Net wolno chodzi, podejrzewam wirusa

Maciaswawa · 18 Wrzesień 2007 18:09

Komp jest świeżo po formacie… od dziś jest coś dziwnego, bo ściąga mi programy ( legalne ) ok. 5kb/s przy złączu 512kb… przewaznie było cos koło 60-120kb/s

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:16, on 2007-09-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\mks_vir_2007\bin\mkstray.exe C:\Program Files\mks_vir_2007\bin\mksregmon.exe C:\Program Files\mks_vir_2007\bin\mks_mail.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CpuIdle\cpuidle.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\mks_vir_2007\bin\MksFwall.exe C:\Program Files\mks_vir_2007\bin\MksPC.exe C:\Program Files\mks_vir_2007\bin\mksupdate.exe C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Avant Browser\avant.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM…\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Creative MediaSource Go] “C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe” /SCB O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 6522 bytes

Złączono Posta : 18.09.2007 (Wto) 20:12

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Creative MediaSource Go” = ““C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe” /SCB” [“Creative Technology Ltd”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “CursorXP” = “C:\Program Files\CursorXP\CursorXP.exe” [" "] “LogitechSoftwareUpdate” = ““C:\Program Files\Logitech\Video\ManifestEngine.exe” boot” [“Logitech Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “CTSysVol” = “C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r” [“Creative Technology Ltd”] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “mkstray” = “C:\Program Files\mks_vir_2007\bin\mkstray.exe” [“MKS Sp z o.o.”] “MKSRegmon” = “C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [null data] “mks_mail” = “C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [“MkS Sp. z o.o.”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS] “CpuIdle” = “C:\Program Files\CpuIdle\cpuidle.exe” [“Andreas Goetz”] “zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” ["Logitech Inc. "] “EM_EXEC” = “C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” ["Logitech Inc. "] “LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Logitech Inc.”] “LogitechVideoRepair” = "C:\Program Files\Logitech\Video\ISStart.exe " [“Logitech Inc.”] “LogitechVideoTray” = “C:\Program Files\Logitech\Video\LogiTray.exe” [“Logitech Inc.”] “Device Detector” = “DevDetect.exe -autorun” [“ACD Systems, Ltd.”] “PWRISOVM.EXE” = “C:\Program Files\PowerISO\PWRISOVM.EXE” [“PowerISO Computing, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided) -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{4EB37360-49E8-11D3-95B5-004033382980}” = “ALZip 4.0 Context Menu Shell Extension” -> {HKLM…CLSID} = “ALZip 7.0 Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll” [“ESTsoft”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper” -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar” -> {HKLM…CLSID} = “Groove Folder Synchronization” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler” -> {HKLM…CLSID} = “Groove GFS Stub Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler” -> {HKLM…CLSID} = “Groove XML Icon Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures” -> {HKLM…CLSID} = “My Logitech Pictures” \InProcServer32(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll” [“Logitech Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ALZip(Default) = “{4EB37360-49E8-11D3-95B5-004033382980}” -> {HKLM…CLSID} = “ALZip 7.0 Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll” [“ESTsoft”] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ALZip(Default) = “{4EB37360-49E8-11D3-95B5-004033382980}” -> {HKLM…CLSID} = “ALZip 7.0 Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll” [“ESTsoft”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ALZip(Default) = “{4EB37360-49E8-11D3-95B5-004033382980}” -> {HKLM…CLSID} = “ALZip 7.0 Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll” [“ESTsoft”] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Maciek” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Kalendarz XP” -> shortcut to: “C:\Program Files\Kalendarz XP\Kalendarz.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\mks_vir_2007\bin\mkslsp.dll [null data], 01 - 03, 09 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ “ButtonText” = “Send to OneNote” “MenuText” = “S&end to OneNote” “CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}” -> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\System32\CTsvcCDA.exe” [“Creative Technology Ltd”] MkS_Scan, MkS_Scan, “C:\Program Files\mks_vir_2007\bin\mks_scan.exe” [empty string] mks_vir file monitor, MksVirMonSvc, “C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe” [null data] MksFwall, MksFwall, ““C:\Program Files\mks_vir_2007\bin\MksFwall.exe”” [“MKS Sp z o.o.”] MksPC, MksPC, ““C:\Program Files\mks_vir_2007\bin\MksPC.exe”” [null data] MksUpdate, MksUpdate, ““C:\Program Files\mks_vir_2007\bin\mksupdate.exe”” [“MKS Sp. z o. o.”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = <> “Lkbdflt2” [“Logitech”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS] ---------- (launch time: 2007-09-18 20:10:43) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 52 seconds, including 3 seconds for message boxes)

LostWorld · 18 Wrzesień 2007 18:24

W logach jest okej.

Zbędniki w Autostracie

Optymalizacja XP : http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Optymalizacja i odchudzanie XP

Podstawy optymalizacji systemu windows xp :

http://forum.dobreprogramy.pl/viewtopic … ymalizacja

Czyszczenie rejestru:

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

RegSeeker + Opis

AVG SntiSpyware 7.5

update => Skan.

