Komp zamulony, czesto sie resetuje

Mental.Raven · 3 Kwiecień 2007 21:04

Ogolnie komp zamula i calkiem czesto sie sam resetuje. Temp procesora i plyty glownej w granicach 40 C. Na co dzien uzywam Pandy Titanium 07.

Log z hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 23:01:54, on 2007-04-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Razer\razerhid.exe C:\Program Files\Razer\razerofa.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kajetan\Pulpit\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optimus.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O4 - HKLM…\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM…\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [razer] C:\Program Files\Razer\razerhid.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.optimus.pl O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8231588734 O17 - HKLM\System\CCS\Services\Tcpip…{7D3775A2-DF53-4EC1-B845-4474B8B7498D}: NameServer = 10.0.0.138 O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Skanowalem Panda, ad-aware SE, Bit-defenderem.

adam9870 · 3 Kwiecień 2007 21:10

Usuń wpis HJT.

Jeśli korzystasz z komputera o nie najlepszej konfiguracji sprzętowej to spowolnioną pracę systemu może powodować Panda. Jest to dość dobry produkt ale niestety nie przeznaczony na słabsze komputery.

Co do resetów - to oznaka na rootkita dlatego pokaż log z ComboScan. Dodatkowo sprawdź czy masz jakieś pliki minidump, a jeśli tak to wklej zawartość najlepiej kilku z nich:

http://forum.dobreprogramy.pl/viewtopic … 977#797977

Mental.Raven · 3 Kwiecień 2007 21:23

Log z comboscana:

ComboScan v20070306.20 run by Kajetan on 2007-04-03 at 23:15:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable…success. – Last 1 Restore Point(s) – 1: 2007-04-03 21:15:51 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Kajetan.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 23:16:15, on 2007-04-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Razer\razerhid.exe C:\Program Files\Razer\razerofa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kajetan\Pulpit\comboscan.exe C:\DOCUME~1\Kajetan\Pulpit\HIJACK~1\Kajetan.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optimus.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll O4 - HKLM…\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM…\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [razer] C:\Program Files\Razer\razerhid.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.optimus.pl O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8231588734 O17 - HKLM\System\CCS\Services\Tcpip…{7D3775A2-DF53-4EC1-B845-4474B8B7498D}: NameServer = 10.0.0.138 O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S ac97intc (Usługa instalacyjna sterownika audio Intel® 82801 (WDM)) - C:\WINDOWS\system32\drivers\ac97intc.sys 3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys 1R APPFLT (App Filter Plugin) - C:\WINDOWS\system32\drivers\APPFLT.SYS 2R Aspi32 - C:\WINDOWS\system32\drivers\aspi32.sys 2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys 3R AvFlt (Antivirus Filter Driver) - C:\WINDOWS\system32\drivers\av5flt.sys (not found) 2R cpoint (Panda CPoint Driver) - C:\WINDOWS\system32\drivers\cpoint.sys 1R DSAFLT (DSA Filter Plugin) - C:\WINDOWS\system32\drivers\dsaflt.sys 3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys 2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys 1R FNETMON (NetMon Filter Plugin) - C:\WINDOWS\system32\drivers\fnetmon.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 3S GMSIPCI - D:\INSTALL\GMSIPCI.SYS (not found) 3R GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys 3S GVTDrv - C:\WINDOWS\system32\drivers\GVTDrv.sys 3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys 3R hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 1R IDSFLT (Ids Filter Plugin) - C:\WINDOWS\system32\drivers\idsflt.sys 1R intelppm (Sterownik procesora Intel) - C:\WINDOWS\system32\drivers\intelppm.sys 3S kbeepm - C:\DOCUME~1\Kajetan\USTAWI~1\Temp\kbeepm.sys (not found) 2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys 3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys 0R netflt (Panda Net Driver [NDIS Layer]) - C:\WINDOWS\system32\drivers\netflt.sys 1R NETFLTDI (Panda Net Driver [TDI Layer]) - C:\WINDOWS\system32\drivers\netfltdi.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 2R pavdrv - C:\WINDOWS\system32\drivers\pavdrv51.sys 2R PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys 3R PavSRK.sys - C:\WINDOWS\system32\PavSRK.sys (not found) 3S PavTPK.sys - C:\WINDOWS\system32\PavTPK.sys (not found) 1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys 0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys 0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3S Razerlow (Razerlow USB Filter Driver) - C:\WINDOWS\system32\drivers\Razerlow.sys 3R RTL8023xp (Realtek 10/100/1000 PCI NIC Family NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtnicxp.sys 3S rtl8029 (Sterownik NT karty Realtek RTL8029(AS)-based PCI Ethernet) - C:\WINDOWS\system32\drivers\RTL8029.sys 3S rtl8139 (Realtek RTL8139(A/B/C/8130) PCI Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys 3S RushTopDevice - C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys 3R senfilt - C:\WINDOWS\system32\drivers\senfilt.sys 0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys 1R ShldDrv (Panda File Shield Driver) - C:\WINDOWS\system32\drivers\ShldDrv.sys 3S SlowDownCPU - C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS 1R SMSFLT (SMS Filter Plugin) - C:\WINDOWS\system32\drivers\smsflt.sys 3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys 3S sony_ssm.sys - C:\Documents and Settings\Stanisław\Ustawienia lokalne\Temp\sony_ssm.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 2R SVKP - C:\WINDOWS\system32\SVKP.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3S vaxscsi - C:\WINDOWS\system32\Drivers\vaxscsi.sys (not found) 1R WNMFLT (Wifi Monitor Filter Plugin) - C:\WINDOWS\system32\drivers\wnmflt.sys 1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 3S IDriverT (InstallDriver Table Manager) - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe” 3S iPod Service - “C:\Program Files\iPod\bin\iPodService.exe” 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S ose (Office Source Engine) - “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” 2R PAVFNSVR (Panda Function Service) - “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe” 2R PavPrSrv (Panda Process Protection Service) - “C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe” 2R PAVSRV (Panda anti-virus service) - “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe” 2R PNMSRV (Panda Network Manager) - “c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE” 2S Prime95 Service - C:\Program Files\Prime95\prime95.exe 2R PSIMSVC (Panda IManager Service) - “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe” 3S SandraDataSrv (SiSoftware Database Agent Service) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe 3S SandraTheSrv (SiSoftware Sandra Agent Service) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe 2S StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 2R TPSrv (Panda TPSrv) - “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe” 2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe 3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs – Scheduled Tasks ------------------------------------------------------------- 2006-12-24 19:40:33 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job – Files created between 2007-03-03 and 2007-04-03 ----------------------------- 2007-03-22 18:17:04 0 d-------- C:\Program Files\Counter-Strike 1.6 2007-03-08 14:24:50 0 d-------- C:\Program Files\Webzen 2007-03-08 09:01:57 4682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-03-08 08:56:57 231249 --a------ C:\WINDOWS\MU_Online_Toolbar_Uninstaller_4234.exe 2007-03-08 08:56:56 0 d-------- C:\Program Files\MU Online Toolbar 2007-03-06 09:23:38 0 d-------- C:\Program Files\SiSoftware – Find3M Report --------------------------------------------------------------- 2007-04-03 23:16:06 0 d-------- C:\Documents and Settings\Kajetan\Dane aplikacji\foobar2000 2007-04-03 22:46:03 0 d-------- C:\Program Files\Diablo II 2007-04-03 20:17:09 0 d-------- C:\Program Files\mm.BOT 2007-04-03 19:58:52 0 d-------- C:\Program Files\foobar2000 2007-04-03 19:58:49 0 d-------- C:\Program Files\Mozilla Firefox 2007-04-03 19:58:11 0 d-------- C:\Program Files\Gadu-Gadu 2007-04-03 19:57:47 0 d-------- C:\Program Files\Razer 2007-04-03 18:40:39 0 d-------- C:\Program Files\Steam 2007-04-03 18:11:10 0 d-------- C:\Program Files\Starcraft 2007-04-03 17:41:39 0 d-------- C:\Program Files\Messenger 2007-04-03 17:06:29 0 d-------- C:\Program Files\ReXplorer 2007-04-03 16:18:10 434184 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-03 16:18:10 66154 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-03 16:16:53 0 d-------- C:\Program Files\QuickTime 2007-04-02 19:57:43 0 d-------- C:\Program Files\Helbreath 2007-04-02 16:41:58 0 d-------- C:\Program Files\Hamachi 2007-04-01 15:56:11 51921 --a------ C:\WINDOWS\DIIUnin.dat 2007-04-01 12:07:40 0 d-------- C:\Program Files\Winamp 2007-04-01 09:41:54 0 d-------- C:\Program Files\TotalAudioConverter 2007-03-31 18:26:42 0 d-------- C:\Program Files\Warcraft III 2007-03-23 20:27:45 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-18 21:29:51 0 d-------- C:\Program Files\iTunes 2007-03-15 15:43:51 0 d-------- C:\Program Files\Tibia 2007-03-13 15:24:31 0 d-------- C:\Program Files\mIRC 2007-02-23 01:04:50 0 d-------- C:\Program Files\Emule 2007-02-21 15:54:00 0 d-------- C:\Program Files\FOTOJOKER Home Photo Service 2007-02-18 16:06:19 0 d-------- C:\Program Files\LucasArts 2007-02-17 17:37:23 0 d-------- C:\Documents and Settings\Kajetan\Dane aplikacji\Winamp 2007-02-16 19:52:03 0 d-------- C:\Program Files\Media Player Classic 2007-02-15 18:09:23 0 --a------ C:\Documents and Settings\Kajetan\Dane aplikacji\AVSDVDPlayer.m3u 2007-02-12 20:57:23 0 d-------- C:\Program Files\Common Files\Panda Software 2007-02-11 18:07:43 0 d-------- C:\Documents and Settings\Kajetan\Dane aplikacji\Canon 2007-01-29 10:58:06 60416 -----n— C:\WINDOWS\system32\tzchange.exe 2007-01-28 13:48:34 101723 --a------ C:\WINDOWS\War3Unin.dat 2007-01-06 16:28:07 737280 --a------ C:\WINDOWS\iun6002.exe 2007-01-06 03:13:55 41032 --a------ C:\WINDOWS\7xunun.dat – Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NVRTCLK”=“C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe” “PathNvidiaTV”=“C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “razer”=“C:\Program Files\Razer\razerhid.exe” “APVXDWIN”="“C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kajetan^Menu Start^Programy^Autostart^Might and Magic VIII.lnk] “path”=“C:\Documents and Settings\Kajetan\Menu Start\Programy\Autostart\Might and Magic VIII.lnk” “backup”=“C:\WINDOWS\pss\Might and Magic VIII.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\3DO\MIGHTA~1\Register\Remind32.exe " “item”=“Might and Magic VIII” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stanisław^Menu Start^Programy^Autostart^No-IP DUC.lnk] “path”=“C:\Documents and Settings\Stanisław\Menu Start\Programy\Autostart\No-IP DUC.lnk” “backup”=“C:\WINDOWS\pss\No-IP DUC.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\No-IP\DUC20.exe " “item”=“No-IP DUC” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“AQQ” “hkey”=“HKCU” “command”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“bittorrent” “hkey”=“HKCU” “command”=”“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DoctorTweakXP] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“DrTweakXP” “hkey”=“HKCU” “command”="“C:\Program Files\Fic_Products\DoctorTweak XP\DrTweakXP.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“iTunesHelper” “hkey”=“HKLM” “command”="“C:\Program Files\iTunes\iTunesHelper.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“OrderReminder” “hkey”=“HKLM” “command”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“qttask” “hkey”=“HKLM” “command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SlowDownCPU” “hkey”=“HKLM” “command”=“C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Steam” “hkey”=“HKCU” “command”="“C:\Program Files\Steam\Steam.exe” -silent" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tasker] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Tasker” “hkey”=“HKCU” “command”=“C:\Tibia\Tasker\Tasker.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“G-VGA” “hkey”=“HKLM” “command”=“C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “wuauserv”=dword:00000002 “wscsvc”=dword:00000002 “UPS”=dword:00000003 “srservice”=dword:00000002 “SharedAccess”=dword:00000002 “Schedule”=dword:00000002 “FastUserSwitchingCompatibility”=dword:00000003 – End of ComboScan: finished at 2007-04-03 at 23:16:35 ------------------------

