Restart komputera po +/- 30 minutach

Akira · 2 Wrzesień 2006 08:44

Witam

Od wczoraj tak ni z gruchy ni pietruchy mój blaszak zaczął sie restartować po jakis pół godzinach. Myśle, że mial okres albo cos to dostal z buta, ale on nic ciągle to samo :-x juz mnie to do nerwicy doprowadza Ponizej logi:

Logfile of HijackThis v1.99.1

Scan saved at 10:40:51, on 2006-09-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Konnekt\konnekt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Admin\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.pircher.at:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE

O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe

I sajlent Ranner;) :

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Konnekt" = ""C:\Program Files\Konnekt\konnekt.exe" /autostart" ["Stamina"]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

"WhatPulse" = "C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]

"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" [file not found]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"EPSON Stylus C45 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"" ["SEIKO EPSON CORPORATION"]

"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IeCatch2 Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\UD.SCR" ["United Devices, Inc."]



Startup items in "Admin" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\Admin\Menu Start\Programy\Autostart

"UD Agent" -> shortcut to: "C:\Program Files\United Devices\UD.EXE" ["United Devices, Inc."]

"Xfire" -> shortcut to: "C:\Program Files\Xfire\Xfire.exe" ["Xfire Inc."]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Mobilen Favoriten erstellen"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]


{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Mobilen Favoriten erstellen..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\JetCar.exe" ["Amaze Soft"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

Windows Genuine Advantage Registration Service, wgareg, "C:\WINDOWS\System32\wgareg.exe" [null data]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V6 Monitor4SA\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 17 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 17 seconds.

---------- (total run time: 70 seconds)

Pozdrawiam i dzięki z góry

Bieniol · 2 Wrzesień 2006 08:56

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Windows Genuine Advantage Registration Service

Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz wgareg i ok

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowe logi

Wejdź w dziennik zdarzeń: Start --> uruchom --> eventvwr i sprawdź, czy masz jakieś błędy zaznaczone kolorem czerownym Jeżeli tak, to napisz o nich

Akira · 2 Wrzesień 2006 09:25

Jest tych błedów troche:

Aplikacje:

Aplication Hang x7

Aplication Error x6

MsiInstaler

System:

DCOM

Service Control Menager

DCOM

Services Control Menager

System Error

Services Control Menager

System Error

Services Control Menager x13

DHCP

netracm

Services Control Menager

SidebySide

PSched

W32Time

NetBT

To wszystko

Logi HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 11:21:33, on 2006-09-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Konnekt\konnekt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE

C:\Program Files\Xfire\Xfire.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Admin\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.pircher.at:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE

O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Silennt:

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Konnekt" = ""C:\Program Files\Konnekt\konnekt.exe" /autostart" ["Stamina"]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

"WhatPulse" = "C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]

"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" [file not found]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"EPSON Stylus C45 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"" ["SEIKO EPSON CORPORATION"]

"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IeCatch2 Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\UD.SCR" ["United Devices, Inc."]



Startup items in "Admin" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\Admin\Menu Start\Programy\Autostart

"UD Agent" -> shortcut to: "C:\Program Files\United Devices\UD.EXE" ["United Devices, Inc."]

"Xfire" -> shortcut to: "C:\Program Files\Xfire\Xfire.exe" ["Xfire Inc."]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]


{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Mobilen Favoriten erstellen"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]


{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Mobilen Favoriten erstellen..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\JetCar.exe" ["Amaze Soft"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V6 Monitor4SA\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 22 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 17 seconds.

---------- (total run time: 87 seconds)

Co do usuwania Proxy nie usuwałem bo to jest firmowe proxy od mojego dostawcy internetu.

Bieniol · 2 Wrzesień 2006 09:37

Chodzi mi o te dwa błędy System Error. Prawym przyciskiem myszy --> Właściwości i wklej screeny tych błędów

Jak zrobić zrzut pulpitu?

Akira · 2 Wrzesień 2006 09:43

Error 1:

Error 2:

Bieniol · 2 Wrzesień 2006 09:49

Sprawdź ram programem --> Memtest

Akira · 2 Wrzesień 2006 14:02

test zostal przeprowadzony 7 razy na więcej nie mialem czasu i musialem anulować… Zobaczymy czy sie wyłaczy teraz

Złączono Posta : 02.09.2006 (Sob) 16:56

Ciągle to samo, nie ma rady na to raz po godzinie wysiada raz po 15 minutach a raz po 30 Cos jeszcze da sie zrobić?

kuz5 · 2 Wrzesień 2006 15:48

Konflikt jakiś sterowników, przeinstaluj sterowniki

Akira · 6 Wrzesień 2006 10:59

Ciągle to samo, ale z ciekawości ściągnełem SPeedFan i zobaczyłem taki o to widok:

Czy temeperatura 80 (!) stopni to normalne na P4 ? Na obudowie pokazuje 51:/ nie wiem co o tym myslić

Gutek · 6 Wrzesień 2006 11:11

Bezpieczna wartość dla większości układów to 65-75 stopni Celsjusza

Dla najwydajniejszych jednostek (Pentium 4E Prescott) limit ten możemy zwiększyć do 75-80 stopni. Takie ustawienie parametrów daje jeszcze spory zapas bezpieczeństwa, gdyż temperatura krytyczna dla produktów Intela wynosi 135, a dla AMD 125 stopni Celsjusza.

cytat z: CHIP Online

Akira · 6 Wrzesień 2006 11:13

Tak ale moze przez to on mi sie wyłacza… Może jest jakis limit przed spaleniem ?

Gutek · 6 Wrzesień 2006 11:39

Panel sterowania >>> System >>> Zaawansowne >>> Uruchamianie i odzyskiwanie

Klikasz Ustawienia i w sekcji Zapisywanie informacji o debugowaniu ustaw opcję na Brak.

I jak się komp wyłaczy powiedz czy coś się działo

Akira · 6 Wrzesień 2006 12:12

Wyłaczał sie jak zawsze. Sekunda i start. Tak jak przy resetowaniu.

Gutek · 6 Wrzesień 2006 12:19

Teraz debugowaniu ustaw na pełen zrzut czy coś wyskakuje? Jakiś błąd wywala - blue screen? Coś masz ze sterownikami od płyty, uaktualnij

Akira · 6 Wrzesień 2006 12:30

mam ustawic na pelen zrzut i czekac aż sie zresetuje?

Złączono Posta : 06.09.2006 (Sro) 15:39

Pojawił sie niebieski blue screen i zrzucalo pamiec fizyczną na dysk. W ostatnim wierszu pisalo cos o Cfoss Spedzie

Gutek · 6 Wrzesień 2006 15:03

Chodzi mi o numer STOP, możesz zrobić screena?

Akira · 6 Wrzesień 2006 16:57

screena Przeciez za sekunde mi sie komp resetuje Ale nic juz od 3 godzin chodzi po deinstalacji Cfoss Speda, ale za to przy właczonym mule net chodzi jak krew z nosa… Sprubuje zainstalowac jeszcze raz :roll: