• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

BlueScreen

Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
I`ve a problem. My PC restarts spontaneously.

Info after restart:

Code:
BlueScreen

BCCode: 7f
BCP1: 0000000000000008
BCP2: 0000000080050031
BCP3: 00000000000006F8
BCP4: FFFFF88004220FA1
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
 
Joined
Jan 15, 2012
Messages
1,194 (0.27/day)
Location
Arcadia
System Name Xeon build X58 / Main Rig X79
Processor Intel Xeon x5650 @ 4.2Ghz with HT / Xeon E5 1650 v2 @4.5Ghz
Motherboard Asus Rampage II Extreme socket 1366 / Asus P9X79 Pro socket 2011
Cooling Thermalright Archon +Ty 140mm|Fans : 2 front-1top-1rear-1bottom/ Gelid Phantom Twin Tower
Memory 16gb DDR3 1600mhz Kingstone Hyper x Quad Channel / 16gb DDR3 1600MHZ Patriot Viper 3
Video Card(s) Sapphire hd 7950 3gb Boost edition dual fan X / ZOTAC 1080 Ti Blower Edition
Storage Kingstone AV400ssd 120gb+Seagate B 2Tb+WD g 1tb+WD g 3tb+WD r 3tb+Seagate B 4tb+Lexar 2Tb NVMe
Display(s) AOC E2460S 24" 1080p 60hz 1ms / LG 32UK550B 32" UHD 4K HDR 10 with Freesync
Case Enermax Phoenix / Fractal Design Arc midi
Audio Device(s) SoundMaxHD+5.1 BHT1100 BLUESKY,Fiio E10 Olympus+SuperluxHD668b+KZ HBB pr2,Superlux E205.
Power Supply Sharkoon WPM Gold Zero 650W semi modular / Corsair RM 850 Fully Modular
Mouse Generic Mice / Corsair M90
Keyboard Generic Keyboard / Microsoft WK600
Software Windows 10 Pro 64 /Windows 10 Pro 64

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
18,914 (2.86/day)
Location
Piteå
System Name Black MC in Tokyo
Processor Ryzen 5 5600
Motherboard Asrock B450M-HDV
Cooling Be Quiet! Pure Rock 2
Memory 2 x 16GB Kingston Fury 3400mhz
Video Card(s) XFX 6950XT Speedster MERC 319
Storage Kingston A400 240GB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB
Display(s) Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case Fractal Design Define R4
Audio Device(s) Line6 UX1 + some headphones, Nektar SE61 keyboard
Power Supply Corsair RM850x v3
Mouse Logitech G602
Keyboard Cherry MX Board 1.0 TKL Brown
VR HMD Acer Mixed Reality Headset
Software Windows 10 Pro
Benchmark Scores Rimworld 4K ready!
Do you use ZoneAlarm? See this thread, it appears it's an issue with that program.
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
Do you use ZoneAlarm? See this thread, it appears it's an issue with that program.



Nop, Kaspersky PURE and Malwarebytes Anti-Malware.

Could virus or trojan be a reason?
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
18,914 (2.86/day)
Location
Piteå
System Name Black MC in Tokyo
Processor Ryzen 5 5600
Motherboard Asrock B450M-HDV
Cooling Be Quiet! Pure Rock 2
Memory 2 x 16GB Kingston Fury 3400mhz
Video Card(s) XFX 6950XT Speedster MERC 319
Storage Kingston A400 240GB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB
Display(s) Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case Fractal Design Define R4
Audio Device(s) Line6 UX1 + some headphones, Nektar SE61 keyboard
Power Supply Corsair RM850x v3
Mouse Logitech G602
Keyboard Cherry MX Board 1.0 TKL Brown
VR HMD Acer Mixed Reality Headset
Software Windows 10 Pro
Benchmark Scores Rimworld 4K ready!
Download Bluewcreenview from Captain Harlock's post and see what file causes it.
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit



What`s this mean?
 
