Wolna Praca Systemu.

[falar]

Witam. Proszę o sprawdzenie logów, ponieważ komputer ten bardzo wolno pracuje. (Combofix działa przez 4,5h, co raczej nie jest normalne). Dysk nie jest aż tak duży, żeby wymagał tak długiej pracy-ma chyba 40 GB (dokładnie nie jestem w stanie podac, bo to nie jest mój komputer)

Logi:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:55, on 2008-12-29

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\RunDll32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Gadu-Gadu1\gg.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

E:\mira\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu1\gg.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203714359164

O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - http://www.bahu.com/BahuPhotoUploader.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)

O20 - Winlogon Notify: style32 - C:\WINDOWS\q1756726.dll (file missing)

O22 - SharedTaskScheduler: style 2 - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - (no file)

O22 - SharedTaskScheduler: z - {C7CF1142-0785-4B12-A280-B64681E4D45E} - (no file)

O23 - Service: AVG7 alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 4898 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix"

ComboFix 08-12-28.03 - ABC 2008-12-29 16:25:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.511.154 [GMT 1:00]

Uruchomiony z: c:\documents and settings\ABC\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

 

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\mdm.exe

 

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MSUDP4

-------\Legacy_NUCDRV

-------\Service_nucdrv

 

 

((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-29 )))))))))))))))))))))))))))))))

.

 

2008-12-29 14:34 . 2008-12-29 14:34 16,319,896 --a------ C:\jre-6u11-windows-i586-p-s.exe

2008-12-29 14:21 . 2008-12-29 14:21 1,851,544 --a------ C:\install_flash_player.exe

2008-12-29 13:50 . 2008-12-29 13:56 8,230,488 --a------ C:\Firefox Setup 3.0.5.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-29 13:00 --------- d-----w c:\program files\Testy gimnazjalne 2005

2008-12-29 13:00 --------- d-----w c:\program files\Testy gimnazjalne

2008-12-29 12:57 --------- d-----w c:\program files\eduROM

2008-12-29 12:57 --------- d-----w c:\program files\Common Files\GraphBoard 2.50

2008-12-29 12:47 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-29 12:45 --------- d-----w c:\program files\Cyanide

2008-12-29 12:42 --------- d-----w c:\program files\Wapster

2008-12-08 19:43 --------- d-----w c:\documents and settings\ABC\Dane aplikacji\U3

2005-11-08 18:37 5,496,440 ----a-w c:\program files\Firefox Setup 1.0.7.exe

2005-11-08 18:21 1,426,540 ----a-w c:\program files\mozilla-1.7.12.pl-PL.langpack.xpi

2005-11-08 18:18 11,802,153 ----a-w c:\program files\mozilla-1.7.12.pl-PL.win32.installer.exe

2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL

1999-05-17 20:58 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL

1998-12-09 08:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL

1998-12-09 08:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL

1998-12-09 08:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL

1998-12-09 08:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL

1998-12-09 08:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

"Gadu-Gadu"="c:\program files\Gadu-Gadu1\gg.exe" [2008-03-20 2127296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-12-30 406528]

"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-16 590848]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]

"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-26 13312]

"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-06 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.AP41"= APmpg4v1.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"msacm.l3codecp"= l3codecp.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a------ 2002-12-02 19:56 40960 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

--a------ 2005-06-24 14:24 473928 c:\program files\Microsoft AntiSpyware\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

-ra------ 2002-12-17 10:40 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2003-03-26 08:19 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2001-08-02 06:14 1077277 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

 

S3 V90drv;v90drv;c:\windows\System32\DRIVERS\v90drv.sys [2001-11-29 1432836]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

Notify-nucdrvdll - (no file)

Notify-style32 - (no file)

MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe

MSConfigStartUp-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\gg.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

 

 

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.o2.pl/

uSearch Bar = hxxp://www.google.com/ie

mLocal Page = about:blank

mStart Page = about:blank

mSearchAssistant = hxxp://www.google.com/ie

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

 

c:\windows\System32\unicows.dll - c:\windows\Downloaded Program Files\BahuPhotoUploader.ocx

O16 -: {76EE578D-314B-4755-8365-6E1722C001A2}

hxxp://www.bahu.com/BahuPhotoUploader.cab

c:\windows\Downloaded Program Files\BahuPhotoUploader.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-29 21:00:43

Windows 5.1.2600 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

 

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(640)

c:\windows\system32\ODBC32.dll

c:\windows\System32\l3codeca.acm

c:\windows\system32\DivXa32.acm

c:\windows\system32\l3codecp.acm

 

- - - - - - - > 'lsass.exe'(696)

c:\windows\System32\dssenh.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe

c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe

c:\windows\system32\locator.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-29 21:08:17 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-12-29 20:06:57

 

Przed: 10 274 693 120 bajtów wolnych

Po: 17,916,289,024 bajtów wolnych

 

140

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners"

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu1\gg.exe" /tray" ["Gadu-Gadu S.A."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile"

-> {HKLM...CLSID} = "Mobile"

\InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]

"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler"

-> {HKLM...CLSID} = "Mobile ContextMenuHandler"

\InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]

"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler"

-> {HKLM...CLSID} = "Mobile PropertySheetHandler"

\InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone"

-> {HKLM...CLSID} = "LG Phone"

\InProcServer32\(Default) = "C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll" ["LG Electornics"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"

\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> nucdrvdll\DLLName = "nucdrvdll." [file not found]

<<!>> style32\DLLName = "C:\WINDOWS\q1756726.dll" [file not found]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

 

HKCU\Software\Policies\Microsoft\Windows\System\

 

"DisableCMD" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Disable the command prompt}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\ABC\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

 

BlankCDHandler\

"Provider" = "@C:\Program Files\Ahead\Nero\APHandler.dll,-101"

"InvokeProgID" = "APHandler.Handler.1"

"InvokeVerb" = "BlankCD"

HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\BlankCD\command\(Default) = "C:\Program Files\Ahead\Nero\\nero.exe /BlankCD" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"]

 

CDAudioHandler\

"Provider" = "@C:\Program Files\Ahead\Nero\APHandler.dll,-101"

"InvokeProgID" = "APHandler.Handler.1"

"InvokeVerb" = "CDAudio"

HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\CDAudio\command\(Default) = "C:\Program Files\Ahead\Nero\\nero.exe /CDAudio" ["Ahead Software AG Karlsbad Germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@nero.com"]

 

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

 

PSASE30ImportPicturesOnArrival\

"Provider" = "Adobe Photoshop Album Starter Edition"

"InvokeProgID" = "PSASE30.autoplay"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [null data], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" [file not found]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search && Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AVG7 alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

hpzlnt08\Driver = "hpzlnt08.dll" ["HP"]

OLFax Ports\Driver = "OLFMNT40.DLL" [MS]

 

 

---------- (launch time: 2008-12-29 15:34:41)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 1338 seconds.

---------- (total run time: 2919 seconds)

[ULLISSES]

1. Gdy włączasz tego typu skanery, to wyłącz wcześniej otwarte okna zarządzania systemem, defragmentacji czy dowolne okna panelu sterowania oraz inne zbędne aplikacje (takie jak GG!).

2. Jakiej przeglądarki używasz?

3. Wywal z Hijack to:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "bum"

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203714359164

O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - http://www.bahu.com/BahuPhotoUploader.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)

O20 - Winlogon Notify: style32 - C:\WINDOWS\q1756726.dll (file missing)

O22 - SharedTaskScheduler: style 2 - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - (no file)

O22 - SharedTaskScheduler: z - {C7CF1142-0785-4B12-A280-B64681E4D45E} - (no file)\

4. Sprawdź, czy wyłączenie lub odinstalowanie antywirusa rozwiąże problem.

[Kolobos]

8O ULLISSES

Twoje porady sa szkodliwe, nie wiem skad Ci przyszedl do glowy pomysl zeby usuwac:

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

Po usunieciu nie bedzie dzwieku w IE. Java i spybot, nie maja wplywu na predkosc dzialania, wiec zostaw wpisy w spokoju.

 

Z tego co podales do kasacji jest tylko:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - http://www.bahu.com/BahuPhotoUploader.cab

O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)

O20 - Winlogon Notify: style32 - C:\WINDOWS\q1756726.dll (file missing)

O22 - SharedTaskScheduler: style 2 - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - (no file)

O22 - SharedTaskScheduler: z - {C7CF1142-0785-4B12-A280-B64681E4D45E} - (no file)\

 

Programy sie WYLACZA w MSCONFIG, a nie usuwa w hijackthis.

 

Na przyszlosc zastanow sie zanim zaczniesz zalecac usuwanie wszystkiego jak leci.

 

8O falar

Uzyj HdTune, po przeskanowaniu zrob screeny wszystkich zakladek programu i daj linki na forum.

Edytowane 30 Grudnia 2008 przez Kolobos

[ULLISSES]

@Kolobos:

Możesz mi wyjaśnić, po co komuś dźwięk, Java czy ochrona w programie, którego nie używa (a przynajmniej nie powinien używać)?

Mój komputer działa szybko, stabilnie i bez wirusów dzięki temu, iż katalogów Internet Explorer i Windows Media Player nie ma na dysku.

Moje zalecenia powodują komputer szybszym (nie włącza się pół godziny) i bezpieczniejszym - im mniej aplikacji MS, tym mniej dziur.

 

Poza tym chłopak chciał przyspieszyć system, a nie posprzątać lekko.. ;]

 

PS. Jeśli wyłączenie/odinstalowanie antywirusa rozwiąże problem, to ściągnij nowszą wersję, poszukaj pomocy na stronie producenta programu lub zmień antywirusa na np ten. On także jest darmowy, działa skutecznie i nie obciąża systemu.

[falar]

w takim razie muszę wyjaśnić pewne sprawy. Jako, ze nie jest to mój komputer, więc nie mogę wyrzucić, ani zablokować działania IE, więc dźwięk Java i ochrona powininy zostać. Nie chodzi mi o przyspieszenie tego komputera, mam go tylko doprowadzić do stanu normalnej używalności. Z tego co wiem, to nie ma problemów z nadmiernym zżeraniem zasobów przez antywirusa, więc ten powód raczej można wyeliminować.

Co do nie zamkniętych programów, to racja-mój błąd. Odnośnie HdTune, to jako iż to nie jest mój komputer, ani fizycznie nie znajduje się u mnie obecnie, więc nie mam chwilowo się do niego dostać, żeby uruchomić ten program, będę miał taką możliwość w piątek, więc wtedy postaram się wrzucić screeny, ale właśnie obawiam się, że wina leży po stronie dysku.

Edytowane 30 Grudnia 2008 przez falar

[ULLISSES]

Trzeba było tak od razu. W takim razie wywal to, co zaleca Kolobos.

Jeśli chodzi o dysk, to całkiem możliwe.

Sprawdź jeszcze pamięci, ale w przypadku problemów z nimi to programy powinny się wysypywać.