Windows XP-restarty

Witam. Mam problem z Windowsem XP. Od czasu do czasu komp lubi się najpierw na sekundę przyciąć, a potem natychmiast samoistnie zrestartować. Następnie Windows wywala mi komunikat, że system doszedł do sprawności po poważnym błędzie. Po ostatnim restarcie znikneły mi wszystkie ulubione strony z zakładek w Firefoxie. Może coś z logów da się odczytać czy nie mam syfu.

Silent Runners

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"BitTorrent" = ""C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]
"eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Groove GFS Browser Helper"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
  -> {HKLM...CLSID} = "Groove GFS Browser Helper"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
  -> {HKLM...CLSID} = "Groove Folder Synchronization"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
  -> {HKLM...CLSID} = "Groove XML Icon Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
  -> {HKLM...CLSID} = "SABShellExecuteHook Class"
				   \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 42 seconds.
---------- (total run time: 89 seconds)

Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 19:24:38, on 2007-07-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://81.190.193.145/activex/AMC.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Logi są czyste.

Pokaż log z ComboFix.

W czasie skanu wywalało mi komunikat FINDSTR: Szukany ciąg jest za długi.

"Piotrek" - 2007-07-10 20:23:19 - ComboFix 07-07-10.1 - Dodatek Service Pack 2  


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Piotrek\DANEAP~1.\macromedia\Flash Player\#SharedObjects\36RB4G53\www.broadcaster.com
C:\DOCUME~1\Piotrek\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Piotrek\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


(((((((((((((((((((((((((   Files Created from 2007-06-10 to 2007-07-10  )))))))))))))))))))))))))))))))


2007-07-10 20:23	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-07-10 19:01	<DIR>	d--------	C:\!KillBox
2007-07-08 15:36	<DIR>	d--h-----	C:\WINDOWS\PIF
2007-06-27 19:53	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2007-06-27 19:53	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 19:53	<DIR>	d--------	C:\DOCUME~1\Piotrek\DANEAP~1\SUPERAntiSpyware.com
2007-06-27 19:53	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\DANEAP~1\SUPERAntiSpyware.com
2007-06-25 21:27	73,728	--a------	C:\WINDOWS\ALCFDRTM.EXE
2007-06-21 15:53	<DIR>	d--------	C:\Program Files\OziExplorer
2007-06-20 21:13	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2007-06-20 20:59	<DIR>	d--------	C:\Program Files\Axis Communications
2007-06-20 13:49	<DIR>	d---s----	C:\DOCUME~1\Piotrek\UserData
2007-06-19 21:12	<DIR>	d--------	C:\Program Files\IrfanView
2007-06-19 11:41	<DIR>	d--------	C:\DOCUME~1\Piotrek\DANEAP~1\vlc
2007-06-19 11:39	<DIR>	d--------	C:\Program Files\VideoLAN
2007-06-17 21:58	<DIR>	d--------	C:\Program Files\Google
2007-06-17 21:58	<DIR>	d--------	C:\DOCUME~1\Piotrek\DANEAP~1\Google
2007-06-16 11:05	<DIR>	d--------	C:\Program Files\LizardTech
2007-06-12 17:44	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2007-06-12 17:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2007-06-10 21:32	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
2007-06-10 16:22	<DIR>	d--------	C:\Program Files\BitTorrent
2007-06-10 16:22	<DIR>	d--------	C:\DOCUME~1\Piotrek\DANEAP~1\BitTorrent
2007-06-10 11:34	<DIR>	d--------	C:\Program Files\MSXML 4.0


