Komputer wolno "chodzi", wirusów nie wykryto

Kageori · 22 Listopad 2007 20:29

Witam,

Proszę o sprawdzenie loga, ponieważ komputer dziwnie się zachowuje. Tzn wszystko wczytuje wolniej niż normalnie, a dotego zaobserowowałam, że w menadżerze zadań jest więcej procesów niż było zawsze, a nic nie instalowałam…

Załączam więc logi z HijackThis i Silenrunners.

Z góry dziękuję.

Logfile of HijackThis v1.99.1 Scan saved at 21:07:42, on 2007-11-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Generic\Power4 Gear\BatteryLife.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Lap\USTAWI~1\Temp\Rar$EX00.890\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” O4 - HKLM…\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW O4 - HKLM…\Run: [F-Secure Startup Wizard] “C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Zablokuj to okienko - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra ‘Tools’ menuitem: Osłona programu IE… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lap\Menu Start\Programy\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{72FFC14D-28CF-400C-A88E-68720942222B}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “updateMgr” = “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “HControl” = “C:\WINDOWS\ATK0100\HControl.exe” [empty string] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay” [null data] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “Wireless Console 2” = “C:\Program Files\Wireless Console 2\wcourier.exe” [null data] “IntelZeroConfig” = ““C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”” [“Intel Corporation”] “IntelWireless” = ““C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless” [“Intel Corporation”] “EOUApp” = ““C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”” [“Intel Corporation”] “Power_Gear” = “C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1” [“ASUSTeK Computer Inc.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “Outpost Firewall” = “C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice” [“Agnitum”] “F-Secure Manager” = ““C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash” [“F-Secure Corporation”] “F-Secure TNB” = ““C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW” [“F-Secure Corporation”] “F-Secure Startup Wizard” = ““C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot” [“F-Secure Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4A368E80-174F-4872-96B5-0B27DDD11DB2}(Default) = (no title provided) -> {HKLM…CLSID} = “SpywareGuardDLBLOCK.CBrowserHelper” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\dlprotect.dll” [null data] {52D06F97-5511-43FA-8FDA-C481864FD26E}(Default) = (no title provided) -> {HKLM…CLSID} = “Alcohol Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll” [null data] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{81559C35-8464-49F7-BB0E-07A383BEF910}” = (no title provided) -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\spywareguard.dll” [null data] “{D3796116-94D3-4009-96D7-51578411CC7D}” = “Outpost Shell Extension” -> {HKLM…CLSID} = “oshdlr.ShellHandler” \InProcServer32(Default) = “C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll” [“Agnitum Ltd.”] “{B46C1E0F-F61D-4B19-BC55-B68D8BB3CAFE}” = “GSplit Context Menu Shell Extension” -> {HKLM…CLSID} = “GSplit Context Menu Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\gspshell.dll” [“G.D.G. Software, http://www.gdgsoft.com”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}” = “Bluetooth” -> {HKLM…CLSID} = “Wymiana informacji - Bluetooth” \InProcServer32(Default) = “C:\WINDOWS\system32\TosBtExt.dll” [“TOSHIBA”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{81559C35-8464-49F7-BB0E-07A383BEF910}” = (no title provided) -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\spywareguard.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ DiskChecker(Default) = “{1FE33981-7BF7-11d3-97B7-0020AF892ACF}” -> {HKLM…CLSID} = “Disk Checker Extension” \InProcServer32(Default) = “chckshll.dll” [empty string] GSplitShell(Default) = “{B46C1E0F-F61D-4B19-BC55-B68D8BB3CAFE}” -> {HKLM…CLSID} = “GSplit Context Menu Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\gspshell.dll” [“G.D.G. Software, http://www.gdgsoft.com”] tosBtShllExt(Default) = “{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}” -> {HKLM…CLSID} = “Bluetooth File Extenstion” \InProcServer32(Default) = “C:\WINDOWS\system32\TosBtShell.dll” [“TOSHIBA”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ tosBtShllExt(Default) = “{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}” -> {HKLM…CLSID} = “Bluetooth File Extenstion” \InProcServer32(Default) = “C:\WINDOWS\system32\TosBtShell.dll” [“TOSHIBA”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ DiskChecker(Default) = “{1FE33981-7BF7-11d3-97B7-0020AF892ACF}” -> {HKLM…CLSID} = “Disk Checker Extension” \InProcServer32(Default) = “chckshll.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Lap\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Lap” & “All Users” startup folders: ----------------------------------------------------- C:\Documents and Settings\Lap\Menu Start\Programy\Autostart “SpywareGuard” -> shortcut to: “C:\Program Files\SpywareGuard\sgmain.exe” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Bluetooth Manager” -> shortcut to: “C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe” [null data] “F-Secure Anti-Virus 2006” -> shortcut to: “C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe -startup” [“F-Secure Internet Security 2005”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task” [“Apple Inc.”] “Scheduled scanning task” -> launches: "C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt " [“F-Secure Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}” -> {HKLM…CLSID} = “Alcohol Toolbar” \InProcServer32(Default) = “C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}” = “Alcohol Toolbar” -> {HKLM…CLSID} = “Alcohol Toolbar” \InProcServer32(Default) = “C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”] {300DB664-75B5-47C0-8B45-A44ACCF73C00}\ “ButtonText” = “Osłona programu IE” “MenuText” = “Osłona programu IE…” “CLSIDExtension” = “{0928F506-07E8-470c-979D-147C296D4879}” -> {HKLM…CLSID} = “F-Secure IE Shield COM button” \InProcServer32(Default) = “C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll” [“F-Secure Corporation”] {D9288080-1BAA-4BC4-9CF8-A92D743DB949}\ “ButtonText” = “Run IMVU” “Exec” = “C:\Documents and Settings\Lap\Menu Start\Programy\IMVU\Run IMVU.lnk” [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] F-Secure Anti-Virus 2006, BackWeb Plug-in - 4476822, “C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE” [“F-Secure Internet Security 2005”] F-Secure Anti-Virus Firewall Daemon, FSDFWD, ““C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe”” [“F-Secure Corporation”] F-Secure Management Agent, FSMA, ““C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE”” [“F-Secure Corporation”] fsbwsys, fsbwsys, ““C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe”” [“F-Secure Corp.”] FSGKHS, F-Secure Gatekeeper Handler Starter, ““C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe”” [“F-Secure Corporation”] Intel® PROSet/Wireless Event Log, EvtEng, “C:\Program Files\Intel\Wireless\Bin\EvtEng.exe” [“Intel Corporation”] Intel® PROSet/Wireless Registry Service, RegSrvc, “C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe” [“Intel Corporation”] Intel® PROSet/Wireless Service, S24EventMonitor, “C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe” ["Intel Corporation "] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] Outpost Firewall Service, OutpostFirewall, “C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service” [“Agnitum”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe” [“Rocket Division Software”] TabletService, TabletService, “C:\WINDOWS\system32\Tablet.exe” [“Wacom Technology, Corp.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Toshiba Bluetooth Monitor\Driver = “tbtmon.dll” [“Toshiba America Business Solutions, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 135 seconds. ---------- (total run time: 165 seconds)

Gutek · 22 Listopad 2007 21:44

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Kageori · 22 Listopad 2007 22:20

Dziękuję zapoznam się jutro chociaż część już znam.

Dla ścisłości raz na kilka dni odpalam ccleaner.