
DRIVER_IRQL_NOT_LESS_OR_EQUAL
STOP : 0x000000D1 (0x00000000, 0x00000002, 0x00000001, 0xF9B53C3E)
procesrr.sys - Address F9B53C3E base at F9B52000, DateStamp 3b7d8320
Co robic?:/
Stop 0x0000000A lub IRQL_NOT_LESS_OR_EQUAL
Proces lub sterownik trybu jądra próbował uzyskać dostęp do obszaru pamięci bez
autoryzacji. Ten błąd Stop zazwyczaj powodowany jest przez uszkodzone lub niekompatybilne urządzenie albo oprogramowanie. Nazwa będącego sprawcą sterownika urządzenia często ukazuje się w komunikacie o błędzie Stop i może dostarczyć ważnych wskazówek do rozwiązania problemu.
Arrow Rozwiązanie: Jeżeli komunikat wskazuje na konkretne urządzenie lub kategorię urządzeń, spróbuj usunąć lub wymienić urządzenia z tej kategorii. Jeżeli ten komunikat błędu Stop pojawi się podczas instalacji lub procedury aktualizacji systemu, możesz podejrzewać niekompatybilny sterownik, usługę systemową, skaner wirusów, program do wypalanie płyt CD lub program do tworzenia kopii zapasowych. Jeśli błąd pojawia się np. po dodaniu nowej karty rozszerzeń, należy usunąć kartę i sprawdzić czy BSOD nadal się pojawia. Rozwiązaniem może być także instalacja najnowszych sterowników kompatybilnych z WinXP.
gramm4fun napisał(a):miesiac mialem taki blad ale dzieki pomocy kolegi go wyeliminowalem, okazalo sie ze mialem trojana w procesie svchost.exe
jestem zielony w tych tematach...
gramm4fun napisał(a):a dzis zaczal mi sie resetowac, wina dysku, czy wina sterow?
okocza napisał(a):Jeżeli komunikat wskazuje na konkretne urządzenie lub kategorię urządzeń, spróbuj usunąć lub wymienić urządzenia z tej kategorii.
ComboFix 08-06-05.3 - Hubert 2008-06-06 15:54:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.92 [GMT 2:00]
Running from: C:\Documents and Settings\Hubert\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-06 15:53 . 2008-06-06 15:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\VIAhm
2008-06-04 17:56 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-04 17:56 . 2000-03-23 10:46 11,182 --a------ C:\WINDOWS\system32\drivers\hmnt.sys
2008-06-04 17:49 . 2008-06-04 18:33 <DIR> d-------- C:\WINDOWS\nview
2008-06-04 17:49 . 2008-06-04 17:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-04 17:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-04 17:49 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-04 17:49 . 2008-06-06 15:38 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-04 17:49 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 17:48 . 2008-06-04 17:48 <DIR> d-------- C:\NVIDIA
2008-06-04 16:00 . 2008-06-04 16:00 <DIR> dr-h----- C:\Documents and Settings\Hubert\Dane aplikacji\SecuROM
2008-06-04 16:00 . 2008-06-04 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 15:50 . 2008-06-04 15:52 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-04 15:49 . 2008-06-04 15:49 <DIR> d--h----- C:\Documents and Settings\Hubert\InstallAnywhere
2008-06-04 15:29 . 2008-06-04 15:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-04 15:29 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\D-Tools
2008-06-04 15:29 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-04 15:29 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Sports Interactive
2008-06-04 01:33 . 2008-06-04 01:33 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-04 00:08 . 2008-06-04 00:08 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\GanymedeNet
2008-06-04 00:08 . 2008-06-04 00:08 4 --a------ C:\WINDOWS\system32\proc-1278289914.bin
2008-06-03 23:57 . 2008-06-04 00:08 1,660 --a------ C:\WINDOWS\mozver.dat
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 23:25 . 2008-06-03 23:25 <DIR> d-------- C:\Program Files\Winamp
2008-06-03 23:25 . 2008-06-06 15:48 132 --a------ C:\WINDOWS\winamp.ini
2008-06-03 21:47 . 2001-08-18 07:24 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-03 21:47 . 2001-10-26 18:30 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-06-03 21:47 . 2001-10-26 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-03 21:47 . 2001-08-17 23:01 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-06-03 21:47 . 2001-08-17 21:20 35,200 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-06-03 21:47 . 2001-08-17 22:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-03 21:47 . 2001-08-17 21:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-03 21:47 . 2001-10-26 18:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-06-03 21:45 . 2008-06-04 18:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-06-03 21:45 . 2008-06-03 20:50 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-06-03 21:45 . 2008-06-04 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-06-03 21:45 . 2008-06-03 20:58 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-06-03 21:45 . 2008-06-04 14:00 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-06-03 21:44 . 2008-06-03 20:54 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-03 21:44 . 2008-06-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-03 21:44 . 2008-06-03 20:59 <DIR> d-------- C:\Documents and Settings
