Problemy z aplikacjami

nicrs · 1 Wrzesień 2006 12:52

mam taki problem, mianowicie mój system nie otwiera pewnych aplikacji - chodzi konkretnie o gry. Nie wierzę żeby było to spowodowane sprzętem… bo jeżeli moja pucha by nie poradziła czemuś to wywaliło by błąd aplikacji tak jak zwykle to bywało… teraz natomiast błędy aplikacji wyrzuca mi komunikat z xp. a nie wierzę, że PRZYKŁADOWO: COMBAT WINGS nie pójdzie na ATHLON 1,4 256 DDR, GF2 400… wstawiam loga za pomoc dzięki z góry!!

Logfile of HijackThis v1.99.1 Scan saved at 14:39:31, on 2006-09-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\nycR\USTAWI~1\Temp\Rar$EX00.315\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smb.sygate.com/ref/proref_sos.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\RunServices: [win msdt service] mswindtc.exe O4 - HKLM…\RunServices: [Windows Help 32] zlusfanbsu.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_35.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS1\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS2\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS3\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SERVICE (WINDOWS) - Unknown owner - C:\WINDOWS\spoolsvc.exe (file missing)

Bieniol · 1 Wrzesień 2006 12:56

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowy log z Hijacka + log z Silent Runners

Jakie błędy wyskakują? Wklej screena

Jak wkleić screena?

Myszak · 1 Wrzesień 2006 13:02

Bieniol jeszcze to :

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługę SERVICE.

Plik spoolsvc.exe o ile będzie - kasujesz w awaryjnym bez przywracania systemu.

nicrs · 1 Wrzesień 2006 14:12

“Silent Runners.vbs”, revision 47, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “Odkurzacz-MCD” = “C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe” [“FranmoSoft”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}” = “Trend Micro Anti-Spyware Shell Extension” -> {HKLM…CLSID} = “Trend Micro Anti-Spyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\Trend Micro\Tmas\sshook.dll” [“Trend Micro Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] INFECTION WARNING! “{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}” = “Trend Micro Anti-Spyware Shell Extension” -> {HKLM…CLSID} = “Trend Micro Anti-Spyware Shell Extension” \InProcServer32(Default) = “C:\Program Files\Trend Micro\Tmas\sshook.dll” [“Trend Micro Incorporated”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido(Default) = “{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}” -> {HKLM…CLSID} = “Ctest Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-malware\context.dll” [“ewido networks”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “nycR” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\nycR\Menu Start\Programy\Autostart INFECTION WARNING! “PowerReg Scheduler.exe” [empty string] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Trend Micro Anti-Spyware” -> shortcut to: “C:\Program Files\Trend Micro\Tmas\Tmas.exe -autostart” [“Trend Micro Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Diskeeper, Diskeeper, “C:\Program Files\Executive Software\DiskeeperLite\DKService.exe” [“Executive Software International, Inc.”] ewido security suite control, ewido security suite control, “C:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Sunbelt Kerio Personal Firewall 4, KPF4, “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [“Sunbelt Software”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 172 seconds, including 4 seconds for message boxes)

Logfile of HijackThis v1.99.1 Scan saved at 15:56:16, on 2006-09-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\nycR\USTAWI~1\Temp\Rar$EX00.899\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smb.sygate.com/ref/proref_sos.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_35.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS1\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS2\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS3\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

hmmmm nie rozgryzłem jeszcze dobrze kerio a zablokowałem te wyskakiwanie komunikatów o błędach, zresztą i tak tam nie ma nic przydatnego. Jest tylko opcja wysłania błędu:/

Myszak · 1 Wrzesień 2006 14:13

Skasuj te 2 wpisy.

Update :

co do pomocy : Mój komputer --> właściwości --> zdalny --> odhacz 1 pole.

Bieniol · 1 Wrzesień 2006 14:14

Zostało jeszcze to:

Wpis Hijackiem, plik ręcznie

nicrs · 1 Wrzesień 2006 14:22

tyle ze nie moge go znalesc:/:/

Bieniol · 1 Wrzesień 2006 14:24

Będzie w folderze: C:\Windows lub C:\Windows\System32

nicrs · 1 Wrzesień 2006 14:33

n i ma go tam:] nawet jako systemowy ani ukryty!! :!:

Bieniol · 1 Wrzesień 2006 14:35

Usuń w takim razie wpisy, które wskazał Myszak , a następnie daj nowy log

Myszak · 1 Wrzesień 2006 14:35

A wcześniej go kasowałeś ? za 1 razem. ?

Możliwe, że pliku nie ma - stąd dopisek w Silencie --> [empty string]

nicrs · 1 Wrzesień 2006 14:39

może iatk ale, to dalej nie pomogło dalej jest blad i nic sie nie zmienilo

Bieniol · 1 Wrzesień 2006 14:41

Daj screena tego błędu, oraz wrzuć zestaw nowych logów

nicrs · 1 Wrzesień 2006 14:45

Logfile of HijackThis v1.99.1 Scan saved at 16:46:02, on 2006-09-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\nycR\USTAWI~1\Temp\Rar$EX00.899\HijackThis.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\nycR\USTAWI~1\Temp\Rar$EX00.264\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smb.sygate.com/ref/proref_sos.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_35.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O17 - HKLM\System\CCS\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS1\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS2\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS3\Services\Tcpip…{2F231587-0A40-416D-A0A6-676B15689949}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Myszak · 1 Wrzesień 2006 14:48

W logu ok ale :

C:\DOCUME~1\nycR\USTAWI~1\Temp\Rar$EX00.264\HijackThis.exe

uruchamiasz go z Tempa ?

No i :

nicrs · 1 Wrzesień 2006 15:04

nie uruchamiam z tempa:] a oto screen:

Myszak · 1 Wrzesień 2006 15:07

Dzieje się tak z każdą grą ? Podaj dokłądnie jaką masz maszyę.

Reinstalacja + czyszczenie rejestru - sprawdzałeś ?

Gry oryginalne ?

nicrs · 1 Wrzesień 2006 15:10

nie ale to juz chyba 2 albo 3 z koleii, nie chce robic formata bo i tak uwazam ze za czesto go robie!! rejestru nie czyscilem, regcleaner starczy do tego?? a ocB z grami online??

Myszak · 1 Wrzesień 2006 15:12

ale co nie ?

tak.

??

nicrs · 1 Wrzesień 2006 15:14

2 albo 3 format, a o gry online sam spytales… wiec nie

Złączono Posta : 01.09.2006 (Pią) 17:14

i co mam wyczyscic z reg’a??