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 17:55:26	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\Skype
2007-07-10 16:35:41	--------	d-----w	C:\Program Files\eMule
2007-07-10 16:35:01	16	----a-w	C:\WINDOWS\system32\magicpvt.dat
2007-07-09 14:28:32	3,012	----a-w	C:\drmHeader.bin
2007-07-09 10:21:39	--------	d-----w	C:\Program Files\DC++
2007-06-24 11:01:46	--------	d-----w	C:\Program Files\ScannerU
2007-06-24 08:54:16	--------	d-----w	C:\Program Files\NiemPol
2007-06-21 13:52:09	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-06-16 19:39:13	50,748	----a-w	C:\WINDOWS\system32\perfc015.dat
2007-06-16 19:39:13	358,834	----a-w	C:\WINDOWS\system32\perfh015.dat
2007-06-10 09:36:58	--------	d-----w	C:\Program Files\Messenger
2007-06-09 12:13:42	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\AdobeUM
2007-06-08 14:17:51	4,170	----a-w	C:\WINDOWS\mozver.dat
2007-06-08 11:15:53	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\Media Player Classic
2007-06-08 11:15:07	--------	d-----w	C:\Program Files\K-Lite Codec Pack
2007-06-08 10:27:16	237,568	----a-w	C:\WINDOWS\system32\OggDS.dll
2007-06-08 10:27:15	921,600	----a-w	C:\WINDOWS\system32\vorbisenc.dll
2007-06-08 10:27:14	45,056	----a-w	C:\WINDOWS\system32\ogg.dll
2007-06-08 10:27:14	188,416	----a-w	C:\WINDOWS\system32\vorbis.dll
2007-06-08 10:23:45	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\Ahead
2007-06-07 17:50:12	--------	d-----w	C:\Program Files\Winamp
2007-06-07 17:41:41	--------	d-----w	C:\Program Files\Common Files\Ahead
2007-06-07 17:41:40	--------	d-----w	C:\Program Files\Nero
2007-06-07 17:14:31	--------	d-----w	C:\Program Files\FLVPlayer
2007-06-07 17:10:31	1,415,680	----a-w	C:\WINDOWS\system32\WMV9VCM.dll
2007-06-07 17:10:28	9,216	----a-w	C:\WINDOWS\system32\cpuinf32.dll
2007-06-07 17:10:28	245,760	----a-w	C:\WINDOWS\system32\mplvpx.dll
2007-06-07 17:08:33	--------	d-----w	C:\Program Files\MarBit
2007-06-07 17:05:47	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\Real
2007-06-07 17:05:20	--------	d-----w	C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>
2007-06-07 17:05:17	--------	d-----w	C:\Program Files\Media Player Classic
2007-06-07 16:44:17	--------	d-----w	C:\Program Files\Windows Media Connect 2
2007-06-07 16:39:22	--------	d-----w	C:\Program Files\Lavalys
2007-06-07 16:37:22	--------	d-----w	C:\Program Files\Skype
2007-06-07 16:37:19	--------	d-----w	C:\Program Files\Common Files\Skype
2007-06-07 16:32:17	--------	d-----w	C:\Program Files\Alwil Software
2007-06-07 16:11:17	--------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-06-07 16:11:09	--------	d-----w	C:\DOCUME~1\Piotrek\DANEAP~1\Thunderbird
2007-06-07 16:10:59	99,970	----a-w	C:\WINDOWS\UninstallThunderbird.exe
2007-06-07 16:07:09	--------	d-----w	C:\Program Files\ToniArts
2007-06-07 15:51:06	--------	d-----w	C:\Program Files\Microsoft Works
2007-06-07 15:51:00	--------	d-----w	C:\Program Files\MSBuild
2007-06-07 15:50:56	--------	d-----w	C:\Program Files\Common Files\ODBC
2007-06-07 15:50:52	--------	d-----w	C:\Program Files\Common Files\SpeechEngines
2007-06-07 15:45:29	--------	d-----w	C:\Program Files\Alcohol Soft
2007-06-07 15:44:41	32	----a-w	C:\WINDOWS\system32\driver.dat
2007-06-07 15:44:08	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-06-07 15:41:33	0	----a-w	C:\WINDOWS\nsreg.dat
2007-06-07 15:37:58	--------	d-----w	C:\Program Files\Gadu-Gadu
2007-06-07 15:19:42	--------	d-----w	C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy
2007-06-07 15:13:42	--------	d-----w	C:\Program Files\hp deskjet 3820 series
2007-06-07 15:11:46	--------	d-----w	C:\Program Files\Hewlett-Packard
2007-06-07 15:09:25	--------	d-----w	C:\Program Files\MagicRotation
2007-06-07 15:06:48	--------	d-----w	C:\Program Files\SEC
2007-06-07 15:01:03	--------	d-----w	C:\Program Files\Intel
2007-06-07 14:55:39	--------	d-----w	C:\Program Files\Realtek
2007-06-07 14:55:36	--------	d-----w	C:\Program Files\Common Files\InstallShield
2007-06-07 14:55:09	--------	d-----w	C:\Program Files\Marvell
2007-06-07 14:02:33	--------	d-----w	C:\Program Files\microsoft frontpage
2007-06-07 14:02:17	0	--sha-r	C:\MSDOS.SYS
2007-06-07 14:02:17	0	--sha-r	C:\IO.SYS
2007-06-07 14:02:17	0	----a-w	C:\CONFIG.SYS
2007-06-07 14:02:17	0	----a-w	C:\AUTOEXEC.BAT
2007-06-07 14:01:09	--------	d--h--w	C:\Program Files\WindowsUpdate
2007-06-07 14:01:05	--------	d-----w	C:\Program Files\Usługi online
2007-06-07 14:00:05	--------	d-----w	C:\Program Files\Common Files\MSSoap
2007-06-07 13:59:54	--------	d-----w	C:\Program Files\Movie Maker
2007-06-07 13:58:58	21,856	----a-w	C:\WINDOWS\system32\emptyregdb.dat
2007-06-07 13:58:26	--------	d-----w	C:\Program Files\MSN Gaming Zone
2007-06-07 13:58:15	--------	d-----w	C:\Program Files\Windows NT
2007-06-03 12:31:28	10,752	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2007-05-31 06:44:56	740,442	----a-w	C:\WINDOWS\system32\divx.dll
2007-05-16 15:18:58	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10	745,600	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28	95,872	----a-w	C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 12:54:36	593,920	----a-w	C:\WINDOWS\system32\xvidcore.dll
2007-04-25 14:23:30	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:30	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:02:36	73,728	----a-w	C:\WINDOWS\system32\dpl100.dll
2007-04-18 16:14:32	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20	271,224	----a-w	C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18	208,248	----a-w	C:\WINDOWS\system32\muweb.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2005-09-24 06:12	63136	--a------	C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 00:48	2210608	--a------	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43	501400	--a------	C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-06-15 11:20 C:\WINDOWS\system32\nwiz.exe]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 04:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 02:20 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-09-24 06:44 C:\WINDOWS\ALCMTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-12-28 19:02]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 14:52]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 01:11]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 20:24:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 20:25:08
C:\ComboFix-quarantined-files.txt ... 2007-07-10 20:25

	--- E O F ---

Ok, jeśli logi są czyste czyli nie jest to wina wirusów i innego syfu, wiec przechodzimy do następnej rzeczy. Na początek podaj pełną konfigurację komputera. Sprawdź pamieci Memtestem. Oczywiście najlepszym rozwiązaniem jest format i ponowna instalacja Windowsa ale tym sie zajmnij w ostateczności. Winą może być źle zainstalowany program lub zła wersja aplikacji. Mogą być także prolemy z sterownikami. Zauwarzyłeś czy po uruchomieniu, czy zaisnatalowaniu jakiegoś programu komp sie zaryna wieszać?? Często zdarzają sie te restarty?? Napisałeś, że pokazuje się komunikat o poprawnym uruchomieniu komputera po poważnym błędzie. Czy wczesniej wyskakują jakieś blue screeny? Przyczyn może być napawde wiele.

Na początek podaj pełną konfigurację komputera.

Procesor: Pentium 4 630 3,0GHz
Płyta główna: Intel D915PBLL
Pamięci: 2x Kingston DDR2 512/533MHz
Dysk: Samsung HD160JJ (160 GB/SATA II)
Grafika: Gigabyte NX66T128D PCI-E
Zasilacz: Qoltec 7002s 355W PFC

Sprawdź pamieci Memtestem.

Ile taki test powinien trwać? Po pół godzinie było 0,0% i dałem sobie spokój.

Zauwarzyłeś czy po uruchomieniu, czy zaisnatalowaniu jakiegoś programu komp sie zaryna wieszać??

Ogólnie problem pojawił się po reinstalce systemu. Nie zauważyłem żeby przy jakimś konkretnym programie komp się restartował.

Często zdarzają sie te restarty??

Raz, dwa razy dziennie, czasami częściej.

Napisałeś, że pokazuje się komunikat o poprawnym uruchomieniu komputera po poważnym błędzie. Czy wczesniej wyskakują jakieś blue screeny?

Blue screenów nie ma.

Masz system z SP1 czy SP2?

Jak wyskakuje komunikat "System powrócił do działania po poważnym błędzie", powinien być tam raport o błędach. Będzie tam napisane jakie pliki powodują restarty.

XPeka mam z SP2. Listę plików wstawię jak tylko będę miał komunikat.