Wolny komputer [strsznie skaczą procesy]
Mam bardzo wysoką aktywność procesów,raz 0 raz50.Skanowałe komputer Kasperskim i skanerami online.
Prosze o sprawdzenie loga:
Prosze o sprawdzenie loga:
StartupList report, 2006–01–06, 11:08:29
StartupList version: 1.52.2
Started from : F:\TATA\PROGRAMY [instalki]\hijackthis\HijackThis.EXE
Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ewido anti–malware\ewidoctrl.exe
C:\Program Files\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Beniamin\tguard.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
F:\TATA\PROGRAMY [instalki]\DC++\DCPlusPlus.exe
C:\PROGRA~1\SPYCLE~1\Spywatcher.exe
F:\TATA\PROGRAMY [instalki]\Torrent 1.3 Final\utorrent.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\TATA\PROGRAMY [instalki]\hijackthis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
––––––––––––––––––––––––––––––––––––––––––––––––––
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Matimati\Menu Start\Programy\Autostart]
Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemTray = SysTray.Exe
GhostStartTrayApp = C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
Outpost Firewall = C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
OutpostFeedBack = C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SoundMan = SOUNDMAN.EXE
tguard = C:\Program Files\Beniamin\tguard.exe
TrayFactory = C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
InkSaver = C:\Program Files\InkSaver\InkSaver.exe hide
cFosSpeed = C:\Program Files\cFosSpeed\cFosSpeed.exe
KAVPersonal50 = "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro\kav.exe" /minimize
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
TrayFactory = C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c
SkinClock = C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
AutoConnect = C:\Program Files\AutoConnect\AutoConnect.exe
UnHackMe Monitor = C:\Program Files\UnHackMe\hackmon.exe
Spy Watcher = "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" –S
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
––––––––––––––––––––––––––––––––––––––––––––––––––
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Browser Helper Objects:
(no name) – F:\TATA\PROGRA~2\IDA\idaiehlp.dll – {2A646672–9C3A–4C28–9A7A–1FB0F63F28B6}
(no name) – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43}
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Task Scheduler jobs:
Rozpoczęcie aplikacji dostrajania.job
Przypomnienie o wygaśnięciu dezinstalacji.job
1–Click Maintenance.job
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Download Program Files:
[Internet Explorer Classes for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On–line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
[TenebrilSpywareScanner Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SPYWAR~1.OCX
CODEBASE = http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
[{556DDE35–E955–11D0–A707–000000521957}]
CODEBASE = http://www.xblock.com/download/xclean_micro.exe
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://www.netsecure.pl/scan8/oscan8.cab
[ICSScanner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScan.dll
CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
[Java Plug–in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_06–windows–i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
[Update Class]
InProcServer32 = C:\WINDOWS\system32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38715.0268865741
[Java Plug–in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_06–windows–i586.cab
[Java Plug–in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall–1_5_0_06–windows–i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[MainControl Class]
InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll
CODEBASE = http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\bnmndrv.dll
Protocol #2: C:\WINDOWS\system32\bnmndrv.dll
Protocol #3: C:\WINDOWS\system32\bnmndrv.dll
Protocol #4: C:\WINDOWS\system32\bnmndrv.dll
Protocol #5: C:\WINDOWS\system32\bnmndrv.dll
Protocol #6: C:\WINDOWS\system32\bnmndrv.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll
Protocol #12: C:\WINDOWS\system32\rsvpsp.dll
Protocol #13: C:\WINDOWS\system32\bnmndrv.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Matimati\USTAWI~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Matimati\USTAWI~1\Temp\GLB1A2B.EXE
––––––––––––––––––––––––––––––––––––––––––––––––––
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: %system%\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
––––––––––––––––––––––––––––––––––––––––––––––––––
End of report, 17 548 bytes
Report generated in 0,031 seconds
Command line options:
/verbose – to add additional info on each section
/complete – to include empty sections and unsuspicious data
/full – to include several rarely–important sections
/force9x – to include Win9x–only startups even if running on WinNT
/forcent – to include WinNT–only startups even if running on Win9x
/forceall – to include all Win9x and WinNT startups, regardless of platform
/history – to list version history only
Odpowiedzi: 0
Strona 0 / 0