Blue screen 'stop: 0x00000050'

[AgusiaK]

ja mam kompa od paru tygodni, Dell kupowany w Anglii, ale juz od początku co jakis czas wyskakiwał błąd i musiałam go restartować, nie znam się na tym wiec proszę o pomoc co mam z tym zrobic..

STOP: 0x00000050 (0xC6278086, 0x00000008, 0xC6278086, 0x00000002)

dziekuje



Edit by Mike013
Następnym razem załóż swój temat

[Mike]

1. zacznij od wstawienia logów
- z combofix'a => jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html
- z hijackthis'a => hijackthis-silent-runners-obsluga-i-umieszczanie-vt9452.html


2. przeskanuj dysk programem DataAdvisor (po zakończonym skanowaniu wstaw tutaj log, który się wygeneruje)


3. ściągnij program Memtest86 (to jest obraz ISO
wypal go na płytkę, następnie uruchom kompa z tej płyty - powinno rozpocząć sie skanowanie pamięci (ten proces musi trwać kilka godzin (najlepiej na noc go zostawić)) - nie może być żadnego errora


4. masz zainstalowany SP2 ?
jeżeli nie, to go zainstaluj


5. masz zainstalowane wszystkie sterowniki ?
jeżeli nie, to napisz jaką masz płytę główna i kartę graficzną - sprawdzisz to w programie EVEREST.

[AgusiaK]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:12, on 2008-09-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6080821
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8996 bytes


Kod: Zaznacz wszystko

ComboFix 08-09-12.09 - Aga 2008-09-13 14:48:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1033.18.2426 [GMT 2:00]
Running from: C:\Users\Aga\Downloads\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2008-08-13 to 2008-09-13  )))))))))))))))))))))))))))))))
.

