Niestabilna praca laptopa... asus

uniqque · 18 Maj 2008 18:41

problem jest taki ze ostatnio cos sie z nim porobilo zlego… dziwnie chodzil system wiec jak zwykle to bywa zrobilem formata i teraz jakiego kolwiek windowsa xp bym nie instalowa: oryginalnego, pirata, sp1, sp2, sp3 i tak zaczyna sie sypac mniej wiecej po instalacji sterownikow czyli dosc szybko… minowicie jak instaluje jakis program obojetnie jaki zawsze wyskoczy jakis blad i to roznie bywa (aplikacja nieprawidlowa lub jakies szlaczki dziwne) i tak jest niemal z kazdym programem…

radzilem sie juz roznych ludzi i narazie w miare sensowna odpowiedzia bylo ze moze jakis robaczek w ramie siedziec… nigdy jeszcze nie mialem takich problemow z jakim kolwiek kompem… moze jest jakis programi ktory przetestuje co tak naprawe sie w nim dzieje i naprawi to… bo chcialbym miec wkoncu stabilnie dzialajacy system

cosik_ktosik · 18 Maj 2008 18:48

Przeskanuj kompa online: http://www.searchengines.pl/Kolekcja-na … 31936.html

Daj logi z HJT: http://www.searchengines.pl/Kolekcja-na … 31936.html

Jak będzie wszystko w porządku, sprawdź pamięć pod kątem błędów: http://dobreprogramy.pl/index.php?dz=2& … est86+3.4a

ak6 · 18 Maj 2008 18:50

Przetestuj pamięć programem memtest

uniqque · 18 Maj 2008 21:47

moze bardziej to rozwinac czym i co to jest HJT… pierwszy raz sie z czyms takim spotykam i nie wiem o co tak naprawde chodzi…

cosik_ktosik · 18 Maj 2008 21:54

Mała pomyłka, zły adres. Ten jest dobry: viewtopic.php?f=16&t=36654

Chodzi o program HijackThis

uniqque · 19 Maj 2008 19:10

a wiec odpalilem tego hjt i ta sa te logi:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:45, on 2008-05-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe G:\VGA\ATI\Setup.exe C:\Program Files\Wireless Console 2\wcourier.exe G:\WLAN\INTEL\3945ABG\Apps\SetupWL.exe G:\WLAN\INTEL\3945ABG\Apps\iProInst.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’) O4 - HKUS\S-1-5-21-1004336348-2139871995-725345543-500…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘?’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: – End of file - 2198 bytes

a memtest pokazal ze jest wszystko dobrze niby i co mam dalej zrobic zeby wkoncu mi dzialal normalnie komputer?

huber2t · 20 Maj 2008 03:06

fix w hijackthis

Podaj log z Combofix

uniqque · 20 Maj 2008 09:58

zrobiłem format jeszcze raz tym razem calego dysku razem ze zrobieniem nowych partycji i nawet nawet jeszcze dziala system ale zrobilem jeszcze raz tymi programami…

logi z hjt:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:44:54, on 2008-05-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton AntiVirus\osCheck.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 1266696239 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 1268991296 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe – End of file - 9516 bytes

