ok napewno to zrobie na dzis i tak juz duzo jak uruchomie ten program podam log.
Narazie jest lepiej ale strony otwieraja sie wolno i mieli
Złączono Posta : 19.11.2006 (Nie) 17:59
wita
przesylam log17:01 19/11/2006"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“internat.exe” = “internat.exe” [MS]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“STManager” = ““C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe” -b” [“THOMSON”]
“IncrediMail” = ““C:\Program Files\IncrediMail\bin\IncMail.exe” /c” [“IncrediMail, Ltd.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Synchronization Manager” = “mobsync.exe /logon” [MS]
“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]
“SpeedTouch USB Diagnostics” = ““C:\Program Files\Virgin Net Broadband\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension”
-> {HKLM…CLSID} = “Display Panning CPL Extension”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> WRNotifier\DLLName = “WRLogonNTF.dll” [file not found]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}”
-> {HKLM…CLSID} = “IMMenuShellExt Class”
\InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINNT\Web\Wallpaper\Windows 2000.jpg”
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 110 seconds.
---------- (total run time: 182 seconds)