misiek249 utworzono 24 sierpnia 2010 utworzono 24 sierpnia 2010 sprawa wygląda tak , po włączeniu komputera zacina się , czasami pochodzi z 2h, czasami nawet nie zdążę konta odpalić , zauważyłem że jak zmienię miejscówkę ramu to pochodzi bez zwiechy nawet i cały dzień , ale to sporadycznie , temp. procka w normie 40-50*C po podkręceniu , karty graficznej ok 40*C, i teraz tak , zasilacz jest dobry , spr na innym lepszym zasilaczu obniżałem procka i nic, dysk mi się trochę wali (przestaje łączyć przy kości z napięciemale to już wcześniej było) , karta graficzna sprawna, ramy sprawne (miałem 2 kości 512 i 256 , po przeskanowaniu programem wyrzuciłem 256 bo troche uszkodzone) pozostał procek i płyta główna , wydaje mi się że to wina płyty głównej poniżej lista rzeczy uruchamianych , lista jest strasznie długa , i się powtarza , wkleiłem tylko część [spoiler] Dodatek Service Pack 3 8 19 2010 12:20:41.500 Zaadowany sterownik. \WINDOWS\system32\ntoskrnl.exe Zaadowany sterownik. \WINDOWS\system32\hal.dll Zaadowany sterownik. \WINDOWS\system32\KDCOM.DLL Zaadowany sterownik. \WINDOWS\system32\BOOTVID.dll Zaadowany sterownik. sptd.sys Zaadowany sterownik. \WINDOWS\System32\Drivers\WMILIB.SYS Zaadowany sterownik. \WINDOWS\System32\Drivers\SCSIPORT.SYS Zaadowany sterownik. ACPI.sys Zaadowany sterownik. pci.sys Zaadowany sterownik. isapnp.sys Zaadowany sterownik. pciide.sys Zaadowany sterownik. \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Zaadowany sterownik. MountMgr.sys Zaadowany sterownik. ftdisk.sys Zaadowany sterownik. dmload.sys Zaadowany sterownik. dmio.sys Zaadowany sterownik. PartMgr.sys Zaadowany sterownik. VolSnap.sys Zaadowany sterownik. atapi.sys Zaadowany sterownik. nvatabus.sys Zaadowany sterownik. disk.sys Zaadowany sterownik. \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Zaadowany sterownik. fltMgr.sys Zaadowany sterownik. sr.sys Zaadowany sterownik. KSecDD.sys Zaadowany sterownik. Ntfs.sys Zaadowany sterownik. NDIS.sys Zaadowany sterownik. aswNdis2.sys Zaadowany sterownik. aswNdis.sys Zaadowany sterownik. nv_agp.sys Zaadowany sterownik. Mup.sys Zaadowany sterownik. aswNdis2.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\amdk7.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\usbohci.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\usbehci.sys Zaadowany sterownik. \SystemRoot\system32\drivers\ALCXWDM.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\RTL8139.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\nv4_mini.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\av8vzhjk.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\serial.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\serenum.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\parport.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\i8042prt.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\mouclass.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\kbdclass.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\gameenum.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\audstub.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\rasl2tp.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\ndistapi.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\ndiswan.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\raspppoe.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\raspptp.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\ptilink.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\raspti.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\rdpdr.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\termdd.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\swenum.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\update.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\mssmbios.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\usbhub.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\NDProxy.SYS Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\NDProxy.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\cdrom.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\redbook.sys Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\lbrtfdc.SYS Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\Sfloppy.SYS Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\i2omgmt.SYS Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\Changer.SYS Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\Cdaudio.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\Fs_Rec.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\Null.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\Beep.SYS Zaadowany sterownik. \SystemRoot\System32\drivers\vga.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\mnmdd.SYS Zaadowany sterownik. \SystemRoot\System32\DRIVERS\RDPCDD.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\Msfs.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\Npfs.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\rasacd.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\msgpc.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\ipsec.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\tcpip.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\aswFW.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\aswTdi.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\netbt.sys Zaadowany sterownik. \SystemRoot\System32\drivers\afd.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\netbios.sys Sterownik nie zosta zaadowany. \SystemRoot\System32\Drivers\PCIDump.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\rdbss.sys Zaadowany sterownik. \SystemRoot\system32\DRIVERS\mrxsmb.sys Sterownik nie zosta zaadowany. \SystemRoot\system32\DRIVERS\imapi.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\Fips.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\aswSP.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\ipnat.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\aswSnx.SYS Zaadowany sterownik. \SystemRoot\System32\Drivers\Aavmker4.SYS Zaadowany sterownik. \SystemRoot\system32\DRIVERS\wanarp.sys Zaadowany sterownik. \SystemRoot\System32\Drivers\Cdfs.SYS Dodatek Service Pack 3 8 19 2010 12:26:39.500 Zaadowany sterownik. \WINDOWS\system32\ntoskrnl.exe Zaadowany sterownik. \WINDOWS\system32\hal.dll Zaadowany sterownik. \WINDOWS\system32\KDCOM.DLL Zaadowany sterownik. \WINDOWS\system32\BOOTVID.dll Zaadowany sterownik. sptd.sys Zaadowany sterownik. \WINDOWS\System32\Drivers\WMILIB.SYS Zaadowany sterownik. \WINDOWS\System32\Drivers\SCSIPORT.SYS Zaadowany sterownik. ACPI.sys Zaadowany sterownik. pci.sys Zaadowany sterownik. isapnp.sys Zaadowany sterownik. pciide.sys Zaadowany sterownik. \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Zaadowany sterownik. MountMgr.sys Zaadowany sterownik. ftdisk.sys Zaadowany sterownik. dmload.sys Zaadowany sterownik. dmio.sys Zaadowany sterownik. PartMgr.sys Zaadowany sterownik. VolSnap.sys Zaadowany sterownik. atapi.sys Zaadowany sterownik. nvatabus.sys Zaadowany sterownik. disk.sys Zaadowany sterownik. \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Zaadowany sterownik. fltMgr.sys Zaadowany sterownik. sr.sys Zaadowany sterownik. KSecDD.sys Zaadowany sterownik. Ntfs.sys Zaadowany sterownik. NDIS.sys Zaadowany sterownik. aswNdis2.sys Zaadowany sterownik. aswNdis.sys Zaadowany sterownik. nv_agp.sys Zaadowany sterownik. Mup.sys Sterownik nie zosta zaadowany. Jednoprocesorowy komputer PC z interfejsem ACPI Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Procesor AMD K7 Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Procesor AMD K7 Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Procesor AMD K7 Sterownik nie zosta zaadowany. Kodery-dekodery audio Sterownik nie zosta zaadowany. Starsze sterowniki audio Sterownik nie zosta zaadowany. Urządzenia sterujące mediami Sterownik nie zosta zaadowany. Starsze urządzenia przechwytywania wideo Sterownik nie zosta zaadowany. Kodery-dekodery wideo Sterownik nie zosta zaadowany. Procesor AMD K7 Sterownik nie zosta zaadowany. Realtek AC'97 Audio Sterownik nie zosta zaadowany. Port komunikacyjny Sterownik nie zosta zaadowany. Port komunikacyjny Sterownik nie zosta zaadowany. Port drukarki ECP Sterownik nie zosta zaadowany. Standardowy port gier[/spoiler] a tutaj log z ComoFix'a niewiem czy to coś pomoże i czy jest dobrze zrobione , osobiście 1 raz go używałem [spoiler]ComboFix 10-06-19.03 - Mis 2010-06-20 13:07:09.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.511.326 [GMT 2:00] Uruchomiony z: c:\documents and settings\Mis\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\irunin.bmp c:\windows\irunin.dat c:\windows\irunin.ini c:\windows\irunin.lng . ((((((((((((((((((((((((( Pliki utworzone od 2010-05-20 do 2010-06-20 ))))))))))))))))))))))))))))))) . 2010-06-20 10:48 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys 2010-06-20 10:48 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2010-06-20 10:48 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2010-06-20 09:30 . 2010-06-20 09:30 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-06-20 09:24 . 2010-06-20 09:24 -------- d-----w- c:\documents and settings\Mis\Ustawienia lokalne\Dane aplikacji\cache 2010-06-20 09:22 . 2010-06-20 09:28 -------- d-----w- c:\documents and settings\Mis\Dane aplikacji\Gadu-Gadu 10 2010-06-15 21:57 . 2010-03-25 09:27 1107264 ----a-w- c:\documents and settings\Kubus\Dane aplikacji\Mozilla\Firefox\Profiles\x82yvkyv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll 2010-06-10 13:21 . 2010-06-10 13:21 -------- d-----w- c:\documents and settings\Kubus\Dane aplikacji\Gadu-Gadu 10 2010-05-30 12:48 . 2006-08-02 21:12 577536 ----a-w- c:\windows\soundman.exe 2010-05-30 12:48 . 2006-08-01 06:58 143360 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-05-30 12:48 . 2006-07-31 03:27 217088 ----a-w- c:\windows\Alcrmv.exe 2010-05-30 12:48 . 2006-07-31 03:19 315392 ----a-w- c:\windows\alcupd.exe 2010-05-28 19:36 . 2010-05-28 19:36 -------- d-----w- c:\documents and settings\MuM1N3K\Dane aplikacji\DAEMON Tools Lite 2010-05-28 18:01 . 2010-05-28 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-05-28 18:01 . 2010-05-28 18:01 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-05-28 18:01 . 2010-05-28 18:01 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-05-28 17:59 . 2010-05-28 17:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-05-28 17:59 . 2010-05-28 18:04 -------- d-----w- c:\documents and settings\Kubus\Dane aplikacji\DAEMON Tools Lite 2010-05-28 17:46 . 2010-05-28 17:46 -------- d-----w- c:\documents and settings\Kubus\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-05-28 14:09 . 2010-05-28 14:09 720896 ----a-w- c:\windows\iun6002.exe 2010-05-28 14:05 . 2010-05-28 14:05 -------- d-----w- c:\documents and settings\Mis\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-05-28 12:11 . 2010-05-28 12:11 -------- d-----w- c:\documents and settings\MuM1N3K\Ustawienia lokalne\Dane aplikacji\cache 2010-05-28 12:10 . 2010-05-28 12:11 -------- d-----w- c:\documents and settings\MuM1N3K\Dane aplikacji\Gadu-Gadu 10 2010-05-28 12:10 . 2010-05-28 12:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-05-28 11:55 . 2010-05-28 11:55 -------- d-----w- c:\documents and settings\MuM1N3K\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-05-25 08:54 . 2010-05-25 08:54 -------- d-----w- c:\windows\nvidia icons 2010-05-25 08:54 . 2010-05-25 08:54 -------- d-----w- c:\windows\nview 2010-05-25 08:54 . 2008-05-03 03:46 442368 ----a-w- c:\windows\system32\nvudisp.exe 2010-05-24 22:01 . 2010-05-24 22:01 -------- d-----w- c:\program files\Damian Pasternak 2010-05-24 17:16 . 2003-04-21 06:18 52608 ----a-r- c:\windows\system32\drivers\nvatabus.sys 2010-05-24 16:50 . 2010-05-25 08:53 -------- d-----w- C:\NVIDIA 2010-05-24 16:20 . 2010-05-24 16:20 -------- d-----w- c:\documents and settings\Adus\Dane aplikacji\ScanSpyware 2010-05-24 16:20 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe 2010-05-24 16:20 . 2010-05-24 16:20 -------- d-----w- c:\program files\ScanSpyware 2010-05-24 16:01 . 2008-04-30 15:27 442368 ----a-w- c:\windows\system32\NVUninst.exe 2010-05-24 16:01 . 2007-10-04 16:16 356352 ----a-w- c:\windows\system32\nvuide.exe 2010-05-24 16:01 . 2007-10-04 16:16 356352 ----a-w- c:\windows\system32\nvuenet.exe 2010-05-24 16:01 . 2007-10-04 16:16 356352 ----a-w- c:\windows\system32\nvusmb.exe 2010-05-24 16:01 . 2007-10-04 16:16 356352 ----a-w- c:\windows\system32\nvumctl.exe 2010-05-24 16:00 . 2007-10-04 16:16 356352 ----a-w- c:\windows\system32\nvugart.exe 2010-05-24 16:00 . 2003-03-19 07:51 18688 ----a-r- c:\windows\system32\drivers\nv_agp.SYS 2010-05-24 15:45 . 2010-05-30 12:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-24 15:45 . 2010-05-24 15:45 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation 2010-05-24 15:45 . 2010-05-24 15:45 -------- d-----w- c:\documents and settings\Adus\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation 2010-05-24 15:45 . 2010-05-24 15:45 -------- d-----w- c:\program files\NVIDIA Corporation 2010-05-24 15:44 . 2010-05-24 15:44 -------- d-----w- c:\program files\NVIDIA nTune Performance Application 2010-05-23 01:20 . 2010-05-04 17:18 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-23 01:20 . 2010-05-04 17:18 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-23 01:20 . 2010-05-04 17:18 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-05-23 01:20 . 2010-05-04 12:40 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-05-23 01:20 . 2010-05-04 17:18 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-05-23 01:20 . 2010-05-04 17:18 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2010-05-23 01:20 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2010-05-23 01:20 . 2010-05-04 17:18 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2010-05-23 01:06 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-05-23 01:06 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-23 01:06 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-23 01:06 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-23 01:06 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-23 01:06 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-23 01:06 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-23 01:06 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-23 01:06 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-23 01:06 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-23 01:06 . 2010-05-23 01:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-05-23 01:04 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-05-23 01:04 . 2008-06-14 17:36 273024 ------w- c:\windows\system32\drivers\bthport.sys 2010-05-23 01:04 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-30 12:49 . 2010-05-30 12:49 -------- d-----w- c:\program files\Realtek Sound Manager 2010-05-30 12:49 . 2010-05-30 12:49 -------- d-----w- c:\program files\AvRack 2010-05-30 12:49 . 2010-05-30 12:49 -------- d-----w- c:\program files\Realtek AC97 2010-05-28 16:55 . 2010-05-22 22:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-25 08:54 . 2010-05-23 00:04 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-24 16:09 . 2001-10-26 17:15 46756 ----a-w- c:\windows\system32\perfc015.dat 2010-05-24 16:09 . 2001-10-26 17:15 349454 ----a-w- c:\windows\system32\perfh015.dat 2010-05-23 01:06 . 2010-05-22 23:26 -------- d-----w- c:\program files\Alwil Software 2010-05-22 23:48 . 2010-05-22 23:48 -------- d-----w- c:\program files\Lavalys 2010-05-22 23:33 . 2010-05-22 23:33 0 ----a-w- c:\windows\nsreg.dat 2010-05-22 23:33 . 2010-05-22 23:33 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.1 2010-05-22 23:02 . 2010-05-22 23:02 12328 ----a-w- c:\documents and settings\Adus\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-05-22 22:52 . 2010-05-22 22:52 -------- d-----w- c:\program files\microsoft frontpage 2010-05-22 22:50 . 2010-05-22 22:50 -------- d-----w- c:\program files\Usługi online 2010-05-22 22:48 . 2010-05-22 22:48 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-05-04 17:18 . 2008-04-14 19:50 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:18 . 2008-04-14 19:50 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:18 . 2008-04-14 19:50 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2010-05-02 08:09 . 2008-04-14 18:35 1851520 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:34 . 2008-04-14 19:30 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-06-20 11850344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "Resume copy"="copyfstq.exe" [2002-03-24 46080] "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Mis\Menu Start\Programy\Autostart\ Skr˘t do bannerkiller2-[www.legalne.lnk - d:\programy\Gadu Gadu 10 + GGTuner\bannerkiller2-[www.legalne.info].exe [2010-6-20 6144] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "d:\\Games\\Cs1.6\\hl.exe"= "d:\\Games\\Counter-Strike Source\\hl2.exe"= "d:\\Games\\Diablo II\\Game.exe"= "d:\\Games\\Metin 2\\metin2.bin"= "d:\\Games\\Metin 2\\metin2client.bin"= R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-06-20 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-06-20 190416] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-06-20 99280] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-05-23 307280] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-05-23 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-05-23 19024] R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-06-20 119200] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-28 721904] S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-05-23 26224] . . ------- Skan uzupełniający ------- . TCP: {502E079E-6463-4ABA-B95F-126029ACBA3C} = 194.204.152.34 FF - ProfilePath - c:\documents and settings\Mis\Dane aplikacji\Mozilla\Firefox\Profiles\1nnxeq7r.default\ FF - prefs.js: browser.startup.homepage - google.pl FF - plugin: c:\documents and settings\Mis\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-06-20 13:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . Czas ukończenia: 2010-06-20 13:22:53 ComboFix-quarantined-files.txt 2010-06-20 11:22 Przed: 20 689 260 544 bajtów wolnych Po: 20 812 709 888 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - B317E70BB7DA99EDF8044B3A510BB826 [/spoiler] hmm... system śmiga w trybie awaryjnym bez zastrzeżeń w miare często na normalnym systemie wyskakuje blue error m. in. kernel_data_inpage_error STOP: 0x7a system był wielokrotnie przeistalowywany , i jest to (chyba)dobrze robione ponieważ brat jest informatykiem i robi to od 15 lat konfiguracja kompa: procesor AMD athlon 2400+ podkręcony do 2.0 RAM 512MB graficzna GF FX5500 jeśli coś jeszcze to napiszcie , to podam info [color="#ff0000"]//przenoszę do Bezpieki //raaz[/color]
raazor90 komentarz 24 sierpnia 2010 komentarz 24 sierpnia 2010 wykonaj: http://www.forumpc.pl/index.php?showtopic=16074
misiek249 komentarz 24 sierpnia 2010 Autor komentarz 24 sierpnia 2010 taki oto błąd mi się pojawił , próbowałem coś z tym zrobić , jednak bez skutku jakieś pomysł ? [img]http://vlep.pl/zpl471.jpg[/img]
raazor90 komentarz 25 sierpnia 2010 komentarz 25 sierpnia 2010 Daj loga z OTL przyczyną jest infekcja http://www.forumpc.pl/index.php?showtopic=104338
misiek249 komentarz 25 sierpnia 2010 Autor komentarz 25 sierpnia 2010 proszę bardzo:) mam nadzieje że to pomoże [log]OTL logfile created on: 2010-08-25 23:04:36 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 296,00 Mb Available Physical Memory | 58,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 13,91 Gb Free Space | 56,97% Space Free | Partition Type: NTFS Drive D: | 124,63 Gb Total Space | 43,44 Gb Free Space | 34,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MISIEK Current User Name: Mis Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-08-25 22:57:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-07-31 15:12:43 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-31 15:12:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-08-25 22:57:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-07-27 08:30:33 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-07-17 21:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-15 18:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-06-20 19:48:53 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 21:51:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-14 21:51:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-14 21:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 21:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 21:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 21:50:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2008-04-14 21:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 21:50:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008-04-14 21:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 21:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 21:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 21:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-28 22:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mis\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2010-06-28 22:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW) DRV - [2010-06-28 22:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2010-06-28 22:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-28 19:59:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-03-19 21:10:13 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis) DRV - [2008-05-03 05:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2006-08-18 07:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003-04-21 08:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-03-19 09:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-31 15:12:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-31 15:12:49 | 000,000,000 | ---D | M] [2010-05-28 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Extensions [2010-05-28 16:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010-08-24 19:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Firefox\Profiles\1nnxeq7r.default\extensions [2010-08-09 11:45:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Firefox\Profiles\1nnxeq7r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-05-23 01:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-31 15:12:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-07-31 15:12:37 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010-07-31 15:12:37 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-07-31 15:12:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010-06-19 21:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010-07-31 15:12:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-31 15:12:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-31 15:12:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010-07-31 15:12:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-31 15:12:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-31 15:12:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-31 15:12:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-06-20 13:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\COPYFSTQ.EXE () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - Startup: C:\Documents and Settings\Mis\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk = D:\Programy\Gadu Gadu 10 + GGTuner\bannerkiller2-[www.legalne.info].exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-25 15:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Starcraft [2010-08-25 13:30:43 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 12:14:05 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 11:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment [2010-08-24 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit [2010-08-24 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86) [2010-08-24 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2010-08-24 23:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2010-08-24 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010-08-24 23:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2010-08-24 23:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us [2010-08-24 23:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010-08-24 23:25:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010-08-24 23:24:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010-08-24 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment.temp [2010-08-24 13:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2010-08-24 13:41:04 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-24 13:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Side 9 Screensaver dir [2010-08-24 13:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor [2010-08-22 19:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2010-08-22 19:18:40 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010-08-20 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\Adobe [2010-08-16 13:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment.temp [2010-08-16 12:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2010-08-11 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-07-29 17:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010-07-29 17:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-07-29 17:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-07-13 13:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-07-12 19:11:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-03 21:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010-07-02 13:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-07-02 13:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Moje dokumenty\My Games [2010-07-01 22:11:15 | 000,000,000 | ---D | C] -- C:\Downloads [2010-07-01 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet [2010-07-01 14:02:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-25 23:02:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-25 22:55:17 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-08-25 22:55:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-25 22:53:55 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Mis\NTUSER.DAT [2010-08-25 22:53:55 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mis\ntuser.ini [2010-08-25 22:53:04 | 001,656,336 | -H-- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-25 21:33:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-25 13:30:50 | 000,021,329 | ---- | M] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 13:30:44 | 000,000,967 | ---- | M] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:07:06 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 12:23:03 | 000,077,800 | ---- | M] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:18:57 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 12:18:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 01:04:34 | 000,140,170 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-25 00:01:04 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-24 23:29:44 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-24 23:27:46 | 001,065,412 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-24 23:27:46 | 000,484,776 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-24 23:27:46 | 000,426,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-24 23:27:46 | 000,081,252 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-24 23:27:46 | 000,065,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-24 22:54:30 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 13:41:04 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-16 13:00:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-16 02:37:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-08-15 12:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-11 11:37:47 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-04 11:34:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-29 17:30:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-27 15:24:53 | 052,866,156 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-07-27 14:36:11 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-22 18:47:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk [2010-07-22 18:47:52 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-01 22:11:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys [2010-06-28 22:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2010-06-28 22:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-25 13:30:50 | 000,021,329 | ---- | C] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,000,967 | ---- | C] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:07:06 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 12:14:15 | 000,077,800 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:14:05 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 01:04:34 | 000,140,170 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-24 23:27:39 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-08-24 22:54:30 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 13:39:11 | 052,866,156 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-08-17 12:51:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-16 13:00:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-11 11:37:47 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-04 11:34:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-29 17:29:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-27 14:26:05 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-01 22:11:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-06-23 15:07:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI [2010-05-30 14:49:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010-05-30 14:48:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-05-28 19:59:51 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-05-24 18:33:04 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI [2010-05-23 02:06:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\idecoi.dll [2010-02-08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll [2008-05-03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-05-03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-05-03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-05-03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-03-12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2002-05-04 12:04:45 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-01 22:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\BitComet [2010-05-24 18:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\ScanSpyware [2010-05-23 03:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-28 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-28 20:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\DAEMON Tools Lite [2010-06-10 15:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\Gadu-Gadu 10 [2010-07-02 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-06-20 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10 [2010-07-13 13:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-05-28 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\Gadu-Gadu 10 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-23 02:00:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-06-20 13:01:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-06-20 13:22:54 | 000,014,535 | ---- | M] () -- C:\ComboFix.txt [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-25 23:02:25 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log]
Tomek01 komentarz 27 sierpnia 2010 komentarz 27 sierpnia 2010 Odinstaluj Deamon Tools Toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi OTL i RSIT.
