Mam taki ogromny problem a zaczal sie on gdy kupilem nowy dysk twardy podlaczylem go do komputera i zainstalowalem windows xp sp3 corporation , na poczatku pokazywalo mi błąd explorera " zapobieganie wykonywaniu danych " wtedy system był " zawieszony" i menadzeze zadan musialem zakonczyc proces dr watson zeby moc cokolwiek dalej robic , wtedy zmieniłem DEP dla istotnych programów , ok system mi już niewywalal tego bledu ale teraz dokladnie co 22-25minut restartuje mi sie explorer.exe ( zamyka wszystkie otwarte foldery i znikaja niektore ikonki kolo zegara i nieda sie ich przywrocic ) postanowilem zmienic system na stary ktorego uzywalem a ktory mam nadal na innym dysku ( aktualnie posiadam 3 dyski ) wiec wszedlem na ten stary system (xp sp2 pro i przed zamontowaniem nowego dysku nic takiego mi sie nie robilo ) i tam dokladnie to samo sie zaczelo robic co 22-25 minut - przywracanie systemu niepomaga przeskanowalem system adwarami antywirusami i nic wylaczalem DEP i tez nic nie pomoglo probowalem przeladowywac niektore biblioteki i tez nic z tego
bardzo prosze o pomoc bo mnie tu normalnie …
log z dr watsona
Wystąpił wyjątek aplikacji:
Apl: C:\WINDOWS\explorer.exe (pid=13908)
Kiedy: 2009-06-22 @ 14:54:41.609
Numer wyjątku: c0000005 (naruszenie praw dostępu)
*----> Informacje o systemie <----*
Nazwa komputera: GAD
Nazwa użytkownika: Gadin
Identyfikator sesji terminala: 0
Liczba procesorów: 2
Typ procesora: x86 Family 15 Model 67 Stepping 3
Wersja systemu Windows: 5.1
Bieżąca kompilacja: 2600
Dodatek Service Pack: 3.
Bieżący typ: Multiprocessor Free
Zarejestrowana organizacja:
Zarejestrowany właściciel: Gadin
*----> Lista zadań <----*
0 System Process
4 System
716 smss.exe
764 csrss.exe
788 winlogon.exe
832 services.exe
844 lsass.exe
1008 svchost.exe
1092 svchost.exe
1188 svchost.exe
1312 svchost.exe
1436 svchost.exe
1564 spoolsv.exe
1924 FirewallGUI.exe
1932 CTSysVol.exe
1940 Rundll32.exe
1960 razerhid.exe
1996 RUNDLL32.EXE
2008 ctfmon.exe
336 nvsvc32.exe
356 FWService.exe
1448 alg.exe
2052 wscntfy.exe
2116 razertra.exe
2164 razerofa.exe
13908 explorer.exe
8452 mirc.exe
9196 firefox.exe
13068 tlen.exe
13880 IEXPLORE.EXE
14224 drwtsn32.exe
*----> Lista modułów <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe
(0000000001360000 - 0000000001632000: C:\WINDOWS\system32\xpsp2res.dll
(0000000002c40000 - 0000000002c4b000: C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll
(0000000003660000 - 0000000003674000: C:\Tlen.pl\hook.dll
(0000000010000000 - 0000000010029000: C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll
(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\portabledeviceapi.dll
(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\portabledevicetypes.dll
(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\wpdshserviceobj.dll
(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll
(00000000433a0000 - 00000000433e5000: C:\WINDOWS\system32\iertutil.dll
(0000000043620000 - 00000000436f0000: C:\WINDOWS\system32\WININET.dll
(0000000043700000 - 0000000043827000: C:\WINDOWS\system32\urlmon.dll
(0000000043850000 - 000000004388c000: C:\WINDOWS\system32\webcheck.dll
(0000000043900000 - 0000000043ecd000: C:\WINDOWS\system32\ieframe.dll
(0000000047310000 - 0000000047316000: C:\WINDOWS\system32\dot3dlg.dll
(000000004d530000 - 000000004d589000: C:\WINDOWS\system32\WINHTTP.dll
(0000000059410000 - 00000000595da000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005b1d0000 - 000000005b208000: C:\WINDOWS\system32\UxTheme.dll
