piterq1991 Opublikowano 11 Kwietnia 2010 Zgłoś Opublikowano 11 Kwietnia 2010 (edytowane) Witam! Proszę o sprawdzenie loga OLT. Po skanie combofixem już gdy ma wygenerować loga to następuje blue screen i muszę restartować komputer. Mam jeszcze taki problem iż w 80% podczas gdy wyłączam PC, kliknę zamknij komputer normalnie chodzi po czym dopiero po ok 2 minutach następuje jego zamykanie. Czasem od razu się wyłącza, ale rzadziej. OTL logfile created on: 2010-04-11 23:13:12 - Run 1OTL by OldTimer - Version 3.2.1.1 Folder = e:\Documents and Settings\Dwojakowski\PulpitWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File freePaging file location(s): D:\pagefile.sys 1600 2043 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = e:\Program FilesDrive C: | 8,00 Gb Total Space | 4,72 Gb Free Space | 58,98% Space Free | Partition Type: NTFSDrive D: | 2,00 Gb Total Space | 0,43 Gb Free Space | 21,70% Space Free | Partition Type: FAT32Drive E: | 20,00 Gb Total Space | 12,83 Gb Free Space | 64,13% Space Free | Partition Type: NTFSDrive F: | 60,00 Gb Total Space | 29,22 Gb Free Space | 48,70% Space Free | Partition Type: NTFSDrive G: | 253,08 Gb Total Space | 71,79 Gb Free Space | 28,37% Space Free | Partition Type: NTFSDrive H: | 253,09 Gb Total Space | 184,14 Gb Free Space | 72,76% Space Free | Partition Type: NTFSDrive I: | 15,12 Gb Total Space | 5,37 Gb Free Space | 35,51% Space Free | Partition Type: NTFS Computer Name: ASUS_P5W64Current User Name: DwojakowskiLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exePRC - [2010-04-03 15:01:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\Raxco\PerfectDisk10\PDAgent.exePRC - [2009-12-06 20:32:20 | 000,006,144 | ---- | M] () -- G:\Programy\bannerkiller2.exePRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exePRC - [2009-06-04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINXP\system32\Ctxfihlp.exePRC - [2009-06-04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINXP\system32\CTxfispi.exePRC - [2009-04-10 19:30:40 | 001,435,488 | ---- | M] (Nullsoft) -- E:\Program Files\Winamp\winamp.exePRC - [2009-04-07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- e:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\Shared Files\CTAudSvc.exePRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)SRV - File not found [On_Demand | Stopped] -- -- (UPS)SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)SRV - [2010-01-26 14:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- e:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)SRV - [2010-01-26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- e:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)SRV - [2009-06-16 22:49:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- e:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2009-04-07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- e:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- E:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-03 22:06:36 | 000,010,454 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\parldr2k.sys -- (PARLDR2K)DRV - [2010-02-03 19:08:41 | 000,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINXP\system32\drivers\dk2drv.sys -- (dk2drv)DRV - [2010-01-13 01:27:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ggsemc.sys -- (ggsemc)DRV - [2010-01-13 01:27:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ggflt.sys -- (ggflt)DRV - [2009-08-20 11:11:30 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\DefragFs.sys -- (DefragFS)DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\pavboot.sys -- (pavboot)DRV - [2009-06-16 23:31:05 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\sptd.sys -- (sptd)DRV - [2009-06-10 00:45:00 | 000,329,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2009-06-04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009-06-04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009-06-04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009-06-04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009-06-04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009-06-04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2009-06-04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009-06-04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009-06-04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009-06-04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009-06-04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009-06-04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009-06-04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009-06-04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2009-04-30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-04-21 10:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\yk51x86.sys -- (yukonwxp)DRV - [2009-04-07 16:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\purendis.sys -- (purendis)DRV - [2009-04-07 16:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\pnarp.sys -- (pnarp)DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)DRV - [2009-03-19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2006-10-19 03:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINXP\system32\drivers\AsIO.sys -- (AsIO)DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINXP\system32\speedfan.sys -- (speedfan)DRV - [2006-08-29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\prodigy.sys -- (PRODIGY)DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ASACPI.sys -- (MTsensor)DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]Google[/url]IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = [url=http://www.google.com/search?q=%s]%s - Google Search[/url]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.openintab: trueFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://poczta.onet.pl/"FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010-04-03 15:01:16 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010-04-03 15:01:16 | 000,000,000 | ---D | M] [2009-06-16 22:56:01 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Extensions[2010-04-11 08:02:56 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions[2010-02-05 15:08:02 | 000,000,000 | ---D | M] (Forecastfox) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}[2010-03-29 18:12:48 | 000,000,000 | ---D | M] (FlashGot) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}[2010-02-10 19:17:37 | 000,000,000 | ---D | M] (Image Zoom) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}[2010-02-09 18:37:19 | 000,000,000 | ---D | M] (Aero Fox) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}[2010-02-24 00:38:52 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}[2010-04-06 23:40:40 | 000,000,000 | ---D | M] (Adblock Plus) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009-10-20 19:11:55 | 000,000,000 | ---D | M] (ImageTweak) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}[2009-10-20 19:11:55 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2010-04-10 16:22:08 | 000,000,000 | ---D | M] (Greasemonkey) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}[2010-03-16 16:55:17 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\nasanightlaunch@example.com[2010-02-24 00:38:52 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\noia2_option@kk.noia[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions[2010-04-08 14:15:07 | 000,000,000 | ---D | M] -- e:\Program Files\Mozilla Firefox\extensions[2010-03-12 00:57:34 | 000,002,767 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-03-12 00:57:34 | 000,001,406 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-12 00:57:34 | 000,000,917 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-12 00:57:34 | 000,000,858 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-12 00:57:34 | 000,001,183 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-12 00:57:34 | 000,001,683 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-12-15 23:07:04 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com)O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll (www.flashget.com)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - e:\Documents and Settings\Dwojakowski\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - e:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - e:\Program Files\IEPro\IEProRecorder.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - e:\Program Files\IEPro\IEProRecorder.dll ()O4 - HKLM..\Run: [CTxfiHlp] C:\WINXP\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - Startup: e:\Documents and Settings\Dwojakowski\Menu Start\Programy\Autostart\BannerKiller2.lnk = G:\Programy\bannerkiller2.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\JC_LINK.HTM ()O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\JC_ALL.HTM ()O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab][url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url][/url] (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [url=http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab][url=http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab]http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab[/url][/url] (Creative Software AutoUpdate Support Package)O16 - DPF: Microsoft XML Parser for Java file:///C:/WINXP/Java/classes/xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 111.111.111.111 222.222.222.222O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - e:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO24 - Desktop BackupWallPaper: e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-16 17:30:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINXP\System32\PDBoot.exe (Raxco Software, Inc.)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-11 23:12:45 | 000,561,664 | ---- | C] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe[2010-04-11 23:04:27 | 000,000,000 | RH-D | C] -- e:\Documents and Settings\Dwojakowski\Recent[2010-04-07 00:32:14 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Simple Adblock[2010-04-07 00:32:13 | 000,000,000 | ---D | C] -- e:\Program Files\Common Files\Simple Adblock[2010-04-07 00:28:38 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\GrabPro[2010-04-07 00:28:36 | 000,000,000 | ---D | C] -- e:\Program Files\IEPro[2010-04-07 00:28:36 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\IEPro[2010-04-06 23:58:37 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Moje dokumenty\Pobieranie[2010-04-05 14:47:42 | 000,000,000 | R--D | C] -- e:\Documents and Settings\Dwojakowski\Moje dokumenty\Moja muzyka[2010-04-05 14:07:12 | 000,000,000 | ---D | C] -- e:\Documents and Settings\All Users\Dokumenty\S.T.A.L.K.E.R. - Zew Prypeci[2010-03-28 22:42:49 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINXP\System32\drivers\pavboot.sys[2010-03-28 22:42:23 | 000,000,000 | ---D | C] -- e:\Program Files\Panda Security[2010-03-18 23:42:13 | 001,774,080 | ---- | C] (Gabest) -- e:\Documents and Settings\Dwojakowski\Pulpit\mplayerc.exe[2010-03-16 21:12:02 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Pulpit\kosz ktm[2009-06-26 10:58:05 | 000,000,000 | --SD | M] -- e:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-06-16 23:36:20 | 000,000,000 | --SD | M] -- e:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2009-06-16 17:30:37 | 000,000,000 | --SD | M] -- e:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-06-16 17:30:37 | 000,000,000 | --SD | M] -- e:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[2008-10-07 23:42:42 | 000,060,928 | ---- | C] ( ) -- C:\WINXP\System32\a3d.dll[4 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe[2010-04-11 23:10:50 | 005,767,168 | -H-- | M] () -- e:\Documents and Settings\Dwojakowski\NTUSER.DAT[2010-04-11 23:10:07 | 000,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT[2010-04-11 23:10:05 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat[2010-04-11 23:04:53 | 000,055,612 | ---- | M] () -- C:\WINXP\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:53 | 000,055,612 | ---- | M] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:53 | 000,000,788 | ---- | M] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:31 | 000,000,188 | -HS- | M] () -- e:\Documents and Settings\Dwojakowski\ntuser.ini[2010-04-11 23:04:27 | 004,841,834 | -H-- | M] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-04-11 23:03:50 | 003,911,676 | R--- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\ComboFix.exe[2010-04-11 22:59:03 | 003,329,121 | ---- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\stromae - alors on danse.mp3[2010-04-11 22:11:17 | 000,000,470 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{DC5D16C0-B1D7-44BB-AB85-78DB670F0CBA}.job[2010-04-10 16:21:11 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl[2010-04-08 14:19:11 | 042,281,152 | ---- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\avira_antivir_personal_en.exe[2010-04-07 21:08:51 | 000,001,729 | ---- | M] () -- e:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk[2010-04-05 14:07:38 | 000,000,715 | ---- | M] () -- e:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk[2010-03-29 23:59:26 | 000,001,572 | ---- | M] () -- C:\WINXP\System32\settingsbkup.sfm[2010-03-29 23:59:26 | 000,001,572 | ---- | M] () -- C:\WINXP\System32\settings.sfm[2010-03-18 23:45:00 | 000,000,155 | ---- | M] () -- C:\WINXP\NeroDigital.ini[2010-03-17 13:49:35 | 000,053,992 | ---- | M] () -- C:\WINXP\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[2010-03-17 