Gutek · 18 Wrzesień 2007 18:26

Daj log z ComboFix

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Maciaswawa · 18 Wrzesień 2007 18:39

ComboFix 07-09-18.4 - “Maciek” 2007-09-18 20:35:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.417 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))) . 2007-09-18 20:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-18 20:06 2007-09-18 19:32 2007-09-18 19:16 2007-09-18 19:14 2007-09-18 19:03 2007-09-17 12:38 2007-09-17 12:38 2007-09-17 12:38 2007-09-17 12:38 2007-09-17 12:38 2007-09-17 12:38 2007-09-17 12:38 2007-09-16 22:07 2007-09-16 22:07 2007-09-16 21:43 2007-09-16 15:13 2007-09-16 14:40 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-09-16 14:40 2007-09-16 14:40 2007-09-16 14:40 2007-09-16 14:34 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-09-16 14:34 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-09-16 14:34 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2007-09-16 14:34 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-09-16 14:34 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS 2007-09-16 14:34 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll 2007-09-16 14:34 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2007-09-16 14:34 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys 2007-09-16 14:34 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-09-16 14:32 2007-09-16 14:32 2007-09-16 14:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-09-16 14:26 2007-09-16 14:24 322,832 --a------ C:\WINDOWS\system32\MFC30.DLL 2007-09-16 14:24 10,432 --a------ C:\WINDOWS\system32\drivers\itchfltr.sys 2007-09-16 14:24 2007-09-16 14:24 2007-09-16 14:16 4,484 --a------ C:\WINDOWS\system32\drivers\cpuidlep.sys 2007-09-16 14:16 2007-09-16 14:16 2007-09-16 13:50 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe 2007-09-16 13:50 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll 2007-09-16 13:50 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-09-16 13:09 2007-09-16 00:03 2007-09-15 22:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-15 22:52 2007-09-15 22:41 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-09-15 22:37 2007-09-15 22:36 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-09-15 22:33 2007-09-15 22:33 2007-09-15 22:27 2007-09-15 22:26 2007-09-15 22:25 2007-09-15 22:19 2007-09-15 22:13 2007-09-15 22:13 2007-09-15 22:12 2007-09-15 22:11 2007-09-15 22:02 2007-09-15 22:02 2007-09-15 22:02 2007-09-15 22:02 2007-09-15 21:54 2007-09-15 21:54 2007-09-15 21:46 2007-09-15 21:45 2007-09-15 21:44 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2007-09-15 21:44 348,160 -ra------ C:\WINDOWS\system32\msvcr71.dll 2007-09-15 21:34 2007-09-15 21:34 2007-09-15 21:12 2007-09-15 19:55 2007-09-15 19:55 2007-09-15 19:49 2007-09-15 19:49 2007-09-15 19:45 2007-09-15 19:44 2007-09-15 19:42 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-09-15 19:41 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-09-15 19:41 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-09-15 19:41 2007-09-15 19:41 2007-09-15 19:39 11,264 --a------ C:\WINDOWS\INRES.DLL 2007-09-15 19:39 2007-09-15 19:37 2007-09-15 19:37 2007-09-15 19:32 2007-09-15 19:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-15 19:28 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 14:24 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-15 17:06 --------- d-------- C:\Program Files\microsoft frontpage 2007-08-09 13:26 20480 --a------ C:\WINDOWS\system32\ac3config.exe 2007-08-07 02:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-29 17:51 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-07-03 16:44 64000 --a------ C:\WINDOWS\system32\ALZALZ.BIN 2007-07-03 16:44 44544 --a------ C:\WINDOWS\system32\ALZZip.BIN 2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 356352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll --------- C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-06-29 00:43] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-06-29 00:43] “CTSysVol”=“C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” [2005-10-31 10:51] “P17Helper”=“P17.dll” [2005-05-03 13:38 C:\WINDOWS\system32\P17.dll] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-06-29 16:41] “MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [2007-05-24 05:06] “mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [2007-05-24 05:06] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “CpuIdle”=“C:\Program Files\CpuIdle\cpuidle.exe” [2007-09-16 14:16] “zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2002-05-29 01:59] “EM_EXEC”=“C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” [2002-05-24 09:50] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2005-07-19 17:32] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14] “Device Detector”=“DevDetect.exe” [] “PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2007-08-07 02:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Creative MediaSource Go”=“C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe” [2005-12-12 09:36] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-31 17:40] “CursorXP”=“C:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34] “LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-09-16 00:03:38] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @=“service” R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys R1 mksfwallf;mksfwallf;??\C:\WINDOWS\system32\mksfwallf.sys R1 mksfwallt;mksfwallt;??\C:\WINDOWS\system32\mksfwallt.sys R2 MksFwall;MksFwall;“C:\Program Files\mks_vir_2007\bin\MksFwall.exe” R2 MksPC;MksPC;“C:\Program Files\mks_vir_2007\bin\MksPC.exe” R2 MksUpdate;MksUpdate;“C:\Program Files\mks_vir_2007\bin\mksupdate.exe” R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys R3 mksidsf;mksidsf;??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys S3 DSDrv4;DSDrv4;??\C:\PROGRA~1\DScaler\DSDrv4.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-18 20:36:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-18 20:38:10 . — E O F —

Złączono Posta : 18.09.2007 (Wto) 20:41

I jak już mówiłem komp jest swiezo po formacie i jeszcze dzis do południa bylo wszystko ok. dopiero potem cos zaczeło zamulac… Nie to raczej wina przepełnionego rejestru itp. Wiec pozostaje tylko wirus

Gutek · 18 Wrzesień 2007 21:04

Czy patrzyłeś na optymalizacja Autostartu?