Komp wolno dziala, nie wiem czemu, zał. logi Hijackthis i SR
Mam problem z komuterem, dziala bardzo wolno, podejrzewam, ze to wina jakiegos wirusa/trojana itp. Mam WinXP + SP2. To nie ejst raczej wina sprzetu, mam procek Celeron II 633MHz i 320MB RAM. Stale łacze mam z Neostrady – 128kb. Podam przyklad ze nawet Deluxe Ski Jump 2.1 chodzi z przeskokami....Nie wiem co moze byc problemem.
Dołączam Logi z Hijackthis i Silent Runnenrs'a
Logfile of HijackThis v1.99.1
Scan saved at 09:48:56, on 2005–11–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instale\hijackthis1.99.1\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 – HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C87853D9–9801–4730–8987–CBB1BEF49102}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
////////////////////////////////////////
///////////////////////////////////////
StartupList report, 2005–11–10, 09:45:59
StartupList version: 1.52.2
Started from : D:\Instale\hijackthis1.99.1\HijackThis.EXE
Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instale\hijackthis1.99.1\HijackThis.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WooCnxMon = C:\PROGRA~1\NEOSTR~1\CnxMon.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
WOOWATCH = C:\PROGRA~1\NEOSTR~1\Watch.exe
WOOTASKBARICON = C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
InstantAccess = C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
RegisterDropHandler = C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
RegisterDropHandler = C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312–b0f6–11d0–94ab–0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43–4d38–484f–9b9e–de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34–C7CC–11D0–8953–00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5–3dcf–431b–b061–f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{22d6f312–b0f6–11d0–94ab–0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
[{2C7339CF–2B09–4501–B3F3–F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840–CC51–11CF–AAFA–00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842–CC51–11CF–AAFA–00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046–1e7d–11d1–bc44–00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52–394A–11d3–B153–00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C–0471–11d2–AF11–00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200–ECBD–11cf–8B85–00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200–ECBD–11cf–8B85–00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
––––––––––––––––––––––––––––––––––––––––––––––––––
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
––––––––––––––––––––––––––––––––––––––––––––––––––
Verifying REGEDIT.EXE integrity:
– Regedit.exe found in C:\WINDOWS
– .reg open command is normal (regedit.exe %1)
– Company name OK: 'Microsoft Corporation'
– Original filename OK: 'REGEDIT.EXE'
– File description: 'Edytor rejestru'
Registry check passed
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Browser Helper Objects:
(no name) – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}
(no name) – c:\program files\google\googletoolbar2.dll – {AA58ED58–01DD–4d91–8333–CF10577473F7}
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Task Scheduler jobs:
*No jobs found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Download Program Files:
[Java Plug–in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_04–windows–i586.cab
[Java Plug–in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_04–windows–i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[MainControl Class]
InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll
CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Windows NT/2000/XP services
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
Środowisko obsługi sieci AFD: \SystemRoot\System32\drivers\afd.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Urządzenie alarmowe: %SystemRoot%\System32\svchost.exe –k LocalService (disabled)
Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)
Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe –k netsvcs (manual start)
Sterownik multimediów asynchronicznych RAS: System32\DRIVERS\asyncmac.sys (manual start)
Standardowy kontroler dysku twardego IDE/ESDI: System32\DRIVERS\atapi.sys (system)
Protokół klienta ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik Audio Stub: System32\DRIVERS\audstub.sys (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Usługa inteligentnego transferu w tle: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Przeglądarka komputera: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik stacji dysków CD–ROM: System32\DRIVERS\cdrom.sys (system)
Usługa indeksowania: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Aplikacja systemowa modelu COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235} (manual start)
Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Port gier dla karty Creative SB Live!: System32\DRIVERS\ctljystk.sys (manual start)
Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost –k DcomLaunch (autostart)
Klient DHCP: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik dysku: System32\DRIVERS\disk.sys (system)
Usługa administracyjna Menedźera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Sterownik Menedźera dysków logicznych: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Menedźer dysków logicznych: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)
Klient DNS: %SystemRoot%\System32\svchost.exe –k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)
Sterownik Creative Interface Manager (WDM): system32\drivers\ctlfacem.sys (manual start)
Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)
System zdarzeń COM+: C:\WINDOWS\System32\svchost.exe –k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Zgodność szybkiego przełączania uźytkowników: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik kontrolera stacji dyskietek: System32\DRIVERS\fdc.sys (manual start)
Sterownik stacji dyskietek: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Sterownik Menedźera woluminów: System32\DRIVERS\ftdisk.sys (system)
Licznik portów gier: System32\DRIVERS\gameenum.sys (manual start)
Rodzajowy klasyfikator pakietu: System32\DRIVERS\msgpc.sys (manual start)
Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Włącznik Microsoft HID do portu joysticka: system32\DRIVERS\hidgame.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik Microsoft klasy HID: system32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe –k HTTPFilter (manual start)
Sterownik portu klawiatury i8042 i myszy PS/2: System32\DRIVERS\i8042prt.sys (system)
Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Sterownik Zapory systemu Windows IPv6: system32\drivers\ip6fw.sys (manual start)
Sterownik filtru ruchu IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Sterownik IP w tunelu IP: System32\DRIVERS\ipinip.sys (manual start)
Translator adresów sieciowych IP: System32\DRIVERS\ipnat.sys (manual start)
Sterownik IPSEC: System32\DRIVERS\ipsec.sys (system)
Usługa wyliczania IR: System32\DRIVERS\irenum.sys (manual start)
Sterownik PnP magistrali ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Sterownik klasy klawiatury: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Serwer: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Stacja robocza: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Pomoc TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe –k LocalService (autostart)
Posłaniec: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
Urządzenie filtru strumieniowego usługi Unimodem: system32\drivers\MODEMCSA.sys (manual start)
Sterownik klasy myszy: System32\DRIVERS\mouclass.sys (system)
Readresator klienta WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Instalator Windows: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Serwer proxy menedźera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
Sterownik BIOS zarządzania systemem firmy Microsoft: System32\DRIVERS\mssmbios.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS TAPI: System32\DRIVERS\ndistapi.sys (manual start)
Protokół We/Wy trybu uźytkownika NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS WAN: System32\DRIVERS\ndiswan.sys (manual start)
Interfejs NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBios przez TCP/IP: System32\DRIVERS\netbt.sys (system)
DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
Logowanie do sieci: %SystemRoot%\System32\lsass.exe (manual start)
Połączenia sieciowe: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik interfejsu NT Apm/Legacy: System32\DRIVERS\NtApm.sys (manual start)
Usługa NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Magazyn wymienny: %SystemRoot%\system32\svchost.exe –k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Sterownik filtru ruchu IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Sterownik usług przesyłania dalej ruchu IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Sterownik portu równoległego: System32\DRIVERS\parport.sys (manual start)
Sterownik magistrali PCI: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Usługi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)
Harmonogram pakietów QoS: System32\DRIVERS\psched.sys (manual start)
Sterownik bezpośredniego połączenia kablowego: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Sterownik automatycznego połączenia dostępu zdalnego: System32\DRIVERS\rasacd.sys (system)
Menedźer autopołączenia dostępu zdalnego: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Menedźer połączeń usługi Dostęp zdalny: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik usługi Dostęp zdalny PPPOE: System32\DRIVERS\raspppoe.sys (manual start)
Bezpośrednie połączenie kablowe: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sterownik przekierowania urządzenia serwera terminali: System32\DRIVERS\rdpdr.sys (manual start)
Menedźer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (disabled)
Sterownik filtru odtwarzania audio cyfrowych dysków CD: System32\DRIVERS\redbook.sys (system)
Routing i dostęp zdalny: %SystemRoot%\System32\svchost.exe –k netsvcs (disabled)
Rejestr zdalny: %SystemRoot%\system32\svchost.exe –k LocalService (autostart)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\System32\locator.exe (manual start)
Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost –k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Menedźer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart)
Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)
Harmonogram zadań: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Sterownik filtru Serenum: System32\DRIVERS\serenum.sys (manual start)
Sterownik portu szeregowego: System32\DRIVERS\serial.sys (system)
Sterownik Creative SoundFont Manager (WDM): system32\drivers\sfmanm.sys (manual start)
Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)
Sterownik filtru Przywracania systemu: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Usługa przywracania systemu: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Usługa odnajdywania SSDP: %SystemRoot%\System32\svchost.exe –k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe –k imgsvc (manual start)
Sterownik magistrali programowej: System32\DRIVERS\swenum.sys (manual start)
Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F16546FF–DC02–4870–B9EF–3F129BC2670A} (manual start)
Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)
Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik protokołu TCP/IP: System32\DRIVERS\tcpip.sys (system)
Sterownik urządzenia terminalu: System32\DRIVERS\termdd.sys (system)
Usługi terminalowe: %SystemRoot%\System32\svchost –k DComLaunch (manual start)
Kompozycje: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Sterownik Microcode Update: System32\DRIVERS\update.sys (manual start)
Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\System32\svchost.exe –k LocalService (manual start)
Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)
Plustek USB Scanner: system32\DRIVERS\UScanner.SYS (autostart)
Sterownik audio USB (WDM): system32\drivers\usbaudio.sys (manual start)
Rodzajowy sterownik nadrzędny USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
Koncentrator z obsługą USB2: System32\DRIVERS\usbhub.sys (manual start)
Sterownik magazynu masowego USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
Kontroler ekranu VGA.: \SystemRoot\System32\drivers\vga.sys (system)
Filtr magistrali AGP VIA: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)
Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik usługi Dostęp zdalny IP ARP: System32\DRIVERS\wanarp.sys (manual start)
Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe –k LocalService (autostart)
Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe –k netsvcs (autostart)
Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Karta wydajności WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Aktualizacje automatyczne: %systemRoot%\System32\svchost.exe –k netsvcs (disabled)
Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
End of report, 31846 bytes
Report generated in 3.445 seconds
Command line options:
/verbose – to add additional info on each section
/complete – to include empty sections and unsuspicious data
/full – to include several rarely–important sections
/force9x – to include Win9x–only startups even if running on WinNT
/forcent – to include WinNT–only startups even if running on Win9x
/forceall – to include all Win9x and WinNT startups, regardless of platform
/history – to list version history only
//////////////////////////////////////
/////////////////////////////////////
Silent Runners:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Tlcom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Tlcom R&D"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"InstantAccess" = "C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h" [null data]
"RegisterDropHandler" = "C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D0FAC080–AE1A–11ce–8016–CE90976DC901}" = "Picture Publisher File Viewer"
–> {CLSID}\InProcServer32\(Default) = "ppiv30.dll" [null data]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79300–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssbezier.scr" [MS]
Startup items in "Administrator" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" –> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"GetRight – Tray Icon" –> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{FF059E31–CC5A–4E2E–BF3B–96E929D65503}\ = "&Badanie"
Implemented Categories\{00021493–0000–0000–C000–000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0004–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
Miscellaneous IE Hijack Points
––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English–language version):
"{08C06D61–F1F3–4799–86F8–BE1A89362C85}" = "Search Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 1301 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 716 seconds.
–––––––––– (total run time: 2674 seconds)
////////////////////////////
/////////////////////////////
Mam nadzieje ze ktos moze mi pomoc i znalezc rozwiazanie. Wolalbym zeby obylo sie bez reinstalacji Windy
Dołączam Logi z Hijackthis i Silent Runnenrs'a
Logfile of HijackThis v1.99.1
Scan saved at 09:48:56, on 2005–11–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instale\hijackthis1.99.1\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 – HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C87853D9–9801–4730–8987–CBB1BEF49102}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
////////////////////////////////////////
///////////////////////////////////////
StartupList report, 2005–11–10, 09:45:59
StartupList version: 1.52.2
Started from : D:\Instale\hijackthis1.99.1\HijackThis.EXE
Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Instale\hijackthis1.99.1\HijackThis.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WooCnxMon = C:\PROGRA~1\NEOSTR~1\CnxMon.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
WOOWATCH = C:\PROGRA~1\NEOSTR~1\Watch.exe
WOOTASKBARICON = C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
InstantAccess = C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
RegisterDropHandler = C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
RegisterDropHandler = C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312–b0f6–11d0–94ab–0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43–4d38–484f–9b9e–de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34–C7CC–11D0–8953–00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5–3dcf–431b–b061–f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{22d6f312–b0f6–11d0–94ab–0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
[{2C7339CF–2B09–4501–B3F3–F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840–CC51–11CF–AAFA–00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842–CC51–11CF–AAFA–00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046–1e7d–11d1–bc44–00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52–394A–11d3–B153–00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C–0471–11d2–AF11–00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200–ECBD–11cf–8B85–00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200–ECBD–11cf–8B85–00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
––––––––––––––––––––––––––––––––––––––––––––––––––
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
––––––––––––––––––––––––––––––––––––––––––––––––––
Verifying REGEDIT.EXE integrity:
– Regedit.exe found in C:\WINDOWS
– .reg open command is normal (regedit.exe %1)
– Company name OK: 'Microsoft Corporation'
– Original filename OK: 'REGEDIT.EXE'
– File description: 'Edytor rejestru'
Registry check passed
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Browser Helper Objects:
(no name) – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}
(no name) – c:\program files\google\googletoolbar2.dll – {AA58ED58–01DD–4d91–8333–CF10577473F7}
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Task Scheduler jobs:
*No jobs found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Download Program Files:
[Java Plug–in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_04–windows–i586.cab
[Java Plug–in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_04–windows–i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[MainControl Class]
InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll
CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Windows NT/2000/XP services
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
Środowisko obsługi sieci AFD: \SystemRoot\System32\drivers\afd.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Urządzenie alarmowe: %SystemRoot%\System32\svchost.exe –k LocalService (disabled)
Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)
Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe –k netsvcs (manual start)
Sterownik multimediów asynchronicznych RAS: System32\DRIVERS\asyncmac.sys (manual start)
Standardowy kontroler dysku twardego IDE/ESDI: System32\DRIVERS\atapi.sys (system)
Protokół klienta ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik Audio Stub: System32\DRIVERS\audstub.sys (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Usługa inteligentnego transferu w tle: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Przeglądarka komputera: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik stacji dysków CD–ROM: System32\DRIVERS\cdrom.sys (system)
Usługa indeksowania: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Aplikacja systemowa modelu COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235} (manual start)
Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Port gier dla karty Creative SB Live!: System32\DRIVERS\ctljystk.sys (manual start)
Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost –k DcomLaunch (autostart)
Klient DHCP: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik dysku: System32\DRIVERS\disk.sys (system)
Usługa administracyjna Menedźera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Sterownik Menedźera dysków logicznych: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Menedźer dysków logicznych: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)
Klient DNS: %SystemRoot%\System32\svchost.exe –k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)
Sterownik Creative Interface Manager (WDM): system32\drivers\ctlfacem.sys (manual start)
Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)
System zdarzeń COM+: C:\WINDOWS\System32\svchost.exe –k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Zgodność szybkiego przełączania uźytkowników: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik kontrolera stacji dyskietek: System32\DRIVERS\fdc.sys (manual start)
Sterownik stacji dyskietek: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Sterownik Menedźera woluminów: System32\DRIVERS\ftdisk.sys (system)
Licznik portów gier: System32\DRIVERS\gameenum.sys (manual start)
Rodzajowy klasyfikator pakietu: System32\DRIVERS\msgpc.sys (manual start)
Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Włącznik Microsoft HID do portu joysticka: system32\DRIVERS\hidgame.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik Microsoft klasy HID: system32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe –k HTTPFilter (manual start)
Sterownik portu klawiatury i8042 i myszy PS/2: System32\DRIVERS\i8042prt.sys (system)
Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Sterownik Zapory systemu Windows IPv6: system32\drivers\ip6fw.sys (manual start)
Sterownik filtru ruchu IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Sterownik IP w tunelu IP: System32\DRIVERS\ipinip.sys (manual start)
Translator adresów sieciowych IP: System32\DRIVERS\ipnat.sys (manual start)
Sterownik IPSEC: System32\DRIVERS\ipsec.sys (system)
Usługa wyliczania IR: System32\DRIVERS\irenum.sys (manual start)
Sterownik PnP magistrali ISA/EISA: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Sterownik klasy klawiatury: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Serwer: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Stacja robocza: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Pomoc TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe –k LocalService (autostart)
Posłaniec: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
Urządzenie filtru strumieniowego usługi Unimodem: system32\drivers\MODEMCSA.sys (manual start)
Sterownik klasy myszy: System32\DRIVERS\mouclass.sys (system)
Readresator klienta WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Instalator Windows: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Serwer proxy menedźera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
Sterownik BIOS zarządzania systemem firmy Microsoft: System32\DRIVERS\mssmbios.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS TAPI: System32\DRIVERS\ndistapi.sys (manual start)
Protokół We/Wy trybu uźytkownika NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS WAN: System32\DRIVERS\ndiswan.sys (manual start)
Interfejs NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBios przez TCP/IP: System32\DRIVERS\netbt.sys (system)
DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
Logowanie do sieci: %SystemRoot%\System32\lsass.exe (manual start)
Połączenia sieciowe: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik interfejsu NT Apm/Legacy: System32\DRIVERS\NtApm.sys (manual start)
Usługa NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Magazyn wymienny: %SystemRoot%\system32\svchost.exe –k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Sterownik filtru ruchu IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Sterownik usług przesyłania dalej ruchu IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Sterownik portu równoległego: System32\DRIVERS\parport.sys (manual start)
Sterownik magistrali PCI: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Usługi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)
Harmonogram pakietów QoS: System32\DRIVERS\psched.sys (manual start)
Sterownik bezpośredniego połączenia kablowego: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Sterownik automatycznego połączenia dostępu zdalnego: System32\DRIVERS\rasacd.sys (system)
Menedźer autopołączenia dostępu zdalnego: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Menedźer połączeń usługi Dostęp zdalny: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik usługi Dostęp zdalny PPPOE: System32\DRIVERS\raspppoe.sys (manual start)
Bezpośrednie połączenie kablowe: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sterownik przekierowania urządzenia serwera terminali: System32\DRIVERS\rdpdr.sys (manual start)
Menedźer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (disabled)
Sterownik filtru odtwarzania audio cyfrowych dysków CD: System32\DRIVERS\redbook.sys (system)
Routing i dostęp zdalny: %SystemRoot%\System32\svchost.exe –k netsvcs (disabled)
Rejestr zdalny: %SystemRoot%\system32\svchost.exe –k LocalService (autostart)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\System32\locator.exe (manual start)
Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost –k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Menedźer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart)
Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)
Harmonogram zadań: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Sterownik filtru Serenum: System32\DRIVERS\serenum.sys (manual start)
Sterownik portu szeregowego: System32\DRIVERS\serial.sys (system)
Sterownik Creative SoundFont Manager (WDM): system32\drivers\sfmanm.sys (manual start)
Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)
Sterownik filtru Przywracania systemu: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Usługa przywracania systemu: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Usługa odnajdywania SSDP: %SystemRoot%\System32\svchost.exe –k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe –k imgsvc (manual start)
Sterownik magistrali programowej: System32\DRIVERS\swenum.sys (manual start)
Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F16546FF–DC02–4870–B9EF–3F129BC2670A} (manual start)
Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)
Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Sterownik protokołu TCP/IP: System32\DRIVERS\tcpip.sys (system)
Sterownik urządzenia terminalu: System32\DRIVERS\termdd.sys (system)
Usługi terminalowe: %SystemRoot%\System32\svchost –k DComLaunch (manual start)
Kompozycje: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe –k netsvcs (autostart)
Sterownik Microcode Update: System32\DRIVERS\update.sys (manual start)
Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\System32\svchost.exe –k LocalService (manual start)
Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)
Plustek USB Scanner: system32\DRIVERS\UScanner.SYS (autostart)
Sterownik audio USB (WDM): system32\drivers\usbaudio.sys (manual start)
Rodzajowy sterownik nadrzędny USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
Koncentrator z obsługą USB2: System32\DRIVERS\usbhub.sys (manual start)
Sterownik magazynu masowego USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
Kontroler ekranu VGA.: \SystemRoot\System32\drivers\vga.sys (system)
Filtr magistrali AGP VIA: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)
Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Sterownik usługi Dostęp zdalny IP ARP: System32\DRIVERS\wanarp.sys (manual start)
Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe –k LocalService (autostart)
Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe –k netsvcs (autostart)
Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
Karta wydajności WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Aktualizacje automatyczne: %systemRoot%\System32\svchost.exe –k netsvcs (disabled)
Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe –k netsvcs (autostart)
Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe –k netsvcs (manual start)
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
End of report, 31846 bytes
Report generated in 3.445 seconds
Command line options:
/verbose – to add additional info on each section
/complete – to include empty sections and unsuspicious data
/full – to include several rarely–important sections
/force9x – to include Win9x–only startups even if running on WinNT
/forcent – to include WinNT–only startups even if running on Win9x
/forceall – to include all Win9x and WinNT startups, regardless of platform
/history – to list version history only
//////////////////////////////////////
/////////////////////////////////////
Silent Runners:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Tlcom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Tlcom R&D"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"InstantAccess" = "C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h" [null data]
"RegisterDropHandler" = "C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58–01DD–4d91–8333–CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D0FAC080–AE1A–11ce–8016–CE90976DC901}" = "Picture Publisher File Viewer"
–> {CLSID}\InProcServer32\(Default) = "ppiv30.dll" [null data]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79300–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssbezier.scr" [MS]
Startup items in "Administrator" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" –> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"GetRight – Tray Icon" –> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{01002DB2–8170–4D9B–A8B1–DDC9DD114E03}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27–C764–4E1A–A6F4–62F7A7E5E51C}\ = "ToolBand Class"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0–931E–4A4F–B33F–456D07137EAA}\ = "Volet Wanadoo"
Implemented Categories\{00021494–0000–0000–C000–000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{FF059E31–CC5A–4E2E–BF3B–96E929D65503}\ = "&Badanie"
Implemented Categories\{00021493–0000–0000–C000–000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0004–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
Miscellaneous IE Hijack Points
––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English–language version):
"{08C06D61–F1F3–4799–86F8–BE1A89362C85}" = "Search Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 1301 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 716 seconds.
–––––––––– (total run time: 2674 seconds)
////////////////////////////
/////////////////////////////
Mam nadzieje ze ktos moze mi pomoc i znalezc rozwiazanie. Wolalbym zeby obylo sie bez reinstalacji Windy
Odpowiedzi: 5
Mam to samo, miałem na XP bez Sp, zainstalowałem SP2 i przez dwa tygodnie miałem spokój. Teraz po zrobieniu formata zainstalowałem od razu WinXp z Sp2 i znowu mnie to gnębi. W menadżerze zadań proces SYSTEM w użyciu procesora nie schodzi poniżej 40%!! mam 1600MHz i 768mb ramu. Bebechy te same od 2 lat, więc to nie jest wina sprzętu. Aktualki automatyczne wyłączone, zainstalowany firewall Kerio i antywir AVG.
bocian_mn:
Moze to wina programu dostepowego neostrady.
Odinstaluj i sprawdź ;)
Wodotryski wylaczone, SP2 zaisntalowane zaraz po formacie, zbedne uslugi wylaczone...itp.
Komp zaczal dzialac wolno odkad przeistalowalem winde i zainstalowalem neostrade... gdy zrobilem przywracanie systemu to o dziwo system zaczał chodzic szybciej. Ale potem znow musialem reinstalowac winde...i komp znow zamulał... teraz przywracanie systemu mam wylaczone...by nie obciazalo komputera. Uzycie procka zazwyczaj jest na 100%. Nie znajduje konkretnego programu ktory by tak zamulał. Wczesniej gdy mialem na kompie win98 + winxp. oba systemy smigaly normalnie. a teraz... nawet w deluxe ski jump 2.1 nie chodzi normalnie ... a przeciez wymagania ma skromne.