A propos co samego kompa.

Intel pentium 4 630 3GHz

MSI 915PL Neo

1024 ramu

GeForce 6600

minidumpy:

Microsoft ® Windows Debugger Version 6.6.0003.5 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700 Debug session time: Sat Feb 10 23:32:31.343 2007 (GMT+2) System Uptime: 0 days 12:45:43.077 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols … Loading User Symbols Loading unloaded module list … Unable to load image nv4_disp.dll, Win32 error 2 *** WARNING: Unable to verify timestamp for nv4_disp.dll *** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000050, {e4c6b924, 0, bfa8c558, 1} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : nv4_disp.dll ( nv4_disp+b9558 ) Followup: MachineOwner ---------

Microsoft ® Windows Debugger Version 6.6.0003.5 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700 Debug session time: Sun Apr 1 22:38:13.781 2007 (GMT+2) System Uptime: 0 days 7:31:38.485 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols … Loading User Symbols Loading unloaded module list … ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 4E, {99, 32bc6, 3, 0} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Followup: MachineOwner ---------

Microsoft ® Windows Debugger Version 6.6.0003.5 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700 Debug session time: Sat Mar 24 10:50:41.921 2007 (GMT+2) System Uptime: 0 days 8:13:34.644 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols … Loading User Symbols Loading unloaded module list … ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000000A, {e012600c, 2, 0, 80510a8d} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. *** WARNING: Unable to verify timestamp for PavProc.sys *** ERROR: Module load completed but symbols could not be loaded for PavProc.sys ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : PavProc.sys ( PavProc+150a ) Followup: MachineOwner ---------

Ok, 3 moze wystarcza. Ogolnie w folderze minidump mam 30 plikow *.dmp

adam9870 · 4 Kwiecień 2007 09:18

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy wybierz Gmer awaryjny >>> komputer się zrestartuje i zostanie samo okienko Gmer’a >>> w zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT >>> po chwilce mignie ekran i reset.

Usuń wpis HJT.

Co do resetów:

Poczytaj:

http://forum.dobreprogramy.pl/viewtopic.php?t=68835

PavProc.sys - sterownik Pandy. Możesz spróbować przeinstalować Pandę. W tym celu otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

Usuń wpisy HJT jeśli będą.

Na koniec przeczyść rejestr (opis) i ewentualnie przeleć dysk programem typu Odkurzacz, aby usunął jakieś resztki Pandy o ile jeszcze będą. I potem na nowo instalacja Pandy.

Mental.Raven · 5 Kwiecień 2007 10:31

To tak. Pande przeinstalowalem, ta pierwsza czynnosc wykonalem, resety czasem wciaz sa.

"Co do resetów:

Cytat:

Probably caused by : nv4_disp.dll ( nv4_disp+b9558 )"

Nie moge nic zrobic. Znaczy sie jak go zamieniam na ten nowszy , to calkowicie mi sie sterowniki do karty graf krzacza, bo max to 800x600 i 4 bity (czego sie nei da zmienic), na czym nawet mi net po ludzku nie dziala^^

Ponadto sprawdzilem wszystkie dumpy, i wyszlo mi, ze te pliki glownie je wywoluja. Najwiecej razy wystapil nv4_disp.dll

Probably caused by : NDIS.sys ( NDIS+6b85 )

Probably caused by : smwdm.sys ( smwdm+94a2 )

Probably caused by : pavdrv51.sys ( pavdrv51+2d00 )

Probably caused by : PavTPK.sys ( PavTPK+13cf )

Probably caused by : ntoskrnl.exe ( nt+433d3 )

Probably caused by : PavProc.sys ( PavProc+150a )

Probably caused by : NETFLT.SYS ( NETFLT+c7b0 )

Probably caused by : nv4_disp.dll ( nv4_disp+b9558 )

Probably caused by : win32k.sys ( win32k+115611 )

Ponadto przeskanowalem gmerem, wklejam loga. Skan byl z poziomu normlanego. Gdy uruchamiam skana z poziomu awaryjnego uruchomienego przez gmera, po krotkim czasie (5 s) wywala mi jakis blad i sie gmer zamyka.

link: http://download.yousendit.com/CE8ADA0E211FF5A9

Cos sie chrzanilo, jak go wklejalem na forum, i wygladal calkowicie nieczytelnie.

adam9870 · 5 Kwiecień 2007 13:44

Hmm… w Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

Kliknij Uruchom. Po chwilce zostanie samo okienko Gmer’a i komputer się zrestartuje.

Najczęściej resety powodują sterowniki Pandy. Spróbuj przeinstalować Pandę według opisu, który podałem lub zainstalować na jakiś czas np. inny program zabezpieczający i sprawdzić czy wtedy również będzie występował taki problem.

Po wykonaniu wklej dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Mental.Raven · 5 Kwiecień 2007 16:55

To co bylo do wykonania w gmerze, to zrobilem, choc musialem kazda komende po kolei wstukiwac (jak naraz wstukalem wszyztskie, zamykalo wsyztsko z gmerem wlacznie, i sam pulpit zostawal (znaczy sie bitmapa). No i jak usuwalem plik i usluge to wpierw gmer wywalil jakis blad, po czym na dole w logach wpisal, ze czynnosc sie powiodla.

log wszytskiego: http://download.yousendit.com/5136309737B1D8A6

log uslug: http://download.yousendit.com/F551E8046268A510

Sry, ale chyba logi za dlugie i ucina.

adam9870 · 5 Kwiecień 2007 18:43

W Gmerze:

w zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
w zakładce Usługi skasuj z prawokliku usługę alhi680q
w zakładce Procesy kliknij Pliki i usuń plik:

zrestartuj komputer przyciskiem na obudowie

Po wykonaniu możesz wkleić nowe logi.

Czy próbowałeś przeinstalować Pandę? Jak efekty?

Mental.Raven · 5 Kwiecień 2007 19:05

Pandy nie moge zainstalowac- wciaz siedza 2 dlle z pavlsp.dll i pavtrc.dll . Uzywa ich ktorys scvhost, i juz wtedy pod awaryjnym fix.batem ich nie wywalilo. Ok, spadam na chwilke wykasowac tego SYSa.

Mam zakillowac all i wtedy je wywalic gmerem czy jak?- chodzi mi o te dwa pliki pandy.

Złączono Posta : 05.04.2007 (Czw) 21:27

Nie ma ani tej uslugi, ani tego pliku.

I polec moze jakiegos dobrego freeware’owego atnywirusa tak dorywczo- Avast? Antivir? Bo na Kasperskym mi sie trial skonczyl^^

Gmer wszystkiego: http://download.yousendit.com/EB45803A615D3CA8

Gmer Uslug: http://download.yousendit.com/DF17BCF7298D3E4D