Restart–problem ze sprzętem
Czołem! jest to mój pierwszy post, zatem sorki za jakieś niejasności jeśli takie nastąpią.Mam problem z kompem,często sie restartuje:co najmniej 2–3 razy dziennie.Zdarza sie nawet źe 3 razy w ciągu 10–ciu min.Robiłem mu test "Debugging tools for windows" i wykazało mi:
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120105–01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the –y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Thu Dec 1 21:57:36.656 2005 (GMT+1)
System Uptime: 0 days 1:27:43.238
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the –y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...................................................................................................................
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze –v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Followup: MachineOwner
–––––––––
Wychodzi na to źe mam problem ze sprzętem,ale jaki? Jak to moge sprawdzić!!!!! Problemy zaczeły sie po podłączeniu internetu około miesiąca temu,a wcześniej wszystko było ok..Przez pierwszy dzień pracy z internetem nie miałem antywirusa i krochę koni zagnieździło sie mi na kompie,wiec wgrałem mu na nowo windowsa,tylko ze zainstalowałem mu 2 systemy na partycji C.Usunołem jeden,ale kiedy komp sie uruchamia (po chwilowym wyświetleniu komunikatu biosu)wyświetla się komunikat źe windows czytany jest z boot.int i po chwili sie uruchamia.Moźe to jest przyczyną restartów,w co wątpię,będę wdzięczny za jakąkolwiek odp.i prosze o pomoc.
Parametry kompa:
proc. Celeron D325 2.53GHz
pamięć DDR 256MB/PC400
HDD WD 80 GB 7200
MB ABIT VT7 VIA PT880
Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini120105–01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the –y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Thu Dec 1 21:57:36.656 2005 (GMT+1)
System Uptime: 0 days 1:27:43.238
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the –y argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...................................................................................................................
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze –v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Followup: MachineOwner
–––––––––
Wychodzi na to źe mam problem ze sprzętem,ale jaki? Jak to moge sprawdzić!!!!! Problemy zaczeły sie po podłączeniu internetu około miesiąca temu,a wcześniej wszystko było ok..Przez pierwszy dzień pracy z internetem nie miałem antywirusa i krochę koni zagnieździło sie mi na kompie,wiec wgrałem mu na nowo windowsa,tylko ze zainstalowałem mu 2 systemy na partycji C.Usunołem jeden,ale kiedy komp sie uruchamia (po chwilowym wyświetleniu komunikatu biosu)wyświetla się komunikat źe windows czytany jest z boot.int i po chwili sie uruchamia.Moźe to jest przyczyną restartów,w co wątpię,będę wdzięczny za jakąkolwiek odp.i prosze o pomoc.
Parametry kompa:
proc. Celeron D325 2.53GHz
pamięć DDR 256MB/PC400
HDD WD 80 GB 7200
MB ABIT VT7 VIA PT880
Odpowiedzi: 7
Czołem!!To znowu ja.Kilka minut temu znowu komp mi się zrestartował i po uruchomieniu kompa nic mi się nie wyświetliło,źaden komunikat,moźe powinienem zrobić mu ponownie "Debugging tools for windows" bo nic juź nie rozumiem.Jeszcze chciełbym cię zapytać ,bo mam windows xp SP2 z antywirusem ArcaVir–nie wykrył źadnego wirusa, ściągnąłem Ad–aware(ale angielskie)i zrobiłem nim scan,wyświetliło mi coś takiego–jest to "scan log"Ad–aware(nie mogłem skopiować "Critital Objects" i"Negligible Objects").Moźe Ty coś z tego lepiej rozumiesz?Sorrki źe jestem taki natrętny w tych pytaniach!!!!!
Ad–Aware SE Build 1.06r1
Logfile Created on:2 grudnia 2005 13:53:16
Created with Ad–Aware SE Personal, free for private use.
