Skocz do zawartości


Zdjęcie

Services.exe - Błąd aplikacji

Rozpoczęty przez oktar , 14 01 2008 22:11

  • Zaloguj się, aby dodać odpowiedź
7 odpowiedzi w tym temacie

#1 oktar

oktar

    Obserwator

  • 5 postów

Napisano 14 01 2008 - 22:11

Witam,
Mam problem z komputerem. Otóż wyskakuje mi błąd przy wpłączeniu komputera:
services.exe - Błąd Aplikacji



W aplikacji wystąpił wyjątek unknown software exception (0xc00000fd) pod adresem 0x7c90eddc.



Kliknij przycisk OK, aby przerwać działanie aplikacji

Kliknij przycisk Anuluj, aby rozpocząć debugowanie programu


Nie zależnie co wybiorę czy OK czy Anuluj to pokazuje się okno, że za minute komputer uruchomi się ponownie i odlicza. Proszę o pomoc bo jest to uciążliwe (format nie wchodzi w grę).

Z góry dziękuje i pozdrawiam
Oktar

To co pomoże ktoś?

  • 0

#2 Tequila

Tequila

    Stały użytkownik

  • 386 postów

Napisano 14 01 2008 - 23:16

Klepnąć sprobuj w start -> uruchom polecenie
shutdown -a
I jak zostanie wstrzymany restart to przedstaw logi - HijackThs, SilentRunners i Combofix.
Dodatkowo - skorzystaj z automatycznych aktualzacji by system zaktualizować
Masz jakegoś firewalla załączonego ? Jeżeli nie to włacz choćby systemowego.

  • 0

#3 oktar

oktar

    Obserwator

  • 5 postów

Napisano 15 01 2008 - 08:01

HijackThs:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:09:25, on 2008-01-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32kui.exeD:\Program Files\Microsoft ActiveSync\wcescomm.exeD:\PROGRA~1\Microsoft ActiveSync\rapimgr.exec:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\apache\bin\apache.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\WINDOWS\system32\inetsrv\inetinfo.exec:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\mysql\bin\mysqld-nt.exeC:\Program Files\Eset\nod32krn.exeC:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\apache\bin\apache.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.bearshare.com/pl"]http://google.bearshare.com/pl[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osbootO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2.2 - Apache Software Foundation - c:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\apache\bin\apache.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\FileZillaFTP\FileZillaServer.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: mysql - Unknown owner - c:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\mysql\bin\mysqld-nt.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\<a href="http://www.download.net.pl/3711/XAMPP/">xampp</a>\service.exe--End of file - 4690 bytes

Ten Combofix nie chciał mi działać a silent hunter'a nigdzie nie było. Jakbyście mogli to podajcie linki.
  • 0

#4 Tequila

Tequila

    Stały użytkownik

  • 386 postów

Napisano 15 01 2008 - 08:54

Combofixa sprobuj raz jeszcze - w trybie awaryjnym
Silent Runners miało być a nie Hunters :banana: To skrypt vbs

PS Masz zainstalowane sterowniki i od ATI i od NVidii - uzywasz obu kart graficznych ? Uzywasz i Apache i IIS ? Apache Ci w dwóch instanacjach startuje - tam ma być ?
  • 0

#5 oktar

oktar

    Obserwator

  • 5 postów

Napisano 15 01 2008 - 15:41

Oto log z Silent Runnera
Startup items buried in registry:

---------------------------------



HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"H/PC Connection Agent" = ""D:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"LClock" = "C:\Program Files\LClock\LClock.exe" [file not found]

"TkBellExe" = ""realsched.exe"  -osboot" [file not found]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"

  -> {HKLM...CLSID} = "DisplayCplExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"]

"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQShellExt.dll" [file not found]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

  -> {HKLM...CLSID} = "Mobile Device"

                   \InProcServer32\(Default) = "D:\PROGRA~1\Microsoft ActiveSync\Wcesview.dll" [MS]

"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"

  -> {HKLM...CLSID} = "Sony Ericsson File Manager"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]

"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"

  -> {HKLM...CLSID} = "Sony Ericsson File Manager"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]



HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]



HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<<!>> WBSrv\DLLName = "C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll" ["Stardock Corporation"]



HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]



HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQShellExt.dll" [file not found]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]





Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------



Note: detected settings may not have any effect.



HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\



"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"CDRAutoRun" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"NoAutoTrayNotify" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"NoResolveTrack" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"NoResolveSearch" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}



"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoSharedDocuments" = (REG_DWORD) dword:0x00000001

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\



"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\



"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Hide Desktop tab}



HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\



"NoUpdateCheck" = (REG_DWORD) dword:0x00000001

{unrecognized setting}



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\



"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}



"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000

{unrecognized setting}





Active Desktop and Wallpaper:

-----------------------------



Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\oktar\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"





Startup items in "oktar" & "All Users" startup folders:

-------------------------------------------------------



C:\Documents and Settings\oktar\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]





Enabled Scheduled Tasks:

------------------------



"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]





Winsock2 Service Provider DLLs:

-------------------------------



Namespace Service Providers



HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]



Transport Service Providers



HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10





Toolbars, Explorer Bars, Extensions:

------------------------------------



Toolbars



HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]



Explorer Bars



HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\



HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL" [MS]



Extensions (Tools menu items, main toolbar menu buttons)



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]



{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Create Mobile Favorite"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll" [MS]



{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Create Mobile Favorite..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

  -> {HKLM...CLSID} = "Create Mobile Favorite"

                   \InProcServer32\(Default) = "D:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll" [MS]



{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"



{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\



{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]





Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------



Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]





---------- (launch time: 2008-01-15 09:05:27)

<<!>>: Suspicious data at a malware launch point.



+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 53 seconds, including 11 seconds for message boxes)


Z Combofix jeszcze sprobuje, ale tryb awaryjny odpada bo przez ten błąd nie da się go włączyć.
Kiedyś miałem geforce ale przerzuciłem się na radeona, a sterowniki zostaly.
Apache jest używane do serwera w grę mmo na lanie. Nie rozumiem tego pytania o starcie apache.

odświeżam
  • 0

#6 oktar

oktar

    Obserwator

  • 5 postów

Napisano 18 01 2008 - 08:15

odświeżam po raz drugi
  • 0

#7 oktar

oktar

    Obserwator

  • 5 postów

Napisano 18 01 2008 - 20:01

widzę że zostałem zignorowany na tym forum... z góry dziękuje "Tequila" za poświęcony mi czas
żegnam
  • 0

#8 Sanko

Sanko

    Pomocnik Tweaks.pl

  • 430 postów

Napisano 18 01 2008 - 20:46

kolego nikt ci nie zignorował

wejdz w opcje wyszukiwania >>>wyszukaj pliki i foldery wpisz Services.exe i wyszukaj

Dołączona grafika

Zainstaluj sobie program Unlocker (poniżej wstawiam link):

tutaj

i za pomocą tego programu skasuj ten drugi plik... potem polecam zrobić skana programem ad-aware, avastem, webroot spysweeperem i zainstalować jakiegoś porządnego firewalla.

Jeśli to nie pomoże... no to instalka nowego windowsa (przy pierwszym włączeniu windowsa nie możesz mieć połączenia z siecą) i dopiero wtedy zainstaluj firewalla. powinno pomóc.

pozdrawiam

  • 0
Wróć do Windows XP


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Systemy operacyjne
  4. Windows XP
  5. Polityka prywatności
  6. Szukaj
  7. Regulamin Forum ·