Nie mogę wyłączyć komputera

ne0 · 23 Grudzień 2007 09:08

Mój problem polega na tym, że po włączeniu komputera znika mi tapeta z pulpitu ( mam tylko tło pulpitu ),

nie mogę wywołać Menadżera zadań poprzez Ctrl+Alt+Delete (nic sie nie dzieje po użyciu tej kombinacji.

Ale największym problemem jest to ze nie mogę wyłączyć komputera: kiedy używam START=> Wyłącz komputer=> Stan wstrzymania, Wyłącz, Uruchom ponownie — to po naciśnięciu każdego z tych przycisków nic się nie dzieje, zero reakcji ze strony komputera.

Nie wiem co sie dzieje, dodam że zainstalowany system jest świeży - wczoraj instalowany. Wrzucam log z HJ, ale wg. mnie nie ma tam nic niepokojącego.

Proszę o przejrzenie loga, oraz jakieś porady na naprawienie wyżej wyminionych problemów.

Logfile of HijackThis v1.99.1

Scan saved at 09:59:23, on 2007-12-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

H:\Programy\Hijack\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Z góry dziękuje za pomoc

Gutek · 23 Grudzień 2007 11:29

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą TASKMG.REG

Plik podwójnie klikasz i potwierdzasz.

Daj log z ComboFix

ne0 · 23 Grudzień 2007 12:33

ComboFix 07-12-21.4 - Sobczak 2007-12-23 13:26:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.431 [GMT 1:00] Running from: C:\Documents and Settings\Sobczak\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-22 22:49 . 2007-12-22 22:49 2007-12-22 22:15 . 2007-12-22 22:15 2007-12-22 22:15 . 2007-12-22 22:58 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db 2007-12-22 22:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-22 22:10 . 2007-12-22 22:15 2007-12-22 22:10 . 2007-12-22 22:15 2007-12-22 22:10 . 2004-04-23 08:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL 2007-12-22 22:10 . 2004-03-11 19:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe 2007-12-22 22:10 . 2004-04-23 08:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL 2007-12-22 22:09 . 2007-12-22 22:09 421 --a------ C:\WINDOWS\ODBC.INI 2007-12-22 22:08 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-22 22:07 . 2007-12-22 22:15 2007-12-22 22:05 . 2007-12-22 22:05 2007-12-22 22:02 . 2007-12-22 22:02 53,248 --a------ C:\WINDOWS\system32\suppdll.dll 2007-12-22 22:02 . 2007-12-22 22:02 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys 2007-12-22 22:01 . 2005-04-11 16:40 73,728 --a------ C:\WINDOWS\system32\FLKill.exe 2007-11-23 21:52 . 2007-11-23 21:52 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys 2007-11-23 21:52 . 2007-11-23 21:52 50,696 --a------ C:\WINDOWS\system32\drivers\epfw.sys 2007-11-23 21:52 . 2007-11-23 21:52 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys 2007-11-23 21:50 . 2007-11-23 21:50 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-11-23 21:50 . 2007-11-23 21:50 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 21:04 --------- d-----w C:\Program Files\RegCleaner 2007-12-22 21:04 --------- d-----w C:\Program Files\Real Alternative 2007-12-22 20:55 --------- d-----w C:\Program Files\Java 2007-12-22 20:36 --------- d-----w C:\Documents and Settings\Sobczak\Dane aplikacji\ESET 2007-12-22 20:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2007-12-22 20:31 --------- d-----w C:\Program Files\Mozilla 2007-12-22 20:31 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-22 20:30 --------- d-----w C:\Program Files\Common Files\Java 2007-12-22 20:29 98,512 ----a-w C:\WINDOWS\GREUninstall.exe 2007-12-22 20:29 --------- d-----w C:\Documents and Settings\Sobczak\Dane aplikacji\Talkback 2007-12-22 20:28 100,560 ----atw C:\WINDOWS\MozillaUninstall.exe 2007-12-22 20:28 --------- d-----w C:\Program Files\Common Files\mozilla.org 2007-12-22 20:25 --------- d-----w C:\Program Files\QuickTime 2007-12-22 20:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime 2007-12-22 20:24 --------- d-----w C:\Program Files\ALLPlayer 2007-12-22 20:23 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-22 20:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-22 20:19 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-12-22 20:15 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-22 20:15 --------- d-----w C:\Program Files\D-Link AirPlus 2007-12-22 20:15 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-22 19:58 --------- d-----w C:\Program Files\Usługi online 2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe 2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe] “egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2007-11-23 21:51] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-23 21:50] R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-11-23 21:52] R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-23 21:50] R2 ekrn;Eset Service;“C:\Program Files\ESET\ESET Smart Security\ekrn.exe” [2007-11-23 21:51] R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-11-23 21:52] R2 windrvNT;windrvNT;C:\WINDOWS\system32\windrvNT.sys [2007-12-22 22:02] R3 AIRPLUS;D-Link AirPlus Wireless Adapter;C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-09-08 09:06] R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-11-23 21:52] S3 EhttpSrv;Eset HTTP Server;“C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe” [2007-11-23 21:53] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 13:27:02 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries …

Tapeta jest już na pulpicie, kompa mogę już włączyć.

Gutek · 23 Grudzień 2007 14:59

Na wszelki wypadek:

Pobierz program SDFix

ne0 · 24 Grudzień 2007 08:56

SDFix: Version 1.119 Run by Sobczak on 2007-12-24 at 09:43 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-24 09:46:53 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] “Epoch”=dword:00000283 scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Finished!

Gutek · 25 Grudzień 2007 23:43

Nic nie widzę