Moze to wina typu formatowania. Zrobilem szybkie formatowanie dysku.. (lecz to nie tlumaczy poprawnego dzialania windy po przywracaniau systemu).
Moze to wina programu dostepowego neostrady. Ale zeby on zamulal az tak??
Komp zaczal dzialac wolno odkad przeistalowalem winde i zainstalowalem neostrade... gdy zrobilem przywracanie systemu to o dziwo system zaczał chodzic szybciej. Ale potem znow musialem reinstalowac winde...i komp znow zamulał... teraz przywracanie systemu mam wylaczone...by nie obciazalo komputera. Uzycie procka zazwyczaj jest na 100%. Nie znajduje konkretnego programu ktory by tak zamulał. Wczesniej gdy mialem na kompie win98 + winxp. oba systemy smigaly normalnie. a teraz... nawet w deluxe ski jump 2.1 nie chodzi normalnie ... a przeciez wymagania ma skromne.
Moze to wina typu formatowania. Zrobilem szybkie formatowanie dysku.. (lecz to nie tlumaczy poprawnego dzialania windy po przywracaniau systemu).
Moze to wina programu dostepowego neostrady. Ale zeby on zamulal az tak??
W logach czysto, raczej bym sie skierował na :
–wyłaczenie wodotrysków
–wyłączenie zbędnych procesów i usług, usunięcie niepotrzebnych programów z Prefetcha
–defragmentacja dysków, czyszczenie rejestru
–tweak urządzeń
Najlepiej jakbyś skorzystał ze starszego systemu, moźe Win 2k
PS
Moźe mi się chce – tobie nie musi. Nie wyraźaj takiej opinii skoro się na tym nie bardzo znasz, sądząc po twojej wypowiedzi
–wyłaczenie wodotrysków
–wyłączenie zbędnych procesów i usług, usunięcie niepotrzebnych programów z Prefetcha
–defragmentacja dysków, czyszczenie rejestru
–tweak urządzeń
Najlepiej jakbyś skorzystał ze starszego systemu, moźe Win 2k
PS
niedawaj wiecej tychj dlugich opisow z hijacka... nikomu niechce sie tego przegladac
Moźe mi się chce – tobie nie musi. Nie wyraźaj takiej opinii skoro się na tym nie bardzo znasz, sądząc po twojej wypowiedzi
siemka,,,, mam nieomal identyczny sprzet jak ty poodbny procek i neo tyle ze mniej ramu... 256. dziala mi wszystko calkiem przyzwoicie... zakladajac ze niemasz wirka, masz dyski pofragmentowane a na c 1gb wolnego miejsca, i ze zainstalowales sp2 zaraz po formacie, a zbedne uslugi wył. moge ci tylko poradzic zebybys uzyl programu do tweak'owania. u mnie sprawdza sie wysmienicie. wtedy pogrzebiesz tez trochje w rejestrze, usprawnisz szybkosc dyku. sprawdz tez czasem jaki program pochłania ci najwiecej procka. mozesz tez przezucic sie na szybsze przegladarki (opera ,firefox). w moim przypadku korzystanie z zonealarma bardzo nikorzystnie wplywalo na szybkosc kompa... ps.. niedawaj wiecej tychj dlugich opisow z hijacka... nikomu niechce sie tego przegladac,
-
<p>Sprawdź co za proces obiąża ci komputer. Ja mam problem z svchost ale po zamieszczeniu logu z hijacka jeszcze nikt mi nie pomogł</p><p>PS troche stary ten post<img src="http://portal.centrumxp.pl/emoticons/emotion-41.gif" alt="Ick!" /></p>
-
Winien jest proces SYSTEM. Błagam, pomóżcie.
-
Pobaw sie troche tutaj <a href="http://www.searchengines.pl/phpbb203/index.php?showtopic=5989" title="lol" target="_blank">http://www.searchengines.pl/phpbb203/index.php?showtopic=5989</a>
Strona 1 / 1