Resety kompa podczas grania


(Mariano334) #1

Od jakiegoś czasu resetuje mi sie komputer podczas grania.

Prosze o pomoc.

AMD Athlon xp 2500+

Epox EP-8RDA3+/8RDA3G

Nvidia GeForce FX 5700

zasilacz L&C LC-B300ATX

Oto log hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 18:41:35, on 2006-09-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\WINDOWS\SOUNDMAN.EXE

E:\deamon\DAEMON Tools\daemon.exe

E:\Anti blxx\Anti-Blaxx\Anti-Blaxx.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Programy\Gadu-Gadu\gg.exe

C:\Program Files\STK014\STK014M.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

D:\Programy\Opera\Opera.exe

D:\Programy\everest\EVEREST Home Edition\everest.bin

D:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Programy\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {D5C7CDE5-9DB3-CED9-975E-BB0F2C77C197} - C:\DOCUME~1\x\DANEAP~1\ISOGLO~1\Showdash.exe (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - D:\Programy\PrintMe\htpmcap.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"

O4 - HKLM..\Run: [KAVPersonal50] E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [DAEMON Tools] "E:\deamon\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [Anti-Blaxx Manager] E:\Anti blxx\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Datadale] C:\DOCUME~1\x\DANEAP~1\ERRORB~1\downloaddoes.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: STK014 PNP Monitor.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - D:\Programy\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - D:\Programy\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Programy\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.pl

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1913207107

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\guard.tmp (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ir0ul5d91.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Screen z programu Everest

Pole Wartość

Właściwości czujnika

Typ czujnika Winbond W83627HF (ISA 290h)

Nazwa płyty głównej Epox 8RDA3 / 8RDAE Series

Temperatury

Płyta główna 37 °C (99 °F)

Procesor 47 °C (117 °F)

WDC WD1200JB-00FUA0 34 °C (93 °F)

Wentylatory

Procesor 2860 RPM

Obudowa 2766 RPM

Wartości napięć

Napięcie rdzenia procesora 1.63 V

+5 V 5.05 V

+12 V 11.98 V

-5 V -5.30 V

+5 V podczas wstrzymania pracy 4.92 V

VBAT baterii CMOS 2.91 V

VDD 1.62 V

DIMM 2.72 V

AGP 1.52 V

Debug Info F FF 3D 3B

Debug Info T 208 47 37

Debug Info V 65 66 AA BC C5 60 30 (01)


(Bbieniol) #2

Użyj narzędzia Look2Me-Destroyer

Usuń Hijackiem te wpisy:

Po zabiegach nowy log z Hijacka + log z Silent Runners + KONIECZNIE log z programu l2mfix (wybierasz opcje 1)

PS> Znasz to?


(Mariano334) #3

zrobiłem jak napisałeś

HijackThis

L2MFIX

cytat:

nie wiem co to jest.


(Bbieniol) #4

Hijack i l2mfix czyste :slight_smile:

Co do Silenta, to niestety ucięty, ale podejrzewam, że też będzie czysty :slight_smile: Dla pewności wklej :slight_smile:


(Mariano334) #5

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Datadale" = "C:\DOCUME~1\x\DANEAP~1\ERRORB~1\downloaddoes.exe" [null data]

"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"EPSON Stylus DX3800 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"" ["SEIKO EPSON CORPORATION"]

"KAVPersonal50" = "E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize" ["Kaspersky Lab"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"DAEMON Tools" = ""E:\deamon\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"Anti-Blaxx Manager" = "E:\Anti blxx\Anti-Blaxx\Anti-Blaxx.exe" [null data]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "D:\Programy\Adobe\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = (no title provided)

-> {HKLM...CLSID} = "bho2gr Class"

\InProcServer32(Default) = "D:\Programy\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}(Default) = (no title provided)

-> {HKLM...CLSID} = "EpsonToolBandKicker Class"

\InProcServer32(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\NVCPL.DLL" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\OpenOffice.org1.1.2\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32(Default) = "D:\Nowy folder (2)\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "D:\Programy\OFFICE~1\Office\OLKFSTUB.DLL" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32(Default) = "D:\Programy\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"

-> {HKLM...CLSID} = "CloneCD Shell Extension"

\InProcServer32(Default) = "D:\Programy\clone\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"