misiek249 komentarz 30 sierpnia 2010 Autor komentarz 30 sierpnia 2010 trochę późno , ale w pracy byłem i nie mogłem , oto i logi usuwanie daemon'a [log] All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Adus ->Temp folder emptied: 55829343 bytes ->Temporary Internet Files folder emptied: 362646 bytes ->FireFox cache emptied: 40559815 bytes ->Flash cache emptied: 948 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kubus ->Temp folder emptied: 82018591 bytes ->Temporary Internet Files folder emptied: 769056 bytes ->FireFox cache emptied: 51634074 bytes ->Flash cache emptied: 20245 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mis ->Temp folder emptied: 57081182 bytes ->Temporary Internet Files folder emptied: 2445302 bytes ->FireFox cache emptied: 49878430 bytes ->Flash cache emptied: 1787 bytes User: MuM1N3K ->Temp folder emptied: 155216153 bytes ->Temporary Internet Files folder emptied: 166966 bytes ->FireFox cache emptied: 97780845 bytes ->Flash cache emptied: 9991 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 273956 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2048464 bytes RecycleBin emptied: 1613 bytes Total Files Cleaned = 571,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08302010_170658 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] nowy log z OTL [log]OTL logfile created on: 2010-08-30 17:27:03 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 273,00 Mb Available Physical Memory | 53,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 14,14 Gb Free Space | 57,93% Space Free | Partition Type: NTFS Drive D: | 124,63 Gb Total Space | 43,44 Gb Free Space | 34,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MISIEK Current User Name: Mis Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-08-25 22:57:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-07-31 15:12:43 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-31 15:12:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-08-25 22:57:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-07-27 08:30:33 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-07-17 21:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-15 18:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-06-20 19:48:53 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 21:51:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-14 21:51:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-14 21:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 21:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 21:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 21:50:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2008-04-14 21:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 21:50:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008-04-14 21:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 21:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 21:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 21:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-28 22:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mis\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2010-08-26 13:06:36 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-28 22:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW) DRV - [2010-06-28 22:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2010-06-28 22:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-03-19 21:10:13 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis) DRV - [2008-05-03 05:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2006-08-18 07:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003-04-21 08:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-03-19 09:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-27 14:06:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-31 15:12:49 | 000,000,000 | ---D | M] [2010-05-28 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Extensions [2010-08-24 19:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Firefox\Profiles\1nnxeq7r.default\extensions [2010-08-09 11:45:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mis\Dane aplikacji\Mozilla\Firefox\Profiles\1nnxeq7r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-05-23 01:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-07-31 15:12:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-31 15:12:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-31 15:12:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-31 15:12:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-31 15:12:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-31 15:12:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-06-20 13:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\COPYFSTQ.EXE () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - Startup: C:\Documents and Settings\Mis\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk = D:\Programy\Gadu Gadu 10 + GGTuner\bannerkiller2-[www.legalne.info].exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-790525478-1450960922-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-30 17:06:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010-08-25 15:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Starcraft [2010-08-25 13:30:43 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 12:14:05 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 11:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment [2010-08-24 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit [2010-08-24 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86) [2010-08-24 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2010-08-24 23:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2010-08-24 23:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010-08-24 23:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2010-08-24 23:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us [2010-08-24 23:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010-08-24 23:25:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010-08-24 23:24:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010-08-24 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment.temp [2010-08-24 13:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2010-08-24 13:41:04 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-24 13:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Side 9 Screensaver dir [2010-08-24 13:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor [2010-08-22 19:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2010-08-20 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\Adobe [2010-08-16 13:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment.temp [2010-08-16 12:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2010-08-11 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-07-29 17:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010-07-29 17:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-07-29 17:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-07-13 13:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-07-12 19:11:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-03 21:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010-07-02 13:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-07-02 13:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mis\Moje dokumenty\My Games [2010-07-01 22:11:15 | 000,000,000 | ---D | C] -- C:\Downloads [2010-07-01 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-30 17:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-30 17:22:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-30 17:22:05 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-08-30 17:08:10 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Mis\NTUSER.DAT [2010-08-30 17:08:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mis\ntuser.ini [2010-08-30 17:02:23 | 003,228,728 | -H-- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-26 13:06:36 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-25 23:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-25 13:30:50 | 000,021,329 | ---- | M] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 13:30:44 | 000,000,967 | ---- | M] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:07:06 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 12:23:03 | 000,077,800 | ---- | M] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:18:57 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 12:18:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 01:04:34 | 000,140,170 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-25 00:01:04 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-24 23:29:44 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-24 23:27:46 | 001,065,412 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-24 23:27:46 | 000,484,776 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-24 23:27:46 | 000,426,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-24 23:27:46 | 000,081,252 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-24 23:27:46 | 000,065,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-24 22:54:30 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 13:41:04 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-16 13:00:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-16 02:37:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-08-15 12:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-11 