13:49:35 | 000,053,992 | ---- | M] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[2010-03-17 13:49:35 | 000,000,788 | ---- | M] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[4 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-11 23:03:43 | 003,911,676 | R--- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\ComboFix.exe[2010-04-11 22:16:21 | 003,329,121 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\stromae - alors on danse.mp3[2010-04-08 14:16:13 | 042,281,152 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\avira_antivir_personal_en.exe[2010-04-05 14:07:38 | 000,000,715 | ---- | C] () -- e:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk[2010-03-17 15:46:38 | 000,055,612 | ---- | C] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-03-17 15:46:38 | 000,000,788 | ---- | C] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-02-25 19:53:37 | 000,004,085 | ---- | C] () -- C:\WINXP\SONYMAP.INI[2010-02-03 19:08:40 | 002,325,304 | ---- | C] () -- C:\WINXP\System32\DK2INST.DLL[2009-12-31 19:04:07 | 000,002,272 | ---- | C] () -- e:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2009-12-21 16:43:39 | 008,892,928 | ---- | C] () -- e:\Documents and Settings\All Users\Dane aplikacji\atscie.msi[2009-10-20 02:23:46 | 000,178,960 | ---- | C] () -- C:\WINXP\System32\xlive.dll.cat[2009-09-30 19:28:04 | 000,002,199 | ---- | C] () -- C:\WINXP\apcs_bak.ini[2009-09-30 19:22:19 | 000,002,204 | ---- | C] () -- C:\WINXP\apcs.ini[2009-06-25 16:51:03 | 000,000,083 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\FASTWiz.log[2009-06-25 12:28:53 | 000,168,448 | ---- | C] () -- C:\WINXP\System32\unrar.dll[2009-06-25 12:28:53 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini[2009-06-25 12:28:52 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll[2009-06-25 12:28:52 | 000,881,664 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll[2009-06-25 12:28:52 | 000,205,824 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll[2009-06-25 12:28:51 | 000,085,504 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll[2009-06-25 12:28:51 | 000,000,547 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll.manifest[2009-06-18 22:50:41 | 000,008,704 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-06-18 22:49:11 | 000,000,067 | ---- | C] () -- C:\WINXP\#1 Video Converter.INI[2009-06-17 13:38:36 | 000,000,155 | ---- | C] () -- C:\WINXP\NeroDigital.ini[2009-06-16 23:38:47 | 000,190,976 | ---- | C] () -- C:\WINXP\System32\WgaLogon.dll[2009-06-16 23:31:05 | 000,685,816 | ---- | C] () -- C:\WINXP\System32\drivers\sptd.sys[2009-06-16 23:30:45 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\AsIO.dll[2009-06-16 23:30:45 | 000,012,664 | ---- | C] () -- C:\WINXP\System32\drivers\AsIO.sys[2009-06-16 23:30:44 | 000,012,096 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp64.sys[2009-06-16 23:30:44 | 000,010,304 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp32.sys[2009-06-16 23:30:28 | 000,005,810 | ---- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys[2009-06-16 22:56:59 | 000,000,687 | ---- | C] () -- e:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log[2009-06-16 17:33:01 | 005,767,168 | -H-- | C] () -- e:\Documents and Settings\Dwojakowski\NTUSER.DAT[2009-06-16 17:33:01 | 000,020,480 | -H-- | C] () -- e:\Documents and Settings\Dwojakowski\ntuser.dat.LOG[2009-06-16 17:33:01 | 000,000,188 | -HS- | C] () -- e:\Documents and Settings\Dwojakowski\ntuser.ini[2009-06-04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINXP\System32\instwdm.ini[2009-06-04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINXP\System32\ctzapxx.ini[2009-06-04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINXP\CTXFIRES.DLL[2009-05-01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll[2009-05-01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINXP\System32\nview.dll[2009-05-01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll[2009-05-01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll[2008-10-07 23:41:40 | 000,002,560 | ---- | C] () -- C:\WINXP\System32\CtxfiRes.dll[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINXP\System32\physxcudart_20.dll[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelTraditionalChinese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSwedish.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSpanish.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSimplifiedChinese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelPortugese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelKorean.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelJapanese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelGerman.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelFrench.dll[2008-08-19 18:39:18 | 000,000,285 | ---- | C] () -- C:\WINXP\System32\kill.ini[2001-08-29 15:11:40 | 000,398,848 | R--- | C] () -- C:\WINXP\System32\DK2WIN32.DLL[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINXP\System32\giveio.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 281 bytes -> e:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13< End of report > dodam, że dzieje się tak już od dłuższego czasu. Z wyłączaniem trochę krócej, a z CF od dłuższego czasu taki problem mam. Edytowane 11 Kwietnia 2010 przez piterq1991 Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 12 Kwietnia 2010 Zgłoś Opublikowano 12 Kwietnia 2010 Po co zakladasz kolejny temat? Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
piterq1991 Opublikowano 12 Kwietnia 2010 Zgłoś Opublikowano 12 Kwietnia 2010 Gdyż jest to inny komupter i nie chciałem mieszać z logami. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 13 Kwietnia 2010 Zgłoś Opublikowano 13 Kwietnia 2010 > Po skanie combofixem już gdy ma wygenerować loga to następuje blue screen i muszę restartować komputer W trybie awaryjnym rowniez? > Mam jeszcze taki problem iż w 80% podczas gdy wyłączam PC, kliknę zamknij komputer normalnie chodzi po czym dopiero po ok 2 minutach następuje jego zamykanie. Czasem od razu się wyłącza, ale rzadziej. Sprawdz czy zainstalowanie: http://www.microsoft.com/downloads/details.aspx?displaylang=pl&FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582 cos zmieni. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
piterq1991 Opublikowano 13 Kwietnia 2010 Zgłoś Opublikowano 13 Kwietnia 2010 Zainstalowałem ten plik. Dwa restarty i jedno wyłączenie poszło już tak jak należy. Zobaczymy czy tak zostanie. I w trybie awaryjnym udało się CF uruchomić i poszedł sprawnie. Zamieszczam loga z niego: ComboFix 10-04-10.02 - Dwojakowski 2010-04-13 23:13:42.13.2 - x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1787 [GMT 2:00]Uruchomiony z: e:\documents and settings\Dwojakowski\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\winxp\system32\srsvc.dll . . . jest zainfekowany!!.((((((((((((((((((((((((( Pliki utworzone od 2010-03-13 do 2010-04-13 ))))))))))))))))))))))))))))))).2010-04-13 21:15 . 2010-04-13 21:15 53248 ----a-w- e:\documents and settings\Temp\catchme.dll2010-04-13 21:05 . 2010-04-13 21:05 -------- d-----w- e:\program files\Your Uninstaller 20102010-04-13 20:58 . 2010-04-13 20:58 -------- d-----w- e:\program files\UPHClean2010-04-06 22:32 . 2010-04-06 22:32 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\Simple Adblock2010-04-06 22:32 . 2010-04-06 22:32 -------- d-----w- e:\program files\Common Files\Simple Adblock2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\GrabPro2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\program files\IEPro2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\IEPro.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-13 21:09 . 2009-06-16 21:53 -------- d---a-w- e:\documents and settings\All Users\Dane aplikacji\TEMP2010-04-13 21:07 . 2009-10-22 22:37 -------- d-----w- e:\program files\FlashGet2010-04-13 21:05 . 2009-06-16 21:53 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\URSoft2010-04-08 15:25 . 2010-01-22 12:02 -------- d-----w- e:\program files\SpeedFan2010-03-29 19:30 . 2009-06-16 20:50 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\Creative2010-03-21 17:27 . 2009-12-16 17:18 -------- d-----w- e:\program files\Gadu-Gadu 102010-03-10 22:46 . 2010-03-10 22:46 -------- d-----w- e:\program files\Microsoft Silverlight2010-03-07 21:16 . 2009-06-16 21:41 -------- d-----w- e:\program files\Common Files\Adobe2010-03-01 18:51 . 2009-06-16 21:34 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\Microsoft Help2010-02-03 20:06 . 2010-02-03 20:06 10454 ----a-w- c:\winxp\system32\drivers\parldr2k.sys2010-01-26 12:46 . 2010-01-26 12:46 232712 ----a-w- c:\winxp\system32\PDBoot.exe.------- Sigcheck -------[-] 2009-06-16 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\drivers\tcpip.sys[-] 2009-06-16 . D4272D94DD8D6DC9AA0293ADA00DDC7B . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dllc:\winxp\System32\srsvc.dll ... - brak elementu !!c:\winxp\System32\wscntfy.exe ... - brak elementu !!c:\winxp\System32\regsvc.dll ... - brak elementu !!.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2009-06-09 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_3"="advpack.dll" [2009-06-09 128512]e:\documents and settings\Dwojakowski\Menu Start\Programy\Autostart\BannerKiller2.lnk - g:\programy\bannerkiller2.exe [2009-12-15 6144][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"ForceClassicControlPanel"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"StartMenuLogoff"= 1 (0x1)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"nvsvc"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="e:\\Program Files\\Gadu-Gadu\\gg.exe"="f:\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="e:\\Program Files\\FlashGet\\flashget.exe"="e:\\Program Files\\Gadu-Gadu 10\\gg.exe"="e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="f:\\DiRT2\\dirt2_game.exe"="e:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="f:\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\xrEngine.exe"="f:\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\dedicated\\xrEngine.exe"="e:\\Program Files\\IEPro\\MiniDM.exe"=S0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [2009-06-16 685816]S1 dk2drv;DK2 WindowsNT Driver;c:\winxp\system32\drivers\dk2drv.sys [2010-02-03 49720]S2 PARLDR2K;ParLdr2k;c:\winxp\system32\drivers\parldr2k.sys [2010-02-03 10454]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;e:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-16 79360]S3 CT20XUT.SYS;CT20XUT.SYS;c:\winxp\system32\drivers\CT20XUT.sys [2008-10-08 171032]S3 CT20XUT;CT20XUT;c:\winxp\system32\drivers\CT20XUT.sys [2008-10-08 171032]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\winxp\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]S3 CTEXFIFX;CTEXFIFX;c:\winxp\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\winxp\system32\drivers\CTHWIUT.sys [2008-10-08 72728]S3 CTHWIUT;CTHWIUT;c:\winxp\system32\drivers\CTHWIUT.sys [2008-10-08 72728]S3 ggflt;SEMC USB Flash Driver Filter;c:\winxp\system32\drivers\ggflt.sys [2010-01-13 13224]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\winxp\system32\drivers\nmwcdnsu.sys [2010-02-03 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\winxp\system32\drivers\nmwcdnsuc.sys [2010-02-03 8320]S3 PRODIGY;PRODIGY;c:\winxp\system32\drivers\prodigy.sys [2009-06-26 32377][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Zawartość folderu 'Zaplanowane zadania'2010-04-13 c:\winxp\Tasks\User_Feed_Synchronization-{DC5D16C0-B1D7-44BB-AB85-78DB670F0CBA}.job- c:\winxp\system32\msfeedssync.exe [2009-06-09 22:45]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: &Ściągnij przy pomocy FlashGet'a - e:\program files\FlashGet\jc_link.htmIE: &Ściągnij wszystko przy pomocy FlashGet'a - e:\program files\FlashGet\jc_all.htmIE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: Microsoft XML Parser for Java - file:///C:/WINXP/Java/classes/xmldso.cabFF - ProfilePath - e:\documents and settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://poczta.onet.pl/FF - plugin: e:\documents and settings\Dwojakowski\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dllFF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-13 23:15Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1284227242-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,0a,16,2c,73,dc,be,49,a2,68,70,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,04,47,c8,5a,28,a5,40,92,df,82,\.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(1000)c:\winxp\system32\WININET.dllc:\winxp\system32\wpdshext.dllc:\winxp\system32\PortableDeviceApi.dllc:\winxp\system32\Audiodev.dllc:\winxp\system32\WMVCore.DLLc:\winxp\system32\WMASF.DLL.Czas ukończenia: 2010-04-13 23:15:39ComboFix-quarantined-files.txt 2010-04-13 21:15Przed: 5 077 078 016 bajtów wolnychPo: 5 067 485 184 bajtów wolnych- - End Of File - - 07C2F3FA7BF103840B0A1D9CE7467DFD Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 13 Kwietnia 2010 Zgłoś Opublikowano 13 Kwietnia 2010 Wyglada ok. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
piterq1991 Opublikowano 14 Kwietnia 2010 Zgłoś Opublikowano 14 Kwietnia 2010 a na normalnym trybie wyskakuje pod koniec niebieski ekran. Nic się nie zmieniło Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 14 Kwietnia 2010 Zgłoś Opublikowano 14 Kwietnia 2010 Uzyj debuggera i sprawdz co dokladnie powoduje niebieski ekran. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
