Komputer sie zawiesza przy plikach video i przy msn

Przemek87 · 2 Luty 2007 12:52

Witam. Opisze dokladniej moj problem. Gdy wlaczam plik video komp zaczyna sie zachowywac jak 386, film sie nie odtwarza i albo uda mi sie zamknac plik albo konieczny jest reset. Dokladnie tak samo dzieje sie z msn, gdy probuje rozpaczac konwersacje glosowa lub video. Dodatkowo gry dzialaja okolo 15% wolniej. A czasami wyskoczy problem machine_check_exception. Z gory dzieki za pomoc!

Logfile of HijackThis v1.99.1

Scan saved at 13:56:15, on 02.02.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programme\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\rmctrl.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe

C:\Programme\QuickTime\qttask.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE

C:\Programme\iPod\bin\iPodService.exe

C:\Programme\Logitech\Video\FxSvr2.exe

C:\Programme\Gadu-Gadu\gg.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetcologne.de/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll

O4 - HKLM…\Run: [sBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe

O4 - HKLM…\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe

O4 - HKLM…\Run: [avgnt] “C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Programme\Java\jre1.5.0_09\bin\jusched.exe”

O4 - HKLM…\Run: [CloneCDTray] “C:\Programme\SlySoft\CloneCD\CloneCDTray.exe” /s

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe

O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM…\Run: [TkBellExe] “realsched.exe” -osboot

O4 - HKLM…\Run: [QuickTime Task] “C:\Programme\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Programme\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM…\Run: [DAEMON Tools] “C:\Programme\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU…\Run: [MSMSGS] “C:\Programme\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE”

O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll

O9 - Extra ‘Tools’ menuitem: Mobilen Favoriten erstellen… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res … nPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip…{3E3F360B-0DF1-4A5B-9AF4-C6D979215906}: NameServer = 213.168.112.60 81.173.194.68

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

adam9870 · 2 Luty 2007 16:17

Log czysty.

Przeskanuj http://www.ewido.net/en/ i wrzuć raport oraz log z SilentRunners.

Zdebuguj błąd, opis:

http://forum.dobreprogramy.pl/viewtopic … 327#797327

Przemek87 · 2 Luty 2007 18:30

Przeskanowalem. Ale odkrylem cos dziwnego. Kiedy usunalem sterownki nvida z karty graf. to filmy dzialaja. Wiadomo, nie chodzi to super plynnie ale chodzi. Kiedy zainstalowalem ponownie stery 93.71 to znow jest jak wczesniej, sciagnalem wiec 91.47, sadzac ze to pomoze. Mylilem sie.

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“LogitechSoftwareUpdate” = “C:\Programme\Logitech\Video\ManifestEngine.exe boot” [“Logitech Inc.”]

“MSMSGS” = ““C:\Programme\Messenger\msmsgs.exe” /background” [MS]

“H/PC Connection Agent” = ““C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE”” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SBDrvDet” = “C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r” [file not found]

“LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Logitech Inc.”]

“LogitechVideoRepair” = "C:\Programme\Logitech\Video\ISStart.exe " [“Logitech Inc.”]

“LogitechVideoTray” = “C:\Programme\Logitech\Video\LogiTray.exe” [“Logitech Inc.”]

“WinDSL MTU-Adjust” = “WinDSL_MTU.exe” [“Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG”]

“RemoteControl” = “C:\WINDOWS\system32\rmctrl.exe” [null data]

“avgnt” = ““C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“SunJavaUpdateSched” = ““C:\Programme\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”]

“CloneCDTray” = ““C:\Programme\SlySoft\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]

“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]

“eBayToolbar” = “C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe” [“eBay”]

“PinnacleDriverCheck” = “C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg” [empty string]

“TkBellExe” = ““realsched.exe” -osboot” [file not found]

“QuickTime Task” = ““C:\Programme\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“iTunesHelper” = ““C:\Programme\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]

“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”

“snpstd” = “C:\WINDOWS\vsnpstd.exe” [file not found]

“DAEMON Tools” = ““C:\Programme\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}(Default) = (no title provided)

-> {HKLM…CLSID} = “eBay Toolbar Helper”

\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “CPL-Erweiterung für Anzeigeverschiebung”

-> {HKLM…CLSID} = “CPL-Erweiterung für Anzeigeverschiebung”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Erweiterung für HyperTerminal-Icons”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures”

-> {HKLM…CLSID} = “My Logitech Pictures”

\InProcServer32(Default) = “C:\Programme\Logitech\Video\Namespc2.dll” [“Logitech Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]

“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Programme\Microsoft Office\Office10\msohev.dll” [MS]

“{92085AD4-F48A-450D-BD93-B28CC7DF67CE}” = “eBay Toolbar”

-> {HKLM…CLSID} = “eBay Toolbar”

\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]

“{79BC0345-1015-11D2-A299-006008312725}” = “blue.shell”

-> {HKLM…CLSID} = “Studio.Project”

\InProcServer32(Default) = “f:\Pinnacle\Studio 10\programs\BlueShellExt.dll” [null data]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Programme\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”

-> {HKLM…CLSID} = “iTunes”

\InProcServer32(Default) = “C:\Programme\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableRegistryTools” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Dokumente und Einstellungen\Vtec_Power\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{92085AD4-F48A-450D-BD93-B28CC7DF67CE}” = (no title provided)

-> {HKLM…CLSID} = “eBay Toolbar”

\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Konsole”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in 1.5.0_09”

\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_09”

\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

“ButtonText” = “Mobilen Favoriten erstellen”

“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”

-> {HKLM…CLSID} = “Create Mobile Favorite”

\InProcServer32(Default) = “C:\Programme\Microsoft ActiveSync\inetrepl.dll” [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

“MenuText” = “Mobilen Favoriten erstellen…”

“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”

-> {HKLM…CLSID} = “Create Mobile Favorite”

\InProcServer32(Default) = “C:\Programme\Microsoft ActiveSync\inetrepl.dll” [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Programme\Messenger\msmsgs.exe” [MS]

Miscellaneous IE Hijack Points

C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)

Added lines (compared with English-language version):

: ˙ţ[V e r s i o n]

: S i g n a t u r e = " $ C H I C A G O $ "

: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l "

:

: [R e s t o r e H o m e P a g e]

: A d d R e g = R e s t o r e H o m e P a g e . r e g

:

: [R e s t o r e B r o w s e r S e t t i n g s]

: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g

: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g

:

: [R e s t o r e H o m e P a g e . r e g]

: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L %

:

: [R e s t o r e B r o w s e r S e t t i n g s . r e g]

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L %

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L %

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u "

: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %

:

: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t

: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " "

:

: t m "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * "

:

: [D e l e t e T e m p l a t e s . r e g]

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 "

: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 "

:

: [D e l e t e A u t o s e a r c h . r e g]

: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t

: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h "

:

: [S t r i n g s]

: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "

: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h "

: S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m "

:

: ; I M P O R T A N T N O T E :

: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s .

: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s .

: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S .

: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "

:

Missing lines (compared with English-language version):

[Version]: 2 lines

[RestoreHomePage]: 1 line

[RestoreHomePage.reg]: 1 line

[RestoreBrowserSettings.reg]: 12 lines

[DeleteTemplates.reg]: 5 lines

[DeleteAutosearch.reg]: 1 line

[strings]: 1 line

[RestoreBrowserSettings]: 2 lines

[strings]: 3 lines

Running Services (Display Name, Service Name, Path {Service DLL}):

AntiVir PersonalEdition Classic Service, AntiVirService, “C:\Programme\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”]

AntiVir Scheduler, AntiVirScheduler, “C:\Programme\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”]

BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]

C-DillaCdaC11BA, C-DillaCdaC11BA, “C:\WINDOWS\system32\drivers\CDAC11BA.EXE” [“Macrovision”]

iPod Service, iPod Service, ““C:\Programme\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V3 2KMonitor340\Driver = “E_SL2340.DLL” [“SEIKO EPSON CORPORATION”]

hpzsnt10\Driver = “hpzsnt10.dll” [“HP”]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 182 seconds.

---------- (total run time: 222 seconds)

Microsoft ® Windows Debugger Version 6.6.0003.5

Loading Dump File [C]

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

ModLoad: 01000000 01005000 C:\WINDOWS\system32\dumprep.exe

eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000

eip=01002595 esp=00000000 ebp=00000000 iopl=0 nv up di pl nz na pe nc

cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000

*** ERROR: Module load completed but symbols could not be loaded for dumprep.exe

dumprep+0x2595:

01002595 6a28 push 0x28

adam9870 · 2 Luty 2007 18:44

Log z Silenta czysty.

Z jakiej karty graficznej korzystasz?

Czy jesteś pewien, że wkleiłeś całą zawartość pliku minidump? Ewentualnie zamiast minidump’a możesz ustawić tak aby komputer zamiast się restartować pokazywał BSOD’a i spisać kod błędu, a następnie przedstawić go na Forum.

http://portal.centrumxp.pl/forums/thread/169899.aspx

Przemek87 · 2 Luty 2007 19:10

Mam GF 6600 GT. Oj sorki pomylka z minidump:

Microsoft ® Windows Debugger Version 6.6.0003.5

Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x80800000 PsLoadedModuleList = 0x8087c1a0

Debug session time: Sat Jun 10 00:32:16.104 2006 (GMT+1)

System Uptime: 0 days 3:45:23.780

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

…

Loading User Symbols

Loading unloaded module list

…

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {c07baaa8, c000000e, f7555bb6, 2434c860}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

*** WARNING: Unable to verify timestamp for CLASSPNP.SYS

*** ERROR: Module load completed but symbols could not be loaded for CLASSPNP.SYS

*** WARNING: Unable to verify timestamp for PartMgr.sys

*** ERROR: Module load completed but symbols could not be loaded for PartMgr.sys

Probably caused by : CLASSPNP.SYS ( CLASSPNP+9bb6 )

Followup: MachineOwner