Problem z zacinaniem się gier na dobrym sprzęcie


(Kowalczyki2) #1

Mam problem. Mam amd sempron 2800 ,karte graficzną g-force nx6600 (najnowsze sterowniki), 512 ram i win xp home sp2.

Otórz po formacie systemu gry zaczeły się zacinać. Próbowałem już wszystkiego. Skoki są na ułamek sekundy ale przed formatem nawet na wyższych detalach chodziło płynnie

Proszę o pomoc

StartupList report, 2006-11-30, 07:34:02

StartupList version: 1.52.2

Started from : E:\a\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.5730.0011)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================


Running processes:


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\WinSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

E:\a\HijackThis.exe


--------------------------------------------------


Listing of startup folders:


Shell folders Startup:

[C]

*No files*


Shell folders AltStartup:

*Folder not found*


User shell folders Startup:

*Folder not found*


User shell folders AltStartup:

*Folder not found*


Shell folders Common Startup:

[C]

*No files*


Shell folders Common AltStartup:

*Folder not found*


User shell folders Common Startup:

*Folder not found*


User shell folders Alternate Common Startup:

*Folder not found*


--------------------------------------------------


Checking Windows NT UserInit:


[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*


[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*


[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


WINDVDPatch = CTHELPER.EXE

UpdReg = C:\WINDOWS\UpdReg.EXE

SW20 = C:\WINDOWS\system32\sw20.exe

SW24 = C:\WINDOWS\system32\sw24.exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

nwiz = nwiz.exe /install


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run


*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


[OptionalComponents]

*No values found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command


(Default) = "%1" /S


--------------------------------------------------


File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command


(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*


--------------------------------------------------


File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command


(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1


--------------------------------------------------


Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)


[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe


[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP


[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig


[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP


[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP


[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll


[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install


[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT


[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser


[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub


[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install


[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll


[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings


--------------------------------------------------


Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps


*Registry key not found*


--------------------------------------------------


Load/Run keys from C:\WINDOWS\WIN.INI:


load=*INI section not found*

run=*INI section not found*


Load/Run keys from Registry:


HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*


Shell & screensaver key from Registry:


Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*


Policies Shell key:


HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*


--------------------------------------------------


Checking for EXPLORER.EXE instances:


C:\WINDOWS\Explorer.exe: PRESENT!


C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present


--------------------------------------------------


Checking for superhidden extensions:


.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden


--------------------------------------------------


Verifying REGEDIT.EXE integrity:


- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Edytor rejestru'


Registry check passed


--------------------------------------------------


Enumerating Browser Helper Objects:


*No BHO's found*


--------------------------------------------------


Enumerating Task Scheduler jobs:


*No jobs found*


--------------------------------------------------


Enumerating Download Program Files:


[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204


[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159813734218


[Java Plug-in 1.3.1_03]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\npjava131_03.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab


[Update Class]

InProcServer32 = C:\WINDOWS\system32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39029.3111689815


[Java Plug-in 1.3.1_03]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\npjava131_03.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx

CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


--------------------------------------------------


Enumerating Winsock LSP files:


NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll


--------------------------------------------------


Enumerating Windows NT/2000/XP services


Sterownik Microsoft ACPI: system32\DRIVERS\ACPI.sys (system)

General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)

USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Urządzenie alarmowe: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)

Sterownik procesora AMD K7: system32\DRIVERS\amdk7.sys (system)

Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

Sterownik multimediów asynchronicznych RAS: system32\DRIVERS\asyncmac.sys (manual start)

Standardowy kontroler dysku twardego IDE/ESDI: system32\DRIVERS\atapi.sys (system)

Protokół klienta ARP ATM: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik Audio Stub: system32\DRIVERS\audstub.sys (manual start)

avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)

avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)

avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)

Usługa inteligentnego transferu w tle: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)

Bluetooth SCO Audio Service: system32\DRIVERS\BlueletSCOAudio.sys (manual start)