11:37:47 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-04 11:34:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-29 17:30:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-27 15:24:53 | 052,866,156 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-07-27 14:36:11 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-22 18:47:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk [2010-07-22 18:47:52 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-01 22:11:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-25 13:30:50 | 000,021,329 | ---- | C] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,000,967 | ---- | C] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:07:06 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 12:14:15 | 000,077,800 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:14:05 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 01:04:34 | 000,140,170 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-24 23:27:39 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-08-24 22:54:30 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 13:39:11 | 052,866,156 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-08-17 12:51:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-16 13:00:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-11 11:37:47 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-04 11:34:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-29 17:29:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-27 14:26:05 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-01 22:11:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-06-23 15:07:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI [2010-05-30 14:49:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010-05-30 14:48:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-05-28 19:59:51 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-05-24 18:33:04 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI [2010-05-23 02:06:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\idecoi.dll [2010-02-08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll [2008-05-03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-05-03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-05-03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-05-03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-03-12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2002-05-04 12:04:45 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-01 22:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\BitComet [2010-05-24 18:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\ScanSpyware [2010-05-23 03:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-28 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-28 20:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\DAEMON Tools Lite [2010-06-10 15:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\Gadu-Gadu 10 [2010-07-02 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-06-20 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10 [2010-07-13 13:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-05-28 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\Gadu-Gadu 10 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-23 02:00:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-06-20 13:01:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-06-20 13:22:54 | 000,014,535 | ---- | M] () -- C:\ComboFix.txt [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-30 17:23:58 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [2010-08-30 17:30:02 | 000,212,992 | -H-- | M] () -- C:\Documents and Settings\Mis\ntuser.dat.LOG [2010-08-30 17:30:02 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Mis\Recent [2010-08-30 17:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-30 17:22:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-30 17:22:05 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-08-30 17:08:10 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Mis\NTUSER.DAT [2010-08-30 17:08:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mis\ntuser.ini [2010-08-30 17:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar [2010-08-30 17:02:23 | 003,228,728 | -H-- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-30 17:01:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mis\Cookies [2010-08-26 13:06:36 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-25 23:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-25 13:30:50 | 000,021,329 | ---- | M] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 13:30:44 | 000,000,967 | ---- | M] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Pulpit [2010-08-25 13:07:06 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 13:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Pulpit [2010-08-25 12:58:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mis\Ustawienia lokalne [2010-08-25 12:23:03 | 000,077,800 | ---- | M] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:18:57 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 12:18:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 11:42:36 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2010-08-25 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment [2010-08-25 01:04:34 | 000,140,170 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-25 00:22:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2010-08-25 00:01:04 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-24 23:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Performance Toolkit [2010-08-24 23:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Debugging Tools for Windows (x86) [2010-08-24 23:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Application Verifier [2010-08-24 23:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs [2010-08-24 23:29:44 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-24 23:27:46 | 001,065,412 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-24 23:27:46 | 000,484,776 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-24 23:27:46 | 000,426,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-24 23:27:46 | 000,081,252 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-24 23:27:46 | 000,065,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-24 23:27:39 | 000,064,200 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-08-24 23:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2010-08-24 23:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2010-08-24 23:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared [2010-08-24 23:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment.temp [2010-08-24 22:56:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mis\NetHood [2010-08-24 22:54:30 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 14:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010-08-24 14:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Blizzard Entertainment [2010-08-24 13:41:04 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-22 19:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games [2010-08-20 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\Adobe [2010-08-20 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Adobe [2010-08-16 13:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Blizzard Entertainment.temp [2010-08-16 13:00:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-16 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2010-08-16 02:37:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-08-16 02:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2010-08-15 12:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-11 11:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite [2010-08-11 11:37:47 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-09 15:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Gadu-Gadu 10 [2010-08-04 11:34:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-31 15:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010-07-29 17:30:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-29 17:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe [2010-07-29 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-07-29 17:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2010-07-27 15:24:53 | 052,866,156 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-07-27 14:36:11 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-22 18:47:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk [2010-07-22 18:47:52 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-13 13:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-07-13 13:42:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Mis\Dane aplikacji [2010-07-03 21:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2010-07-02 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-07-02 13:25:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Microsoft [2010-07-02 13:25:30 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Mis\Moje dokumenty [2010-07-01 22:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet [2010-07-01 22:11:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-05-23 02:42:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Mis\Dane aplikacji\desktop.ini [2010-05-23 02:42:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-30 17:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-30 