(000000005ba90000 - 000000005bb02000: C:\WINDOWS\system32\themeui.dll
(000000005cfe0000 - 000000005d006000: C:\WINDOWS\system32\ShimEng.dll
(000000005d520000 - 000000005d5ba000: C:\WINDOWS\system32\comctl32.dll
(0000000061dc0000 - 0000000061de8000: C:\WINDOWS\system32\OneX.DLL
(0000000066780000 - 00000000667d8000: C:\WINDOWS\system32\hnetcfg.dll
(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
(000000006c6d0000 - 000000006c71d000: C:\WINDOWS\system32\DUSER.dll
(000000006ff40000 - 000000006ff95000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll
(00000000716a0000 - 00000000716c2000: C:\WINDOWS\system32\eappcfg.dll
(00000000719f0000 - 0000000071a30000: C:\WINDOWS\system32\mswsock.dll
(0000000071a30000 - 0000000071a38000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071a40000 - 0000000071a48000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071a50000 - 0000000071a67000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ac0000 - 0000000071ad2000: C:\WINDOWS\system32\MPR.dll
(0000000071ba0000 - 0000000071bb3000: C:\WINDOWS\system32\SAMLIB.dll
(0000000071bc0000 - 0000000071bce000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c30000 - 0000000071c37000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c40000 - 0000000071c80000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c80000 - 0000000071c97000: C:\WINDOWS\System32\NETUI0.dll
(0000000071cf0000 - 0000000071d0b000: C:\WINDOWS\system32\ACTXPRXY.DLL
(0000000071d60000 - 0000000071d6e000: C:\WINDOWS\system32\eappprxy.dll
(0000000072350000 - 000000007235a000: C:\WINDOWS\system32\dot3api.dll
(0000000072ca0000 - 0000000072ca8000: C:\WINDOWS\system32\msacm32.drv
(0000000072cb0000 - 0000000072cb9000: C:\WINDOWS\system32\wdmaud.drv
(0000000074600000 - 000000007463d000: C:\WINDOWS\system32\ODBC32.dll
(00000000746d0000 - 000000007471c000: C:\WINDOWS\system32\MSCTF.dll
(0000000074a80000 - 0000000074a88000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074aa0000 - 0000000074aaa000: C:\WINDOWS\system32\BatMeter.dll
(0000000075180000 - 00000000751ae000: C:\WINDOWS\system32\msctfime.ime
(0000000075940000 - 0000000075a39000: C:\WINDOWS\system32\MSGINA.dll
(0000000075d70000 - 0000000075e01000: C:\WINDOWS\system32\MLANG.dll
(0000000075f30000 - 0000000075f37000: C:\WINDOWS\System32\drprov.dll
(0000000075f40000 - 0000000075f4a000: C:\WINDOWS\System32\davclnt.dll
(0000000075f50000 - 000000007604d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076050000 - 00000000760b5000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076330000 - 0000000076340000: C:\WINDOWS\system32\WINSTA.dll
(0000000076350000 - 0000000076355000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076360000 - 000000007637d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076380000 - 00000000763c9000: C:\WINDOWS\system32\comdlg32.dll
(00000000763d0000 - 0000000076577000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076580000 - 00000000765a1000: C:\WINDOWS\system32\stobject.dll
(00000000765d0000 - 00000000765ed000: C:\WINDOWS\System32\CSCDLL.dll
(00000000768b0000 - 0000000076932000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000076960000 - 0000000076968000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076970000 - 0000000076996000: C:\WINDOWS\system32\ntshrui.dll
(00000000769a0000 - 0000000076a55000: C:\WINDOWS\system32\USERENV.dll
(0000000076b00000 - 0000000076b11000: C:\WINDOWS\system32\ATL.DLL
(0000000076b20000 - 0000000076b4e000: C:\WINDOWS\system32\WINMM.dll
(0000000076be0000 - 0000000076beb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076bf0000 - 0000000076c1e000: C:\WINDOWS\system32\credui.dll
(0000000076c20000 - 0000000076c4e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c80000 - 0000000076ca8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d50000 - 0000000076d69000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e70000 - 0000000076e7e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f40000 - 0000000076f48000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f50000 - 0000000076f7d000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fc0000 - 000000007703f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077040000 - 000000007710d000: C:\WINDOWS\system32\COMRes.dll
(0000000077110000 - 000000007719b000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000773c0000 - 00000000774c3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774d0000 - 000000007760d000: C:\WINDOWS\system32\ole32.dll
(0000000077910000 - 0000000077a06000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a10000 - 0000000077a65000: C:\WINDOWS\System32\cscui.dll
(0000000077a70000 - 0000000077b06000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b10000 - 0000000077b22000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b30000 - 0000000077b52000: C:\WINDOWS\system32\appHelp.dll
(0000000077bc0000 - 0000000077bc7000: C:\WINDOWS\system32\midimap.dll
(0000000077bd0000 - 0000000077be5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077bf0000 - 0000000077bf8000: C:\WINDOWS\system32\VERSION.dll
(0000000077c00000 - 0000000077c58000: C:\WINDOWS\system32\msvcrt.dll
(0000000077dc0000 - 0000000077e6c000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8fd000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b1000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1de000: C:\WINDOWS\system32\SHELL32.dll
(000000007e1e0000 - 000000007e351000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e360000 - 000000007e3f1000: C:\WINDOWS\system32\USER32.dll
(000000007e690000 - 000000007e740000: C:\WINDOWS\system32\SXS.DLL
*----> Zrzut stanu dla wątku o identyfikatorze 0x2e78 <----*
eax=004dd6e6 ebx=031aff1c ecx=fffff506 edx=03230000 esi=000d8000 edi=000d8000
eip=02e00de2 esp=0322d3b8 ebp=0322e418 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
funkcja:
02e00dc6 c0efff shr bh,0xff
02e00dc9 ff8b85c4efff dec dword ptr [ebx-0x103b7b]
02e00dcf ff03 inc dword ptr [ebx]
02e00dd1 85e4 test esp,esp
02e00dd3 ef out dx,eax
02e00dd4 ffff ???
02e00dd6 03c1 add eax,ecx
02e00dd8 49 dec ecx
02e00dd9 8d9500f0ffff lea edx,[ebp-0x1000]
02e00ddf c1e902 shr ecx,0x2
BŁĄD ->02e00de2 8902 mov [edx],eax ds:0023:03230000=????????
02e00de4 83c204 add edx,0x4
02e00de7 83c005 add eax,0x5
02e00dea 49 dec ecx
02e00deb 75f5 jnz 02e00de2
02e00ded 33c0 xor eax,eax
02e00def 8902 mov [edx],eax
02e00df1 6a00 push 0x0
02e00df3 57 push edi
02e00df4 ffb5fcefffff push dword ptr [ebp-0x1004]
02e00dfa e8bbfbffff call 02e009ba
*----> Wsteczne śledzenie stosu <----*
ChildEBP RetAddr Args to Child
0322e418 004db409 004db40e 004db413 004db418 0x2e00de2
004db404 00000000 00000000 00000000 00000000 0x4db409
*----> Zrzut stosu <----*
000000000322d3b8 ac 3a 00 00 d4 87 0d 00 - e0 00 0f 01 69 0a e0 02 .:..........i...
000000000322d3c8 1a 02 00 00 13 00 00 00 - 00 00 7c 01 09 00 00 00 ..........|.....
000000000322d3d8 04 00 00 00 00 a0 0d 00 - 00 ee 05 00 00 02 00 00 ................