2008-09-12 19:57 . 2008-09-12 19:57   <DIR>   d--------   C:\Users\All Users\WindowsSearch
2008-09-12 19:57 . 2008-09-12 19:57   <DIR>   d--------   C:\ProgramData\WindowsSearch
2008-09-10 20:51 . 2008-09-10 20:51   <DIR>   d--------   C:\BlueByte
2008-09-10 20:50 . 2008-09-10 20:50   <DIR>   d--------   C:\Windows\System32\Adobe
2008-09-10 20:50 . 2008-09-10 20:50   <DIR>   d--------   C:\Windows\Profiles
2008-09-10 20:50 . 2008-09-10 20:50   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\InterTrust
2008-09-10 20:50 . 1998-10-07 13:54   327,168   --a------   C:\Windows\IsUn0415.exe
2008-09-10 20:47 . 2008-09-10 20:47   <DIR>   d--------   C:\Program Files\Ubisoft
2008-09-10 08:50 . 2008-07-31 03:13   4,240,384   --a------   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 08:50 . 2008-07-31 05:32   28,160   --a------   C:\Windows\System32\Apphlpdm.dll
2008-09-10 08:46 . 2008-06-26 05:29   303,616   --a------   C:\Windows\System32\wmpeffects.dll
2008-09-10 08:43 . 2008-08-02 03:01   625,152   --a------   C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 08:43 . 2008-06-26 05:29   565,248   --a------   C:\Windows\System32\emdmgmt.dll
2008-09-10 08:43 . 2008-05-08 21:21   211,968   --a------   C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 08:43 . 2008-05-20 04:07   148,480   --a------   C:\Windows\System32\drivers\nwifi.sys
2008-09-10 08:43 . 2008-06-26 05:29   45,056   --a------   C:\Windows\System32\dataclen.dll
2008-09-10 08:43 . 2008-08-02 05:26   36,864   --a------   C:\Windows\System32\cdd.dll
2008-09-09 20:02 . 2008-09-13 09:34   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\BearShare
2008-09-09 20:02 . 2008-09-09 20:02   <DIR>   d--------   C:\Program Files\BearShare Applications
2008-09-09 20:02 . 2008-09-09 20:20   <DIR>   d--------   C:\My Downloads
2008-09-09 20:02 . 2007-11-22 16:00   483,328   --a------   C:\Windows\System32\actskn45.ocx
2008-09-09 19:52 . 2008-09-09 19:52   <DIR>   d--------   C:\Users\All Users\Winamp Toolbar
2008-09-09 19:52 . 2008-09-09 19:52   <DIR>   d--------   C:\ProgramData\Winamp Toolbar
2008-09-09 19:52 . 2008-09-09 19:52   <DIR>   d--------   C:\Program Files\Winamp Toolbar
2008-09-09 19:47 . 2007-03-08 01:51   129,784   ---------   C:\Windows\System32\pxafs.dll
2008-09-09 19:46 . 2008-09-09 19:55   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Winamp
2008-09-09 19:46 . 2008-09-09 20:01   <DIR>   d--------   C:\Program Files\Winamp
2008-09-08 18:17 . 2008-09-08 18:17   <DIR>   d--------   C:\Program Files\Alwil Software
2008-09-08 18:17 . 2008-07-19 16:36   51,280   --a------   C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-08 16:10 . 2006-10-26 20:56   32,592   --a------   C:\Windows\System32\msonpmon.dll
2008-09-08 16:09 . 2008-09-08 16:09   <DIR>   d--------   C:\Windows\PCHEALTH
2008-09-08 16:09 . 2008-09-08 16:09   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-09-08 16:06 . 2008-09-10 10:05   <DIR>   d--------   C:\Users\All Users\Microsoft Help
2008-09-08 16:06 . 2008-09-10 10:05   <DIR>   d--------   C:\ProgramData\Microsoft Help
2008-09-08 16:06 . 2008-09-08 16:06   <DIR>   dr-h-----   C:\MSOCache
2008-09-07 19:48 . 2008-09-07 19:48   <DIR>   d--------   C:\Program Files\Common Files\Panda Software
2008-09-07 19:48 . 2007-07-12 14:49   178,872   -ra------   C:\Windows\System32\drivers\PavProc.sys
2008-09-07 19:48 . 2007-05-23 16:40   38,968   -ra------   C:\Windows\System32\drivers\ShlDrv51.sys
2008-09-07 17:01 . 2008-09-07 17:01   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\InstallShield
2008-09-07 17:01 . 2008-09-07 17:01   <DIR>   d--------   C:\Program Files\SAGEM
2008-09-07 17:01 . 2006-12-22 21:05   449,536   --a------   C:\Windows\System32\drivers\athrusb.sys
2008-09-02 22:58 . 2008-09-02 23:00   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Template
2008-09-02 22:58 . 2008-09-08 15:09   184   --a------   C:\Users\Aga\AppData\Roaming\wklnhst.dat
2008-09-02 20:09 . 2008-09-02 20:09   <DIR>   dr-------   C:\Windows\System32\config\systemprofile\Music
2008-08-31 19:47 . 2008-08-31 19:48   <DIR>   d--------   C:\Program Files\IrfanView
2008-08-28 22:12 . 2008-07-16 03:32   2,048   --a------   C:\Windows\System32\tzres.dll
2008-08-28 22:04 . 2008-08-28 22:04   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Gadu-Gadu
2008-08-28 21:32 . 2008-08-28 21:33   <DIR>   d--------   C:\Users\Aga\Gadu-Gadu
2008-08-28 21:32 . 2008-08-28 21:32   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-08-28 20:15 . 2008-06-26 03:45   12,240,896   --a------   C:\Windows\System32\NlsLexicons0007.dll
2008-08-28 20:14 . 2008-06-26 03:45   2,644,480   --a------   C:\Windows\System32\NlsLexicons0009.dll
2008-08-28 20:14 . 2008-06-26 05:29   801,280   --a------   C:\Windows\System32\NaturalLanguage6.dll
2008-08-28 20:13 . 2008-04-26 10:25   3,600,952   --a------   C:\Windows\System32\ntkrnlpa.exe
2008-08-28 20:13 . 2008-04-26 10:25   3,549,240   --a------   C:\Windows\System32\ntoskrnl.exe
2008-08-28 20:13 . 2008-04-26 10:26   891,448   --a------   C:\Windows\System32\drivers\tcpip.sys
2008-08-28 20:13 . 2008-04-12 05:32   784,896   --a------   C:\Windows\System32\rpcrt4.dll
2008-08-28 20:13 . 2008-06-19 05:31   361,984   --a------   C:\Windows\System32\IPSECSVC.DLL
2008-08-28 20:13 . 2008-04-05 03:21   72,192   --a------   C:\Windows\System32\drivers\pacer.sys
2008-08-28 20:13 . 2008-04-05 05:34   15,360   --a------   C:\Windows\System32\pacerprf.dll
2008-08-28 20:10 . 2008-09-12 19:58   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\skypePM
2008-08-28 20:10 . 2008-08-28 20:10   56   --ah-----   C:\Users\All Users\ezsidmv.dat
2008-08-28 20:10 . 2008-08-28 20:10   56   --ah-----   C:\ProgramData\ezsidmv.dat
2008-08-28 20:09 . 2008-09-12 21:29   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Skype
2008-08-28 20:08 . 2008-08-28 20:08   <DIR>   d--------   C:\Users\All Users\Skype
2008-08-28 20:08 . 2008-08-28 20:08   <DIR>   d--------   C:\ProgramData\Skype
2008-08-28 20:08 . 2008-08-28 20:08   <DIR>   d--------   C:\Program Files\Skype
2008-08-28 20:08 . 2008-08-28 20:08   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-08-28 09:10 . 2008-09-13 08:18   266,537,404   --a------   C:\Windows\MEMORY.DMP
2008-08-28 00:17 . 2008-08-28 00:17   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Creative
2008-08-28 00:03 . 2008-08-28 00:03   <DIR>   d--------   C:\Users\Aga\Bluetooth Software
2008-08-28 00:03 . 2008-08-28 00:03   0   --ah-----   C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-28 00:02 . 2008-08-28 00:02   <DIR>   dr-------   C:\Users\Aga\Searches
2008-08-28 00:02 . 2008-08-28 00:02   <DIR>   dr-------   C:\Users\Aga\Contacts
2008-08-28 00:02 . 2008-08-28 00:02   720,896   --a------   C:\Windows\IMAPIShellExt.dll
2008-08-28 00:02 . 2008-08-28 00:02   81,920   --a------   C:\Windows\BurnImage.exe
2008-08-28 00:01 . 2008-08-28 00:02   <DIR>   dr-------   C:\Users\Aga\Videos
2008-08-28 00:01 . 2008-08-28 19:21   <DIR>   dr-------   C:\Users\Aga\Saved Games
2008-08-28 00:01 . 2008-08-21 16:07   <DIR>   d--------   C:\Users\Aga\Roaming
2008-08-28 00:01 . 2008-09-12 21:03   <DIR>   dr-------   C:\Users\Aga\Pictures
2008-08-28 00:01 . 2008-08-28 00:02   <DIR>   dr-------   C:\Users\Aga\Music