BlueSoleil Hid Service: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)

Przeglądarka komputera: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)

Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)

Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)

Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)

Bluetooth Network Filter: \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys (manual start)

Dekoder napisów: system32\DRIVERS\CCDECODE.sys (manual start)

Sterownik stacji dysków CD-ROM: system32\DRIVERS\cdrom.sys (system)

Usługa indeksowania: %SystemRoot%\system32\cisvc.exe (disabled)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

Aplikacja systemowa modelu COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.exe (autostart)

Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)

Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)

Port gier dla karty Creative SB Live!: system32\DRIVERS\ctljystk.sys (manual start)

Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)

Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)

Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Klient DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sterownik dysku: system32\DRIVERS\disk.sys (system)

Usługa administracyjna Menedżera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Menedżer dysków logicznych: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)

Klient DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Dot4 HPH11: system32\DRIVERS\hphid411.sys (manual start)

Print Class Driver for IEEE-1284.4 HPH11: system32\DRIVERS\hphipr11.sys (manual start)

Dot4Usb HPH11: System32\drivers\hphius11.sys (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)

Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)

System zdarzeń COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Zgodność szybkiego przełączania użytkowników: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik kontrolera stacji dyskietek: system32\DRIVERS\fdc.sys (manual start)

Sterownik stacji dyskietek: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Sterownik Menedżera woluminów: system32\DRIVERS\ftdisk.sys (system)

Licznik portów gier: system32\DRIVERS\gameenum.sys (manual start)

GMSIPCI: \??\H:\INSTALL\GMSIPCI.SYS (manual start)

Rodzajowy klasyfikator pakietu: system32\DRIVERS\msgpc.sys (manual start)

715 USB Scanner Driver: system32\drivers\gt680x.sys (manual start)

Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)

Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Dostęp do urządzeń interfejsu HID: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Sterownik portu klawiatury i8042 i myszy PS/2: system32\DRIVERS\i8042prt.sys (system)

Sterownik filtru nagrywania dysków CD: system32\DRIVERS\imapi.sys (system)

Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)

Sterownik Zapory systemu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)

Sterownik filtru ruchu IP: system32\DRIVERS\ipfltdrv.sys (manual start)

Sterownik IP w tunelu IP: system32\DRIVERS\ipinip.sys (manual start)

Translator adresów sieciowych IP: system32\DRIVERS\ipnat.sys (manual start)

Sterownik IPSEC: system32\DRIVERS\ipsec.sys (system)

Usługa wyliczania IR: system32\DRIVERS\irenum.sys (manual start)

Sterownik PnP magistrali ISA/EISA: system32\DRIVERS\isapnp.sys (system)

Sterownik klasy klawiatury: system32\DRIVERS\kbdclass.sys (system)

Sterownik klawiatury HID: system32\DRIVERS\kbdhid.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Serwer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Stacja robocza: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pomoc TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)

Sterownik klasy myszy: system32\DRIVERS\mouclass.sys (system)

Sterownik myszy HID: system32\DRIVERS\mouhid.sys (manual start)

Readresator klienta WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled)

Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system)

Instalator Windows: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)

Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)

Serwer proxy menedżera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)

Sterownik BIOS zarządzania systemem firmy Microsoft: system32\DRIVERS\mssmbios.sys (manual start)

Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)

Sterownik portu MIDI UART Microsoft MPU-401: system32\drivers\msmpu401.sys (manual start)

Koder-dekoder NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start)

Połączenie TV/wideo firmy Microsoft: system32\DRIVERS\NdisIP.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS TAPI: system32\DRIVERS\ndistapi.sys (manual start)

Protokół We/Wy trybu użytkownika NDIS: system32\DRIVERS\ndisuio.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS WAN: system32\DRIVERS\ndiswan.sys (manual start)

Interfejs NetBIOS: system32\DRIVERS\netbios.sys (system)

NetBios przez TCP/IP: system32\DRIVERS\netbt.sys (system)

DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

Logowanie do sieci: %SystemRoot%\system32\lsass.exe (manual start)

Połączenia sieciowe: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Netropa NHK Server: C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (autostart)

Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Usługa NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Magazyn wymienny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: system32\DRIVERS\nv4_mini.sys (manual start)

nVidia WDM Video Capture (universal): system32\DRIVERS\nvcap.sys (autostart)

NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

nVidia WDM A/V Crossbar: system32\DRIVERS\NVxbar.sys (autostart)

NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system)

Sterownik filtru ruchu IPX: system32\DRIVERS\nwlnkflt.sys (manual start)

Sterownik usług przesyłania dalej ruchu IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)

Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)

Sterownik portu równoległego: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPH11: C:\WINDOWS\system32\HPHipm11.exe (manual start)

Usługi IPSEC: %SystemRoot%\system32\lsass.exe (manual start)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)

Harmonogram pakietów QoS: system32\DRIVERS\psched.sys (manual start)

Sterownik bezpośredniego połączenia kablowego: system32\DRIVERS\ptilink.sys (manual start)

Sterownik automatycznego połączenia dostępu zdalnego: system32\DRIVERS\rasacd.sys (system)

Menedżer autopołączenia dostępu zdalnego: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Menedżer połączeń usługi Dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Sterownik usługi Dostęp zdalny PPPOE: system32\DRIVERS\raspppoe.sys (manual start)

Bezpośrednie połączenie kablowe: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Menedżer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (disabled)

Sterownik filtru odtwarzania audio cyfrowych dysków CD: system32\DRIVERS\redbook.sys (system)

Routing i dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\system32\locator.exe (manual start)

Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (disabled)

Menedżer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (manual start)

Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)

Harmonogram zadań: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Secdrv: system32\DRIVERS\secdrv.sys (autostart)

Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Sterownik portu szeregowego: system32\DRIVERS\serial.sys (system)

Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)

Sterownik filtru Przywracania systemu: \SystemRoot\system32\DRIVERS\sr.sys (disabled)

Usługa przywracania systemu: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

Usługa odnajdywania SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Sterownik magistrali programowej: system32\DRIVERS\swenum.sys (manual start)

Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{3212D59D-5859-474A-8627-E56330490AF9} (disabled)

Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)

Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (disabled)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik protokołu TCP/IP: system32\DRIVERS\tcpip.sys (system)

Sterownik urządzenia terminalu: system32\DRIVERS\termdd.sys (system)

Usługi terminalowe: %SystemRoot%\System32\svchost -k DComLaunch (disabled)

Kompozycje: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)

Sterownik Microcode Update: system32\DRIVERS\update.sys (manual start)

Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)

USB to Serial Bridge Controller: System32\Drivers\usb2vcom.sys (manual start)

Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft: system32\DRIVERS\usbehci.sys (manual start)

Koncentrator z obsługą USB2: system32\DRIVERS\usbhub.sys (manual start)

Sterownik Miniport otwartego kontrolera hosta USB Microsoft: system32\DRIVERS\usbohci.sys (manual start)

Klasa PRINTER USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)

Sterownik magazynu masowego USB: system32\DRIVERS\USBSTOR.SYS (manual start)

Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)

Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Bluetooth HID Device Service: system32\drivers\VHIDMini.sys (manual start)

Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)

Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik usługi Dostęp zdalny IP ARP: system32\DRIVERS\wanarp.sys (manual start)

Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)

Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Karta wydajności WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (disabled)

Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Kodery-dekodery teletekstu w standardzie światowym: system32\DRIVERS\WSTCODEC.SYS (manual start)

Aktualizacje automatyczne: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)



--------------------------------------------------


Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*


Windows NT checkdisk command:

BootExecute = autocheck autochk *


Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll


--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*Registry key not found*


--------------------------------------------------


End of report, 33 812 bytes

Report generated in 0,110 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only

(Heniu133) #2

A direct x też najnowszy?


(Mateo993) #3

Masz powygrywane wszystkie sterowniki?


(Joan Sunshine) #4

XriS proszę Cię, wklej loga z nowego Hijacka > znajdziesz go tutaj: http://forum.dobreprogramy.pl/viewtopic.php?t=36654 :slight_smile:


(Kowalczyki2) #5

To jest hijack 1.99.1

Sterowniki wszystkie zainstalowane, direct 9.0c

Wcześniej działało na tych samych


(Joan Sunshine) #6

Ale to jest konkretnie StartupList, zaznacz opcję "Do a system scan and save a logfile" :slight_smile:

Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżki:

C:\WINDOWS\system32\WinSys.exe

Klikasz X i reset sysa.

I wklej też loga z Silenta > opis w linku, który Ci podałam.


(Kowalczyki2) #7

Log file

Logfile of HijackThis v1.99.1

Scan saved at 13:16:42, on 2006-12-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\WinSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\a\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159813734218

O17 - HKLM\System\CCS\Services\Tcpip\..\{BC34E773-9E46-43F7-8F42-C7280E2A7DA8}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

(Joan Sunshine) #8

Usuń ten plik tak jak napisałam wyżej, potem ten wpis zafixuj w HJT:

A gdzie Silent?


(Kowalczyki2) #9

A ten silent to co to jest?


(Joan Sunshine) #10

> http://forum.dobreprogramy.pl/viewtopic.php?t=36654 i czytasz trochę niżej, pod opisem HJT :slight_smile:


(Kowalczyki2) #11

Zrobiłem to z winsys.exe ale nic nie pomogło

Złączono Posta : 01.12.2006 (Pią) 13:46

Silent

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"SW20" = "C:\WINDOWS\system32\sw20.exe" [empty string]

"SW24" = "C:\WINDOWS\system32\sw24.exe" [null data]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

(Joan Sunshine) #12

Ucięty, poczekaj na komunikat "Done" :wink:


(Kowalczyki2) #13
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"SW20" = "C:\WINDOWS\system32\sw20.exe" [empty string]

"SW24" = "C:\WINDOWS\system32\sw24.exe" [null data]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

  -> {HKLM...CLSID} = "History Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"

  -> {HKLM...CLSID} = "My Phones"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

  -> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\1045\UNBIND.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

MyPhoneExplorer\(Default) = "{C63D6E57-FE9E-43D7-B7ED-900DEB695D3E}"

  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"

                   \InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoSMBalloonTip" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSaveSettings" = (REG_DWORD) hex:0x00000000

{Don't save settings at exit}


"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"CDRAutoRun" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoClose" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoResolveTrack" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoResolveSearch" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}


"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSharedDocuments" = (REG_DWORD) hex:0x00000001

{Remove Shared Documents from My Computer}


"NoThemesTab" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoClose" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoColorChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000

{Hide Desktop tab}


"NoDispCPL" = (REG_DWORD) hex:0x00000000

{Remove Display in Control Panel}


"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSizeChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\


"NoUpdateCheck" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}


"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]

Netropa NHK Server, nhksrv, "C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe" [null data]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]



Keyboard Driver Filters:

------------------------


HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = <> "msikbd2k" ["Netropa Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

OLFax Ports\Driver = "OLFMNT40.DLL" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 46 seconds, including 6 seconds for message boxes)

Złączono Posta : 01.12.2006 (Pią) 15:22

Jest jakaś szansa że da się coś zrobić czy muszę zrobić format?

Złączono Posta : 01.12.2006 (Pią) 15:23

coś jeszcze mogę zrobić??


(Joan Sunshine) #14

Log jest czysty, możesz odhaczyć SpyBota z autostartu przez start > uruchom > msconfig i skanować co jakiś czas, chociaż nie wiem, czy to pomoże w jakiś sposób :frowning: