Witam. Mam obecnie dość nowy komputer bo od około pół roku. Jakiś miesiąc temu zaczeły sie z nim problemy. Kiedy gram w gry komputer sam sie wyłancza. Czasem moge grać godzinami i nic się nie dzieje a czasem ledwo zaczne w coś grać i po kilku minutach komp się wyłancza.Wiem, że to napewno nie jest wina gier bo na wszystkich mi się tak robi pozatym gram w te gry odkąd mam nowy komputer. Czy ktoś może mi poradzić dlaczego tak się dzieje?? I jak się mam pozbyć tego problemu. Na wszelki wypadek podaje swój log:
Logfile of HijackThis v1.99.1 Scan saved at 17:03:20, on 2007-05-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Avast4\aswUpdSv.exe D:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Avast4\ashMaiSv.exe D:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\WINDOWS\system32\PnkBstrB.exe D:\Program Files\Mozilla\mozilla.exe D:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.encyklopedia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.encyklopedia.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68” O4 - HKLM…\Run: [siemens SmartSync - ScheduleSync] D:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /M “Stylus D68” /EF “HKCU” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [RemoveIT Pro XT] D:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/ O17 - HKLM\System\CCS\Services\Tcpip…{C83642D4-0D67-4228-B791-F9DCB7C8DF1F}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Bardzo proszę o pomoc.
Joan
(Joan Sunshine)
6 Maj 2007 15:49
#2
Obejmij proszę logi w tagi QUOTE lub CODE > użyj przycisku
Log jest ok, daj loga z SilentRunners
Sprawdź błędy w podglądzie zdarzeń:
Start = Panel Sterowania = Narzędzia Administracyjne = Podgląd zdarzeń
Jeśli będą jakieś na czerwono, to wklej szczegóły.
Sprawdź RAM programem – Memtest86
Sprawdź temperatury programem – EVEREST Home Edition
Przeczytaj to: KLIK i wklej zawartość plików minidump, o ile takowe są
Temperaturę sprawdziłem Everestem i jest ok.
Silent Runners
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”” [“Nero AG”] “Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “EPSON Stylus D68 Series” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /M “Stylus D68” /EF “HKCU”” [“SEIKO EPSON CORPORATION”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “RemoveIT Pro XT” = “D:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “NWEReboot” = “(empty string)” [file not found] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “EPSON Stylus D68 Series” = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68"” [“SEIKO EPSON CORPORATION”] “Siemens SmartSync - ScheduleSync” = “D:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE” [empty string] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “avast!” = “D:\PROGRA~1\Avast4\ashDisp.exe” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}(Default) = (no title provided) -> {HKLM…CLSID} = “EpsonToolBandKicker Class” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device” -> {HKLM…CLSID} = “Siemens Device” \InProcServer32(Default) = “D:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler” -> {HKLM…CLSID} = “Siemens Device ContextMenuHandler” \InProcServer32(Default) = “D:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler” -> {HKLM…CLSID} = “Siemens Device PropertySheetHandler” \InProcServer32(Default) = “D:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Avast4\ashShell.dll” [“ALWIL Software”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\Mozilla Wallpaper.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\Mozilla Wallpaper.bmp” Startup items in “1” & “All Users” startup folders: --------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EE5D279F-081B-4404-994D-C6B60AAEBA6D}” -> {HKLM…CLSID} = “EPSON Web-To-Page” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EE5D279F-081B-4404-994D-C6B60AAEBA6D}” = (no title provided) -> {HKLM…CLSID} = “EPSON Web-To-Page” \InProcServer32(Default) = “C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.encyklopedia.pl/ Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““D:\Program Files\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] PnkBstrA, PnkBstrA, “C:\WINDOWS\system32\PnkBstrA.exe” [null data] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus D68 Series 2KMonitor5E\Driver = “E_FLMAAE.DLL” [“SEIKO EPSON CORPORATION”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 31 seconds. ---------- (total run time: 63 seconds)
Błedy z podgladu zdarzeń zamieściłem pod tym linkiem:
[http://rapidshare.com/files/29862119/Po … __324_.doc](http://rapidshare.com/files/29862119/Podgl 261_d_zdarze 324_.doc)
Do notatnika wklej:
Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na
pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.
Poza tym log ok.
Jakie temperatury i jakiego masz proca? Jaki masz zasilacz?
Najnowsze sterowniki do grafy i DirectX także?
A coś wówczas instalowałeś? Nowy sprzęt?