Using definitions file:SE1R77 30.11.2005
References detected during the scan:
DyFuCA(TAC index:3):6 total references
MRU List(TAC index:0):24 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):12 total references
Ad–Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep–scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad–Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad–Aware settings in log file
Set : Include additional Ad–Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2005–12–02 13:53:16 – Scan started. (Smart mode)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 2005–12–02 12:40:05
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 612
ThreadCreationTime : 2005–12–02 12:40:07
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 636
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : High
#:4 [services.exe]
FilePath : C:\windows\system32\
ProcessID : 680
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Usługi i aplikacja Kontroler
InternalName : services.exe
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\windows\system32\
ProcessID : 700
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\windows\System32\
ProcessID : 856
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 868
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 948
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1040
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1088
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1180
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : C:\windows\system32\
ProcessID : 1452
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610–1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [ati2evxx.exe]
FilePath : C:\windows\system32\
ProcessID : 1532
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
#:14 [explorer.exe]
FilePath : C:\windows\
ProcessID : 1604
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Eksplorator Windows
InternalName : explorer
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : EXPLORER.EXE
#:15 [ikeymain.exe]
FilePath : C:\PROGRA~1\WIRELE~1\Keyboard\
ProcessID : 1784
ThreadCreationTime : 2005–12–02 12:40:12
BasePriority : Normal
FileVersion : 6.08.00.00
ProductVersion : 6.08.00.00
ProductName : A4Tech iKeyWorks Software
CompanyName : A4Tech Co.,Ltd.
FileDescription : IKeymain.exe
InternalName : Ikeymain.exe
LegalCopyright : Copyright A4Tech Co.,Ltd. 2000–2001
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Ikeymain.exe
Comments : A4Tech iKeyWorks Software
#:16 [amoumain.exe]
FilePath : C:\PROGRA~1\WIRELE~1\Mouse\
ProcessID : 1792
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 7.38.0.6
ProductVersion : 7.38.0.6
ProductName : A4Tech iWheelWorks Mouse Driver
CompanyName : A4Tech Co.,Ltd.
FileDescription : Amoumain
InternalName : Amoumain
LegalCopyright : Copyright A4Tech Co.,Ltd. 1999–2001
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Amoumain.exe
Comments : A4Tech iWheelWorks Mouse Driver
#:17 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1828
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 6.14.10.5090
ProductVersion : 6.14.10.5090
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998–2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:18 [soundman.exe]
FilePath : C:\windows\
ProcessID : 1836
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 5.1.10
ProductVersion : 5.1.10
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001–2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:19 [abmenu.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 1844
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir Tray
CompanyName : ArcaBit
FileDescription : ArcaVir Tray
InternalName : ABMenu
LegalCopyright : Copyright (C) 1997
OriginalFilename : ABMenu.exe
#:20 [abregmon.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 1872
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Registry Monitor
CompanyName : ArcaBit
FileDescription : Registry Monitor
InternalName : Registry Monitor
LegalCopyright : Copyright (C) 2005
OriginalFilename : Registry Monitor
#:21 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_05\bin\
ProcessID : 1952
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
#:22 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1964
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
#:23 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett–Packard\HP Software Update\
ProcessID : 1976
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett–Packard hpwuSchd
CompanyName : Hewlett–Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright 2003
OriginalFilename : hpwuSchd.exe
#:24 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 1992
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett–Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett–Packard. 2002–2003
OriginalFilename : HPCmpMgr.exe
#:25 [hpztsb09.exe]
FilePath : C:\windows\System32\spool\drivers\w32x86\3\
ProcessID : 2000
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 2.236.2.0
ProductVersion : 2.236.2.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett–Packard Company 1999–2003
#:26 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett–Packard\Digital Imaging\bin\
ProcessID : 2040
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett–Packard hpotdd01
CompanyName : Hewlett–Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright 2002
OriginalFilename : hpotdd01.exe
#:27 [sacc.exe]
FilePath : C:\Program Files\SurfAccuracy\
ProcessID : 128
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SAcc Application
InternalName : SAcc
LegalCopyright : Copyright (C) 2004
OriginalFilename : SAcc.EXE
#:28 [ctfmon.exe]
FilePath : C:\windows\system32\
ProcessID : 192
ThreadCreationTime : 2005–12–02 12:40:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:29 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 200
ThreadCreationTime : 2005–12–02 12:40:15
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:30 [netmonsv.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 588
ThreadCreationTime : 2005–12–02 12:40:19
BasePriority : Normal
FileVersion : 1, 2, 0, 1
ProductVersion : 1, 2, 0, 1
ProductName : ArcaBit Net Monitor
CompanyName : ArcaBit sp. z o.o.
FileDescription : NetMonSV
InternalName : NetMonSV
LegalCopyright : Copyright 2004
OriginalFilename : NetMonSV.exe
Comments : Kontroluje dane przesyłane przez TCP/IP.