a tu z combofix

ComboFix 08-05-19.4 - Piotr 2008-05-20 11:54:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.264 [GMT 2:00] Running from: C:\Documents and Settings\Piotr\Pulpit\Nowy folder\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))) . 2008-05-20 11:51 . 2008-05-20 11:51 2008-05-20 11:51 . 2008-05-20 11:51 180,224 --a------ C:\WINDOWS\system32\OLD6BF.tmp 2008-05-20 11:44 . 2008-05-20 11:44 2008-05-20 11:32 . 2008-05-20 11:32 1,160 --a------ C:\WINDOWS\mozver.dat 2008-05-20 10:44 . 2008-05-20 10:45 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-20 10:44 . 2008-05-20 10:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-20 10:24 . 2008-05-20 10:50 2008-05-20 10:23 . 2008-05-20 10:45 2008-05-20 10:23 . 2008-05-20 10:47 2008-05-20 10:23 . 2008-05-20 10:45 2008-05-20 10:23 . 2008-05-20 10:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-20 10:23 . 2008-05-20 10:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-20 10:22 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-05-20 10:22 . 2008-05-20 10:22 421 --a------ C:\WINDOWS\ODBC.INI 2008-05-20 10:20 . 2008-05-20 10:21 2008-05-20 10:20 . 2008-05-20 10:20 2008-05-20 10:17 . 2008-05-20 10:17 2008-05-20 10:17 . 2008-05-20 10:17 2008-05-20 10:13 . 2008-05-20 10:13 2008-05-20 10:13 . 2008-05-20 10:13 2008-05-20 10:09 . 2008-05-20 10:09 2008-05-20 10:08 . 2008-05-20 10:08 2008-05-20 10:08 . 2008-05-20 10:09 2008-05-20 10:08 . 2008-05-20 10:08 2008-05-20 10:03 . 2008-05-20 10:03 2008-05-20 10:03 . 2008-05-20 10:04 2008-05-20 10:02 . 2008-05-20 10:02 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\UC.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\RAR.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\LHA.PIF 2008-05-20 10:02 . 2007-09-05 07:02 545 --a------ C:\WINDOWS\ARJ.PIF 2008-05-20 10:02 . 2008-05-20 10:02 373 --a------ C:\WINDOWS\wincmd.ini 2008-05-20 10:00 . 2008-05-20 10:00 2008-05-20 10:00 . 2008-05-20 10:01 2008-05-20 09:59 . 2008-04-14 22:50 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-20 09:59 . 2008-04-14 22:50 77,312 --a–c— C:\WINDOWS\system32\dllcache\usbui.dll 2008-05-20 09:59 . 2008-04-14 21:35 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-20 09:59 . 2008-04-14 00:06 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-05-20 09:59 . 2008-04-14 00:06 13,952 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys 2008-05-20 09:59 . 2008-04-14 00:06 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-05-20 09:59 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-05-20 09:59 . 2008-05-20 09:59 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-20 09:58 . 2008-05-20 09:58 2008-05-20 09:58 . 2008-05-20 09:58 2008-05-20 09:57 . 2008-05-20 10:51 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 08:03 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 08:43 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 09:57 2008-05-20 09:57 . 2008-05-20 11:35 2008-05-20 09:57 . 2008-05-20 09:41 2008-05-20 09:57 . 2008-05-20 09:56 2008-05-20 09:57 . 2008-05-20 10:23 2008-05-20 09:56 . 2008-05-20 08:29 2008-05-20 09:56 . 2008-05-20 08:06 2008-05-20 09:56 . 2008-05-20 08:11 2008-05-20 09:55 . 2008-05-20 09:55 2008-05-20 09:55 . 2008-05-20 10:15 2008-05-20 09:55 . 2008-05-20 09:55 2008-05-20 09:50 . 2008-05-20 09:52 2008-05-20 09:50 . 2008-05-20 09:50 2008-05-20 09:49 . 2008-05-20 09:49 2008-05-20 09:47 . 2008-05-20 09:47 2008-05-20 09:47 . 2008-05-20 09:47 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-20 09:42 . 2008-05-20 09:43 2008-05-20 09:42 . 2008-05-20 09:42 2008-05-20 09:42 . 2008-05-20 09:46 2008-05-20 09:42 . 2008-05-20 09:42 2008-05-20 09:41 . 2008-05-20 09:42 2008-05-20 09:41 . 2008-05-20 09:41 2008-05-20 09:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-20 09:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-20 09:22 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-20 09:22 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-20 09:22 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-20 09:22 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-20 09:22 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-20 09:22 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-20 09:22 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-20 09:22 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-20 09:22 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-20 09:18 . 2008-05-20 09:18 2008-05-20 09:17 . 2008-05-20 09:17 2008-05-20 09:17 . 2008-05-20 09:17 2008-05-20 09:14 . 2008-05-20 09:14 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-20 06:55 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\ATI 2008-05-20 06:44 --------- d-----w C:\Program Files\Toshiba 2008-05-20 06:43 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-20 06:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel 2008-05-20 06:43 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Intel 2008-05-20 06:43 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel 2008-05-20 06:43 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel 2008-05-20 06:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel 2008-05-20 06:42 --------- d-----w C:\Program Files\Intel 2008-05-20 06:41 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-05-20 06:41 --------- d-----w C:\Program Files\Wireless Console 2 2008-05-20 06:40 --------- d-----w C:\Program Files\Realtek 2008-05-20 06:39 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-20 06:36 --------- d-----w C:\Program Files\ATI Technologies 2008-05-20 06:12 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\U3 2008-05-20 06:07 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-20 06:05 --------- d-----w C:\Program Files\Usługi online 2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll 2008-04-14 20:48 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-20_11.48.43,34 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-20 09:51:44 180,224 ----a-w C:\WINDOWS\LastGood\system32\dwwin.exe + 2008-04-14 20:51:14 180,224 -c–a-w C:\WINDOWS\system32\dllcache\dwwin.exe - 2008-04-14 20:51:14 192,512 ----a-w C:\WINDOWS\system32\dwwin.exe + 2008-04-14 20:51:14 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-11-16 19:04 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 11:37 110592] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12 90112] “RTHDCPL”=“RTHDCPL.EXE” [2006-08-23 14:08 16050688 C:\WINDOWS\RTHDCPL.exe] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] “Wireless Console 2”=“C:\Program Files\Wireless Console 2\wcourier.exe” [2005-10-17 17:09 987136] “IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2006-08-02 00:38 802816] “IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2006-08-02 00:32 696320] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40 155648] “Acrobat Assistant 8.0”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2006-10-22 23:24 620152] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2006-09-03 04:04 84640] “osCheck”=“C:\Program Files\Norton AntiVirus\osCheck.exe” [2006-09-05 22:22 26248] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360] C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer{AC76BA86-1033-F400-7760-000000000003}_SC_Acrobat.exe [2008-05-20 10:17:04 295606] Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 737280] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “C:\Program Files\uTorrent\uTorrent.exe”= “C:\WINDOWS\explorer.exe”= R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 10:59] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 12:02] S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-22 14:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9fe9aeea-2633-11dd-a6d6-fda6908f2fc1}] \Shell\AutoRun\command - F:\LaunchU3.exe *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2008-05-20 08:33:09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Piotr.job” - C:\PROGRA~1\NORTON~1\Navw32.exef/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 11:55:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-20 11:56:58 ComboFix-quarantined-files.txt 2008-05-20 09:56:49 ComboFix2.txt 2008-05-20 09:49:07 Pre-Run: 14,273,249,280 bajtów wolnych Post-Run: 14,261,493,760 bajtów wolnych 282 sporo tego wyszlo

huber2t · 20 Maj 2008 13:50

co do logu to wykonaj to:

Usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

uniqque · 20 Maj 2008 16:16

zrobilem i czemu to mialo sluzyc?? pomoze to systemowi?? po co byl ten klucz do rejestru i jakim cudem wy cos widzicie w tych logach?

jak narazie wszystko dziala tak jak powinno i wkoncu tez mi oryginalny windows dziala… ale zobaczymy jak moj brat przyjdzie ten ma w sobie jakies bioprady czy cos, jak tylko dotyka jakiegos kompa od razu wszystko zaczyna sie sypac dziwne…

macie jeszcze jakies rady zeby taka sytacja jaka mialem wczesnie juz nie miala miejsca w przyszlosci?

huber2t · 20 Maj 2008 16:31

Powinno pomóc to systemowi, ale wątpie