2008-06-03 21:19 . 2008-06-03 21:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-03 21:13 . 2008-06-03 21:13 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Gadu-Gadu
2008-06-03 21:12 . 2008-06-03 21:12 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Documents and Settings\Hubert\Gadu-Gadu
2008-06-03 21:05 . 2004-06-04 14:35 135,168 -ra------ C:\WINDOWS\UNDPX2K.exe
2008-06-03 21:05 . 2004-06-04 14:34 53,693 -ra------ C:\WINDOWS\UNDPX2K.sys
2008-06-03 21:05 . 2004-06-10 18:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2K.sys
2008-06-03 21:00 . 2008-06-04 15:29 <DIR> d--hs---- C:\WINDOWS\Installer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 18:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-03 18:53 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 15:55:33
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 15:56:19
ComboFix-quarantined-files.txt 2008-06-06 13:56:14
Pre-Run: 5,950,787,584 bajtów wolnych
Post-Run: 5,954,818,048 bajtów wolnych
117
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:09, on 2008-06-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 2578 bytes
File::
C:\WINDOWS\IsUninst.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
ComboFix 08-06-05.3 - Hubert 2008-06-06 16:06:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.79 [GMT 2:00]
Running from: C:\Documents and Settings\Hubert\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hubert\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\IsUninst.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IsUninst.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-06 16:00 . 2002-01-12 16:30 3,567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2008-06-06 15:53 . 2008-06-06 15:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\VIAhm
2008-06-04 17:56 . 2000-03-23 10:46 11,182 --a------ C:\WINDOWS\system32\drivers\hmnt.sys
2008-06-04 17:49 . 2008-06-04 18:33 <DIR> d-------- C:\WINDOWS\nview
2008-06-04 17:49 . 2008-06-04 17:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-04 17:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-04 17:49 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-04 17:49 . 2008-06-06 15:38 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-04 17:49 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 17:48 . 2008-06-04 17:48 <DIR> d-------- C:\NVIDIA
2008-06-04 16:00 . 2008-06-04 16:00 <DIR> dr-h----- C:\Documents and Settings\Hubert\Dane aplikacji\SecuROM
2008-06-04 16:00 . 2008-06-04 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 15:50 . 2008-06-04 15:52 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-04 15:49 . 2008-06-04 15:49 <DIR> d--h----- C:\Documents and Settings\Hubert\InstallAnywhere
2008-06-04 15:29 . 2008-06-04 15:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-04 15:29 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\D-Tools
2008-06-04 15:29 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-04 15:29 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-04 14:00 . 2008-06-04 14:00 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Sports Interactive
2008-06-04 01:33 . 2008-06-04 01:33 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-04 00:08 . 2008-06-04 00:08 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\GanymedeNet
2008-06-04 00:08 . 2008-06-04 00:08 4 --a------ C:\WINDOWS\system32\proc-1278289914.bin
2008-06-03 23:57 . 2008-06-04 00:08 1,660 --a------ C:\WINDOWS\mozver.dat
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 23:25 . 2008-06-03 23:25 <DIR> d-------- C:\Program Files\Winamp
2008-06-03 23:25 . 2008-06-06 15:48 132 --a------ C:\WINDOWS\winamp.ini
2008-06-03 21:47 . 2001-08-18 07:24 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-03 21:47 . 2001-10-26 18:30 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-06-03 21:47 . 2001-10-26 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-03 21:47 . 2001-08-17 23:01 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-06-03 21:47 . 2001-08-17 21:20 35,200 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-06-03 21:47 . 2001-08-17 22:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-03 21:47 . 2001-08-17 21:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-03 21:47 . 2001-10-26 18:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-06-03 21:45 . 2008-06-06 15:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-06-03 21:45 . 2008-06-03 20:50 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-06-03 21:45 . 2008-06-04 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-06-03 21:45 . 2008-06-03 20:58 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-06-03 21:45 . 2008-06-04 14:00 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-06-03 21:45 . 2008-06-03 21:45 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-06-03 21:44 . 2008-06-03 20:54 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-03 21:44 . 2008-06-03 20:53 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-03 21:44 . 2008-06-03 20:59 <DIR> d-------- C:\Documents and Settings
2008-06-03 21:19 . 2008-06-03 21:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-03 21:13 . 2008-06-03 21:13 <DIR> d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Gadu-Gadu
2008-06-03 21:12 . 2008-06-03 21:12 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Documents and Settings\Hubert\Gadu-Gadu
2008-06-03 21:05 . 2004-06-04 14:35 135,168 -ra------ C:\WINDOWS\UNDPX2K.exe
2008-06-03 21:05 . 2004-06-04 14:34 53,693 -ra------ C:\WINDOWS\UNDPX2K.sys
2008-06-03 21:05 . 2004-06-10 18:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2K.sys
2008-06-03 21:00 . 2008-06-04 15:29 <DIR> d--hs---- C:\WINDOWS\Installer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 18:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-03 18:53 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
R3 PortTalk;PortTalk;C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 16:30]
*Newly Created Service* - CATCHME
*Newly Created Service* - PORTTALK
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:07:43
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 16:08:29
ComboFix-quarantined-files.txt 2008-06-06 14:08:24
ComboFix2.txt 2008-06-06 13:56:20
Pre-Run: 6,079,623,168 bajtów wolnych
Post-Run: 6,071,844,864 bajtów wolnych
127
Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.55 2008.06.06 -
Authentium 5.1.0.4 2008.06.06 -
Avast 4.8.1195.0 2008.06.06 -
AVG 7.5.0.516 2008.06.06 -
BitDefender 7.2 2008.06.06 -
CAT-QuickHeal 9.50 2008.06.06 -
ClamAV 0.92.1 2008.06.06 -
DrWeb 4.44.0.09170 2008.06.06 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5853 2008.06.06 -
Ewido 4.0 2008.06.06 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.06 -
Fortinet 3.14.0.0 2008.06.06 -
GData 2.0.7306.1023 2008.06.06 -
Ikarus T3.1.1.26.0 2008.06.06 -
Kaspersky 7.0.0.125 2008.06.06 -
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.06 -
NOD32v2 3163 2008.06.06 -
Norman 5.80.02 2008.06.06 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.06 -
Rising 20.47.42.00 2008.06.06 -
Sophos 4.30.0 2008.06.06 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.06 -
TheHacker 6.2.92.337 2008.06.06 -
VBA32 3.12.6.7 2008.06.06 -
VirusBuster 4.3.26:9 2008.06.06 -
Webwasher-Gateway 6.6.2 2008.06.06 -
Dodatkowe informacje
File size: 11182 bytes
MD5...: 3d2e4d3184e1e3195c2cbe1951f3fec3
SHA1..: ba19144c516a90c0269f236b7659d5be9dbd404a
SHA256: 876fb0947856e9c47286c175538385edd1aa2c84b4eb91fc0bc91b17db11ff4b
SHA512: 4eccc2085e97dd4dfeb1e2e60239a18b85e6c8bd026a1bb9f721e68f7ed48e5d
9392d546ebef6485ea2c7907ae388503d4369b0b0db2f9f8c63943e94b5c09de
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10452
timedatestamp.....: 0x3817237d (Wed Oct 27 16:08:29 1999)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x400 0xf9c 0x1000 6.18 36ffcd937095860d236f45f4003a368b
.rdata 0x1400 0x115 0x200 2.54 23e107e501a1498d41ba0413336c3138
.data 0x1600 0x68 0x200 0.60 74a0187f6067cd4ee5822f6d489220b5
.edata 0x1800 0x31 0x200 0.39 459391deae518daf4e812ebdac38b290
INIT 0x1a00 0x292 0x400 3.77 6d2bfc3ee611f5f07c081a29360da955
.rsrc 0x1e00 0x430 0x600 2.46 f13007cf21b2093a5061cba812b64ac0
.reloc 0x2400 0x2ac 0x400 2.07 1c346abac275747b9116ba62687ab6b5
( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, RtlInitUnicodeString, IoCreateSymbolicLink, IoCreateDevice, IoDeleteDevice, KeInitializeSpinLock, ExAllocatePoolWithTag, memmove, RtlQueryRegistryValues, ExFreePool, MmMapIoSpace, IoReportResourceUsage, IoDeleteSymbolicLink, MmUnmapIoSpace
> HAL.dll: READ_PORT_USHORT, WRITE_PORT_ULONG, READ_PORT_ULONG, READ_PORT_UCHAR, WRITE_PORT_UCHAR, KfAcquireSpinLock, KeStallExecutionProcessor, KfReleaseSpinLock, HalTranslateBusAddress
( 0 exports )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:27, on 2008-06-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 2578 bytes
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:01, on 2008-06-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Hubert\Pulpit\vcr42free.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 2415 bytes
okocza napisał(a):http://www.programosy.pl/program,hddlife.html
zobacz ten program. on postawi sam diagnozę.
gramm4fun napisał(a):16:14:00 : Waiting of readiness... Drive is ready
16:14:00 : Get passport... Timeout
16:14:00 : Get drive passport: Drive error!
cos nie bardzo chce mi test zrobic
Na samym początku musisz ustawić w Victorii tryb API . Pojawi ci się dysk/dyski . Po inicjacji dysku w programie - Passport , wklej screena z tego odczytu na forum .
okocza napisał(a):skoro nie możesz zainstalować to powiedz jaki jest producent dysku- podam Ci link do programu diagnostycznego od producenta..
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 26 gości