juskin
(juskin)
25 Wrzesień 2007 19:32
#1
Witam, poniżej zamieszczam log i proszę o sprawdzenie. Od paru dni komp zwolnił (programy otwierają sie dłużej), internet siadł w moim odczuciu 50-60%. Avast znalazł trojana i go wywalił a przynajmniej już go nie pokazuje przy powtórnym skanie. Jakiś czas temu zainstalowałem spybot - search& destroy który przy pierwszym uruchomieniu znalazł ok 50 wpisów, wczoraj skanowałem jest ok. Rejest wyczyszczony ccleaner.
Logfile of HijackThis v1.99.1 Scan saved at 20:25:21, on 2007-09-25 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\Users\greg\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [TOSHIBA Volume Indicator] “C:\Program Files\Toshiba\Utilities\VolControl.exe” O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
ps. przy skanowaniu HJ wywala mi coś takiego:
http://img.wklej.org/images/91348HJ.jpg
http://img.wklej.org/images/17678HJ1.jpg
dziekuję za pomoc i pozdrawiam
Bieniol
(Bbieniol)
25 Wrzesień 2007 19:36
#2
juskin
(juskin)
25 Wrzesień 2007 19:41
#3
w tej wersji wyżej wymieniony błąd się nie pokazał, poniżej log
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:22, on 2007-09-25 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [TOSHIBA Volume Indicator] “C:\Program Files\Toshiba\Utilities\VolControl.exe” O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘agnieszka’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [uTorrent] “C:\Users\agnieszka\Program Files\uTorrent\uTorrent.exe” (User ‘agnieszka’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” (User ‘agnieszka’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – End of file - 9441 bytes
Bieniol
(Bbieniol)
25 Wrzesień 2007 19:47
#4
Nie widać nic niepokojącego.
Bieniol
(Bbieniol)
25 Wrzesień 2007 20:22
#6
Jest troszkę obciążony Twój komputer, ale z racji tego że masz Vistę, to wiem że Twój sprzęt również nie należy do słabych.
Odciąż troszke komputer poprzez wyłączenie z autostartu niepotrzebnych programów.
juskin
(juskin)
25 Wrzesień 2007 20:42
#7
scren z autostartu:
http://img.wklej.org/images/46362autostart.jpg
Praktycznie nie było żadnych wiekszych zmian jeśli chodzi o oprogramowanie, może jedynie nero ale też jakiś czas temu. Tak jak pisałem laptop zwolnił pare dni temu.
ps. laptop toshiba satellite L30-10W
jessica
(jessica)
25 Wrzesień 2007 20:53
#8
Nawet jeśli masz infekcję, np Rootkita bardzo obciążającego komputer, to i tak tego nie da się wykryć, bo masz VISTĘ, a narzędzia skanujące i usuwające jeszcze nie zdążyły się przestawić na VISTĘ.
Musisz poczekać kilka lat, aż się przestawią.
jessi
juskin
(juskin)
25 Wrzesień 2007 21:17
#9
jessica:
Nawet jeśli masz infekcję, np Rootkita bardzo obciążającego komputer, to i tak tego nie da się wykryć, bo masz VISTĘ, a narzędzia skanujące i usuwające jeszcze nie zdążyły się przestawić na VISTĘ.
rozumię że pozostał tylko format żeby wykluczyć robactwo…
dziekuję i pozdrawiam
jessica
(jessica)
25 Wrzesień 2007 21:23
#10
Możesz spróbować, czy na VIŚCIE będzie działał -->DeckardsSS (na samym dole tej strony z linku) -
jeśli tak, to daj log.
Ale raczej też nie będzie działać.
jessi
juskin
(juskin)
25 Wrzesień 2007 21:44
#11
poszło bezboleśnie, poniżej log
Deckard’s System Scanner v20070905.67 Run by greg on 2007-09-25 22:29:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- – Last 1 Restore Point(s) – 1: 2007-09-24 11:08:37 UTC - RP84 - Zaplanowany punkt kontrolny Backed up registry hives. Performed disk cleanup. Total Physical Memory: 894 MiB (1024 MiB recommended). – HijackThis (run as greg.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:57, on 2007-09-25 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\greg\Downloads\dss.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\greg.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [TOSHIBA Volume Indicator] “C:\Program Files\Toshiba\Utilities\VolControl.exe” O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘agnieszka’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [uTorrent] “C:\Users\agnieszka\Program Files\uTorrent\uTorrent.exe” (User ‘agnieszka’) O4 - HKUS\S-1-5-21-1705855393-690387475-1513775548-1001…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” (User ‘agnieszka’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – End of file - 9304 bytes – File Associations ----------------------------------------------------------- All associations okay. – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe R2 TosCoSrv (TOSHIBA Power Saver) - “c:\program files\toshiba\power saver\toscosrv.exe” S2 CLTNetCnService (Symantec Lic NetConnect service) - “c:\program files\common files\symantec shared\ccsvchst.exe” /h cccommon (file missing) S2 Harmonogram automatycznej usługi LiveUpdate - “c:\program files\symantec\liveupdate\aluschedulersvc.exe” (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe – Device Manager: Disabled ---------------------------------------------------- No disabled devices found. – Files created between 2007-08-25 and 2007-09-25 ----------------------------- 2007-09-25 20:38:07 0 d-------- C:\Program Files\Trend Micro 2007-09-24 22:28:33 0 d-------- C:\Users\All Users\Real 2007-09-24 22:28:33 0 d-------- C:\Program Files\Real Alternative 2007-09-24 18:43:43 0 d-------- C:\Program Files\CCleaner 2007-09-23 11:12:35 0 d-------- C:\ATI 2007-09-21 16:04:37 0 d-------- C:\Users\All Users\Ahead 2007-09-21 16:01:08 0 d-------- C:\Users\All Users\Nero 2007-09-21 16:01:08 0 d-------- C:\Program Files\Nero 2007-09-21 16:01:08 0 d-------- C:\Program Files\Common Files\Ahead 2007-09-20 18:59:54 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2007-09-19 18:15:22 0 d-------- C:\Windows\vbSkinner 2007-09-19 18:15:12 0 d-------- C:\Program Files\PFConfig 2007-09-17 21:51:43 0 d-------- C:\Program Files\Smart Projects 2007-09-17 12:04:13 0 d-------- C:\Tlen_pliki 2007-09-16 14:07:07 0 d-------- C:\Program Files\NAPI-PROJEKT 2007-09-15 15:42:31 0 d-------- C:\Users\All Users\Acronis 2007-09-15 15:23:00 392320 --a------ C:\Windows\system32\drivers\timntr.sys 2007-09-15 15:23:00 32768 --a------ C:\Windows\system32\drivers\tifsfilt.sys 2007-09-15 15:21:47 0 d-------- C:\Program Files\Common Files\Acronis 2007-09-15 15:21:47 0 d-------- C:\Program Files\Acronis 2007-09-15 13:31:01 0 d------c- C:\Windows\system32\DRVSTORE 2007-09-15 13:28:50 0 d-------- C:\Program Files\Norton Save and Restore 2007-09-14 23:36:17 0 d-------- C:\Program Files\SopCast 2007-09-13 11:22:08 0 d-------- C:\Windows\PixArt 2007-09-13 10:49:57 0 d-------- C:\Program Files\Skype 2007-09-13 10:49:55 0 d-------- C:\Program Files\Common Files\Skype 2007-09-13 10:49:33 0 d-------- C:\Users\All Users\Skype 2007-09-12 20:19:04 0 d-------- C:\Program Files\Microsoft Works 2007-09-12 20:18:26 0 d-------- C:\Windows\SHELLNEW 2007-09-12 20:18:06 0 d-------- C:\Program Files\Microsoft.NET 2007-09-11 19:30:04 0 d-------- C:\Program Files\Alcohol Soft 2007-09-11 18:38:18 685816 --a------ C:\Windows\system32\drivers\sptd.sys 2007-09-09 14:36:07 0 d-------- C:\Program Files\uTorrent 2007-09-09 14:15:41 0 d-------- C:\Program Files\Tlen.pl 2007-09-09 14:09:17 7680 --a------ C:\Windows\system32\ff_vfw.dll 2007-09-09 14:09:16 60273 --a------ C:\Windows\system32\pthreadGC2.dll 2007-09-09 14:08:29 0 d-------- C:\Program Files\Combined Community Codec Pack 2007-09-09 14:05:11 0 d-------- C:\Program Files\MarBit 2007-09-09 02:26:42 0 d-------- C:\Users\All Users\WinZip 2007-09-09 02:25:13 0 d-------- C:\Users\All Users\Google 2007-09-09 02:25:01 0 d-------- C:\Program Files\Google 2007-09-09 01:14:17 0 d-------- C:\Program Files\Winamp 2007-09-08 21:58:09 0 d-------- C:\Program Files\Gadu-Gadu 2007-09-08 21:25:38 0 d-------- C:\Program Files\Alwil Software 2007-09-08 21:21:41 0 d-------- C:\Program Files\MSXML 4.0 2007-09-08 21:04:52 0 d-------- C:\Program Files\Atheros 2007-09-08 21:04:37 0 d-------- C:\temp 2007-09-08 21:00:59 0 d-------- C:\Windows\SoftwareDistribution 2007-09-08 20:56:19 0 d–hs---- C:\System Volume Information 2007-09-08 20:47:03 0 d-------- C:\Users\All Users\ToshibaEurope 2007-09-08 20:16:56 0 d–hs---- C:\Users\Default\Ustawienia lokalne 2007-09-08 20:16:56 0 d–hs---- C:\Users\Default\Szablony 2007-09-08 20:16:56 0 d–hs---- C:\Users\Default\Moje dokumenty 2007-09-08 20:16:56 0 d–hs---- C:\Users\Default\Menu Start 2007-09-08 20:16:56 0 d–hs---- C:\Users\Default\Dane aplikacji 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Ulubione 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Szablony 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Pulpit 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Menu Start 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Dokumenty 2007-09-08 20:16:56 0 d–hs---- C:\Users\All Users\Dane aplikacji – Find3M Report --------------------------------------------------------------- 2007-09-25 22:31:08 0 d-------- C:\Users\greg\AppData\Roaming\uTorrent 2007-09-25 21:49:34 0 d-------- C:\Users\greg\AppData\Roaming\Skype 2007-09-25 18:13:27 535568 --a------ C:\Windows\system32\perfh015.dat 2007-09-25 18:13:27 86416 --a------ C:\Windows\system32\perfc015.dat 2007-09-24 22:29:29 0 d-------- C:\Users\greg\AppData\Roaming\Media Player Classic 2007-09-24 22:28:33 0 d-------- C:\Users\greg\AppData\Roaming\Real 2007-09-24 22:21:18 0 d-------- C:\Users\greg\AppData\Roaming\WinRAR 2007-09-21 16:11:43 0 d-------- C:\Users\greg\AppData\Roaming\Ahead 2007-09-21 16:01:08 0 d-------- C:\Program Files\Common Files 2007-09-19 22:30:17 0 d-------- C:\Users\greg\AppData\Roaming\Tlen.pl 2007-09-15 14:06:28 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-15 13:44:18 0 d-------- C:\Users\greg\AppData\Roaming\Symantec 2007-09-12 03:01:52 0 d-------- C:\Program Files\Windows Mail 2007-09-11 21:19:40 0 d-------- C:\Users\greg\AppData\Roaming\AdobeUM 2007-09-11 21:18:55 0 d-------- C:\Users\greg\AppData\Roaming\Adobe 2007-09-10 21:34:37 0 d-------- C:\Users\greg\AppData\Roaming\InterVideo 2007-09-09 13:49:51 0 d-------- C:\Users\greg\AppData\Roaming\Google 2007-09-09 01:17:17 0 d-------- C:\Users\greg\AppData\Roaming\Winamp 2007-09-08 21:59:12 0 d-------- C:\Users\greg\AppData\Roaming\Gadu-Gadu 2007-09-08 21:42:42 174 --ahs---- C:\Program Files\desktop.ini 2007-09-08 21:37:55 0 d-------- C:\Program Files\Windows Calendar 2007-09-08 21:37:51 0 d-------- C:\Program Files\Windows Defender 2007-09-08 21:16:58 0 d-------- C:\Users\greg\AppData\Roaming\Macromedia 2007-09-08 21:04:51 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-09-08 20:53:13 0 d-------- C:\Users\greg\AppData\Roaming\ATI 2007-09-08 20:52:23 0 d-------- C:\Users\greg\AppData\Roaming\Identities 2007-09-08 20:16:56 0 d-------- C:\Program Files\Windows NT – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-09-08 21:33] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-01-03 15:44] “TPwrMain”=“C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE” [2006-12-02 13:14] “SmoothView”=“C:\Program Files\Toshiba\SmoothView\SmoothView.exe” [2007-01-02 17:02] “00TCrdMain”=“C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe” [2006-12-11 18:27] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-07-11 18:12] “RtHDVCpl”=“RtHDVCpl.exe” [2006-11-01 17:37 C:\Windows\RtHDVCpl.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-10-27 14:50] “TOSHIBA Volume Indicator”=“C:\Program Files\Toshiba\Utilities\VolControl.exe” [2006-12-13 11:33] “NDSTray.exe”=“NDSTray.exe” [] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22] “Monitor”=“C:\Windows\PixArt\PAC207\Monitor.exe” [2006-11-03 11:01] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-09-09 02:25] “AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-07-02 12:27] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “LogonHoursAction”=2 (0x2) “DontDisplayLogonHoursWarnings”=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @=“Volume shadow copy” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @=“IEEE 1394 Bus host controllers” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @=“SBP2 IEEE 1394 Devices” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @=“SecurityDevices” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI – End of Deckard’s System Scanner: finished at 2007-09-25 22:33:31 ------------
Bieniol
(Bbieniol)
26 Wrzesień 2007 05:11
#12
Nie widać, aby w systemie był jakiś syf. Instalowałeś jakieś programy?
juskin
(juskin)
26 Wrzesień 2007 05:56
#13
Instalowałem wtyczki tlena, komunikator mnie ostrzegał że nie mają kodu autoryzacji. Odinstaluję to po pracy i zobaczymy.
Poza tym co widać w logu, reszta programów standard i sprawdzona.
Złączono Posta : 26.09.2007 (Sro) 20:24
odinstalowałem te wtyczki, zwiększyłem ilość wolnego miejsca na partycji systemowej, odchudziłem autostart i potraktowałem rejestr regcleaner
poprawa jest widoczna
pozdrawiam