#:31 [avmonsv.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 604
ThreadCreationTime : 2005–12–02 12:40:19
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir
CompanyName : ArcaBit
FileDescription : ArcaVir Antivirus Monitor
InternalName : ArcaVir Monitor Service
LegalCopyright : Copyright (C) 2005
OriginalFilename : ArcaVir Monitor Service
#:32 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1148
ThreadCreationTime : 2005–12–02 12:40:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [alg.exe]
FilePath : C:\windows\System32\
ProcessID : 2504
ThreadCreationTime : 2005–12–02 12:40:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:34 [arcascan.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 2616
ThreadCreationTime : 2005–12–02 12:40:34
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaBit Scanner Component
CompanyName : ArcaBit
FileDescription : ArcaBit Scanner Component
InternalName : ArcaScan
LegalCopyright : Copyright 2004
OriginalFilename : ArcaScan.exe
#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2864
ThreadCreationTime : 2005–12–02 12:41:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : IEXPLORE.EXE
#:36 [ad–aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad–Aware SE Personal\
ProcessID : 3284
ThreadCreationTime : 2005–12–02 12:43:23
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad–Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad–Aware SE Core application
InternalName : Ad–Aware.exe
LegalCopyright : Copyright Lavasoft AB Sweden
OriginalFilename : Ad–Aware.exe
Comments : All Rights Reserved
Memory scan result:
New critical objects: 0
Objects found so far: 0
Started registry scan
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : InstallDate
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : account_id
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : config
Registry Scan result:
New critical objects: 4
Objects found so far: 4
Started deep registry scan
Deep registry scan result:
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:justyna@mediaplex.com/
Expires : 2009–06–22 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:justyna@adtech.de/
Expires : 2015–11–28 17:03:02
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:46
Value : Cookie:justyna@casalemedia.com/
Expires : 2006–11–21 17:51:44
LastSync : Hits:46
UseCount : 0
Hits : 46
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@cgi–bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:justyna@imrworldwide.com/cgi–bin
Expires : 2015–11–27 16:33:12
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@please[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:justyna@ad2.pl.mediainter.net/please/
Expires : 2006–10–31 08:51:56
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@trafic[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:justyna@trafic.ro/
Expires : 2037–01–11 15:00:00
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@as–us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:89
Value : Cookie:justyna@as–us.falkag.net/
Expires : 2006–11–30 22:03:28
LastSync : Hits:89
UseCount : 0
Hits : 89
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:justyna@tribalfusion.com/
Expires : 2038–01–01 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:justyna@fastclick.net/
Expires : 2007–11–30 22:03:10
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:justyna@revenue.net/
Expires : 2022–06–10 06:05:42
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:justyna@tradedoubler.com/
Expires : 2025–11–27 09:40:30
LastSync : Hits:24
UseCount : 0
Hits : 24
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:justyna@doubleclick.net/
Expires : 2008–11–29 21:35:42
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking cookie scan result:
New critical objects: 12
Objects found so far: 16
Deep scanning and examining files...
Disk Scan Result for C:\windows
New critical objects: 0
Objects found so far: 16
Disk Scan Result for C:\windows\system32
New critical objects: 0
Objects found so far: 16
Disk Scan Result for C:\DOCUME~1\Justyna\USTAWI~1\Temp\
New critical objects: 0
Objects found so far: 16
Scanning Hosts file......
Hosts file location:"C:\windows\system32\drivers\etc\hosts".
Hosts file scan result:
3 entries scanned.
New critical objects:0
Objects found so far: 16
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Onet.pl – Polski Portal Internetowy.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://www.onet.pl/
Object : C:\Documents and Settings\Justyna\Ulubione\
MRU List Object Recognized!
Location: : C:\Documents and Settings\Justyna\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap–ins used in the microsoft management console
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S–1–5–18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : C:\Program Files\Power Scan
DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : C:\Program Files\ISTsvc
Conditional scan result:
New critical objects: 2
Objects found so far: 43
13:54:57 Scan Complete
Summary Of This Scan
Total scanning time:00:01:40.828
Objects scanned:65752
Objects identified:19
Objects ignored:0
New critical objects:19
Ad–Aware SE Build 1.06r1
Logfile Created on:2 grudnia 2005 13:53:16
Created with Ad–Aware SE Personal, free for private use.