17:22:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-30 17:22:05 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-08-30 17:08:10 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Mis\NTUSER.DAT [2010-08-30 17:08:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mis\ntuser.ini [2010-08-30 17:02:23 | 003,228,728 | -H-- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-26 13:06:36 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-25 23:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-25 13:30:50 | 000,021,329 | ---- | M] () -- C:\WINDOWS\SCunin.dat [2010-08-25 13:30:44 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\SCUnin.exe [2010-08-25 13:30:44 | 000,000,967 | ---- | M] () -- C:\WINDOWS\SCUnin.pif [2010-08-25 13:07:06 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Skrót do Wow.lnk [2010-08-25 12:23:03 | 000,077,800 | ---- | M] () -- C:\WINDOWS\War3Unin.dat [2010-08-25 12:18:57 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe [2010-08-25 12:18:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif [2010-08-25 01:04:34 | 000,140,170 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\błąd.JPG [2010-08-25 00:01:04 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-24 23:29:44 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Mis\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-24 23:27:46 | 001,065,412 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-24 23:27:46 | 000,484,776 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-24 23:27:46 | 000,426,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-24 23:27:46 | 000,081,252 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-24 23:27:46 | 000,065,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-24 22:54:30 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk [2010-08-24 13:41:04 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\Side 9 Screensaver.scr [2010-08-16 13:00:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk.temp [2010-08-16 02:37:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-08-15 12:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-11 11:37:47 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-08-04 11:34:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010-07-29 17:30:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-27 15:24:53 | 052,866,156 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\Wygaszacz - dziewczyny myjące monitor.rar [2010-07-27 14:36:11 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Mis\Pulpit\megavideo bez limitu.doc [2010-07-22 18:47:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk [2010-07-22 18:47:52 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-01 22:11:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [color=#E56717]========== LOP Check ==========[/color] [2010-07-01 22:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\BitComet [2010-05-24 18:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adus\Dane aplikacji\ScanSpyware [2010-05-23 03:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-28 20:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-28 20:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\DAEMON Tools Lite [2010-06-10 15:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubus\Dane aplikacji\Gadu-Gadu 10 [2010-07-02 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite [2010-06-20 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10 [2010-07-13 13:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim [2010-05-28 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\DAEMON Tools Lite [2010-05-28 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MuM1N3K\Dane aplikacji\Gadu-Gadu 10 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-23 02:00:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-06-20 13:01:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-06-20 13:22:54 | 000,014,535 | ---- | M] () -- C:\ComboFix.txt [2010-05-23 00:52:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-05-23 00:52:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-13 23:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-30 17:23:58 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 22:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 21:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] log z RSIT [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Mis at 2010-08-30 17:34:34 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 14 GB (58%) free of 25 GB Total RAM: 511 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:36:07, on 2010-08-30 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Mis\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\Mis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wow-europe.com/en/ptr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Skrót do bannerkiller2-[www.legalne.lnk = D:\Programy\Gadu Gadu 10 + GGTuner\bannerkiller2-[www.legalne.info].exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{502E079E-6463-4ABA-B95F-126029ACBA3C}: NameServer = 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\..\{5EB559A3-FBBC-4394-8098-F38D38C31F08}: NameServer = 194.204.152.34 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5386 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll [2010-06-22 734512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Mis\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-21 37376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "Resume copy"=copyfstq.exe /startup [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-06-20 11850344] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\Mis\Menu Start\Programy\Autostart Skrót do bannerkiller2-[www.legalne.lnk - D:\Programy\Gadu Gadu 10 + GGTuner\bannerkiller2-[www.legalne.info].exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "D:\Games\Cs1.6\hl.exe"="D:\Games\Cs1.6\hl.exe:*:Enabled:Half-Life Launcher" "D:\Games\Counter-Strike Source\hl2.exe"="D:\Games\Counter-Strike Source\hl2.exe:*:Enabled:hl2" "D:\Games\Diablo II\Game.exe"="D:\Games\Diablo II\Game.exe:*:Disabled:Diablo II" "D:\Games\Metin 2\metin2.bin"="D:\Games\Metin 2\metin2.bin:*:Enabled:metin2" "D:\Games\Metin 2\metin2client.bin"="D:\Games\Metin 2\metin2client.bin:*:Enabled:metin2client" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "D:\Games\Kyodai\kyodai.exe"="D:\Games\Kyodai\kyodai.exe:*:Enabled:kyodai" "D:\Games\World of Warcraft.temp\World of Warcraft\Launcher.exe"="D:\Games\World of Warcraft.temp\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 2 months====== 2010-08-30 17:34:34 ----D---- C:\rsit 2010-08-30 17:34:34 ----D---- C:\Program Files\trend micro 2010-08-30 17:06:58 ----D---- C:\_OTL 2010-08-25 22:38:37 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS 2010-08-25 15:19:23 ----D---- C:\WINDOWS\Starcraft 2010-08-25 13:30:44 ----A---- C:\WINDOWS\SCUnin.pif 2010-08-25 13:30:43 ----A---- C:\WINDOWS\SCUnin.exe 2010-08-25 12:14:05 ----A---- C:\WINDOWS\War3Unin.pif 2010-08-25 12:14:05 ----A---- C:\WINDOWS\War3Unin.exe 2010-08-25 11:14:11 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment 2010-08-24 23:36:07 ----D---- C:\Program Files\Microsoft Windows Performance Toolkit 2010-08-24 23:35:51 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2010-08-24 23:35:40 ----D---- C:\Program Files\Application Verifier 2010-08-24 23:31:42 ----D---- C:\Program Files\Microsoft SDKs 2010-08-24 23:28:51 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2010-08-24 23:27:05 ----D---- C:\Program Files\MSBuild 2010-08-24 23:26:59 ----D---- C:\WINDOWS\system32\XPSViewer 2010-08-24 23:26:54 ----D---- C:\WINDOWS\system32\en-us 2010-08-24 23:26:53 ----D---- C:\Program Files\Reference Assemblies 2010-08-24 23:26:18 ----N---- C:\WINDOWS\system32\spmsg2.dll 2010-08-24 23:25:25 ----RSD---- C:\WINDOWS\assembly 2010-08-24 23:24:50 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-24 23:08:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment.temp 2010-08-24 13:42:07 ----D---- C:\Program Files\Common Files\Blizzard Entertainment 2010-08-24 13:41:03 ----D---- C:\WINDOWS\system32\Side 9 Screensaver dir 2010-08-22 19:18:46 ----D---- C:\Program Files\Rockstar Games 2010-08-22 19:18:40 ----A---- C:\WINDOWS\IsUninst.exe 2010-08-19 12:20:59 ----A---- C:\WINDOWS\ntbtlog.txt 2010-08-16 13:00:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment.temp 2010-08-16 12:59:36 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard 2010-08-16 02:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-08-16 02:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-08-16 02:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-08-16 02:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-08-16 02:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$ 2010-08-16 02:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-08-16 02:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-08-16 02:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-08-11 11:37:43 ----D---- C:\Program Files\DAEMON Tools Lite 2010-08-03 18:50:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ 2010-07-29 17:29:44 ----D---- C:\Program Files\Common Files\Adobe 2010-07-29 17:29:44 ----D---- C:\Program Files\Adobe 2010-07-29 17:21:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-07-14 10:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-13 13:42:01 ----D---- C:\Documents and Settings\Mis\Dane aplikacji\SpeedSim 2010-07-12 