Czy w z mojego loga wynikają moje problemy ? ;-)

IP: *.aster.pl / *.aster.pl 30.10.05, 11:37
Witam

Oto mój problem:

Po uruchomieniu gg lub explorera procesy z tym związane (gg.exe czy
explorer.exe), nawet po wyłączeniu aplikacji zabieraja cały potencjał CPU i
system dramatycznie zwalnia. Nie wiem czy to coś się przypałętało (mam
Symanteca a online korzystam z mks'a) ale niczego nie mogę wykryć. Bardzo
proszę o pomoc/radę... Poniżej zamieszczam log'a:

Logfile of HijackThis v1.99.1
Scan saved at 09:46:31, on 2005-10-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Burza\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.pajacyk.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: skaner.mks.com.pl
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1
\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Klient Symantec AntiVirus (Norton AntiVirus Server) - Symantec
Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

Z góry dziękuję za zainteresowanie i pomoc ;-)
    • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 30.10.05, 11:52
      Usun oba wpisy oraz pliki z dysku:
      O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
      O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe

      Nie zaszkodzi tez skan:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 30.10.05, 12:30
        Dzięki !

        Plików nie znalazłem ale HijackThis zadziałał. Skorzystałem też z linka
        (znalazł i usunął 2 obiekty). Po restarcie log wygląda tak:

        Logfile of HijackThis v1.99.1
        Scan saved at 12:27:42, on 2005-10-30
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\WINDOWS\system32\taskmgr.exe
        C:\Documents and Settings\Burza\Pulpit\hijackthis 1.98\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.pajacyk.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5
        \DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
        AntiSpyware\gcasServ.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0
        \Distillr\AcroTray.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
        Files\WinZip\WZQKPICK.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1
        \DefWatch.exe
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
        C:\WINDOWS\System32\ImapiRox.exe
        O23 - Service: Klient Symantec AntiVirus (Norton AntiVirus Server) - Symantec
        Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
        O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe

        explorer.exe już nie zżera całego CPU (uff !) ale gg niestety dalej... Czy to
        problem z gg czy dalej jakieś śmieci siedzą ?

        Jeszcze raz bardzo dziękuję !
        • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 30.10.05, 12:58
          Rczej gg, masz najnowsza wersje? Moze zmien gg na tlen ktory obsluguje rowniez
          gg.
          • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 30.10.05, 14:47
            gg 7.0 więc to najnowsze... Chyba pokombinuję z tlenem albo zaatakuje jakieś
            starsze gg...
            Tak czy inaczej - dzięki !

            pzdr

            Burza
          • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 30.10.05, 16:02
            Niestety problem powrócił... Znowu explorer.exe dorwał się do CPU i zajmuje go
            całego po uruchomieniu exploratora windows. Nie wiem już co z tym robić. Może
            reinstalka... Albo wogóle format ?

            Burza
            • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 30.10.05, 16:20
              Wklej moze nowy log z hijackthis.
              Sciagnij tez:
              www.sysinternals.com/Files/ProcessExplorerNt.zip
              I zobacz czy moze bedzie podane czy cos sie nie podpielo pod explorer.
              • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 30.10.05, 17:54
                Well...

                Logfile of HijackThis v1.99.1
                Scan saved at 17:52:57, on 2005-10-30
                Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                C:\Program Files\Winamp\winampa.exe
                C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
                C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
                C:\Program Files\WinZip\WZQKPICK.EXE
                C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\taskmgr.exe
                C:\WINDOWS\explorer.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Documents and Settings\Burza\Pulpit\ProcessExplorerNt\procexp.exe
                C:\Documents and Settings\Burza\Pulpit\hijackthis 1.98\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.pajacyk.pl/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5
                \DirectCD\DirectCD.exe"
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                atboottime
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
                O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
                O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                AntiSpyware\gcasServ.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office10\OSA.EXE
                O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0
                \Distillr\AcroTray.exe
                O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
                Files\WinZip\WZQKPICK.EXE
                O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                skaner.mks.com.pl/SkanerOnline.cab
                O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
                O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1
                \DefWatch.exe
                O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
                C:\WINDOWS\System32\ImapiRox.exe
                O23 - Service: Klient Symantec AntiVirus (Norton AntiVirus Server) - Symantec
                Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
                O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\System32\nvsvc32.exe

                Dzięki za zainteresowanie...
                • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 30.10.05, 19:14
                  Log jest ok, wklej moze jeszcze log zrobiony tym:
                  www.silentrunners.org/Silent%20Runners.vbs
                  zrob go w trybie awaryjnym.

