Prosze o sprawdzenie loga
Mam duży problem z svchost.exe po jakims czasie zuzywa mi wszystki zasoby CPU.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
D:\Ściagacze\eMule\eMule 46c\emule.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mlody\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - Startup: Desktop Calendar StartUp.lnk = ?
O4 - Startup: emule.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: www.allegro.pl
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Odpowiedzi: 1
oto log z silent runners:<br>"Silent Runners.vbs", revision 45, http://www.silentrunners.org/<br>Operating System: Windows XP<br>Output limited to non-default values, except where indicated by "{++}"<br><br><br>Startup items buried in registry:<br>---------------------------------<br><br>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}<br>"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]<br>"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]<br>"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc. "]<br>"EM_EXEC" = "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]<br>"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]<br>"NetLimiter" = "C:\Program Files\NetLimiter\NetLimiter.exe /s" ["LockTime"]<br>"Outpost Firewall" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."]<br>"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]<br>"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]<br>"DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]<br><br>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}<br>"Flag" = 2<br><br>HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\<br>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)<br> -> {HKLM...CLSID} = "AcroIEHlprObj Class"<br> \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]<br>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)<br> -> {HKLM...CLSID} = "SSVHelper Class"<br> \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]<br><br>HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\<br>"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"<br> -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"<br> \InProcServer32\(Default) = "deskpan.dll" [file not found]<br>"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"<br> -> {HKLM...CLSID} = "HyperTerminal Icon Ext"<br> \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]<br>"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"<br> -> {HKLM...CLSID} = "Eksplorator pulpitów"<br> \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]<br>"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"<br> -> {HKLM...CLSID} = (no title provided)<br> \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]<br>"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"<br> -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"<br> \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]<br>"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"<br> -> {HKLM...CLSID} = "WinRAR"<br> \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]<br>"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"<br> -> {HKLM...CLSID} = "Microsoft Office Outlook"<br> \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]<br>"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"<br> -> {HKLM...CLSID} = (no title provided)<br> \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]<br>"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"<br> -> {HKLM...CLSID} = "PropPage Class"<br> \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]<br>"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"<br> -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"<br> \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]<br><br>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\<br>INFECTION WARNING! "AppInit_DLLs" = "C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll" ["Agnitum Ltd."]<br><br>HKLM\Software\Classes\PROTOCOLS\Filter\<br>INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"<br> -> {HKLM...CLSID} = (no title provided)<br> \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]<br><br>HKLM\Software\Classes\Folder\shellex\ColumnHandlers\<br>{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"<br> -> {HKLM...CLSID} = "PDF Shell Extension"<br> \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]<br><br>HKLM\Software\Classes\*\shellex\ContextMenuHandlers\<br>ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"<br> -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"<br> \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]<br>DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"<br> -> {HKLM...CLSID} = "DAPMenuShellExt Class"<br> \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]<br>IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"<br> -> {HKLM...CLSID} = "IMMenuShellExt Class"<br> \InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]<br>NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"<br> -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"<br> \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]<br>TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"<br> -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"<br> \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]<br>WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"<br> -> {HKLM...CLSID} = "WinRAR"<br> \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]<br><br>HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\<br>ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"<br> -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"<br> \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]<br>TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"<br> -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"<br> \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]<br>WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"<br> -> {HKLM...CLSID} = "WinRAR"<br> \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]<br><br>HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\<br>ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"<br> -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"<br> \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]<br>NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"<br> -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"<br> \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]<br>WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"<br> -> {HKLM...CLSID} = "WinRAR"<br> \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]<br><br><br>Active Desktop and Wallpaper:<br>-----------------------------<br><br>Active Desktop is disabled at this entry:<br>HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState<br><br>HKCU\Control Panel\Desktop\<br>"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"<br><br><br>Startup items in "mlody" & "All Users" startup folders:<br>-------------------------------------------------------<br><br>C:\Documents and Settings\mlody\Menu Start\Programy\Autostart<br>"Desktop Calendar StartUp" -> shortcut to: "F:\Programy\Różne\Kalendarz\DESKCAL.EXE -OnlyDraw" ["Shinonon Free Softrware"]<br>"emule" -> shortcut to: "D:\Ściagacze\eMule\eMule 46c\emule.exe" ["http://www.emule-project.net"]<br><br><br>Enabled Scheduled Tasks:<br>------------------------<br><br>"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]<br>"Funkcja One Button Checkup pakietu Norton SystemWorks" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]<br>"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data]<br>"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]<br><br><br>Winsock2 Service Provider DLLs:<br>-------------------------------<br><br>Namespace Service Providers<br><br>HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}<br>000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]<br>000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]<br>000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]<br><br>Transport Service Providers<br><br>HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}<br>0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:<br>imon.dll ["Eset "], 01 - 10, 30<br>C:\Program Files\NetLimiter\nl_lsp.dll [null data], 11 - 15, 29<br>%SystemRoot%\system32\mswsock.dll [MS], 16 - 18, 21 - 28<br>%SystemRoot%\system32\rsvpsp.dll [MS], 19 - 20<br><br><br>Toolbars, Explorer Bars, Extensions:<br>------------------------------------<br><br>Explorer Bars<br><br>Dormant Explorer Bars in "View, Explorer Bar" menu<br><br>HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"<br>Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]<br>InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]<br><br>Extensions (Tools menu items, main toolbar menu buttons)<br><br>HKLM\Software\Microsoft\Internet Explorer\Extensions\<br>{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\<br>"MenuText" = "Sun Java Console"<br>"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"<br> -> {HKCU...CLSID} = "Java Plug-in"<br> \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]<br> -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"<br> \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]<br><br>{92780B25-18CC-41C8-B9BE-3C9C571A8263}\<br>"ButtonText" = "Badanie"<br><br><br>Miscellaneous IE Hijack Points<br>------------------------------<br><br>HKLM\Software\Microsoft\Internet Explorer\AboutURLs\<br><br>Missing lines (compared with English-language version):<br>HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]<br><br><br>Running Services (Display Name, Service Name, Path {Service DLL}):<br>------------------------------------------------------------------<br><br>GhostStartService, GhostStartService, "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe" ["Symantec Corporation"]<br>Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]<br>NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]<br>Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]<br>NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]<br>Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]<br><br><br>Keyboard Driver Filters:<br>------------------------<br><br>HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\<br>"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]<br><br><br>Print Monitors:<br>---------------<br><br>HKLM\System\CurrentControlSet\Control\Print\Monitors\<br>Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]<br>Monitor języka PJL\Driver = "PJLMON.DLL" [MS]<br><br><br>----------<br>+ This report excludes default entries except where indicated.<br>+ To see *everywhere* the script checks and *everything* it finds,<br> launch it from a command prompt or a shortcut with the -all parameter.<br>+ The search for DESKTOP.INI DLL launch points on all local fixed drives<br> took 176 seconds.<br>+ The search for all Registry CLSIDs containing dormant Explorer Bars<br> took 279 seconds.<br>---------- (total run time: 930 seconds)<br><br>A TEN Z GMERA:<br><br>GMER 1.0.9.8110 - http://www.gmer.net<br>Windows 5.1.2600 <br><br><br>---- System - GMER 1.0.9 ----<br><br>SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwOpenProcess<br>SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess<br>SSDT \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS ZwWriteVirtualMemory<br><br>---- Files - GMER 1.0.9 ----<br><br>File C:\System Volume Information\tracking.log <br>File C:\System Volume Information\_restore{D8572885-C670-4DDF-9E52-7FB67150446D} <br><br>---- EOF - GMER 1.0.9 ----<br>