Problemy z wylanczaniem sie komputera podczas gier zaczely sie w polowie kwietnia. Nie instalowalem zadnego oprogramowania ani sprzetu.
Temperatura:
plyta glowna 38 ˚C
procesor 45 ˚C
dioda procesora 60˚C
aux 47 ˚C
Umieszczam pod tym linkiem raport z everesta na temat mojego sprzetu i sterownikow:
http://rs7.rapidshare.com/files/2998937 … eresta.txt
Ps.Czy z podgladu zdarzen o bledach mozna juz cos wywnioskowac?? Bo troche ich zamiescilem na tym forum z mojego kompa.
Gutek
(Gutek)
7 Maj 2007 14:33
#6
Naprawilem bledy w rejestrze j16powertools. A oto log z Combofixa
“1” - 2007-05-07 17:30:32 Dodatek Service Pack 2 ComboFix 07-05.07.3.V - Running from: “D:\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 )))))))))))))))))))))))))))))))))) 2007-05-07 17:04 5 --ahs---- C:\WINDOWS\system32\beaabe9_s.dll 2007-05-05 16:52 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:52 2007-05-05 16:52 2007-04-29 23:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-29 21:37 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-29 21:37 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-29 21:37 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-29 21:37 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-29 21:34 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-29 21:34 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-29 21:34 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 15:11 2007-04-15 09:00 2007-04-09 18:24 2007-04-08 18:28 6,688 --a------ C:\WINDOWS\movexe.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-07 15:20:51 -------- d-----w C:\DOCUME~1\1\DANEAP~1.\Skype 2007-05-07 14:52:54 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-05-07 14:52:50 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-05-07 13:21:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-06 09:52:57 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-29 19:37:25 3,341 ----a-w C:\WINDOWS\unins000.dat 2007-04-18 13:11:24 -------- d-----w C:\DOCUME~1\1\DANEAP~1.\Google 2007-04-08 22:35:48 68,334 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-08 22:35:48 439,194 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-23 20:46:57 -------- d-----w C:\Program Files\SCi 2007-03-20 21:38:20 8,837 ----a-w C:\WINDOWS\mozver.dat 2007-03-20 21:32:56 98,512 ----a-w C:\WINDOWS\GREUninstall.exe 2007-03-18 00:05:33 1,400 ----a-w C:\WINDOWS\uninst_8922.dat 2007-03-18 00:05:05 1,825 ----a-w C:\WINDOWS\uninst_8016.dat 2007-03-11 20:05:32 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-02-10 19:28:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” “{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}”=“C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “SkyTel”=“SkyTel.EXE” “RTHDCPL”=“RTHDCPL.EXE” “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “EPSON Stylus D68 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /O6 “USB001” /M “Stylus D68"” “Siemens SmartSync - ScheduleSync”=“D:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “avast!”=“D:\PROGRA~1\Avast4\ashDisp.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”" “Gadu-Gadu”="“D:\Program Files\Gadu-Gadu\gg.exe” /tray" “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” “EPSON Stylus D68 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 “EPSON Stylus D68 Series” /M “Stylus D68” /EF “HKCU”” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{bf5fbddc-da0a-11db-80f3-4d6564696130}] Shell\AutoRun\command F:\auto.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_EVERESTDRIVER *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PNKBSTRB *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PNKBSTRK ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-07 17:31:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-07 17:31:54 C:\ComboFix-quarantined-files.txt … 2007-05-07 17:31
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Pozdrawiam Gutek2222
Gutek
(Gutek)
7 Maj 2007 15:41
#8
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę
C:\WINDOWS\system32\beaabe9_s.dll i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
Ok. Zrobilem tak jak mi napisales i co teraz?? Czy mam cos jeszcze zrobic?? czy to wystarczy??
Joan
(Joan Sunshine)
7 Maj 2007 16:38
#10
Wklej jeszcze kontrolnie loga z Combofix
Aha to dziekuje bardzo za pomoc w rozwiazaniu mojego problemu. Mysle ze teraz bedzie wszystko dobrze. Zaraz przetestyje odpalajac jakas gierke. Dziekuje rowniez za czas ktory mi poswieciliscie gdyz moj problem dosc sie dlugo ciagnal. Swoim znajomym zaproponuje to forum jakby mieli problemy.
Złączono Posta : 07.05.2007 (Pon) 19:47
mino tych wszystkich zabiegow komputer dalej sie wylancza na grach. ja juz tego nie rozumie imam dosc. zrobilem co sie dalo i chyba pozostal juz tylko format