19:11:10 ----SHD---- C:\RECYCLER 2010-07-03 21:49:24 ----D---- C:\Program Files\MSXML 4.0 2010-07-02 13:47:00 ----D---- C:\Documents and Settings\Mis\Dane aplikacji\DAEMON Tools Lite 2010-07-01 22:11:15 ----D---- C:\Downloads 2010-07-01 22:10:58 ----D---- C:\Program Files\BitComet ======List of files/folders modified in the last 2 months====== 2010-08-30 17:34:34 ----RD---- C:\Program Files 2010-08-30 17:22:59 ----D---- C:\WINDOWS\Temp 2010-08-30 17:08:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-30 17:07:20 ----D---- C:\WINDOWS\system32 2010-08-30 17:07:20 ----D---- C:\WINDOWS 2010-08-30 17:03:26 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-08-29 18:17:19 ----SHD---- C:\WINDOWS\CSC 2010-08-25 22:38:38 ----D---- C:\WINDOWS\system32\drivers 2010-08-25 22:38:35 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-25 14:07:37 ----HD---- C:\WINDOWS\inf 2010-08-25 12:47:16 ----D---- C:\WINDOWS\Prefetch 2010-08-25 01:01:46 ----SHD---- C:\WINDOWS\Installer 2010-08-24 23:28:40 ----D---- C:\WINDOWS\system32\pl-pl 2010-08-24 23:28:26 ----D---- C:\WINDOWS\system32\mui 2010-08-24 23:27:59 ----D---- C:\WINDOWS\WinSxS 2010-08-24 23:27:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-24 23:27:03 ----RSD---- C:\WINDOWS\Fonts 2010-08-24 23:26:33 ----D---- C:\WINDOWS\system32\spool 2010-08-24 23:26:20 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-08-24 23:25:01 ----D---- C:\Program Files\Internet Explorer 2010-08-24 23:24:55 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-08-24 23:24:50 ----D---- C:\WINDOWS\pchealth 2010-08-24 14:37:03 ----D---- C:\Program Files\Common Files 2010-08-20 21:46:23 ----D---- C:\Documents and Settings\Mis\Dane aplikacji\Adobe 2010-08-16 02:37:20 ----A---- C:\WINDOWS\imsins.BAK 2010-08-16 02:37:09 ----D---- C:\WINDOWS\ie7updates 2010-08-16 02:36:59 ----HD---- C:\WINDOWS\$hf_mig$ 2010-08-16 02:35:25 ----D---- C:\Program Files\Movie Maker 2010-08-09 15:43:03 ----D---- C:\Program Files\Gadu-Gadu 10 2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-31 15:13:01 ----D---- C:\Program Files\Mozilla Firefox 2010-07-30 10:54:50 ----D---- C:\WINDOWS\Minidump 2010-07-27 08:30:33 ----A---- C:\WINDOWS\system32\shell32.dll 2010-07-02 13:25:30 ----SD---- C:\Documents and Settings\Mis\Dane aplikacji\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2010-03-19 12112] R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2010-06-28 188168] R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688] R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2003-04-21 52608] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-26 721904] R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2010-06-28 99280] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992] S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-06-28 312912] S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] S3 adie4br2;adie4br2; C:\WINDOWS\system32\drivers\adie4br2.sys [] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] S3 catchme;catchme; \??\C:\DOCUME~1\Mis\USTAWI~1\Temp\catchme.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-06-28 119200] S2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- [/log] i info [log] info.txt logfile of random's system information tool 1.08 2010-08-30 17:36:08 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Reader 9.3.3 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001} Aktualizacja dla systemu Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Application Verifier-->MsiExec.exe /I{39556553-8C77-4C5E-8F30-4083274948A2} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe avast! Internet Security-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup BitComet 1.22-->C:\Program Files\BitComet\uninst.exe CWK (Czasowy Wyłącznik Komputera)-->"C:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall Debugging Tools for Windows (x86)-->MsiExec.exe /I{D09605BE-5587-4B0C-86C8-69B5092CB80F} EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Grand Theft Auto-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rockstar Games\Grand Theft Auto\Uninst.isu" Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{036FD544-AED6-3F33-856D-A2292D0CF471} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{7C77393F-8237-3825-A88A-AFAF3C69C072} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - plk-->MsiExec.exe /I{F31E509D-3597-324E-83CF-0C160B2320F0} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} Microsoft Windows Performance Toolkit-->MsiExec.exe /I{E7F9E526-2324-437B-A609-E8C5309465CB} Microsoft Windows SDK for Windows 7 (7.1)-->"C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\Setup.exe" -x "-source:http://download.microsoft.com/download/A/6/A/A6AC035D-DA3F-4F0C-ADA4-37C8E5D34E3D/setup;C:\Program Files\Microsoft SDKs\Windows\v7.1\;C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\1033\;http://download.microsoft.com/download/A/6/A/A6AC035D-DA3F-4F0C-ADA4-37C8E5D34E3D/setup/WinSDK/" Mozilla ActiveX Control v1.7.1-->C:\Program Files\Mozilla ActiveX Control v1.7.1\uninst.exe Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1045 Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - plk\setup.exe Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15 -removeonly ScanSpyware 3.9.1.9-->"C:\Program Files\ScanSpyware\3.9.1.9\unins000.exe" Side 9 Screensaver-->C:\WINDOWS\system32\Side 9 Screensaver.scr /u Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat TotalCopy 1.2 (Luki Edition)-->C:\WINDOWS\iun6002.exe "C:\WINDOWS\irunin.ini" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======System event log====== Computer Name: MISIEK Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free. Record Number: 644 Source Name: EventLog Time Written: 20100820204750.000000+120 Event Type: informacje User: Computer Name: MISIEK Event Code: 7036 Message: Usługa Zgodność szybkiego przełączania użytkowników weszła w stan uruchomienia. Record Number: 643 Source Name: Service Control Manager Time Written: 20100820204655.000000+120 Event Type: informacje User: Computer Name: MISIEK Event Code: 7035 Message: Do usługi Zgodność szybkiego przełączania użytkowników został pomyślnie wysłany kod sterowania uruchom. Record Number: 642 Source Name: Service Control Manager Time Written: 20100820204655.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: MISIEK Event Code: 7036 Message: Usługa Usługi terminalowe weszła w stan uruchomienia. Record Number: 641 Source Name: Service Control Manager Time Written: 20100820204655.000000+120 Event Type: informacje User: Computer Name: MISIEK Event Code: 7036 Message: Usługa Karta wydajności WMI weszła w stan zatrzymania. Record Number: 640 Source Name: Service Control Manager Time Written: 20100820204652.000000+120 Event Type: informacje User: =====Application event log===== Computer Name: MISIEK Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 902 Source Name: SecurityCenter Time Written: 20100808220554.000000+120 Event Type: informacje User: Computer Name: MISIEK Event Code: 4609 Message: Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. Record Number: 901 Source Name: EventSystem Time Written: 20100808201538.000000+120 Event Type: błąd User: Computer Name: MISIEK Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 900 Source Name: SecurityCenter Time Written: 20100808194045.000000+120 Event Type: informacje User: Computer Name: MISIEK Event Code: 4609 Message: Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. Record Number: 899 Source Name: EventSystem Time Written: 20100808184615.000000+120 Event Type: błąd User: Computer Name: MISIEK Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 898 Source Name: SecurityCenter Time Written: 20100808184430.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- [/log] btw. po co miałem daemona usunąć ? [color="#FF0000"]//Ja nie kazałem usuwać Deamona //Miałeś odinstalować Deamon Tools Toolbar. //Tom01[/color]
Tomek01 komentarz 30 sierpnia 2010 komentarz 30 sierpnia 2010 W logach nic niepokojącego nie widzę. W OTL użyj funkcji Clean Up. Profilaktycznie, dla pewności wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
misiek249 komentarz 30 sierpnia 2010 Autor komentarz 30 sierpnia 2010 (edytowane) co do przskanowania to zaraz to zrobie , ale mam pytanko , czemu uważasz że to wirusy ? na komputerze ciągle działa avast , był robiony format kilka krotnie (nawet kilka razy z rzędu ) dysk był zerowany, moim zdaniem to któryś z podzespołów , płyta główna lub dysk , miałem pokazać informacje z plików minidump ale nie mogę otworzyć programu ;/ EDIT: skanowanie nic nie wykazało
Tomek01 komentarz 30 sierpnia 2010 komentarz 30 sierpnia 2010 Więc mamy pewność, że infekcji nie ma. Udaj się z problemem do subforum: BSOD
misiek249 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 ten temat tam był , tylko został tu przeniesiony -_- , można by go tam z powrotem przenieść ? [color="#0000FF"]//Przenoszę, wirusów nie ma. //Tom01[/color]udało mi się uruchomić program na 2 komputerze , także zamieszczam wykazy z plików minidump mam nadzieje że jest to dobrze zrobione , starałem się nie wklejać powtarzających się [log] Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Probably caused by : srv.sys ( srv!WorkerThread+68 ) Followup: MachineOwner --------- [/log] [log] * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : kmixer.sys ( kmixer!MxPrivateWorkerThread+da ) Followup: MachineOwner [/log] [log] Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 4000, 0, 0} Probably caused by : nv4_disp.dll ( nv4_disp+373d ) Followup: MachineOwner [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : kmixer.sys ( kmixer!MxPrivateWorkerThread+da ) Followup: MachineOwner [/log] trochę inny błąd [log] * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: starcraft.exe LAST_CONTROL_TRANSFER: from 004d940f to 004599a1 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 0012fe44 004d940f 004d9914 0012b4a2 0012fe6c 0x4599a1 0012fe5c 004d9a6f 0000000a 00000001 0012fe8c 0x4d940f 0012fe6c 004e07fa 00000004 004e09ac 7c80b741 0x4d9a6f 0012fe8c 004e0b20 00000000 0012ffc0 00404da5 0x4e07fa 0012fe98 00404da5 00400000 00000000 00152395 0x4e0b20 0012ffd0 8054b6b8 0012ffc8 81d9a540 ffffffff 0x404da5 0012fff0 00000000 00404c21 00000000 00000000 nt!ExFreePoolWithTag+0x676 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : kmixer.sys ( kmixer!MxPrivateWorkerThread+da ) Followup: MachineOwner --------- [/log] [log] Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TRAP_CAUSE_UNKNOWN (12) Arguments: Arg1: 00000001, Unexpected interrupt. Arg2: 00000000, Unknown floating point exception. Arg3: 00000000, The enabled and asserted status bits (see processor definition). Arg4: 00000000 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x12 PROCESS_NAME: AvastSvc.exe LAST_CONTROL_TRANSFER: from 68301ba2 to 68303286 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 077ffaf8 68301ba2 077ffb0c 077ffc48 6510d735 0x68303286 077ffafc 077ffb0c 077ffc48 6510d735 077ffb40 0x68301ba2 077ffb00 077ffc48 6510d735 077ffb40 00000400 0x77ffb0c 077ffb0c 00000000 077ffc48 09c966dc 08fe56f8 0x77ffc48 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : ntoskrnl.exe ( nt!KiSwapThread+68 ) Followup: MachineOwner --------- [/log] ten się kilkakrotnie powtarza [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : kmixer.sys ( kmixer!MxPrivateWorkerThread+da ) Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 3 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: hl.exe LAST_CONTROL_TRANSFER: from 00000000 to 01d1696b STACK_TEXT: 0013faa0 00000000 02c4ffb0 00ae4dc8 02e62754 0x1d1696b STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log] ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: hl.exe LAST_CONTROL_TRANSFER: from 6973c4bd to 7c901015 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 0013fa0c 6973c4bd 69cea188 00000040 00000002 0x7c901015 0013fa10 69cea188 00000040 00000002 69845c71 0x6973c4bd 0013fa14 00000000 00000002 69845c71 00000223 0x69cea188 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner ---------[/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Unable to load image aswSP.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for aswSP.SYS *** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS Probably caused by : swmidi.sys ( swmidi!MIDIRecorder::InitTables+d ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : ntoskrnl.exe ( nt!KiSwapThread+68 ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TRAP_CAUSE_UNKNOWN (12) Arguments: Arg1: 00000001, Unexpected interrupt. Arg2: 00000000, Unknown floating point exception. Arg3: 00000000, The enabled and asserted status bits (see processor definition). Arg4: 00000000 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 3 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x12 PROCESS_NAME: AvastSvc.exe LAST_CONTROL_TRANSFER: from 68301fa2 to 683047c8 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 079bfaf8 68301fa2 079bfb0c 079bfc48 6510d735 0x683047c8 079bfafc 079bfb0c 079bfc48 6510d735 079bfb40 0x68301fa2 079bfb00 079bfc48 6510d735 079bfb40 00000400 0x79bfb0c 079bfb0c 00000000 079bfc48 ac174e22 00cc9df0 0x79bfc48 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: AvastSvc.exe LAST_CONTROL_TRANSFER: from 64207f8f to 64208580 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 0406668c 64207f8f 06c7c008 00021000 00ca2248 0x64208580 04066690 06c7c008 00021000 00ca2248 00ca22c8 0x64207f8f 04066694 00021000 00ca2248 00ca22c8 00000010 0x6c7c008 04066698 00ca2248 00ca22c8 00000010 00021000 0x21000 0406669c 00ca22c8 00000010 00021000 00ca2248 0xca2248 040666a0 00000000 00021000 00ca2248 04066700 0xca22c8 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 100, 0, 0} Probably caused by : tcpip.sys ( tcpip!InsertIntoTimerWheel+ac ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : ntoskrnl.exe ( nt!KeWaitForSingleObject+2e5 ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : memory_corruption ( nt!MmCheckCachedPageState+461 ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TRAP_CAUSE_UNKNOWN (12) Arguments: Arg1: 00000001, Unexpected interrupt. Arg2: 00000000, Unknown floating point exception. Arg3: 00000000, The enabled and asserted status bits (see processor definition). Arg4: 00000000 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x12 PROCESS_NAME: gg.exe LAST_CONTROL_TRANSFER: from 00000000 to 058a50ab STACK_TEXT: 0012a940 00000000 00000002 00000002 00000000 0x58a50ab STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TRAP_CAUSE_UNKNOWN (12) Arguments: Arg1: 00000001, Unexpected interrupt. Arg2: 00000000, Unknown floating point exception. Arg3: 00000000, The enabled and asserted status bits (see processor definition). Arg4: 00000000 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x12 PROCESS_NAME: AvastSvc.exe LAST_CONTROL_TRANSFER: from 2f95c994 to 07b417f2 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 084afa44 2f95c994 0946b090 05a26898 08026bc8 0x7b417f2 084afa48 0946b090 05a26898 08026bc8 00000000 0x2f95c994 084afa4c 05a26898 08026bc8 00000000 00000000 0x946b090 084afa50 08026bc8 00000000 00000000 084afcbc 0x5a26898 084afa54 00000000 00000000 084afcbc 00000000 0x8026bc8 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 10000012, {1, 100, 0, 0} Unable to load image nv4_disp.dll, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nv4_disp.dll *** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll Probably caused by : nv4_disp.dll ( nv4_disp+b5474 ) Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Unable to load image nv4_disp.dll, Win32 error 0n2 *** WARNING: Unable to verify timestamp for nv4_disp.dll *** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll Probably caused by : nv4_disp.dll ( nv4_disp+b5474 ) Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : win32k.sys ( win32k!RawInputThread+4f3 ) Followup: MachineOwner --------- [/log] [log] Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: hl.exe LAST_CONTROL_TRANSFER: from 019643e4 to 019b462a STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 0013ed48 019643e4 05feb9ac 01a21490 01a20f90 0x19b462a 0013ed4c 05feb9ac 01a21490 01a20f90 f5b5bf10 0x19643e4 0013ed50 01a21490 01a20f90 f5b5bf10 02c3c130 0x5feb9ac 0013ed54 01a20f90 f5b5bf10 02c3c130 42d01000 0x1a21490 0013ed58 f5b5bf10 02c3c130 42d01000 01a2e800 0x1a20f90 0013ed5c 02c3c130 42d01000 01a2e800 01a32208 0xf5b5bf10 0013ed60 42d01000 01a2e800 01a32208 0000000b 0x2c3c130 0013ed64 01a2e800 01a32208 0000000b 3feff7ce 0x42d01000 0013ed68 01a32208 0000000b 3feff7ce 00000000 0x1a2e800 0013ed6c 00000000 3feff7ce 00000000 05feb390 0x1a32208 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] [log]Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE ) Followup: MachineOwner --------- kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000f, EXCEPTION_RESERVED_TRAP Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_f CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: AvastSvc.exe LAST_CONTROL_TRANSFER: from 6420813f to 64208730 STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. 041161f8 6420813f 06ca0008 00099000 00c474d0 0x64208730 041161fc 06ca0008 00099000 00c474d0 00c47550 0x6420813f 04116200 00099000 00c474d0 00c47550 00000010 0x6ca0008 04116204 00c474d0 00c47550 00000010 00099000 0x99000 04116208 00c47550 00000010 00099000 00c474d0 0xc474d0 0411620c 00000000 00099000 00c474d0 04116270 0xc47550 STACK_COMMAND: kb SYMBOL_NAME: ANALYSIS_INCONCLUSIVE FOLLOWUP_NAME: MachineOwner MODULE_NAME: Unknown_Module IMAGE_NAME: Unknown_Image DEBUG_FLR_IMAGE_TIMESTAMP: 0 BUCKET_ID: INVALID_KERNEL_CONTEXT Followup: MachineOwner --------- [/log] w razie potrzeby umieszczam też cały wykaz [log] Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\inne\minidump\Mini073010-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 2600.xpsp_sp3_gdr.100216-1514 Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0 Debug session time: Fri Jul 30 10:53:47.578 2010 (UTC + 2:00) System Uptime: 0 days 0:05:53.172 Loading Kernel Symbols ............................................................... .................................................... Loading User Symbols Loading unloaded module list ......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007F, {f, 0, 0, 0} Probably caused by : kmixer.sys ( kmixer!DitherFloatToLong+c9 ) Followup: MachineOwner --------- [/log]
raazor90 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 [quote]Probably caused by : kmixer.sys ( kmixer!MxPrivateWorkerThread+da )[/quote] Problem z sterownikiem karty dźwiękowej, spróbuj reinstalacji lub aktualizacji
misiek249 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 przeinstalowałem system, bo stary się zepsuł przez deinstalacje sterowników , zainstalowałem najnowsze i nadal to samo , zacina się
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.