Komp od czasu do czau się zacina

radzio22 · 17 Wrzesień 2007 20:49

od niedawna zaczoł mi się przycinać komp.tzn wskakuje użycie procesora na100% i tak przez około minutę.nie można w tedy nic zrobić,poza tymi chwilami słabości pracuję normalnie.no i jest jeszcze jeden problem- odpala się 3min35sek.na począdky myślałem że to wina AV-mam Mcaffiego myślałem że skamuj pamięć przy starcie ,ale czy tak jest to nie wiem. w weeckend jessica wyczytał z logów że za dużo mi startuje z systemem,napewno tak jest choć to dziwne bo ostatnio zainstalowałem STARTUP i wywaliłem nokie,kodaka,kamerke logitecha.a w ustawieniach tych programów i tak nie miałem autostartu. procesów kiedyś miałem 61. teraz jest 55-58. nie wiem czy te problemy jakieoś syfu czy wina sprzetu. pomózcie jesli możecie. komp to toshiba 1GB pamieci, dysk wymieniony w kwietniu na szybszy i pojemniejszy.zaraz wrzuce logi

Krzychuu · 17 Wrzesień 2007 20:53

Wrzuć logi z HiJack This i Silent Runners.

Oraz daj loga z ComboFix. (opis na samym dole)

radzio22 · 17 Wrzesień 2007 20:54

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:53:18, on 2007-09-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\Explorer.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\igfxext.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Huawei technologies\Huawei UMTS Data Card\HUAWEI 3G Data Card.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pl.mcafee.com/root/regwizard/Reg … okom@wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask O4 - HKLM…\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM…\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM…\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM…\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM…\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM…\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM…\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra ‘Tools’ menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{BACC27E0-B5F0-4442-8D04-F83AA27497A5}: NameServer = 10.0.0.1 10.0.0.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe – End of file - 10969 bytes

Złączono Posta : 17.09.2007 (Pon) 23:31

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“VSOCheckTask” = ““C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask” [“McAfee, Inc.”]

“VirusScan Online” = “C:\Program Files\McAfee.com\VSO\mcvsshld.exe” [“McAfee, Inc.”]

“Toshiba Hotkey Utility” = ““C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL” [“TOSHIBA Inc.”]

“SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”]

“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]

“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0\bin\jusched.exe” [“Sun Microsystems, Inc.”]

“PadTouch” = “C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [“TOSHIBA”]

“OASClnt” = “C:\Program Files\McAfee.com\VSO\oasclnt.exe” [“McAfee, Inc.”]

“MSKDetectorExe” = “C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup” [“McAfee, Inc.”]

“MSKAGENTEXE” = “C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe” [“McAfee Inc.”]

“MPSExe” = “c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding” [“McAfee, Inc.”]

“MPFExe” = “C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe” [“McAfee Security”]

“MCUpdateExe” = “c:\PROGRA~1\mcafee.com\agent\mcupdate.exe” [“McAfee, Inc”]

“MCAgentExe” = “c:\PROGRA~1\mcafee.com\agent\mcagent.exe” [“McAfee, Inc”]

“LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Logitech Inc.”]

“IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]

“HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]

“SiteAdvisor” = “C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [“McAfee, Inc.”]

“GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS]

“SDTray” = ““C:\Program Files\Spyware Doctor\SDTrayApp.exe”” [“PC Tools”]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}(Default) = (no title provided)

-> {HKLM…CLSID} = “McBrwHelper Class”

\InProcServer32(Default) = “c:\program files\mcafee.com\mps\mcbrhlpr.dll” [“McAfee, Inc.”]

{3EC8255F-E043-4cae-8B3B-B191550C2A22}(Default) = “McAfee PopupKiller”

-> {HKLM…CLSID} = “McAfee Privacy Service Popup Blocker”

\InProcServer32(Default) = “c:\program files\mcafee.com\mps\popupkiller.dll” [“McAfee, Inc.”]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}(Default) = (no title provided)

-> {HKLM…CLSID} = “McAfee AntiPhishing Filter”

\InProcServer32(Default) = “c:\program files\mcafee\spamkiller\mcapfbho.dll” [“McAfee, Inc.”]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)

-> {HKLM…CLSID} = “Groove GFS Browser Helper”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Helper”

\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”

\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]

“{2F5AC606-70CF-461C-BFE1-6063670C3484}” = “Display CPL Extension”

-> {HKLM…CLSID} = “DisplayCplExt Class”

\InProcServer32(Default) = “C:\Program Files\Toshiba\TouchED\TouchED.DLL” [“TOSHIBA Inc.”]

“{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures”

-> {HKLM…CLSID} = “My Logitech Pictures”

\InProcServer32(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll” [“Logitech Inc.”]

