problemy z win xp

przez **pantik** » 05 Lip 2008, 19:49

mam problem nastepujący np gdy pisze strone w np edhtml-u np dodaje ramke wybieram kolor pojawia mi sie napis w okinku " za mało pamięci na otwarcie okna" gdy zamykam system to wyskakuje na samym końcu komunikaj coś tam ze pamięc nie mzoe być read i jakieś np A00000 (przykładowo) i po kilku sekundach system sie wyłacza. gdy np gram heroesa czy tam w jakas inna gra to czasem podczas gry gra sie wyłącza i pojawia sie to samo okienko co przy wyłączeniu systemu z tym że w nagłówku pisze nazwa gry lub programu i tez ze pamięc nie moze być read i pod spodem to A000000 (przykładowo) za kazdym razem zmienia sie na inne cyferki. to to moze być ?? mi sie wydaje ze coś z pamięcią ze jest niedostępna czy jakoś tam ?? mam p4 2,53 GHz 1GB RAM xp pro, grafika 128 MB. aha np odnosnie edhtml to gdy nie moge wejść na nic , zadne kolory linkie itp to jak wyłącze program i włącze to moge wejśc raz góra dwa razy i potem od nowa to samo jest.

przez **buzu** » 05 Lip 2008, 21:43

Na początek daj log z HJT.
Zobaczymy czy masz sp2,3 procesy itd.
dlatego log.A może jakiś robal też się znajdzie.
Wyłącz automatyczny reset po błędzie i spisz numerek błędu z blue screena.
Jak z poprawkami systemowymi u ciebie? przynajmniej krytycznymi.

przez **pantik** » 05 Lip 2008, 22:21

mam sp2 na xp, dyski skanowałem avirą i nodem, ad-aware tez nie wykrył nic specjalnego, zwykłe skanowanie dysku przy starcie i defragmentacja tez nie dała rady. Natomiast to co zauwazyłe to w menadżerze zadań gdy daje na pokasz czas jądra to widać czerwone wskaźniki niekiedy stale przez około minute (róznie bywa) w górnych granichach a tak jak teraz gdzie mam tylko edhtmla i opere stale uzycie procesora około 27 do 35 % z tym ze czerwony praktycznie niewiele mniejszy od zielonego.

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray" ["Nokia"]
"I&F Viewer toolbar" = ""C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start" ["VicMan Software"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"explorer" = "`.vbe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Ptipbmf" = "rundll32.exe ptipbmf.dll,SetWriteCacheMode" [MS]
"PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"VMSnap3" = "C:\WINDOWS\VMSnap3.EXE" ["ZSMCSNAP"]
"Domino" = "C:\WINDOWS\Domino.EXE" ["Vimicro"]
"BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" [file not found]
"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1045" ["DAEMON'S HOME"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" [file not found]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)

{HKLM...CLSID} = "IeCatch5 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

{HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"

{HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"

{HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

{HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]
"{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" = "IVB Shl Ext"

{HKLM...CLSID} = "IIVBShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Photo Toolkit\ivbar\ivbshlext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

{HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WebAlbum3D\(Default) = "{5C3CA950-420D-439E-A8C1-37F2196C48B2}"

{HKLM...CLSID} = "WebAlbumContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Web Photo Album\webalbumcontext.dll" ["VicMan Software"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

{HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
WebAlbum3D\(Default) = "{5C3CA950-420D-439E-A8C1-37F2196C48B2}"

{HKLM...CLSID} = "WebAlbumContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Web Photo Album\webalbumcontext.dll" ["VicMan Software"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
ALSongContext\(Default) = "{CBE49257-71F8-44B4-B536-FF5359F0AEAA}"

{HKLM...CLSID} = "ALContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALSong\ALSongSh.dll" ["Copyright (C) 2005 ESTsoft corp."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

{HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
IVBShlExt\(Default) = "{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}"

{HKLM...CLSID} = "IIVBShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Photo Toolkit\ivbar\ivbshlext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\growe\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ALSongCDAudioOnArrival\
"Provider" = "ALSong Player"
"InvokeProgID" = "ALSong.AudioCD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\ALSong.AudioCD\shell\open\Command\(Default) = ""C:\Program Files\ESTsoft\ALSong\ALSong.exe" "%1"" ["ESTsoft corp."]

ALSongMediaOnArrival\
"Provider" = "ALSong Player"
"InvokeProgID" = "ALSong.AutoPlay"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\ALSong.AutoPlay\shell\open\Command\(Default) = ""C:\Program Files\ESTsoft\ALSong\ALSong.exe" "%1"" ["ESTsoft corp."]