000000000322d3e8 00 10 00 00 4c 00 4e 00 - 08 01 00 00 00 02 00 00 ....L.N.........
000000000322d3f8 02 00 00 00 00 00 40 00 - c8 00 00 01 50 54 08 00 ......@.....PT..
000000000322d408 00 80 4d 00 50 aa 1d 00 - 50 aa 1d 00 ac 3a 00 00 ..M.P...P....:..
000000000322d418 04 a0 4d 00 09 a0 4d 00 - 0e a0 4d 00 13 a0 4d 00 ..M...M...M...M.
000000000322d428 18 a0 4d 00 1d a0 4d 00 - 22 a0 4d 00 27 a0 4d 00 ..M...M.".M.'.M.
000000000322d438 2c a0 4d 00 31 a0 4d 00 - 36 a0 4d 00 3b a0 4d 00 ,.M.1.M.6.M.;.M.
000000000322d448 40 a0 4d 00 45 a0 4d 00 - 4a a0 4d 00 4f a0 4d 00 @.M.E.M.J.M.O.M.
000000000322d458 54 a0 4d 00 59 a0 4d 00 - 5e a0 4d 00 63 a0 4d 00 T.M.Y.M.^.M.c.M.
000000000322d468 68 a0 4d 00 6d a0 4d 00 - 72 a0 4d 00 77 a0 4d 00 h.M.m.M.r.M.w.M.
000000000322d478 7c a0 4d 00 81 a0 4d 00 - 86 a0 4d 00 8b a0 4d 00 |.M...M...M...M.
000000000322d488 90 a0 4d 00 95 a0 4d 00 - 9a a0 4d 00 9f a0 4d 00 ..M...M...M...M.
000000000322d498 a4 a0 4d 00 a9 a0 4d 00 - ae a0 4d 00 b3 a0 4d 00 ..M...M...M...M.
000000000322d4a8 b8 a0 4d 00 bd a0 4d 00 - c2 a0 4d 00 c7 a0 4d 00 ..M...M...M...M.
000000000322d4b8 cc a0 4d 00 d1 a0 4d 00 - d6 a0 4d 00 db a0 4d 00 ..M...M...M...M.
000000000322d4c8 e0 a0 4d 00 e5 a0 4d 00 - ea a0 4d 00 ef a0 4d 00 ..M...M...M...M.
000000000322d4d8 f4 a0 4d 00 f9 a0 4d 00 - fe a0 4d 00 03 a1 4d 00 ..M...M...M...M.
000000000322d4e8 08 a1 4d 00 0d a1 4d 00 - 12 a1 4d 00 17 a1 4d 00 ..M...M...M...M.
BŁĄD ->02e00de2 8902 mov [edx],eax ds:0023:03230000=????????
do czego to sie odnosi ? log z combofixa
ComboFix 09-06-21.01 - Gadin 2009-06-22 14:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1719 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Gadin\Pulpit\ComboFix.exe
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-06-22 12:28 . 2009-06-22 12:28 -------- d-----w- c:\windows\system32\xircom
2009-06-22 12:28 . 2009-06-22 12:28 -------- d-----w- c:\windows\system32\wbem\snmp
2009-06-22 12:28 . 2009-06-22 12:28 -------- d-----w- c:\program files\microsoft frontpage
2009-06-22 09:49 . 2009-06-22 09:49 -------- d--h--w- c:\windows\PIF
2009-06-21 19:33 . 2006-08-18 08:28 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-21 19:27 . 2009-06-21 19:28 -------- d-----w- c:\windows\NV13361364.TMP
2009-06-21 19:26 . 2009-06-21 19:28 -------- d-----w- c:\windows\nview
2009-06-21 17:53 . 2009-06-21 17:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 17:53 . 2009-06-21 17:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-06-21 17:34 . 2009-06-21 17:35 -------- d-----w- C:\IrfanView
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 12:29 . 2009-06-21 15:06 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-22 10:54 . 2009-06-21 15:03 -------- d-----w- c:\documents and settings\Gadin\Dane aplikacji\mIRC
2009-06-22 10:54 . 2009-06-21 15:06 -------- d-----w- c:\documents and settings\Gadin\Dane aplikacji\uTorrent
2009-06-21 20:32 . 2009-06-21 20:32 134920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat
2009-06-21 20:32 . 2009-06-21 14:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-21 19:40 . 2001-10-26 16:15 49712 ----a-w- c:\windows\system32\perfc015.dat
2009-06-21 19:40 . 2001-10-26 16:15 355830 ----a-w- c:\windows\system32\perfh015.dat
2009-06-21 19:32 . 2009-06-21 19:32 -------- d-----w- c:\program files\DIFX
2009-06-21 17:21 . 2009-06-21 16:22 -------- d-----w- c:\program files\a-squared Free
2009-06-21 17:19 . 2009-06-21 15:04 -------- d-----w- c:\documents and settings\Gadin\Dane aplikacji\Tlen.pl
2009-06-21 17:17 . 2009-06-21 15:06 -------- d-----w- c:\program files\Spyware Doctor
2009-06-21 16:28 . 2009-06-21 16:07 -------- d-----w- c:\program files\SkanerOnline
2009-06-21 16:03 . 2009-06-21 15:06 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-21 15:56 . 2009-06-21 15:01 -------- d-----w- c:\program files\SubEdit-Player
2009-06-21 15:47 . 2009-06-21 15:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 15:44 . 2009-06-21 15:44 -------- d-----w- c:\program files\DC++
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\program files\Razer
2009-06-21 15:39 . 2009-06-21 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 15:37 . 2009-06-21 15:23 -------- d-----w- c:\program files\Creative
2009-06-21 15:29 . 2009-06-21 14:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-21 15:20 . 2009-06-21 15:09 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-06-21 15:11 . 2009-06-21 15:11 -------- d-----w- c:\documents and settings\Gadin\Dane aplikacji\PCToolsFirewallPlus
2009-06-21 15:07 . 2009-06-21 15:07 -------- d-----w- c:\program files\uTorrent
2009-06-21 14:58 . 2009-06-21 14:58 0 ----a-w- c:\windows\nsreg.dat
2009-06-21 14:52 . 2009-06-21 14:52 12328 ----a-w- c:\documents and settings\Gadin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-21 14:47 . 2009-06-21 14:47 -------- d-----w- c:\program files\Usługi online
2009-06-21 14:46 . 2009-06-21 14:46 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-21 14:45 . 2009-06-21 14:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 16:07 . 2009-06-21 14:53 454681 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-03 09:18 . 2009-06-21 15:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
.
------- Sigcheck -------
[-] 2008-05-02 06:48 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2009-06-21 65624]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-24 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\uTorrent\\utorrent.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-06-21 130936]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-06-21 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-06-21 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-06-21 95640]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-06-21 13225]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 14:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(13908)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
e:\program files\WinRAR\rarext.dll
.
Czas ukończenia: 2009-06-22 14:31
ComboFix-quarantined-files.txt 2009-06-22 12:31
ComboFix2.txt 2009-06-22 12:20
Przed: 147 908 882 432 bajtów wolnych
Po: 147 904 139 264 bajtów wolnych
118
– Dodane 23.06.2009 (Wt) 20:11 –
nikt niema zadnego pomyslu ?
– Dodane 23.06.2009 (Wt) 21:04 –
Dobra juz wiem co mi siedzi na kompie a jest to niejaki win32 daum.a ! wykrywaja go nieliczne programy antywirusowe jak avg kasperski ( tylko usua wszyskie pliki ) oraz dr web ( chyba najlepszy bo wylecza niektore exeki :< ) http://www.programosy.pl/program,dr-web-cureit.html
post chce zostawic dla potomnych aktualnie mi sie skanuje caly zystem i wszystkie zarazone pliki exe