Logfile of HijackThis v1.99.1 Wzrost zuzycia procesora

tomass888 · 31 Maj 2007 13:29

Witam Ostatnio zauważyłem wzrost użycia procesora proszę o sprawdzenie logów i ewentualne przeróbki. Z góry dziękuję.

A oto moje logi:

Logfile of HijackThis v1.99.1

Scan saved at 18:42:06, on 2007-05-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:/WINDOWS/System32/smss.exe

C:/WINDOWS/system32/winlogon.exe

C:/WINDOWS/system32/services.exe

C:/WINDOWS/system32/lsass.exe

C:/WINDOWS/system32/svchost.exe

C:/WINDOWS/System32/svchost.exe

C:/WINDOWS/system32/LEXBCES.EXE

C:/WINDOWS/system32/spoolsv.exe

C:/WINDOWS/system32/LEXPPS.EXE

C:/WINDOWS/Explorer.EXE

C:/WINDOWS/system32/RUNDLL32.EXE

C:/WINDOWS/SOUNDMAN.EXE

C:/PROGRA~1/Grisoft/AVGFRE~1/avgcc.exe

C:/WINDOWS/system32/rundll32.exe

C:/WINDOWS/System32/spool/DRIVERS/W32X86/3/E_FATIACE.EXE

C:/WINDOWS/System32/ctfmon.exe

C:/PROGRA~1/Grisoft/AVGFRE~1/avgamsvr.exe

C:/PROGRA~1/Grisoft/AVGFRE~1/avgupsvc.exe

C:/PROGRA~1/Grisoft/AVGFRE~1/avgemc.exe

C:/WINDOWS/System32/nvsvc32.exe

C:/WINDOWS/System32/svchost.exe

C:/WINDOWS/system32/wscntfy.exe

C:/Program Files/Internet Explorer/IEXPLORE.EXE

C:/Program Files/Winamp/winamp.exe

C:/DOCUME~1/vvv/USTAWI~1/Temp/Katalog tymczasowy 1 dla HijackThis.zip/HijackThis.exe

C:/WINDOWS/system32/NOTEPAD.EXE

C:/Program Files/Internet Explorer/IEXPLORE.EXE

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.google.pl/

R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll

O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup

O4 - HKLM/…/Run: [nwiz] nwiz.exe /install

O4 - HKLM/…/Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit

O4 - HKLM/…/Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM/…/Run: [AVG7_CC] C:/PROGRA~1/Grisoft/AVGFRE~1/avgcc.exe /STARTUP

O4 - HKLM/…/Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe

O4 - HKLM/…/Run: [sunJavaUpdateSched] “C:/Program Files/Java/jre1.5.0_11/bin/jusched.exe”

O4 - HKLM/…/Run: [Kalendarz XP] “D:/Kalendarz XP/Kalendarz.exe”

O4 - HKLM/…/Run: [EPSON Stylus DX3800 Series] C:/WINDOWS/System32/spool/DRIVERS/W32X86/3/E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800”

O4 - HKLM/…/Run: [KernelFaultCheck] %systemroot%/system32/dumprep 0 -k

O4 - HKLM/…/Run: [Onet.pl AutoUpdate] C:/Program Files/Common Files/Onet.pl/NewAutoUpdate.exe /tsr

O4 - HKCU/…/Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe

O4 - HKCU/…/Run: [spybotSD TeaTimer] D:/Spybot - Search & Destroy/TeaTimer.exe

O4 - HKCU/…/Run: [Gadu-Gadu] “D:/Program Files/Gadu-Gadu/gg.exe” /tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:/Program Files/Adobe/Acrobat 7.0/Reader/reader_sl.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -

O17 - HKLM/System/CCS/Services/Tcpip/…/{4F6D76B0-9465-40A6-BC01-A48EC11EE914}: NameServer = 194.204.159.1 193.110.120.5

