Przeskanowalem. Ale odkrylem cos dziwnego. Kiedy usunalem sterownki nvida z karty graf. to filmy dzialaja. Wiadomo, nie chodzi to super plynnie ale chodzi. Kiedy zainstalowalem ponownie stery 93.71 to znow jest jak wczesniej, sciagnalem wiec 91.47, sadzac ze to pomoze. Mylilem sie.
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“LogitechSoftwareUpdate” = “C:\Programme\Logitech\Video\ManifestEngine.exe boot” [“Logitech Inc.”]
“MSMSGS” = ““C:\Programme\Messenger\msmsgs.exe” /background” [MS]
“H/PC Connection Agent” = ““C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE”” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“SBDrvDet” = “C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r” [file not found]
“LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Logitech Inc.”]
“LogitechVideoRepair” = "C:\Programme\Logitech\Video\ISStart.exe " [“Logitech Inc.”]
“LogitechVideoTray” = “C:\Programme\Logitech\Video\LogiTray.exe” [“Logitech Inc.”]
“WinDSL MTU-Adjust” = “WinDSL_MTU.exe” [“Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG”]
“RemoteControl” = “C:\WINDOWS\system32\rmctrl.exe” [null data]
“avgnt” = ““C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“SunJavaUpdateSched” = ““C:\Programme\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“CloneCDTray” = ““C:\Programme\SlySoft\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“eBayToolbar” = “C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe” [“eBay”]
“PinnacleDriverCheck” = “C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg” [empty string]
“TkBellExe” = ““realsched.exe” -osboot” [file not found]
“QuickTime Task” = ““C:\Programme\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“iTunesHelper” = ““C:\Programme\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”
“snpstd” = “C:\WINDOWS\vsnpstd.exe” [file not found]
“DAEMON Tools” = ““C:\Programme\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}(Default) = (no title provided)
-> {HKLM…CLSID} = “eBay Toolbar Helper”
\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “CPL-Erweiterung für Anzeigeverschiebung”
-> {HKLM…CLSID} = “CPL-Erweiterung für Anzeigeverschiebung”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Erweiterung für HyperTerminal-Icons”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures”
-> {HKLM…CLSID} = “My Logitech Pictures”
\InProcServer32(Default) = “C:\Programme\Logitech\Video\Namespc2.dll” [“Logitech Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]
“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Programme\Microsoft Office\Office10\msohev.dll” [MS]
“{92085AD4-F48A-450D-BD93-B28CC7DF67CE}” = “eBay Toolbar”
-> {HKLM…CLSID} = “eBay Toolbar”
\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]
“{79BC0345-1015-11D2-A299-006008312725}” = “blue.shell”
-> {HKLM…CLSID} = “Studio.Project”
\InProcServer32(Default) = “f:\Pinnacle\Studio 10\programs\BlueShellExt.dll” [null data]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Programme\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”
-> {HKLM…CLSID} = “iTunes”
\InProcServer32(Default) = “C:\Programme\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Programme\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Programme\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableRegistryTools” = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Dokumente und Einstellungen\Vtec_Power\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{92085AD4-F48A-450D-BD93-B28CC7DF67CE}” = (no title provided)
-> {HKLM…CLSID} = “eBay Toolbar”
\InProcServer32(Default) = “C:\Programme\eBay\eBay Toolbar2\eBayTB.dll” [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Konsole”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in 1.5.0_09”
\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_09”
\InProcServer32(Default) = “C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
“ButtonText” = “Mobilen Favoriten erstellen”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
-> {HKLM…CLSID} = “Create Mobile Favorite”
\InProcServer32(Default) = “C:\Programme\Microsoft ActiveSync\inetrepl.dll” [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
“MenuText” = “Mobilen Favoriten erstellen…”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
-> {HKLM…CLSID} = “Create Mobile Favorite”
\InProcServer32(Default) = “C:\Programme\Microsoft ActiveSync\inetrepl.dll” [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Programme\Messenger\msmsgs.exe” [MS]
Miscellaneous IE Hijack Points
C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)
Added lines (compared with English-language version):
: ˙ţ[V e r s i o n]
: S i g n a t u r e = " $ C H I C A G O $ "
: A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l "
:
: [R e s t o r e H o m e P a g e]
: A d d R e g = R e s t o r e H o m e P a g e . r e g
:
: [R e s t o r e B r o w s e r S e t t i n g s]
: A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g
: D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g
:
: [R e s t o r e H o m e P a g e . r e g]
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L %
:
: [R e s t o r e B r o w s e r S e t t i n g s . r e g]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u "
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L %
:
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " "
:
: t m "
: t m "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * "
:
: [D e l e t e T e m p l a t e s . r e g]
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 "
: H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 "
:
: [D e l e t e A u t o s e a r c h . r e g]
: ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t
: H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h "
:
: [S t r i n g s]
: S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
: S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h "
: S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m "
:
: ; I M P O R T A N T N O T E :
: ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s .
: ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s .
: ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S .
: M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e "
:
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[strings]: 3 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
AntiVir PersonalEdition Classic Service, AntiVirService, “C:\Programme\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”]
AntiVir Scheduler, AntiVirScheduler, “C:\Programme\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”]
BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]
C-DillaCdaC11BA, C-DillaCdaC11BA, “C:\WINDOWS\system32\drivers\CDAC11BA.EXE” [“Macrovision”]
iPod Service, iPod Service, ““C:\Programme\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V3 2KMonitor340\Driver = “E_SL2340.DLL” [“SEIKO EPSON CORPORATION”]
hpzsnt10\Driver = “hpzsnt10.dll” [“HP”]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 182 seconds.
---------- (total run time: 222 seconds)
Microsoft ® Windows Debugger Version 6.6.0003.5
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01005000 C:\WINDOWS\system32\dumprep.exe
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=01002595 esp=00000000 ebp=00000000 iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
*** ERROR: Module load completed but symbols could not be loaded for dumprep.exe
dumprep+0x2595:
01002595 6a28 push 0x28