astek79
(Astek1)
10 Styczeń 2007 14:27
#1
Witam!
Posiadam komputer IBM ThinkPad z systemem operacyjnym Win XP Pro PL SP2.
Mam problem z procesem rundll32.exe. jest on cały czas uruchomiony i pracuje w tle. Czasami zdarza się tak że proces ten obciąża procesor w 100 % pomaga wtedy tylko restart systemu. Po tym jak uaktywni się ten proces praca na komputerze praktycznie nie jest możliwa. Co może powodować ten problem. Problem występuje dość często, nieraz nawet po uruchomieniu komputera. Posiadam program Kaspersky Anti-Virus Workstation, który nie wykrywa żadnych wirusów.
Co mam zrobić ?? próbowałem formatować i wgrałem jeszcze raz system i problem nie ustąpił
Logfile of HijackThis v1.99.1 Scan saved at 14:00:30, on 2007-01-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe C:\totalcmd\TOTALCMD.EXE c:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM…\Run: [s3TRAY2] S3Tray2.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [TpShocks] TpShocks.exe O4 - HKLM…\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM…\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM…\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM…\Run: [TP4EX] tp4ex.exe O4 - HKLM…\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [frymxins] “C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl” O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM…\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM…\Run: [updateManager] “c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM…\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM…\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM…\Run: [KAVWks50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra ‘Tools’ menuitem: Konsola IBM Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 3334946352 O17 - HKLM\System\CCS\Services\Tcpip…{76CFA917-E450-4A1F-8C16-4138E63A9F26}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{D0546B25-5186-4AD2-8402-4874705B1106}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe O23 - Service: FxControl Runtime (FxControlRuntime) - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Trapi File Server (TrapiServer) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe pozdrawiam Krzysiek
Agaton
(Agatonster)
10 Styczeń 2007 14:39
#2
astek79
Zanim Fachowcy zajmą się logiem
zobacz może Czy plik rundll32.exe może być wirusem?
Process Explorer 10.21 dla Windows NT możesz pobrać tutaj
Pozdrawiam
Krzychuu
(Krzychuu)
10 Styczeń 2007 14:41
#3
astek79 proponuję też przeskanować Ad-aware, Spy Botem i antivirusem, którego masz.
boczi
(boczi)
10 Styczeń 2007 17:26
#4
astek79 proszę poprawić temat na konkretny, obrazujący problem, używając opcji Zmień oraz objąć log w tagi - informacja w przyklejonym temacie Hijackthis… w dziale Bezpieczeństwo :?
Joan
(Joan Sunshine)
10 Styczeń 2007 18:42
#5
Zafixuj, plik wywal z dysku.
Daj log z Sienta. Szczerze mówiąc wcale nie dziwię się, że rundll32.exe obciąża kompa > masz full uruchomionych usług i masę raczej zbędnego softu preinstalowanego od ibm w autostarcie.
Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.
Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie.
astek79
(Astek1)
10 Styczeń 2007 20:44
#6
Witam
Dziękuję za pomoc. Plik rundll32.exe to plik windowsa umieszczony w C:\Windows\System32.
Sprawdziłem antywirem wirusów nie mam (aw aktualny bazy dzisiejsze)
Sprawdziłem Ad-aware, SpyBotem (wersje aktualne) żadnych zagrożeń.
Wywaliłem część oprogramowania obecnie mam już tylko 33 procesy.
Teraz przedstawiam jeszcze raz moje logi
Logfile of HijackThis v1.99.1 Scan saved at 21:18:57, on 2007-01-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe C:\WINDOWS\system32\wuauclt.exe C:\totalcmd\TOTALCMD.EXE c:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [frymxins] “C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl” O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [KAVWks50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra ‘Tools’ menuitem: Konsola IBM Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 3334946352 O17 - HKLM\System\CCS\Services\Tcpip…{76CFA917-E450-4A1F-8C16-4138E63A9F26}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{D0546B25-5186-4AD2-8402-4874705B1106}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe O23 - Service: FxControl Runtime (FxControlRuntime) - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Usługa Kaspersky Anti-Virus (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Trapi File Server (TrapiServer) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe Log z Silent Runnersa “Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “BluetoothAuthenticationAgent” = “rundll32.exe irprops.cpl,BluetoothAuthenticationAgent” [MS] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “frymxins” = ““C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl”” [“ATI Technologies, Inc.”] “ATIModeChange” = “Ati2mdxx.exe” [“ATI Technologies, Inc.”] “KAVWks50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe” /minimize /chkas” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search Destroy\SDHelper.dll” [“Safer Networking Limited”] {5CA3D70E-1895-11CF-8E15-001234567890}(Default) = “*n” (unwritable string) - {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\system32\dla\tfswshx.dll” [“Sonic Solutions”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{DEE12703-6333-4D4E-8F34-738C4DCC2E04}” = “RecordNow! SendToExt” - {HKLM…CLSID} = “RecordNow! SendToExt” \InProcServer32(Default) = “c:\Program Files\IBM RecordNow!\shlext.dll” [null data] “{5CA3D70E-1895-11CF-8E15-001234567890}” = “DriveLetterAccess” - {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\system32\dla\tfswshx.dll” [“Sonic Solutions”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” - {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” - {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll” [“Kaspersky Lab”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “1600 x 1200 IBM EMEA Map.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “Przypomnienie o rejestracji 1” - launches: “C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1” [MS] “Przypomnienie o rejestracji 2” - launches: “C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2” [MS] “Przypomnienie o rejestracji 3” - launches: “C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Konsola IBM Java” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AEClientHostService, AEClientHostService, ““C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe”” [null data]
Krzychuu
(Krzychuu)
10 Styczeń 2007 20:53
#7
astek79:
Co mogę jeszcze wyłączyć
Z msconfig ?
Wklej screena to zobaczymy.
astek79
(Astek1)
11 Styczeń 2007 07:15
#9
Witam!!
Mam pytanie jak wstawić tutaj obrazek?
:oops:
astek79
(Astek1)
11 Styczeń 2007 10:47
#11
Przesyłam zrzut ekranowy z msconfig
Chyba już zbyt wiele do usunięcia nie pozostało?
pozdrawiam
Krzysiek
Joan
(Joan Sunshine)
11 Styczeń 2007 11:37
#12
Jeśli nie używasz dodatkowych opcji Ati typu skróty klawiaturowe, możesz odhaczyć z autostartu procesy związane z kartą i ctfmon