Problem z wylaczeniem komputera

patrol69 · 16 Styczeń 2007 13:31

Problem z ktorym sie spotkalem , polega na tym ze gdy chce wylaczyc komputer (START–>WYLACZ KOMPUTER–>WYLACZ) maszyna wogole nie reaguje, moge poawtarzac ta czynnosc w nieskonczonosc a i tak nie chce sie wylaczyc.

(wylaczam go poprzez przytrzymanie klawisza na stacji dyskow)

Dodac moge ze komputer 100% nie jest zainfekowany zadnym robakami, spamami ani innego typu wirusami , dlatego prosilbym o pomoc

Krzychuu · 16 Styczeń 2007 13:32

Przekonajmy się… Daj logi z Hijakca i Silenta.

patrol69 · 16 Styczeń 2007 13:39

Logfile of HijackThis v1.99.1

Scan saved at 14:42:56, on 2007-01-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\System32\Launcher.exe

D:\ProgramkI\Power dvd\PDVDServ.exe

C:\Program Files\Messenger\msmsgs.exe

D:\ProgramkI\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\System32\wuauclt.exe

D:\ProgramkI\totalcmd\TOTALCMD.EXE

D:\ProgramkI\BitLord\BitLord.exe

D:\ProgramkI\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

D:\Sciegniete z overneta\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\ProgramkI\AllPlayer i Lektor\Expresivo\Expressivo Demo\IH_iexplore.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\ProgramkI\AllPlayer i Lektor\Expresivo\Expressivo Demo\IH_iexplore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\ProgramkI\Power dvd\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "D:\ProgramkI\Power dvd\Language\Language.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\ProgramkI\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NBJ] "D:\ProgramkI\Nero\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [AWMON] "D:\ProgramkI\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

Krzychuu · 16 Styczeń 2007 13:46

patrol69 proponuję zainstalwoać Service Pack 2 - poprawia bezpeiczeństwo w systemie:

http://www.microsoft.com/windowsxp/sp2/default.mspx

Jak na moje amatorskei oko niczego nie widzę, ale poczekaj na specialistę.

Start --> Uruchom --> msconfig --> Zakładka uruchamianie

Poodznaczaj nie potrzebne według Ciebie programy.

Joan · 16 Styczeń 2007 13:50

Poker :mrgreen:

Zafixuj, folder na czerwono leci z dysku. Daj loga z Silenta.

start > uruchom > services.msc i wyłącz usługę NVidia Driver Helper Service.

patrol69 · 16 Styczeń 2007 14:53

Pokera nie fixuje , bo lubie sobie pograc w wolnych chwilach

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""D:\ProgramkI\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"NBJ" = ""D:\ProgramkI\Nero\Nero BackItUp\NBJ.exe"" [file not found]

"AWMON" = ""D:\ProgramkI\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"Cmaudio" = "RunDll32 cmicnfg.dll,CMICtrlWnd" [MS]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"PrimaLauncher" = "C:\WINDOWS\System32\Launcher.exe" ["PRIMAX International B.V."]

"RemoteControl" = ""D:\ProgramkI\Power dvd\PDVDServ.exe"" ["Cyberlink Corp."]

"LanguageShortcut" = ""D:\ProgramkI\Power dvd\Language\Language.exe"" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Expressivo"

                   \InProcServer32\(Default) = "D:\ProgramkI\AllPlayer i Lektor\Expresivo\Expressivo Demo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {HKLM...CLSID} = "Eksplorator pulpitów"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\ProgramkI\winrar\rarext.dll" [null data]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\ProgramkI\winrar\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\ProgramkI\winrar\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\ProgramkI\winrar\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Documents and Settings\PatroL.SILKA-OIQAGJF91\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\PatroL.SILKA-OIQAGJF91\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{85F685C3-20D9-4943-95E4-EB4224056C3F}" = "Expressivo"

  -> {HKLM...CLSID} = "Expressivo"

                   \InProcServer32\(Default) = "D:\ProgramkI\AllPlayer i Lektor\Expresivo\Expressivo Demo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\

"ButtonText" = "PartyPoker.com"

"MenuText" = "PartyPoker.com"

"Exec" = "C:\Program Files\PartyGaming\PartyPoker\RunApp.exe" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 134 seconds.

---------- (total run time: 818 seconds)

adam9870 · 16 Styczeń 2007 15:04

Czysto.

Przejrzyj "ZBĘDNIKI " w autostarcie oraz Optymalizacja i odchudzanie Windowsa XP.

Czy zrobiłeś tak jak radziła Joan?

Ewentualnie wybierz start => uruchom => wpisz eventvwr i kliknij OK => sprawdź czy masz błędy typu System Error lub Aplication Error, zaznaczone na czerwono, które wystąpiły mniej więcej wtedy gdy komputer nie reagował na zamknięcie. Jeśli są takie to wklej ich szczegóły na Forum.

http://forum.dobreprogramy.pl/viewtopic.php?t=46412