“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”

-> {HKLM…CLSID} = “Nokia Phone Browser”

\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]

“{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension”

-> {HKLM…CLSID} = “a-squared Free Context Menu”

\InProcServer32(Default) = “C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”]

“{9999A076-A9E2-4C99-8A2B-632FC9429223}” = “Bonjour”

-> {HKLM…CLSID} = “Bonjour”

\InProcServer32(Default) = “C:\Program Files\Bonjour\ExplorerPlugin.dll” [“Apple Computer, Inc.”]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper”

-> {HKLM…CLSID} = “Groove GFS Browser Helper”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar”

-> {HKLM…CLSID} = “Groove Folder Synchronization”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler”

-> {HKLM…CLSID} = “Groove GFS Stub Icon Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”

-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler”

-> {HKLM…CLSID} = “Groove XML Icon Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Outlook File Icon Extension”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS]

“{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”

-> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS]

“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”

-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]

“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”

-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”

-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}”

-> {HKLM…CLSID} = “a-squared Free Context Menu”

\InProcServer32(Default) = “C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”]

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}”

-> {HKLM…CLSID} = “a-squared Free Context Menu”

\InProcServer32(Default) = “C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”]

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

Group Policies {policy setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Program Files\Kodak EasyShare software\bin\EasyShareWallpaper.bmp”

Startup items in “Treder” & “All Users” startup folders:

C:\Documents and Settings\Treder\Menu Start\Programy\Autostart

“Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007” -> shortcut to: “C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000004\LibraryPath = “C:\Program Files\Bonjour\mdnsNSP.dll” [“Apple Computer, Inc.”]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\mclsp.dll [“McAfee, Inc.”], 01 - 19, 39

%SystemRoot%\system32\mswsock.dll [MS], 20 - 22, 25 - 38

%SystemRoot%\system32\rsvpsp.dll [MS], 23 - 24

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{F2CF5485-4E02-4F68-819C-B92DE9277049}”

-> {HKLM…CLSID} = “&Links”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{BA52B914-B692-46C4-B683-905236F6F655}” = “McAfee VirusScan”

-> {HKLM…CLSID} = “McAfee VirusScan”

\InProcServer32(Default) = “c:\progra~1\mcafee.com\vso\mcvsshl.dll” [“McAfee, Inc.”]

“{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor”

-> {HKLM…CLSID} = “McAfee SiteAdvisor”

\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\CLSID{9999A076-A9E2-4C99-8A2B-632FC9429223}(Default) = “Bonjour”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\Program Files\Bonjour\ExplorerPlugin.dll” [“Apple Computer, Inc.”]

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}”

-> {HKLM…CLSID} = “Java Plug-in 1.5.0”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll” [“Sun Microsystems, Inc.”]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

“ButtonText” = “Wyślij do programu OneNote”

“MenuText” = “Wyślij &do programu OneNote”

“CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}”

-> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS]

{39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\

“MenuText” = “McAfee AntiPhishing Filter”

“CLSIDExtension” = “{7DD73374-7187-4103-8F29-622AA25E7C40}”

-> {HKLM…CLSID} = “MyCfgDlgCmdTarget Class”

\InProcServer32(Default) = “c:\program files\mcafee\spamkiller\mcapfbho.dll” [“McAfee, Inc.”]

{7F9DB11C-E358-4CA6-A83D-ACC663939424}\

“ButtonText” = “Bonjour”

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Research”

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

“MenuText” = “@xpsp3res.dll,-20001”

“Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

a-squared Free Service, a2free, ““c:\program files\a-squared free\a2service.exe”” [“Emsi Software GmbH”]

Bonjour Service, Bonjour Service, ““C:\Program Files\Bonjour\mDNSResponder.exe”” [“Apple Computer, Inc.”]

ConfigFree Service, CFSvcs, “C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe” [“TOSHIBA CORPORATION”]

McAfee Personal Firewall Service, MpfService, “C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe” [“McAfee Corporation”]

McAfee SpamKiller Server, MskService, “C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe” [“McAfee Inc.”]

McAfee Task Scheduler, McTskshd.exe, “c:\PROGRA~1\mcafee.com\agent\mctskshd.exe” [“McAfee, Inc”]

McAfee WSC Integration, McDetect.exe, “c:\program files\mcafee.com\agent\mcdetect.exe” [“McAfee, Inc”]

McAfee.com McShield, McShield, “c:\PROGRA~1\mcafee.com\vso\mcshield.exe” [“McAfee Inc.”]

Spyware Doctor Auxiliary Service, sdAuxService, “C:\Program Files\Spyware Doctor\svcntaux.exe” [“PC Tools”]

Spyware Doctor Service, sdCoreService, “C:\Program Files\Spyware Doctor\swdsvc.exe” [“PC Tools”]

Usługa SiteAdvisor, SiteAdvisor Service, “C:\Program Files\SiteAdvisor\6172\SAService.exe” [“McAfee, Inc.”]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]}

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS]

---------- (launch time: 2007-09-17 23:26:42)

<>: Suspicious data at a malware launch point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 32 seconds.

---------- (total run time: 150 seconds)

Złączono Posta : 17.09.2007 (Pon) 23:55

http://wklej.org/id/9102bcd91a

Gutek · 18 Wrzesień 2007 15:26

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

radzio22 · 19 Wrzesień 2007 00:39

Nie wiem czy to ma znaczenie-logi robiłem bez podłączonego przenośnego dysku.dzisiaj postanowiłem go przeskanować bo już dawno tego nie robiłem a ostatnio od kumpla przeżuciłem trochę żeczy.skanowałem “Mcafeem”-nic skanowałem “a-squaredem”-nic,potem “spyware doctor” i znalazł mi TROJAN-PWS.TRANSPY, HKEY_LOCAL.MACHINE\SOFTWARE\Microsoft\Windows\CurentVersion\Control…\load Co to jest ,może to tak muli. usunąć tego nie mogę bo to jest wersja testowa programu.co robić?

jessica · 19 Wrzesień 2007 07:49

Moim skromnym zdaniem to jest tylko przewrażliwienie Spyware Doctora, oczywiście pod warunkiem, że po “load” nie było doczepionych jakichś wartości.

jessi