Last edited:
Joined
Jan 15, 2012
Messages
1,194 (0.27/day)
Location
Arcadia
System Name Xeon build X58 / Main Rig X79
Processor Intel Xeon x5650 @ 4.2Ghz with HT / Xeon E5 1650 v2 @4.5Ghz
Motherboard Asus Rampage II Extreme socket 1366 / Asus P9X79 Pro socket 2011
Cooling Thermalright Archon +Ty 140mm|Fans : 2 front-1top-1rear-1bottom/ Gelid Phantom Twin Tower
Memory 16gb DDR3 1600mhz Kingstone Hyper x Quad Channel / 16gb DDR3 1600MHZ Patriot Viper 3
Video Card(s) Sapphire hd 7950 3gb Boost edition dual fan X / ZOTAC 1080 Ti Blower Edition
Storage Kingstone AV400ssd 120gb+Seagate B 2Tb+WD g 1tb+WD g 3tb+WD r 3tb+Seagate B 4tb+Lexar 2Tb NVMe
Display(s) AOC E2460S 24" 1080p 60hz 1ms / LG 32UK550B 32" UHD 4K HDR 10 with Freesync
Case Enermax Phoenix / Fractal Design Arc midi
Audio Device(s) SoundMaxHD+5.1 BHT1100 BLUESKY,Fiio E10 Olympus+SuperluxHD668b+KZ HBB pr2,Superlux E205.
Power Supply Sharkoon WPM Gold Zero 650W semi modular / Corsair RM 850 Fully Modular
Mouse Generic Mice / Corsair M90
Keyboard Generic Keyboard / Microsoft WK600
Software Windows 10 Pro 64 /Windows 10 Pro 64
wanarp.sys is that http://www.computerhope.com/cgi-bin/process.pl?p=wanarp.sys

for ntoskrnl.exe i have read that with and hotfix the problem disappear but if you have windows 7 with all the ultimate updates well i think is good trying to make a scandisk and see what happen xd , if the problem dont resolve i dont have others idea :(
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,147 (2.96/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1

These are all Windows specific files. First of all ntoskrnl.exe is the Windows kernel which controls just about everything that Windows can do.

The site provided says that the .sys file is:
Microsoft Windows remote access and routing ARP driver that should be located in the C:\Windows\System32\drivers directory.

Which is basically a DNS driver if I'm reading this correctly.

What does disk check turn up? This doesn't sound good either, you've reverted all of your settings to stock too right?

It could be a corrupted file. Does this happen often? Also is there any set of conditions that you are aware of that needs to be met before it will BSOD?
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
I`ve got this problem from 2 days. I`ve reverted all of mine settings to stock. Scandisk did not find any problems. Also Anti-Virus (Kaspersky PURE) didn`t find anything bad.
 
Last edited:

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,147 (2.96/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
How about this?

Does this happen often? Also is there any set of conditions that you are aware of that needs to be met before it will BSOD?

Or better yet, can you reproduce it by doing a certain task or set of tasks?
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
This is minidump file:
Code:
http://www.filefactory.com/file/110mukntmiov/n/051912-46316-01.dmp
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
I`ve similar problem now. I don`t remeber, how I`ve solved it... BlueScreenView shows no crashes.
 
Last edited:
Joined
May 9, 2011
Messages
1,980 (0.42/day)
Location
Mainland Britain
System Name H2o Box
Processor Intel(R) Xeon e5-2690 v2 Stock 3.300 GHz stock
Motherboard MSI X79A-G43 Plus (MS-7760) v3
Cooling CPU EK & Phobya G-Changer 360 V2.0 RAD H2o VGA "AlphaCool M18" Hybrid [pump replaced 18/8/21]
Memory G.Skill TridentX 16Gb 11-12-12-32 2T @ 1866Mhz [locked]
Video Card(s) Zotac GTX 1080ti AMP EXTREME
Storage HyperX Fury 120GB & Savage 480GB SSD, Seagate 250GB,250GB 7200rpm Kingston 64GB SSD
Display(s) Asus TUF Gaming VG32VQR 2560*1440 165Hz VA Panel
Case Corsair O-800D
Audio Device(s) Creative Sound Blaster X-Fi Titanium Fatal1ty Pro
Power Supply Be Quiet! [Dark Power Pro 11] 1200W CM replaced [7-4-2017]
Mouse Zelotes T-90
Keyboard K66 Mechanical US Layout
Software Win 10 Pro 64Bit v 20H2 / OS [build 19043.1237] WFEP 120.2212.3530.0
Hi

"Bug check 0x7F typically occurs after you install a faulty or mismatched hardware (especially memory) or if installed hardware fails.

A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recurses back in, the stack overflows."

Source - http://msdn.microsoft.com/en-us/library/windows/hardware/ff559244(v=vs.85).aspx

nb: one of your memory modules *May be starting to fail, check your sticks of RAM one at a time with minimal hareware setup

atb (all the best)

Law-II
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
This problem has appeared after I dopwnloaded Kaspersky with reset application. My Kaspersky PURE has detected some viruses/trojans... Another problem is that I can`t restore my system cuz when I try do this, some kind of problem appear.
 
Joined
Jul 14, 2006
Messages
2,405 (0.37/day)
Location
People's Republic of America
System Name It's just a computer
Processor i9-9900K Direct Die
Motherboard eVGA Z390 Dark
Cooling Dual D5T Vario, XSPC BayRes, Nemesis GTR560, NF-A14-iPPC3000PWM, NF-A14-iPPC2000, HK IV Pro Nickel
Memory G.Skill F4-4500C19D-16GTZKKE or G.Skill F4-3600C16D-16GTZ or G.Skill F4-4000C19D-32GTZSW
Video Card(s) eVGA RTX2080 FTW3 Ultra
Storage Samsung 960 EVO M.2
Display(s) LG 32GK650F
Case Thermaltake Xaser VI
Audio Device(s) Auzentech X-Meridian 7.1 2G/Z-5500
Power Supply Seasonic Prime PX-1300
Mouse Logitech
Keyboard Logitech
Software Win7 Ultimate x64 SP1
This problem has appeared after I dopwnloaded Kaspersky with reset application. My Kaspersky PURE has detected some viruses/trojans... Another problem is that I can`t restore my system cuz when I try do this, some kind of problem appear.

Run Restore from Safe Mode.
 
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
I`ve still this problem (0x0000007F UNEXPECTED_KERNEL_MODE_TRAP) This is a suggested method:
Code:
http://www.faultwire.com/solutions-fatal_error/Run-a-system-diagnostic-utility-supplied-by-your-0x0000007F-*1142.html

Could it be a trojan or a virus?
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
Avast has detected
- Win32:InstallCore-GC [PUP](I`ve removed it).
Code:
http://reports.antivirus-lab.com/131201/win32-installcore-gc-pup/
-AutoIt.dropper-A drp (I`ve removed it).
Code:
http://www.pcsafedoctor.com/Unknown/remove-AutoIt.Dropper-A.Drp.html

Maybe it`ll solve my BSOD problem...
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
This problem has appeared after I dopwnloaded Kaspersky with reset application. My Kaspersky PURE has detected some viruses/trojans... Another problem is that I can`t restore my system cuz when I try do this, some kind of problem appear.

Just my opinion, but if you have found a trojan/malware/virus/worm, then reinstall... start from scratch, unless you are real familiar with removing them.

Don't use system restore, as it could be corrupted with the malware.
Erase/delete those restore points.


You could use a system backup you have created, if it was stored in a safe container (either, seperate from the system or has had no way of being written to by the system since it had been infected) and you know it is clean.

The only way to be totally (99.9%) sure you have a clean system is with a new install.

Goodluck :)
 
Last edited:
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
This is combofix`s result:

Deleted files` list:
C:\install.exe
c:\programdata\ZeoBIT
c:\users\Wojtas\AppData\Roaming\inst.exe
c:\users\Wojtas\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0415.exe
c:\windows\SysWow64\system
c:\windows\SysWow64\tmp6D74.tmp
c:\windows\SysWow64\tmp6D84.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe

ComboFix 12-07-31.05 - Wojtas 2012-08-14 13:46:21.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2694 [GMT 2:00]
Uruchomiony z: d:\download\ComboFix_www.INSTALKI.pl.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ZeoBIT
c:\users\Wojtas\AppData\Roaming\inst.exe
c:\users\Wojtas\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0415.exe
c:\windows\SysWow64\system
c:\windows\SysWow64\tmp6D74.tmp
c:\windows\SysWow64\tmp6D84.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-07-14 do 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 11:51 . 2012-08-14 11:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-14 11:51 . 2012-08-14 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 06:00 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-14 06:00 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-14 06:00 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-14 06:00 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-14 06:00 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 06:00 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-14 06:00 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-14 06:00 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-14 06:00 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-14 06:00 . 2012-08-14 06:00 -------- d-----w- c:\programdata\AVAST Software
2012-08-14 06:00 . 2012-08-14 06:00 -------- d-----w- c:\program files\AVAST Software
2012-08-11 18:24 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E39A8AC9-CF87-4747-8F8D-FFC7AB589C45}\mpengine.dll
2012-07-30 08:09 . 2012-07-30 08:09 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-17 20:15 . 2012-07-17 20:15 -------- d-----w- c:\program files (x86)\THQ
2012-07-16 07:21 . 2012-07-16 07:21 -------- d-----w- c:\users\Wojtas\AppData\Local\4A Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 08:09 . 2010-04-26 14:31 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-11 20:21 . 2009-10-21 18:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 18:11 . 2012-07-11 17:20 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-11 18:11 . 2011-03-21 10:32 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-11 17:20 . 2011-03-21 10:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-11 17:20 . 2011-03-21 10:32 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-03 11:46 . 2009-10-21 18:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-12 09:34 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 19:19 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:19 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:19 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:19 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:19 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:19 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:19 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 07:23 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:23 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:23 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 07:22 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 09:32 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 09:32 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 09:32 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 09:32 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 09:32 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 09:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 09:32 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 09:32 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 09:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 09:32 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 09:32 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 09:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 09:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 09:32 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 09:32 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 09:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 09:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 09:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 09:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 19:39 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:39 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 19:39 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 19:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:39 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2009-10-21 17:31 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Plus Internet"="c:\program files (x86)\Plus Internet\PlusInternetChecker.exe" [2011-07-04 472384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\Wojtas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-10-22 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-04 117248]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-28 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL85n64;Sterownik urządzenia bezprzewodowego Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 sscSched;sscSched; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-21 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-06-09 153248]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-04 93696]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-04 85504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-03-16 685672]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:57]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 08:54]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-05 08:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2010-07-23 975360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
mStart Page = hxxp://www.msn.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{B8832B0D-5191-47EF-94F1-1FB42B63C6A8}: NameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Wojtas\AppData\Roaming\Mozilla\Firefox\Profiles\u02zdc53.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3451887524-3697421097-3998049158-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,03,93,25,d2,5a,c2,a3,00,f9,41,3f,fa,5c,0d,b2,b9,1b,64,21,51,
e7,a1,ef,86,dd,ed,2e,c3,bc,ec,15,3d,77,87,5f,83,64,8a,41,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
Czas ukończenia: 2012-08-14 13:53:13
ComboFix-quarantined-files.txt 2012-08-14 11:53
.
Przed: 73 050 554 368 bajtów wolnych
Po: 72 965 849 088 bajtów wolnych
.
- - End Of File - - 50B0E38DC8171BFD665BB0BF098810F9
 
Last edited:
Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
Autoruns results:
Code:
http://www.sendspace.com/file/u7ims0

 
Top