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:/PROGRA~1/COMMON~1/Skype/SKYPE4~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgemc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:/WINDOWS/system32/LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/System32/nvsvc32.exe

sdar · 31 Maj 2007 13:32

Wszystkie logi umieszczane na forum powinny być obejmowane tagami

Gutek · 31 Maj 2007 14:41

Daj log z Combofix

tomass888 · 31 Maj 2007 18:40

Mam nadzieje ze o to chodziło

Logfile of HijackThis v1.99.1 Scan saved at 18:42:06, on 2007-05-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:/WINDOWS/System32/smss.exe C:/WINDOWS/system32/winlogon.exe C:/WINDOWS/system32/services.exe C:/WINDOWS/system32/lsass.exe C:/WINDOWS/system32/svchost.exe C:/WINDOWS/System32/svchost.exe C:/WINDOWS/system32/LEXBCES.EXE C:/WINDOWS/system32/spoolsv.exe C:/WINDOWS/system32/LEXPPS.EXE C:/WINDOWS/Explorer.EXE C:/WINDOWS/system32/RUNDLL32.EXE C:/WINDOWS/SOUNDMAN.EXE C:/PROGRA~1/Grisoft/AVGFRE~1/avgcc.exe C:/WINDOWS/system32/rundll32.exe C:/WINDOWS/System32/spool/DRIVERS/W32X86/3/E_FATIACE.EXE C:/WINDOWS/System32/ctfmon.exe C:/PROGRA~1/Grisoft/AVGFRE~1/avgamsvr.exe C:/PROGRA~1/Grisoft/AVGFRE~1/avgupsvc.exe C:/PROGRA~1/Grisoft/AVGFRE~1/avgemc.exe C:/WINDOWS/System32/nvsvc32.exe C:/WINDOWS/System32/svchost.exe C:/WINDOWS/system32/wscntfy.exe C:/Program Files/Internet Explorer/IEXPLORE.EXE C:/Program Files/Winamp/winamp.exe C:/DOCUME~1/vvv/USTAWI~1/Temp/Katalog tymczasowy 1 dla HijackThis.zip/HijackThis.exe C:/WINDOWS/system32/NOTEPAD.EXE C:/Program Files/Internet Explorer/IEXPLORE.EXE R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.google.pl/ R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup O4 - HKLM/…/Run: [nwiz] nwiz.exe /install O4 - HKLM/…/Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit O4 - HKLM/…/Run: [soundMan] SOUNDMAN.EXE O4 - HKLM/…/Run: [AVG7_CC] C:/PROGRA~1/Grisoft/AVGFRE~1/avgcc.exe /STARTUP O4 - HKLM/…/Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe O4 - HKLM/…/Run: [sunJavaUpdateSched] “C:/Program Files/Java/jre1.5.0_11/bin/jusched.exe” O4 - HKLM/…/Run: [Kalendarz XP] “D:/Kalendarz XP/Kalendarz.exe” O4 - HKLM/…/Run: [EPSON Stylus DX3800 Series] C:/WINDOWS/System32/spool/DRIVERS/W32X86/3/E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800” O4 - HKLM/…/Run: [KernelFaultCheck] %systemroot%/system32/dumprep 0 -k O4 - HKLM/…/Run: [Onet.pl AutoUpdate] C:/Program Files/Common Files/Onet.pl/NewAutoUpdate.exe /tsr O4 - HKCU/…/Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe O4 - HKCU/…/Run: [spybotSD TeaTimer] D:/Spybot - Search & Destroy/TeaTimer.exe O4 - HKCU/…/Run: [Gadu-Gadu] “D:/Program Files/Gadu-Gadu/gg.exe” /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:/Program Files/Adobe/Acrobat 7.0/Reader/reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_01/bin/ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - O17 - HKLM/System/CCS/Services/Tcpip/…/{4F6D76B0-9465-40A6-BC01-A48EC11EE914}: NameServer = 194.204.159.1 193.110.120.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:/PROGRA~1/COMMON~1/Skype/SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:/PROGRA~1/Grisoft/AVGFRE~1/avgemc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:/WINDOWS/system32/LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/System32/nvsvc32.exe

Gutek · 31 Maj 2007 18:43

o co ja poprosiłem Czekam na log, ten to log z HJT co wkleiłeś.

tomass888 · 1 Czerwiec 2007 08:17

Sorki ze wczoraj nie nie napisałem ale nie miałem neta.