CanonZB4PicturesOnArrival\
"Provider" = "Canon ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe" [null data]

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

{HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMPlayCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMRipCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]

PCinemaDCameraArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "Picture"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY DSC "%L"" ["CyberLink Corp."]

PCinemaDVArrival\
"Provider" = "PowerCinema"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY DV "%L""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

{HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

PCinemaMusicFilesArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MUSIC "%L"" ["CyberLink Corp."]

PCinemaPlayCDAudioOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\command\(Default) = ""C:\Program Files\Windows Media Player\wmplayer.exe" %1" [MS]

PCinemaPlayDVDMovieOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCinemaPlayVCDMovieOnArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PCinemaVideoFilesArrival\
"Provider" = "PowerCinema"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "PlayWithPowerCinema"
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY VIDEO "%L"" ["CyberLink Corp."]

Startup items in "growe" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Action Manager 32"

shortcut to: "C:\Program Files\ScannerU\AM32.exe" [null data]
"Adobe Gamma Loader"

shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office"

shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"

{HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

{HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

{HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

{HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal – Free Antivirus Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
doPDF 6 Monitor\Driver = "dopdfmn6.dll" ["Softland"]

---------- (launch time: 2008-07-05 22:13:12)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 224 seconds.
---------- (total run time: 291 seconds)

przez **huber2t** » 06 Lip 2008, 04:37

Byłeś proszony o log z HijackThis

przez **pantik** » 06 Lip 2008, 11:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:22, on 2008-07-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.binboy.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [explorer] `.vbe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1239C82A-756A-49B6-94A4-545D07CA8FB6}: NameServer = 123.123.123.123,123.123.123.234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8420 bytes

przez **pantik** » 09 Lip 2008, 21:50

znalazłem coś takiego: (pisze troche okrojone bo bardzo szybko ekran sie pojawił i zniknał ale nie zaden niebieski ekran tylko normalny allert) spod ... 0x03c637764 ... odwołuje do pamięci... ... adress 0x03dd2598 coś tam pamięć nie może być read. a nagłówek alertu tym razem był explorer.exe (ale to róznie jest).

przez **huber2t** » 10 Lip 2008, 18:59

fix w hijackthis

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [explorer] `.vbe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1239C82A-756A-49B6-94A4-545D07CA8FB6}: NameServer = 123.123.123.123,123.123.123.234

pokaż log z Combofix

przez **pantik** » 10 Lip 2008, 21:29

mam usunąc te które są podane wyżej ?? w jaki sposób ?? i jak sie obsłużyć tym Combofix-em ?? nie moge znaleśc nigdzie instrukcji prostej do tego

przez **huber2t** » 10 Lip 2008, 23:26

Combofix

włącz HijackThis >> Do a system scan only >> zaznacz w okienku podane wpisy >> klik na Fix checked

przez **pantik** » 11 Lip 2008, 10:12

coś dałem tym combofixel najpierw był jakis autoskan czy coś takiego nie wiem wklejam to co mi zapisało do txt

ComboFix 08-07-09.5 - growe 2008-07-11 9:59:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.639 [GMT 2:00]
Running from: C:\Documents and Settings\growe\Moje dokumenty\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\avi.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\DivXsm.exe
C:\WINDOWS\system32\ff_libdts.dll
C:\WINDOWS\system32\ff_tremor.dll
C:\WINDOWS\system32\ff_wmv9.dll
C:\WINDOWS\system32\mkunicode.dll
C:\WINDOWS\system32\mkx.dll
C:\WINDOWS\system32\mkzlib.dll
C:\WINDOWS\system32\mmfinfo.dll
C:\WINDOWS\system32\mp4.dll
C:\WINDOWS\system32\ogg.dll
C:\WINDOWS\system32\ogm.dll
C:\WINDOWS\system32\ts.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-10 23:28 . 2008-07-10 23:28 <DIR> d-------- C:\Program Files\ToniArts
2008-07-10 23:27 . 2008-07-10 23:27 <DIR> d-------- C:\WINDOWS\Clean MemXP
2008-07-10 23:27 . 2008-07-11 09:53 <DIR> d-------- C:\Program Files\Clean MemXP
2008-07-06 13:13 . 2008-07-06 13:13 <DIR> d-------- C:\Program Files\AceLogix
2008-07-06 11:17 . 2008-07-06 11:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 10:42 . 2008-07-05 10:42 <DIR> d-------- C:\Documents and Settings\growe\TYPHOON
2008-07-04 15:21 . 2008-07-04 15:21 <DIR> d-------- C:\Program Files\XviD
2008-06-30 20:24 . 2008-07-05 16:09 <DIR> d-------- C:\Documents and Settings\growe\Dane aplikacji\Cream Software
2008-06-30 20:11 . 2008-06-30 22:57 <DIR> d-------- C:\EdHTMLv3.0
2008-06-30 15:34 . 2008-06-30 15:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-28 21:04 . 2008-06-28 21:04 <DIR> d-------- C:\Documents and Settings\growe\Dane aplikacji\ESTSoft
2008-06-28 21:03 . 2008-06-28 21:03 <DIR> d-------- C:\Program Files\ESTsoft
2008-06-28 18:51 . 2008-06-28 18:51 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-06-28 08:38 . 2008-07-05 16:12 <DIR> d-------- C:\Program Files\2D and 3D Animator
2008-06-28 08:24 . 2008-07-05 16:14 <DIR> d-------- C:\Program Files\Actual Drawing
2008-06-27 23:51 . 2008-06-27 23:51 <DIR> d---s---- C:\Documents and Settings\growe\UserData
2008-06-27 23:06 . 2008-06-27 23:06 <DIR> d-------- C:\Program Files\SpoX Editor 2007
2008-06-26 20:46 . 2008-06-26 20:46 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-26 20:46 . 2008-06-27 10:30 <DIR> d-------- C:\Program Files\Microsoft FrontPage Express
2008-06-26 20:46 . 2008-06-27 10:30 91 --a------ C:\WINDOWS\fpxpress.ini
2008-06-26 20:05 . 2008-06-26 20:12 <DIR> d-------- C:\WINDOWS\ShellNew
2008-06-25 20:24 . 2008-06-25 20:24 <DIR> d-------- C:\Program Files\Lavalys
2008-06-25 12:35 . 1995-04-03 00:00 22,816 --a------ C:\WINDOWS\system32\MSACM.DRV
2008-06-25 12:35 . 1995-04-03 00:00 14,208 --a------ C:\WINDOWS\system32\CTL3D.DLL
2008-06-25 12:35 . 1995-04-03 00:00 7,168 --a------ C:\WINDOWS\system32\DISPDIB.DLL
2008-06-24 21:28 . 2008-06-24 21:29 <DIR> d-------- C:\Program Files\PopTray
2008-06-21 21:24 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-20 23:23 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-20 23:10 . 2008-06-21 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-15 22:04 . 2008-06-15 22:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-15 15:11 . 2008-06-15 15:11 21 ---hs---- C:\date.bin
2008-06-15 14:20 . 2008-06-15 14:27 <DIR> d-------- C:\Documents and Settings\growe\.VirtualBox
2008-06-15 14:20 . 2008-04-30 22:12 42,048 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-06-15 14:19 . 2008-04-30 22:12 55,424 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-06-11 18:44 . 2008-06-11 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-06-11 18:42 . 2008-06-11 18:42 <DIR> d-------- C:\Documents and Settings\growe\Dane aplikacji\Wings3D
2008-06-11 18:34 . 2008-06-11 18:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 18:34 . 2008-06-11 18:34 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-11 18:34 . 2008-06-11 18:34 <DIR> d-------- C:\Program Files\backburner 2
2008-06-11 18:34 . 2008-06-11 18:34 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-06-11 18:34 . 2008-06-11 18:34 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-06-11 18:33 . 2008-06-11 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-06-11 18:00 . 2008-06-11 18:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 09:27 --------- d-----w C:\Program Files\Opera
2008-07-08 22:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-07 20:47 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\ZoomBrowser EX
2008-07-07 20:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-07-05 14:11 --------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2008-07-05 14:11 --------- d-----w C:\Program Files\Common Files\LogoManager
2008-07-05 08:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 19:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 06:20 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\Media Player Classic
2008-06-27 21:40 80,768 ----a-w C:\Documents and Settings\growe\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-26 18:07 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-26 17:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-22 10:44 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\uTorrent
2008-06-20 21:09 --------- d-----w C:\Program Files\BitComet
2008-06-16 14:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-06-14 21:14 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\Gadu-Gadu-8xALPHA