2008-08-28 00:01 . 2008-08-28 00:02   <DIR>   dr-------   C:\Users\Aga\Links
2008-08-28 00:01 . 2008-09-13 14:47   <DIR>   dr-------   C:\Users\Aga\Downloads
2008-08-28 00:01 . 2008-09-10 20:50   <DIR>   dr-------   C:\Users\Aga\Documents
2008-08-28 00:01 . 2006-11-02 14:37   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Media Center Programs
2008-08-28 00:01 . 2008-08-28 00:01   <DIR>   d--------   C:\Users\Aga\AppData\Roaming\Dell
2008-08-28 00:01 . 2008-08-28 00:01   <DIR>   d--h-----   C:\Users\Aga\AppData
2008-08-28 00:01 . 2008-09-07 17:01   <DIR>   d--------   C:\Users\Aga
2008-08-27 23:58 . 2008-08-27 23:58   <DIR>   dr-------   C:\Windows\System32\config\systemprofile\Contacts
2008-08-22 01:46 . 2008-08-22 01:46   <DIR>   d--------   C:\Program Files\DellTPad
2008-08-22 01:44 . 2008-08-22 01:44   2,032,128   --a------   C:\Windows\System32\win32k.sys
2008-08-22 01:44 . 2008-08-22 01:44   885,248   --a------   C:\Windows\System32\RacEngn.dll
2008-08-22 01:44 . 2008-08-22 01:44   295,936   --a------   C:\Windows\System32\gdi32.dll
2008-08-22 01:44 . 2008-08-22 01:44   9,127   --a------   C:\Windows\System32\RacUR.xml
2008-08-22 01:44 . 2008-08-22 01:44   153   --a------   C:\Windows\System32\RacUREx.xml
2008-08-22 01:39 . 2008-08-22 01:39   <DIR>   d--------   C:\doctemp
2008-08-22 01:39 . 2008-08-22 01:39   5,069   --a------   C:\Windows\System32\drivers\1028_Dell_INS_1525.mrk
2008-08-22 01:37 . 2008-08-22 01:37   <DIR>   d--------   C:\Windows\System32\oem
2008-08-22 01:37 . 2008-08-22 01:40   <DIR>   d--------   C:\Drivers
2008-08-22 01:37 . 2008-08-28 09:10   <DIR>   d--------   C:\DELL
2008-08-21 17:53 . 2008-09-12 22:07   836   --a------   C:\Windows\bthservsdp.dat
2008-08-21 17:52 . 2008-08-21 17:52   <DIR>   d--------   C:\Program Files\Sigmatel
2008-08-21 17:52 . 2008-08-21 17:52   <DIR>   d--------   C:\Program Files\CONEXANT
2008-08-21 17:52 . 2007-11-12 13:07   4,947,968   --a------   C:\Windows\System32\stacgui.cpl
2008-08-21 17:52 . 2007-11-12 13:07   1,601,536   --a------   C:\Windows\System32\stlang.dll
2008-08-21 17:52 . 2007-11-12 13:07   647,168   --a------   C:\Windows\System32\aestecap.dll
2008-08-21 17:52 . 2007-11-12 13:07   131,072   --a------   C:\Windows\System32\aestacap.dll
2008-08-21 17:52 . 2007-11-12 13:07   102,400   --a------   C:\Windows\System32\stacsv.exe
2008-08-21 17:52 . 2007-11-12 13:07   73,728   ---------   C:\Windows\System32\AEstSrv.exe
2008-08-21 17:52 . 2007-11-12 13:07   53,248   --a------   C:\Windows\System32\aestaren.dll
2008-08-21 17:52 . 2008-08-21 17:52   0   --ah-----   C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-08-21 16:35 . 2008-03-06 09:58   172,032   --a------   C:\Windows\System32\igfxres.dll
2008-08-21 16:27 . 2008-08-21 16:27   <DIR>   d--------   C:\Program Files\Tiscali
2008-08-21 16:23 . 2008-08-21 16:23   <DIR>   d--------   C:\Program Files\Citrix
2008-08-21 16:22 . 2008-08-21 16:22   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-08-21 16:21 . 2008-08-21 16:27   <DIR>   d--------   C:\Users\All Users\Dell
2008-08-21 16:21 . 2008-08-21 16:27   <DIR>   d--------   C:\ProgramData\Dell
2008-08-21 16:20 . 2008-09-07 19:45   <DIR>   d--------   C:\Users\All Users\CyberLink
2008-08-21 16:20 . 2008-09-07 19:45   <DIR>   d--------   C:\ProgramData\CyberLink
2008-08-21 16:19 . 2008-08-21 16:19   <DIR>   d--------   C:\Users\All Users\SupportSoft
2008-08-21 16:19 . 2008-08-21 16:19   <DIR>   d--------   C:\ProgramData\SupportSoft
2008-08-21 16:19 . 2008-08-21 16:19   <DIR>   d--------   C:\Program Files\Dell Support Center
2008-08-21 16:19 . 2008-09-07 19:45   <DIR>   d--------   C:\Program Files\CyberLink