“Administrator” - 07-05-21 17:09:15 Dodatek Service Pack 2 ComboFix 07-04-17.V - Running from: C:\Downloads\ ((((((((((((((((((((((((((((((( Files Created from 2007-04-21 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-19 14:32 2007-05-16 14:53 2007-05-16 14:27 2007-05-15 20:14 78,336 --a------ C:\WINDOWS\system32\ATX32PIC.DLL 2007-05-15 20:14 346,112 --a------ C:\WINDOWS\system32\PPRO100.DLL 2007-05-15 20:14 28,160 --a------ C:\WINDOWS\system32\ATX32OLE.DLL 2007-05-15 20:14 2007-05-15 20:13 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL 2007-05-15 20:13 237,568 --a------ C:\WINDOWS\system32\CompPl32.dll 2007-05-15 20:13 142,336 --a------ C:\WINDOWS\system32\iwpsetup.exe 2007-05-13 11:04 2007-05-09 21:16 627 --a------ C:\WINDOWS\eReg.dat 2007-05-06 16:58 2007-05-06 15:00 2007-05-04 14:26 2007-05-04 14:26 2007-05-04 14:26 2007-04-29 21:25 2007-04-25 21:23 2007-04-25 21:23 2007-04-25 21:18 2007-04-25 21:15 2007-04-25 09:09 348,160 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-04-25 09:08 2007-04-24 16:18 270,848 --a------ C:\WINDOWS\Uzerox_bs.exe 2007-04-24 16:12 2007-04-24 16:12 2007-04-24 16:05 2007-04-24 15:29 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-04-24 15:29 2007-04-24 10:09 2007-04-24 09:01 2007-04-22 18:31 2007-04-22 13:33 2007-04-22 13:33 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 17:08 -------- d-------- C:\Program Files\flashget 2007-05-21 12:07 -------- d-------- C:\Program Files\neostrada tp 2007-05-18 21:41 -------- d-------- C:\Program Files\sokkerviewer 2007-05-14 16:15 -------- d-------- C:\Program Files\gadu-gadu 2007-05-13 11:04 -------- d–h----- C:\Program Files\installshield installation information 2007-05-08 17:44 -------- d-------- C:\Program Files\virtualdj 2007-05-05 21:49 -------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\skype 2007-05-03 10:07 -------- d-------- C:\Program Files\java 2007-04-28 21:34 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2007-04-28 21:34 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2007-04-28 21:34 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2007-04-24 13:57 -------- d-------- C:\Program Files\bitcomet 2007-04-23 13:13 -------- d-------- C:\Program Files\winamp 2007-04-21 16:07 -------- d-------- C:\Program Files\shoutcast 2007-04-19 07:18 -------- d-------- C:\Program Files\emule 2007-04-17 20:27 -------- d-------- C:\Program Files\lavalys 2007-04-17 19:23 -------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\gadu-gadu 2007-04-14 15:14 -------- d-------- C:\Program Files\skype 2007-04-14 15:14 -------- d-------- C:\Program Files\Common Files\skype 2007-04-10 16:01 -------- d-------- C:\Program Files\real alternative 2007-04-10 16:01 -------- d-------- C:\Program Files\divx 2007-04-08 20:07 -------- d-------- C:\Program Files\binboy 2007-04-04 15:19 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-01 15:32 2062 --a------ C:\WINDOWS\mozver.dat 2007-04-01 15:32 -------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\ganymedenet 2007-03-30 13:23 4096 --a------ C:\WINDOWS\d3dx.dat 2007-03-30 13:08 -------- d-------- C:\Program Files\reflexivearcade 2007-03-28 20:15 -------- d-------- C:\Program Files\yahoo! 2007-03-25 10:09 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 10:09 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-22 20:07 737280 --a------ C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “VTTimer”=“VTTimer.exe” “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “autoclk”=“autoclk.exe” “adiras”=“adiras.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”="“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk] “path”=“C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk” “backup”=“C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\Corel\GRAPHI~1\Register\Remind32.exe " “item”=“Rejestrowanie produktów Corela” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“EdHTML” “hkey”=“HKCU” “command”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“gg” “hkey”=“HKCU” “command”=”“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Skype” “hkey”=“HKCU” “command”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“winampa” “hkey”=“HKLM” “command”=“C:\Program Files\Winamp\winampa.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{1593ba23-e2af-11db-b316-4d6564696130}] Shell\AutoRun\command G:\autorun.exe ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-21 17:16:31 C:\ComboFix-quarantined-files.txt … 07-05-21 17:16 C:\ComboFix2.txt … 07-05-03 20:14 C:\ComboFix3.txt … 07-05-03 19:37 C:\ComboFix4.txt … 07-05-03 20:14

Gutek · 1 Czerwiec 2007 11:33

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580