02.08.2008, 14:11
Więc podaję tutaj screen oraz logi.
1. Po usunięciu tym programem , zmienia on nazwę (tylko tą co na czerwono zaznaczone.
2. Logi HiJackThis :
3. logi SilentRunners :
4.WinDBG wykrył, że coś nie tak z :
ati2dvag+2076d
5.Objawy :
Otóż za każdym razem gdy mam uruchomiony komputer, i włączę sobie przeglądarkę (FIREFOX 3) to co pewien czas z bliżej nieznanych powodów , podczas przeglądania obojętnie jakiej strony internetowej w pewnym momencie zawiesza się i strona i cały system (i tutaj jedynie restart i odpalam kompa na nowo). Mam tak z kilkanaście razy w ciągu dnia, a czasem to zawiesi się raz na kilka dni - tutaj nie ma reguły, w którym momencie się zawiesi i kiedy.
========
Proszę uprzejmie o pomoc w rozwiązaniu problemu.
1. Po usunięciu tym programem , zmienia on nazwę (tylko tą co na czerwono zaznaczone.
[Aby zobaczyć linki, zarejestruj się tutaj]
2. Logi HiJackThis :
Cytat: Logfile of HijackThis v1.99.1
Scan saved at 09:14:51, on 2008-08-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesJavajre1.6.0_05binjusched.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSFixCamera.exe
Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32crypserv.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32PSIService.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCanonCALCALMAIN.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wscntfy.exe
Cocuments and SettingsBasia & KołekPulpitPOBIERALNIAhijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Frogram FilesFlashgetjccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_05binssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O4 - HKLM..Run: [avast!]CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [SoundMan]SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ATIPTA]Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [HP Software Update]Crogram FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [FixCamera]C:WINDOWSFixCamera.exe
O4 - HKLM..Run: [Corel File Shell Monitor]Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe
O4 - HKLM..Run: [KernelFaultCheck]%systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [NBJ]"Crogram FilesAheadNero BackItUpNBJ.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = Crogram FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = Crogram FilesHPDigital Imagingbinhpqthb08.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet''a - Frogram FilesFlashgetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet''a - Frogram FilesFlashgetjc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_05binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Frogram FilesFlashGet.exe (file missing)
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Frogram FilesFlashGet.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{F50C124F-9084-480A-B10D-4BC7F65D02F8}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - Crogram FilesCanonCALCALMAIN.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WINDOWSSYSTEM32crypserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
3. logi SilentRunners :
Cytat: "Silent Runners.vbs", revision 58,[Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"NBJ" = ""Crogram FilesAheadNero BackItUpNBJ.exe"" ["Ahead Software AG"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"avast!" = "CROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""Crogram FilesJavajre1.6.0_05binjusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"ATIPTA" = "Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."]
"HP Software Update" = "Crogram FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."]
"FixCamera" = "C:WINDOWSFixCamera.exe" [empty string]
"Corel File Shell Monitor" = "Crogram FilesCorelCorel Paint Shop Pro Photo X2CorelIOMonitor.exe" ["Corel, Inc."]
"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k"
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
InProcServer32(Default) = "Frogram FilesFlashgetjccatch.dll" ["www.flashget.com"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binssv.dll" ["Sun Microsystems, Inc."]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
InProcServer32(Default) = "Crogram FilesIllustratedBpowerampdMCShell.dll" ["Illustrate"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "CROGRA~1MICROS~2OFFICE11msohev.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> dimsntfyDLLName = "C:WINDOWSSystem32dimsntfy.dll" [MS]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{FED7043D-346A-414D-ACD7-550D052499A7}(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
InProcServer32(Default) = "Crogram FilesIllustratedBpowerampdBShell.dll" ["Illustrate"]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
7-ZIP(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
7-ZIP(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Frogram FilesWinRARrarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsBasia & KołekUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers
CanonCW50PicturesOnArrival
"Provider" = "Canon CameraWindow"
"InvokeProgID" = "Cw50.AutoplayHandler"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesCw50.AutoplayHandlershellopencommand(Default) = "Frogram FilesCANONCameraWindowCameraWindowMCCameraLauncherMC.exe" [null data]
CanonZB4PicturesOnArrival
"Provider" = "ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesZb.AutoplayHandlershellopencommand(Default) = "Frogram FilesCANONZoomBrowser EXProgramZoomBrowser.exe /AUTOPLAY ""%1"""" [empty string]
Corel Paint Shop Pro Photo X2ShowPicturesOnArrivalHandler
"Provider" = "Corel Paint Shop Pro Photo X2"
"InvokeProgID" = "PaintShopProPhotoX2.Image"
"InvokeVerb" = "Przejrzyj"
HKLMSOFTWAREClassesPaintShopProPhotoX2.ImageshellPrzejrzyjcommand(Default) = ""Crogram FilesCorelCorel Paint Shop Pro Photo X2Corel Paint Shop Pro Photo.exe" /Review "%1"" ["Corel, Inc."]
dMCAudioCDInput
"Provider" = "dBpoweramp CD Ripper"
"InvokeProgID" = "dMC.AudioCD.Autorun"
"InvokeVerb" = "open"
HKLMSOFTWAREClassesdMC.AudioCD.Autorunshellopencommand(Default) = ""Crogram FilesIllustratedBpowerampCDGrab.exe" %1" ["Illustrate"]
DVDFabDecrypterOnDVDArrival
"Provider" = "DVDFab Decrypter"
"InvokeProgID" = "DVDFabDecrypterOpen"
"InvokeVerb" = "Open"
HKLMSOFTWAREClassesDVDFabDecrypterOpenshellOpencommand(Default) = "CROGRA~1DVDFAB~1DVDFAB~1.EXE" ["Fengtao Software Inc."]
HPUnloadAutoplay
"Provider" = "Przesyłanie HP i Szybki wydruk"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesHpqUnApl.AutoplayshellPlayDropTargetCLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = "Crogram FilesHPDigital ImagingUnloadHpqUnApl.exe" ["Hewlett-Packard"]
ImgBurnBluRayBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleBluRayBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnBluRayBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleBluRayBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleCDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnCDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleCDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleDVDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnDVDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleDVDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BuildImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleHDDVDBurningOnArrival_BuildImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnHDDVDBurningOnArrival_BurnImage
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellHandleHDDVDBurningOnArrival_BurnImageCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]
ImgBurnPlayBluRayOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayBluRayOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayCDAudioOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayCDAudioOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayDVDMovieOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayDVDMovieOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
ImgBurnPlayHDDVDOnArrival_ReadDisc
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKLMSOFTWAREClassesImgBurn.AutoPlay.1shellPlayHDDVDOnArrival_ReadDiscCommand(Default) = ""Crogram FilesImgBurnImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]
LightScribeOnArrivalAP
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLMSOFTWAREClassesLightScribe.AutoPlayHandlershellLabelLightScribeDisccommand(Default) = "Crogram FilesCommon FilesLightScribeLsLauncher.exe" ["Hewlett-Packard Company"]
NeroAutoPlay2CDAudio
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_CDAudiocommand(Default) = "Crogram FilesAheadneronero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLMSOFTWAREClassesNero.AutoPlay2shellPlayCDAudioOnArrival_CopyCDcommand(Default) = "Crogram FilesAheadneronero.exe /w /DialogiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_DataDisccommand(Default) = "Crogram FilesAheadneronero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_LaunchNeroStartSmartcommand(Default) = "Crogram FilesAheadNero StartSmartNeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
Startup items in "Basia & Kołek" & "All Users" startup folders:
---------------------------------------------------------------
Cocuments and SettingsAll UsersMenu StartProgramyAutostart
"HP Digital Imaging Monitor" -> shortcut to: "Crogram FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone - szybkie uruchamianie" -> shortcut to: "Crogram FilesHPDigital Imagingbinhpqthb08.exe -s" [null data]
Enabled Scheduled Tasks:
------------------------
"HPpromotions journeysoftware" -> launches: "Crogram Fileshpdigital imagingbinhp promotionsjourneysoftwareHPpromo.exe /N "journeysoftware" -r" ["hp"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 13
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_05binnpjpi160_05.dll" ["Sun Microsystems, Inc."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "Frogram FilesFlashGet.exe" [file not found]
{E2E2DD38-D088-4134-82B7-F2BA38496583}
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""Crogram FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Canon Camera Access Library 8, CCALib8, "Crogram FilesCanonCALCALMAIN.exe" ["Canon Inc."]
Crypkey License, Crypkey License, "crypserv.exe" ["CrypKey (Canada) Ltd."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""Crogram FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"]
ProtexisLicensing, ProtexisLicensing, "C:WINDOWSsystem32PSIService.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLMSYSTEMCurrentControlSetControlPrintMonitors
PCL Language MonitorDriver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]
---------- (launch time: 2008-08-02 09:18:31)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 15 seconds.
---------- (total run time: 49 seconds)
4.WinDBG wykrył, że coś nie tak z :
ati2dvag+2076d
5.Objawy :
Otóż za każdym razem gdy mam uruchomiony komputer, i włączę sobie przeglądarkę (FIREFOX 3) to co pewien czas z bliżej nieznanych powodów , podczas przeglądania obojętnie jakiej strony internetowej w pewnym momencie zawiesza się i strona i cały system (i tutaj jedynie restart i odpalam kompa na nowo). Mam tak z kilkanaście razy w ciągu dnia, a czasem to zawiesi się raz na kilka dni - tutaj nie ma reguły, w którym momencie się zawiesi i kiedy.
========
Proszę uprzejmie o pomoc w rozwiązaniu problemu.