2008-08-21 16:19 . 2008-08-21 16:19   <DIR>   d--------   C:\Program Files\Common Files\supportsoft
2008-08-21 16:19 . 2007-10-30 11:21   1,047,552   --a------   C:\Windows\System32\MFC71u.dll
2008-08-21 16:19 . 2007-10-30 11:21   89,088   --a------   C:\Windows\System32\atl71.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 17:11   ---------   d-----w   C:\Program Files\Windows Mail
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Templates
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Start Menu
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Favorites
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Documents
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Desktop
2008-08-27 21:58   ---------   d-sh--w   C:\ProgramData\Application Data
2008-08-21 23:46   428,544   ----a-w   C:\Windows\System32\EncDec.dll
2008-08-21 23:46   293,376   ----a-w   C:\Windows\System32\psisdecd.dll
2008-08-21 23:42   28,728   ------w   C:\Windows\system32\drivers\msahci.sys
2008-08-21 23:42   21,560   ----a-w   C:\Windows\system32\drivers\atapi.sys
2008-07-31 03:32   460,288   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32   2,154,496   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-06-27 04:15   827,392   ----a-w   C:\Windows\System32\wininet.dll
2008-06-23 12:45   94,208   ----a-w   C:\Windows\System32\mdmxsdk.dll
2008-06-23 12:45   237,568   ----a-w   C:\Windows\System32\UCI32M29.dll
2008-01-21 02:43   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 68856]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-21 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-21 16:23 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3BA88094-B095-4B6E-BC5D-4FA02B386C3F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{BB3BE658-41E3-475F-8960-58F0DEEAC971}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{CFFC9D5D-67AF-4899-9F00-49B1B98C67E0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{ED587F5D-7E9E-417D-967C-9D650060D44E}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{C46D4AED-CB7E-496D-953F-5959F4C23A8B}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D5E7775B-4C58-4609-BE37-883C4D3DDB91}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1E560444-9724-47FD-B1E7-E0358874008E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A92ADEC8-03E4-4914-9DCA-D06F9EE23CA3}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{40C8A4D2-D1E2-484F-82BD-D905151C850A}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{DBA9CCA8-B008-4E97-98EB-E2DA028F33C8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{96EB00FD-FF46-48C7-A62E-9D39E77E6206}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DABCBC2D-89D2-4F72-B4B8-EB844C9A0424}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{14F8E8DD-C45F-40FA-A2C6-754D05FCADD2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F74EDA5E-79C3-4A83-B241-340176151A7E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{10B1B77B-AA26-434C-AF95-4051756A1A30}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{10F71914-2D5E-4909-AEC3-99CA5AD325F2}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{27CAB995-E40E-4422-B11B-18CADB2832AF}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\lmgqljx4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 14:51:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-13 14:53:19
ComboFix-quarantined-files.txt  2008-09-13 12:52:39

Pre-Run: 253,056,888,832 bytes free
Post-Run: 253,542,158,336 bytes free

258   --- E O F ---   2008-09-10 08:05:59


a do tego DataAdvisor potrzebna jest dyskietka? bo ja nie mam wejscia na dyskietki..


Edit by Mike013
Następnym razem wstawiaj logi w tagi [code]