Using definitions file:SE1R77 30.11.2005
References detected during the scan:
DyFuCA(TAC index:3):6 total references
MRU List(TAC index:0):24 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):12 total references
Ad–Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep–scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad–Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad–Aware settings in log file
Set : Include additional Ad–Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2005–12–02 13:53:16 – Scan started. (Smart mode)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 2005–12–02 12:40:05
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 612
ThreadCreationTime : 2005–12–02 12:40:07
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 636
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : High
#:4 [services.exe]
FilePath : C:\windows\system32\
ProcessID : 680
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Usługi i aplikacja Kontroler
InternalName : services.exe
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\windows\system32\
ProcessID : 700
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\windows\System32\
ProcessID : 856
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 868
ThreadCreationTime : 2005–12–02 12:40:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 948
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1040
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1088
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1180
ThreadCreationTime : 2005–12–02 12:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : C:\windows\system32\
ProcessID : 1452
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610–1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [ati2evxx.exe]
FilePath : C:\windows\system32\
ProcessID : 1532
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
#:14 [explorer.exe]
FilePath : C:\windows\
ProcessID : 1604
ThreadCreationTime : 2005–12–02 12:40:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Eksplorator Windows
InternalName : explorer
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : EXPLORER.EXE
#:15 [ikeymain.exe]
FilePath : C:\PROGRA~1\WIRELE~1\Keyboard\
ProcessID : 1784
ThreadCreationTime : 2005–12–02 12:40:12
BasePriority : Normal
FileVersion : 6.08.00.00
ProductVersion : 6.08.00.00
ProductName : A4Tech iKeyWorks Software
CompanyName : A4Tech Co.,Ltd.
FileDescription : IKeymain.exe
InternalName : Ikeymain.exe
LegalCopyright : Copyright A4Tech Co.,Ltd. 2000–2001
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Ikeymain.exe
Comments : A4Tech iKeyWorks Software
#:16 [amoumain.exe]
FilePath : C:\PROGRA~1\WIRELE~1\Mouse\
ProcessID : 1792
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 7.38.0.6
ProductVersion : 7.38.0.6
ProductName : A4Tech iWheelWorks Mouse Driver
CompanyName : A4Tech Co.,Ltd.
FileDescription : Amoumain
InternalName : Amoumain
LegalCopyright : Copyright A4Tech Co.,Ltd. 1999–2001
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Amoumain.exe
Comments : A4Tech iWheelWorks Mouse Driver
#:17 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1828
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 6.14.10.5090
ProductVersion : 6.14.10.5090
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998–2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:18 [soundman.exe]
FilePath : C:\windows\
ProcessID : 1836
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 5.1.10
ProductVersion : 5.1.10
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001–2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:19 [abmenu.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 1844
ThreadCreationTime : 2005–12–02 12:40:13
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir Tray
CompanyName : ArcaBit
FileDescription : ArcaVir Tray
InternalName : ABMenu
LegalCopyright : Copyright (C) 1997
OriginalFilename : ABMenu.exe
#:20 [abregmon.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 1872
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Registry Monitor
CompanyName : ArcaBit
FileDescription : Registry Monitor
InternalName : Registry Monitor
LegalCopyright : Copyright (C) 2005
OriginalFilename : Registry Monitor
#:21 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_05\bin\
ProcessID : 1952
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
#:22 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1964
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
#:23 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett–Packard\HP Software Update\
ProcessID : 1976
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett–Packard hpwuSchd
CompanyName : Hewlett–Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright 2003
OriginalFilename : hpwuSchd.exe
#:24 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 1992
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett–Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett–Packard. 2002–2003
OriginalFilename : HPCmpMgr.exe
#:25 [hpztsb09.exe]
FilePath : C:\windows\System32\spool\drivers\w32x86\3\
ProcessID : 2000
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 2.236.2.0
ProductVersion : 2.236.2.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett–Packard Company 1999–2003
#:26 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett–Packard\Digital Imaging\bin\
ProcessID : 2040
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett–Packard hpotdd01
CompanyName : Hewlett–Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright 2002
OriginalFilename : hpotdd01.exe
#:27 [sacc.exe]
FilePath : C:\Program Files\SurfAccuracy\
ProcessID : 128
ThreadCreationTime : 2005–12–02 12:40:14
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SAcc Application
InternalName : SAcc
LegalCopyright : Copyright (C) 2004
OriginalFilename : SAcc.EXE
#:28 [ctfmon.exe]
FilePath : C:\windows\system32\
ProcessID : 192
ThreadCreationTime : 2005–12–02 12:40:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:29 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 200
ThreadCreationTime : 2005–12–02 12:40:15
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:30 [netmonsv.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 588
ThreadCreationTime : 2005–12–02 12:40:19
BasePriority : Normal
FileVersion : 1, 2, 0, 1
ProductVersion : 1, 2, 0, 1
ProductName : ArcaBit Net Monitor
CompanyName : ArcaBit sp. z o.o.
FileDescription : NetMonSV
InternalName : NetMonSV
LegalCopyright : Copyright 2004
OriginalFilename : NetMonSV.exe
Comments : Kontroluje dane przesyłane przez TCP/IP.
#:31 [avmonsv.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 604
ThreadCreationTime : 2005–12–02 12:40:19
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir
CompanyName : ArcaBit
FileDescription : ArcaVir Antivirus Monitor
InternalName : ArcaVir Monitor Service
LegalCopyright : Copyright (C) 2005
OriginalFilename : ArcaVir Monitor Service
#:32 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1148
ThreadCreationTime : 2005–12–02 12:40:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [alg.exe]
FilePath : C:\windows\System32\
ProcessID : 2504
ThreadCreationTime : 2005–12–02 12:40:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:34 [arcascan.exe]
FilePath : C:\Program Files\ArcaVir\Bin\
ProcessID : 2616
ThreadCreationTime : 2005–12–02 12:40:34
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaBit Scanner Component
CompanyName : ArcaBit
FileDescription : ArcaBit Scanner Component
InternalName : ArcaScan
LegalCopyright : Copyright 2004
OriginalFilename : ArcaScan.exe
#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2864
ThreadCreationTime : 2005–12–02 12:41:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803–2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Microsoft Corporation. Wszelkie prawa zastrzeźone.
OriginalFilename : IEXPLORE.EXE
#:36 [ad–aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad–Aware SE Personal\
ProcessID : 3284
ThreadCreationTime : 2005–12–02 12:43:23
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad–Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad–Aware SE Core application
InternalName : Ad–Aware.exe
LegalCopyright : Copyright Lavasoft AB Sweden
OriginalFilename : Ad–Aware.exe
Comments : All Rights Reserved
Memory scan result:
New critical objects: 0
Objects found so far: 0
Started registry scan
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : InstallDate
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : account_id
DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S–1–5–21–1177238915–764733703–725345543–1003\software\ist
Value : config
Registry Scan result:
New critical objects: 4
Objects found so far: 4
Started deep registry scan
Deep registry scan result:
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:justyna@mediaplex.com/
Expires : 2009–06–22 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:justyna@adtech.de/
Expires : 2015–11–28 17:03:02
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:46
Value : Cookie:justyna@casalemedia.com/
Expires : 2006–11–21 17:51:44
LastSync : Hits:46
UseCount : 0
Hits : 46
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@cgi–bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:justyna@imrworldwide.com/cgi–bin
Expires : 2015–11–27 16:33:12
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@please[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:justyna@ad2.pl.mediainter.net/please/
Expires : 2006–10–31 08:51:56
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@trafic[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:justyna@trafic.ro/
Expires : 2037–01–11 15:00:00
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@as–us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:89
Value : Cookie:justyna@as–us.falkag.net/
Expires : 2006–11–30 22:03:28
LastSync : Hits:89
UseCount : 0
Hits : 89
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:justyna@tribalfusion.com/
Expires : 2038–01–01 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:justyna@fastclick.net/
Expires : 2007–11–30 22:03:10
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:justyna@revenue.net/
Expires : 2022–06–10 06:05:42
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:justyna@tradedoubler.com/
Expires : 2025–11–27 09:40:30
LastSync : Hits:24
UseCount : 0
Hits : 24
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justyna@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:justyna@doubleclick.net/
Expires : 2008–11–29 21:35:42
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking cookie scan result:
New critical objects: 12
Objects found so far: 16
Deep scanning and examining files...
Disk Scan Result for C:\windows
New critical objects: 0
Objects found so far: 16
Disk Scan Result for C:\windows\system32
New critical objects: 0
Objects found so far: 16
Disk Scan Result for C:\DOCUME~1\Justyna\USTAWI~1\Temp\
New critical objects: 0
Objects found so far: 16
Scanning Hosts file......
Hosts file location:"C:\windows\system32\drivers\etc\hosts".
Hosts file scan result:
3 entries scanned.
New critical objects:0
Objects found so far: 16
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Onet.pl – Polski Portal Internetowy.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://www.onet.pl/
Object : C:\Documents and Settings\Justyna\Ulubione\
MRU List Object Recognized!
Location: : C:\Documents and Settings\Justyna\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap–ins used in the microsoft management console
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S–1–5–18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S–1–5–21–1177238915–764733703–725345543–1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : C:\Program Files\Power Scan
DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : C:\Program Files\ISTsvc
Conditional scan result:
New critical objects: 2
Objects found so far: 43
13:54:57 Scan Complete
Summary Of This Scan
Total scanning time:00:01:40.828
Objects scanned:65752
Objects identified:19
Objects ignored:0
New critical objects:19
Proszę :)
Jak go znajdziesz to na sybir wyślij ;)
Jak go znajdziesz to na sybir wyślij ;)
Zatem,pozostaje mi cierpliwie czekać.A jak znajdę winowajcę awarii to napewno się odezwę,naprawde wielkie dzięki!
to wszystko – teraz juź tylko czekać cierpliwie musisz – sygantura to jakieś 0x000000xx i zaraz potem pojawić się moze nazwa pliku coś typu xxx.sys czy podobnie ( niestety nei zawsze tak się dzieje ).
Jeźlei juź będzieszm iał tę sygnaturę to i opisy znajdziesz, a jeźlei i nazwę to duźo prościej ustalić ktory to sterownik – jeźeli o niego chodzi – jest winowajcą.
Jeźlei juź będzieszm iał tę sygnaturę to i opisy znajdziesz, a jeźlei i nazwę to duźo prościej ustalić ktory to sterownik – jeźeli o niego chodzi – jest winowajcą.
Mam jeszcze pytanko:odptaszyłem "Automatycznie uruchom ponownie" w mój komputer – zaawansowane – uruchamianie i odzyskiwanie i to wystarczy? co mam rozumieć przez to:
w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
poniewaź odptaszyłem "Automatycznie uruchom ponownie" i co dalej,bo nie pokazał sie BSOD,czy moźe ma się on pokazać przy kolejnym restarcie,awrii.A jak sie pokaze z informacją o błędzie kóry system "podejrzewa" o jego powodowanie to co musze zrobić.Sorrki za tak moźe głupie pytanka ale chciałbym zaczerpnąć trochę informacji.Dzięki
w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
poniewaź odptaszyłem "Automatycznie uruchom ponownie" i co dalej,bo nie pokazał sie BSOD,czy moźe ma się on pokazać przy kolejnym restarcie,awrii.A jak sie pokaze z informacją o błędzie kóry system "podejrzewa" o jego powodowanie to co musze zrobić.Sorrki za tak moźe głupie pytanka ale chciałbym zaczerpnąć trochę informacji.Dzięki
Właśie chyba mam ten sam problem co T–omek ze:"System odzyskał sprawność po powaźnym błędzie"spróbuje zrobić to co ty tam napisałeś:
Wyłacz "automatyczny ponowny rozruch – mój komputer – zaawansowane – uruchamianie i odzyskiwanie – w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
Wielki dzięki za pomoc !!!!!!
Wyłacz "automatyczny ponowny rozruch – mój komputer – zaawansowane – uruchamianie i odzyskiwanie – w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
Wielki dzięki za pomoc !!!!!!
Właśie chyba mam ten sam problem co T–omek ze:"System odzyskał sprawność po powaźnym błędzie"spróbuje zrobić to co ty tam napisałeś:
Wyłacz "automatyczny ponowny rozruch – mój komputer – zaawansowane – uruchamianie i odzyskiwanie – w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
Wielki dzięki za pomoc !!!!!!
Wyłacz "automatyczny ponowny rozruch – mój komputer – zaawansowane – uruchamianie i odzyskiwanie – w wypadku awarii .... "odptaszyć" – pokaźe sie BSOD z pęłną sygnaturą błędu – numer i nazwa oraz ew. pliku, kóry system "podejrzewa" o jego powodowanie.
Wielki dzięki za pomoc !!!!!!
Strona 1 / 1