\InProcServer32(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32(Default) = "E:\Programy\nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"

-> {HKLM...CLSID} = "Contact View"

\InProcServer32(Default) = "E:\Programy\nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

-> {HKLM...CLSID} = "Message View"

\InProcServer32(Default) = "E:\Programy\nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e SsiEfr.e" [file not found], [MS], [file not found], [file not found], [file not found]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Startup items in "x" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"STK014 PNP Monitor" -> shortcut to: "C:\Program Files\STK014\STK014M.exe" [empty string]

Enabled Scheduled Tasks:


"mks_vir - Zadanie 0" -> WARNING -- The file "mks_vir - Zadanie 0.job" is corrupt! (no executable)

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"

-> {HKLM...CLSID} = "EPSON Web-To-Page"

\InProcServer32(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{97387E2B-B2FA-4E4A-A607-F3B5C134F71C}" = "PrintMe"

-> {HKLM...CLSID} = "PrintMe"

\InProcServer32(Default) = "D:\Programy\PrintMe\htpmcap.dll" ["Electronics For Imaging, Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)

-> {HKLM...CLSID} = "EPSON Web-To-Page"

\InProcServer32(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{97387E2B-B2FA-4E4A-A607-F3B5C134F71C}(Default) = (no title provided)

-> {HKLM...CLSID} = "PrintMe"

\InProcServer32(Default) = "D:\Programy\PrintMe\htpmcap.dll" ["Electronics For Imaging, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

Miscellaneous IE Hijack Points


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):

Missing lines (compared with English-language version):

line

Running Services (Display Name, Service Name, Path {Service DLL}):


C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]

Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s" ["The Firebird Project"]

Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s" ["The Firebird Project"]

kavsvc, kavsvc, "E:\Programy\kaspersky\Kaspersky Anti-Virus Personal\kavsvc.exe" ["Kaspersky Lab"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON Stylus DX3800 Series 2KMonitor5E\Driver = "E_FLMACE.DLL" ["SEIKO EPSON CORPORATION"]

EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 64 seconds.

  • The search for all Registry CLSIDs containing dormant Explorer Bars

took 13 seconds.

---------- (total run time: 98 seconds)


(Bbieniol) #6

Kosmetycznie: Otwórz edytor rejestru Start >>> Uruchom >>> regedit i przejdź do klucza HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager

Tam kliknij podwójnie na wartość BootExecute i z okienka usuń wszystko z wyjątkiem autocheck autochk *


(Mariano334) #7

weszłem w to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager

ale nie matam tego BootExecute


(Bbieniol) #8

Otwórz notatnik i wklej w nim to:

Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:


(Mariano334) #9

Ok. zrobiłem to, wielkie dzięki za wszystko ale mój komp dalej sie resetuje jak gram.


(Bbieniol) #10

Odpal checkdiska, czyli:

Start --> uruchom --> cmd i wpisz: chkdsk c: /f /r

Wejdź w dziennik zdarzeń:

Start --> uruchom --> eventvwr i sprawdź, czy nie masz błędów zaznaczonych kolorem czerwonym - jeżeli są to wrzuć ich screeny :slight_smile:

:arrow: Jak wstawić zrzut pulpitu?


(Mariano334) #11

wyszło mi takie coś

screenshot1sk1.jpg


(Bbieniol) #12

Klikasz T (Tak) i klikasz ENTER :slight_smile: A następnie restartujesz komputer :slight_smile:


(Gutek) #13

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE -edytuj


(Mariano334) #14

wrzuciłem dwa ale jest tego więcej


(Bbieniol) #15

Przeinstaluj sterowniki do karty graficznej :slight_smile:


(Mariano334) #16

zainstalowałem nowe sterowniki ale nie pomogło dalej resety


(Micromac) #17

To wejdz jeszcze raz do Podglądu Zdarzeń. Zaznacz Aplikacja i po prawej stronie masz błędy z czerwonym kółkiem. Kliknij na to dwa razy i skopiuj (klawisze Ctrl+c) jej treść i wklej tutaj. Tak samo z System.

Wklej tylko te trzy najnowsze błędy


(Mariano334) #18


(Bbieniol) #19

Kiedy i o której instalowałeś sterowniki?


(Mariano334) #20

jedne wczoraj i dzisiaj koło 10.00 próbowałem jeszcz raz z innymi