Niebieski ekran bez napisów, komputer nie odpowiada

Dla specjalistów Bezpieczeństwo
#1

Witam!

Mam taki problem od pewnego czasu komputer nie chodzi stabilnie, dowodem tego jest co jakiś czas zawiesza się i wyskakuje niebieskie ekran ale nie bs tylko niebieski bez napisów (taki jak jest brak sygnalu jest w tv). Nic nie pomaga tylko reset kompa. Wklejam logi może coś tam znajdziecie.

Pozdrawiam :slight_smile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:06:17 PM, on 12/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\NMSSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

F:\Kerio\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

F:\Kerio\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

F:\Kerio\kpf4gui.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\WINDOWS\system32\taskswitch.exe

F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

F:\DAEMON Tools Pro\DTProAgent.exe

F:\Internet Download Manager\IDMan.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

F:\Internet Download Manager\IEMonitor.exe

F:\Teamspeak2_RC2\TeamSpeak.exe

F:\FireFox\firefox.exe

F:\Konnekt\konnekt.exe

F:\Hijack\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [avgnt] "F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [IDMan] F:\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [BSserver] FileKan.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: NEO.lnk = ?

O4 - Global Startup: DSLMON .lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Download All Links with IDM - F:\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - F:\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyolij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyolij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{73DBFFFD-0DDF-44EC-AFC1-DB081143568C}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F0FA5E1-D8FC-46F7-9D8E-DF7AA87E5B74}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - F:\Kerio\kpf4ss.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--

End of file - 5939 bytes

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"DAEMON Tools Pro Agent" = ""F:\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"IDMan" = "F:\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]

"BSserver" = "FileKan.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]

"DrvLsnr" = "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" ["adi"]

"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]

"avgnt" = ""F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"

  -> {HKLM...CLSID} = "IDMIEHlprObj Class"

                   \InProcServer32\(Default) = "F:\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "F:\Adobe Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

  -> {HKLM...CLSID} = "Display Panning CPL Extension"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "F:\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Outlook File Icon Extension"

                   \InProcServer32\(Default) = "F:\MICROS~1\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "F:\MICROS~1\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                   \InProcServer32\(Default) = "F:\MICROS~1\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{0f0a4d40-adf0-4e8f-98d8-7208b98be01e}" = "ImageShack QuickLoad Image Uploader"

  -> {HKLM...CLSID} = "QuickLoad.QuickLoadContextMenu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.DLL" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "F:\Adobe Reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

QuickLoad\(Default) = "{0f0a4d40-adf0-4e8f-98d8-7208b98be01e}"

  -> {HKLM...CLSID} = "QuickLoad.QuickLoadContextMenu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.DLL" [MS]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "F:\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "F:\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoDesktop" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoActiveDesktop" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Disable Active Desktop}


"NoNetHood" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"HideClock" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoManageMyComputerVerb" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoCDBurning" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoStartMenuPinnedList" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoStartMenuMFUprogramsList" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoUserNameInStartMenu" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"StartmenuLogoff" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoStartMenuSubFolders" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoCommonGroups" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoPrinterTabs" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoDeletePrinter" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoAddPrinter" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoPrinters" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoNetworkConnections" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Network Connections from Start Menu}


"NoFavoritesMenu" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Favorites menu from Start Menu}


"NoRun" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoFind" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoClose" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoSetFolders" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoSMHelp" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Help menu from Start Menu}


"NoChangeStartMenu" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoViewContextMenu" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoFileMenu" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoControlPanel" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoShellSearchButton" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoToolbarCustomize" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|

Disable customizing browser toolbar buttons}


"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoChangeAnimation" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoChangeKeyboardNavigationIndicators" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoThemesTab" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"DisableCAD" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Bartek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Bartek" & "All Users" startup folders:

--------------------------------------------------------


C:\Documents and Settings\Bartek\Start Menu\Programs\Startup

"NEO" -> shortcut to: "" [file not found]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"DSLMON " -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe -f" [empty string]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\


HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "F:\MICROS~1\Office12\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                   \InProcServer32\(Default) = "F:\MICROS~1\Office12\ONBttnIE.dll" [MS]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AntiVir PersonalEdition Classic Guard, AntiVirService, ""F:\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""F:\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Intel(R) NMS, NMSSvc, "C:\WINDOWS\system32\NMSSvc.exe" ["Intel Corporation"]

PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Sunbelt Personal Firewall 4, SPF4, "F:\Kerio\kpf4ss.exe" ["Sunbelt Software"]

Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]



Print Monitors:

---------------


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]



---------- (launch time: 2007-12-23 18:21:27)

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 102 seconds.

---------- (total run time: 190 seconds)

SmitFraudFix v2.274


Scan done at 18:27:32.01, Sun 12/23/2007

Run from C:\Documents and Settings\Bartek\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode


»»»»»»»»»»»»»»»»»»»»»»»» Process


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\NMSSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

F:\Kerio\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

F:\Kerio\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

F:\Kerio\kpf4gui.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\WINDOWS\system32\taskswitch.exe

F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

F:\DAEMON Tools Pro\DTProAgent.exe

F:\Internet Download Manager\IDMan.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

F:\Internet Download Manager\IEMonitor.exe

F:\Teamspeak2_RC2\TeamSpeak.exe

F:\FireFox\firefox.exe

F:\DMW Client 3\dmwclient.exe

D:\gry\The All-Seeing Eye 1.9.7 (Crakeado)\eye2.exe

C:\WINDOWS\system32\cmd.exe


»»»»»»»»»»»»»»»»»»»»»»»» hosts



»»»»»»»»»»»»»»»»»»»»»»»» C:\



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles



»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bartek



»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bartek\Application Data



»»»»»»»»»»»»»»»»»»»»»»»» Start Menu



»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bartek\FAVORI~1



»»»»»»»»»»»»»»»»»»»»»»»» Desktop



»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 



»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys



»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!Attention, following keys are not inevitably infected!


IEDFix.exe by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Rustock




»»»»»»»»»»»»»»»»»»»»»»»» DNS


Description: WAN (PPP/SLIP) Interface

DNS Server Search Order: 194.204.159.1

DNS Server Search Order: 217.98.63.164


Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport

DNS Server Search Order: 194.204.159.1

DNS Server Search Order: 194.204.152.34


HKLM\SYSTEM\CCS\Services\Tcpip\..\{73DBFFFD-0DDF-44EC-AFC1-DB081143568C}: NameServer=194.204.159.1 217.98.63.164

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F0FA5E1-D8FC-46F7-9D8E-DF7AA87E5B74}: NameServer=194.204.159.1,194.204.152.34

HKLM\SYSTEM\CS1\Services\Tcpip\..\{73DBFFFD-0DDF-44EC-AFC1-DB081143568C}: NameServer=194.204.159.1 217.98.63.164

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F0FA5E1-D8FC-46F7-9D8E-DF7AA87E5B74}: NameServer=194.204.159.1,194.204.152.34

HKLM\SYSTEM\CS2\Services\Tcpip\..\{73DBFFFD-0DDF-44EC-AFC1-DB081143568C}: NameServer=194.204.159.1 217.98.63.164

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9F0FA5E1-D8FC-46F7-9D8E-DF7AA87E5B74}: NameServer=194.204.159.1,194.204.152.34



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]
#2

Jaki zasilacz?

#3

Zobacz jeszcze w ten dziennik zdarzeń:

Start>>>Uruchom>>>eventvwr i jaki jest błąd

Do wywalenia plik:

Daj log z ComboFix

#4 
ComboFix 07-12-21.4 - Bartek 2007-12-24 2:02:35.3 - NTFSx86
#5

Skan AVG Anti-Spyware 7.5 po update :wink: