAR.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\LHA.PIF 2007-02-24 19:47:58 545 --a------ C:\WINDOWS\ARJ.PIF 2007-02-24 19:47:57 0 d-------- C:\totalcmd 2007-02-22 10:22:53 0 d-------- C:\Program Files\Temp 2007-02-22 10:22:53 0 d-------- C:\Program Files\GinBillard 2007-02-22 10:22:53 0 d-------- C:\Program Files\GanymedeNet 2007-02-22 10:22:53 0 d-------- C:\Program Files\Common 2007-02-22 10:22:53 0 d-------- C:\Program Files\Adv 2007-02-17 14:49:36 0 d-------- C:\Program Files\Abyss Web Server – Find3M Report --------------------------------------------------------------- 2007-03-13 07:11:02 0 d-------- C:\Program Files\Neostrada TP 2007-03-10 15:30:40 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-10 15:30:40 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-05 17:48:00 0 d-------- C:\Program Files\Mozilla Firefox 2007-03-05 17:09:29 1668 --a------ C:\WINDOWS\mozver.dat 2007-03-05 17:09:28 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\GanymedeNet 2007-02-25 07:24:30 0 d—s---- C:\Documents and Settings\Kuba\Dane aplikacji\Microsoft 2007-02-17 09:57:53 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Help 2007-02-09 20:28:03 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Real 2007-02-09 16:34:06 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Ahead 2007-02-09 16:30:54 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-06 18:08:00 0 d-------- C:\Program Files\SpeedSim 2007-02-04 11:57:28 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla 2007-02-04 09:42:52 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Sports Interactive 2007-02-04 07:53:05 0 d-------- C:\Program Files\Common Files\InstallShield 2007-02-04 07:52:20 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-02-04 07:48:39 0 d-------- C:\Program Files\DAEMON Tools 2007-02-03 22:45:04 0 d-------- C:\Program Files\ffdshow 2007-02-03 22:44:51 0 d-------- C:\Program Files\DirectShow Pack 2007-02-03 22:36:14 0 d-------- C:\Program Files\Media Player Classic 2007-02-03 16:31:51 0 d-------- C:\Program Files\RegEditX 2007-02-03 16:15:47 0 d-------- C:\Program Files\Winamp 2007-02-03 15:42:07 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Macromedia 2007-02-03 15:25:58 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Opera 2007-02-03 15:21:16 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-03 15:21:13 0 d-------- C:\Program Files\SAGEM 2007-02-03 15:20:49 0 d-------- C:\Program Files\Java 2007-02-03 15:16:12 0 d-------- C:\Program Files\Alwil Software 2007-02-03 14:56:23 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Microsoft Web Folders 2007-02-03 14:56:14 0 d-------- C:\Program Files\microsoft frontpage 2007-02-03 14:53:38 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\ATI 2007-02-03 14:51:26 0 d-------- C:\Program Files\ATI Technologies 2007-02-03 14:36:05 0 d-------- C:\Program Files\Common Files\ODBC 2007-02-03 14:36:02 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-02-03 14:35:38 62 --ahs---- C:\Documents and Settings\Kuba\Dane aplikacji\desktop.ini 2007-02-03 14:34:01 0 d-------- C:\Program Files\VIA Technologies, Inc 2007-02-03 13:56:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-02-03 13:54:47 0 d-------- C:\Documents and Settings\Kuba\Dane aplikacji\Identities 2007-02-03 13:46:33 0 -rahs---- C:\MSDOS.SYS 2007-02-03 13:46:33 0 -rahs---- C:\IO.SYS 2007-02-03 13:46:33 0 --a------ C:\CONFIG.SYS 2007-02-03 13:46:33 0 --a------ C:\AUTOEXEC.BAT 2007-02-03 13:44:55 0 d–h----- C:\Program Files\WindowsUpdate 2007-02-03 13:44:51 0 d-------- C:\Program Files\Usługi online 2007-02-03 13:44:08 0 d-------- C:\Program Files\Common Files\MSSoap 2007-02-03 13:44:00 0 d-------- C:\Program Files\Movie Maker 2007-02-03 13:43:00 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-02-03 13:42:30 0 d-------- C:\Program Files\Messenger 2007-02-03 13:42:26 0 d-------- C:\Program Files\MSN Gaming Zone 2007-02-03 13:42:17 0 d-------- C:\Program Files\Windows NT 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“D:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST System Tray.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST System Tray.lnk” “backup”=“C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray” “item”=“ATI CATALYST System Tray” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”="" “hkey”=“HKLM” “command”="" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“avgas” “hkey”=“HKLM” “command”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“cli” “hkey”=“HKLM” “command”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“atiptaxx” “hkey”=“HKLM” “command”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“BearShare” “hkey”=“HKLM” “command”="“D:\Program Files\BearShare\BearShare.exe” /pause" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ctfmon” “hkey”=“HKCU” “command”=“C:\WINDOWS\system32\ctfmon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“daemon” “hkey”=“HKLM” “command”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“D:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” @="" “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” @="" “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-13 at 07:26:26 ------------------------
adam9870
(adam9870)
13 Marzec 2007 14:34
#6
ComboScan jedynie pokazał:
Folder zaznaczony na czerwono usuń ręcznie będąc w trybie awaryjnym.
Na początek spróbuj przeinstalować sterowniki do obsługi portu USB.