Po uruchomieniu i pracy na roznych aplikacjach nastepuje samorstart. Nie ma tu jakiej reguly czasu czy konkretnego programy calkowity freestyle. Po restarcie pojawia sie komunikat ze system odzyskal sparwnosc po powaznym bledzie i sa kody tego bledu. Czy mozna gdzies znalezc do czego sie odnosza te kody? Dolanczam logi z “Hijack This” “Silenta” i pomiary temperatury i konfiguracje sprzetowa z “Everesta”. Prosze o pomoc. A i sprawdzalem kilkoma atywirami i nic nie znalazly>
Logfile of HijackThis v1.99.1
Scan saved at 14:07:18, on 2007-02-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\BitComet\BitComet.exe
D:\Documents and Settings\Sylvia\Pulpit\Torrentyt\Filmy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F86AFDD8-9EDF-47CB-8ABA-BDCA3E55B3AA}: NameServer = 213.241.79.37 83.238.255.76
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"BitComet" = ""D:\Program Files\BitComet\BitComet.exe"" ["www.BitComet.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"(Default)" = "(empty string)" [file not found]
"ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"kav" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Resume copy" = "copyfstq.exe /startup" [null data]
"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" [file not found]
"DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"
-> {HKLM...CLSID} = "QCopy"
\InProcServer32\(Default) = "dropcpyr.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> klogon\DLLName = "D:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Sylvia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Sylvia" & "All Users" startup folders:
--------------------------------------------------------
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"ATI CATALYST System Tray" -> shortcut to: "D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
"Acrobat Assistant" -> shortcut to: "D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Kaspersky Anti-Virus 6.0, AVP, ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
PDF Port\Driver = "D:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 27 seconds.
---------- (total run time: 76 seconds)
Wersja EVEREST v2.20.405/pl
Strona domowa http://www.lavalys.com/
Typ raportu Kreator raportów
Komputer SYLKOMP-3BDE7F6 (Buba)
Generator raportu Sylvia
System operacyjny Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)
Data 2007-02-27
Czas 14:10
--------[Podsumowanie]------------------------------------------------------------------------------------------------
Komputer:
System operacyjny Microsoft Windows XP Professional
Dodatek service pack systemu operacyjnego Dodatek Service Pack 2
DirectX 4.09.00.0904 (DirectX 9.0c)
Nazwa komputera SYLKOMP-3BDE7F6 (Buba)
Nazwa użytkownika Sylvia
Płyta główna:
Typ procesora AMD Athlon XP, 1666 MHz (12.5 x 133) 2000+
Nazwa płyty głównej ASRock K7S8X v3 (5 PCI, 1 AGP, 3 DDR DIMM, Audio, LAN)
Mikroukład płyty głównej SiS 746FX
Pamięć fizyczna 384 MB (PC3200 DDR SDRAM)
Typ BIOS'u AMI (10/07/03)
Port komunikacyjny Port komunikacyjny (COM1)
Port komunikacyjny Port drukarki (LPT1)
Ekran:
Karta wideo RADEON 9550 Secondary (128 MB)
Karta wideo RADEON 9550 (128 MB)
Akcelerator 3D ATI Radeon 9550 (RV350)
Monitor LG StudioWorks 575C [15" CRT]
Multimedia:
Karta dźwiękowa Creative SB Live! Player 1024 Sound Card
Magazyn:
Kontroler IDE Kontroler SiS PCI IDE
Kontroler SCSI/RAID SCSI/RAID Host Controller
Napęd dyskietek Stacja dyskietek
Dysk fizyczny ST320423A (20 GB, 5400 RPM, Ultra-ATA/66)
Napęd dysków optycznych BA3147E PEH332A SCSI CdRom Device
Napęd dysków optycznych HL-DT-ST CD-RW GCE-8526B (52x/32x/52x CD-RW)
Napęd dysków optycznych HL-DT-ST DVDRAM GSA-H12N
Status dysków SMART OK
Partycje:
C: (FAT32) 3499 MB (653 MB wolne)
D: (FAT32) 8001 MB (3031 MB wolne)
E: (FAT32) 7993 MB (1255 MB wolne)
Rozmiar całkowity 19493 MB (4939 MB wolne)
Urządzenia wejściowe:
Klawiatura Standardowa klawiatura 101/102 klawisze lub Microsoft Natural Keyboard PS/2
Mysz Mysz Microsoft PS/2
Sieć:
Karta sieciowa WAN (PPP/SLIP) Interface (213.238.66.181)
Urządzenia zewnętrzne:
Drukarka Acrobat Distiller
Kontroler USB1 SiS 7001 PCI-USB Open Host Controller
Kontroler USB1 SiS 7001 PCI-USB Open Host Controller
Kontroler USB2 SiS 7002 USB 2.0 Enhanced Host Controller
Urządzenie USB SpeedTouch 330 ADSL Modem
Właściwości czujnika:
Typ czujnika Winbond W83697HF (ISA 290h)
Nazwa płyty głównej ASRock K7S8X / K7S8XE / K7VM2 / K7VM4 / K7VT4-4X / K8Upgrade-760GX
Temperatury:
Płyta główna 33 °C (91 °F)
Procesor 42 °C (108 °F)
Wentylatory:
Procesor 3444 RPM
Wartości napięć:
Napięcie rdzenia procesora 1.60 V
+3.3 V 3.17 V
+5 V 4.84 V
+12 V 12.15 V
+5 V podczas wstrzymania pracy 4.73 V
Debug Info F 62 FF FF
Debug Info T 42 33 255
Debug Info V 64 00 C6 B4 BD BE BE (01)