2008-06-10 07:08 --------- d-----w C:\Program Files\Lavasoft
2008-06-10 07:08 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\Lavasoft
2008-06-05 22:30 --------- d-----w C:\Program Files\NavNGo
2008-06-05 21:35 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-05 21:35 --------- d-----w C:\Program Files\MSBuild
2008-06-05 21:28 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-05 16:38 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-06-04 17:50 --------- d-----w C:\Documents and Settings\Gość\Dane aplikacji\PC Suite
2008-06-04 11:00 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\Skype
2008-05-30 10:49 --------- d-----w C:\Program Files\Google
2008-05-28 12:56 --------- d-----w C:\Program Files\Resco
2008-05-27 10:42 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\LimeWire
2008-05-24 22:42 685,576 ----a-w C:\WINDOWS\unins001.exe
2008-05-24 10:31 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\Nokia Multimedia Player
2008-05-23 19:41 --------- d-----w C:\Program Files\YouTube Video Downloader
2008-05-23 17:22 --------- d-----w C:\Program Files\AvantGo Connect
2008-05-23 08:00 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-22 11:43 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\FinalBurner AudioCD Ripper
2008-05-22 11:42 --------- d-----w C:\Documents and Settings\growe\Dane aplikacji\FinalBurner .ISO
2008-05-15 17:30 --------- d-----w C:\Program Files\Real Alternative
2008-05-12 20:08 --------- d-----w C:\Program Files\uTorrent
2008-05-12 20:03 --------- d-----w C:\Program Files\FlashGet
2008-05-12 20:00 --------- d-----w C:\Program Files\Web Photo Album
2008-05-12 20:00 --------- d-----w C:\Program Files\Photo Toolkit
2008-05-11 08:07 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-10 09:54 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-28 21:49 24 ----a-w C:\Documents and Settings\growe\tuner.dat
2008-04-27 20:45 673,546 ----a-w C:\WINDOWS\unins000.exe
2008-04-11 15:36 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2008-04-11 15:36 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2008-04-04 16:19 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"I&F Viewer toolbar"="C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" [2006-10-27 21:34 65536]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 18:52 376912]
"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-03-02 18:55 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 04:58 49152]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 11:54 49152]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 03:54 65536 C:\WINDOWS\soundman.exe]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\growe\Pulpit\gps\IMGP0719.JPG
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.l3codecp"= l3codecp.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-04 11:35 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-04-19 14:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Promixis\\Girder\\girder.exe"=
"C:\\Program Files\\Promixis\\Girder\\grunt.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"E:\\pacyfic\\mohpa.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\3dsmax6\\3dsmax.exe"=
"D:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"E:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11034:TCP"= 11034:TCP:BitComet 11034 TCP
"11034:UDP"= 11034:UDP:BitComet 11034 UDP
"13810:TCP"= 13810:TCP:BitComet 13810 TCP
"13810:UDP"= 13810:UDP:BitComet 13810 UDP
"20772:TCP"= 20772:TCP:BitComet 20772 TCP
"20772:UDP"= 20772:UDP:BitComet 20772 UDP
"25441:TCP"= 25441:TCP:BitComet 25441 TCP
"25441:UDP"= 25441:UDP:BitComet 25441 UDP
"21796:TCP"= 21796:TCP:BitComet 21796 TCP
"21796:UDP"= 21796:UDP:BitComet 21796 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 22:12]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 22:12]
R3 3xHybrid;TV-Station DVR service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 11:53]
S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-04-22 11:57]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;C:\WINDOWS\system32\Drivers\SECBULK.sys [2002-03-28 20:42]
S3 usb2vcom;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-12-05 11:20]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 04:57]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5748b3-eced-11dc-b475-00112f096cd4}]
\Shell\AutoRun\command - O:\USBNB.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Clean MemXP - C:\Program Files\Clean MemXP\CleanMemXP8.exe

po tym wszystkim spowrotem internet explorer wóricł jako główna przeglądarka a opera w tyle i zegare zamist po najechaniu pisac 11 lipca 2008 to pisze mi 2008-07-11 narazi tyle zauważyłem

nie wiem czemu teraz na wejściu mam około 460 MB ramu zajętego praktyczni zaraz po uruchomieniu systemu, niekiedy gy włącze jakiś programy graficzne to dochodzi do ~780

przez **huber2t** » 11 Lip 2008, 10:32

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5748b3-eced-11dc-b475-00112f096cd4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

Z menu Notatnika

Plik

Zapisz jako

Zmień rozszerzenie z .txt na wszystkie pliki

zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Poza tym nic nie widzę

problemy z win xp

problemy z win xp

Kto jest na forum