                  Sprobuj tez wylaczyc po jednym programy w msconfig i zobacz czy za ktoryms
                  razem cos sie zmieni.Ale moze zanim to zrobisz to zainstaluj firewall:
                  www.kerio.com/kpf_download.html
                  i zobacz czy cos sie zmieni.

                  • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 31.10.05, 11:46
                    Nieistety problemy nadal występoują :-(
                    Log z Silentrunners'a:

                    "Silent Runners.vbs", revision 41, www.silentrunners.org/
                    Operating System: Windows XP SP2
                    Output limited to non-default values, except where indicated by "{++}"


                    Startup items buried in registry:
                    ---------------------------------

                    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
                    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

                    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                    "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
                    "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5
                    \DirectCD\DirectCD.exe"" ["Roxio"]
                    "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
                    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"
                    ["Apple Computer, Inc."]
                    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
                    "vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
                    "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

                    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from
                    CLSID]
                    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0
                    \Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]

                    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                    wyświetlania"
                    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

                    Explorer.exe nadal zabiera całe dostępne CPU po włączeniu exploratora lub
                    nawet "mojego komputera" :-(
                    • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 31.10.05, 12:00
                      To nie jest caly log, wklej jeszcze raz.
                      • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 31.10.05, 12:48
                        Przepraszam, wydawało mi się, że cały...

                        "Silent Runners.vbs", revision 41, www.silentrunners.org/
                        Operating System: Windows XP SP2
                        Output limited to non-default values, except where indicated by "{++}"


                        Startup items buried in registry:
                        ---------------------------------

                        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                        "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
                        "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

                        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                        "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
                        "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5
                        \DirectCD\DirectCD.exe"" ["Roxio"]
                        "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
                        "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"
                        ["Apple Computer, Inc."]
                        "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
                        "vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
                        "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

                        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                        {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from
                        CLSID]
                        -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0
                        \Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]

                        HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                        "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                        wyświetlania"
                        -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
                        "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                        -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
                        ["Hilgraeve, Inc."]
                        • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 31.10.05, 12:50
                          Jeszcze raz... :-/

                          "Silent Runners.vbs", revision 41, www.silentrunners.org/
                          Operating System: Windows XP SP2
                          Output limited to non-default values, except where indicated by "{++}"


                          Startup items buried in registry:
                          ---------------------------------

                          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                          "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
                          "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                          "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
                          "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5
                          \DirectCD\DirectCD.exe"" ["Roxio"]
                          "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
                          "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"
                          ["Apple Computer, Inc."]
                          "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
                          "vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
                          "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                          {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from
                          CLSID]
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0
                          \Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                          "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                          wyświetlania"
                          -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
                          "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                          -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
                          ["Hilgraeve, Inc."]
                          "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
                          Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
                          "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon
                          Handler"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
                          Office\Office10\OLKFSTUB.DLL" [MS]
                          "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
                          Office\Office10\msohev.dll" [MS]
                          "{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1
                          \DirectCD\Shellex.dll" ["Roxio"]
                          "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                          [null data]
                          "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]
                          "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]
                          "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]
                          "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]
                          "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
                          -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
                          "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
                          -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
                          INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft
                          AntiSpyware Service Hook"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
                          AntiSpyware\shellextension.dll" [MS]

                          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
                          INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [null
                          data]

                          HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                          LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
                          Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                          [null data]
                          WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]

                          HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                          [null data]
                          WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]

                          HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
                          LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec
                          Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
                          WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                          [null data]
                          WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
                          -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
                          ["WinZip Computing, Inc."]


                          Active Desktop and Wallpaper:
                          -----------------------------

                          Active Desktop is disabled at this entry:
                          HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

                          HKCU\Control Panel\Desktop\
                          "Wallpaper" = "C:\Documents and Settings\Burza\Ustawienia lokalne\Dane
                          aplikacji\Microsoft\Wallpaper1.bmp"


                          Startup items in "Burza" & "All Users" startup folders:
                          -------------------------------------------------------

                          C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
                          "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10
                          \OSA.EXE -b -l" [MS]
                          "Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0
                          \Distillr\AcroTray.exe" ["Adobe Systems Inc."]
                          "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE"
                          ["WinZip Computing, Inc."]


                          Winsock2 Service Provider DLLs:
                          -------------------------------

                          Namespace Service Providers

                          HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
                          \Catalog_Entries\ {++}
                          000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                          000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
                          000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

                          Transport Service Providers

                          HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
                          \Catalog_Entries\ {++}
                          0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                          %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
                          %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


                          Toolbars, Explorer Bars, Extensions:
                          ------------------------------------

                          Extensions (Tools menu items, main toolbar menu buttons)

                          HKLM\Software\Microsoft\Internet Explorer\Extensions\
                          {FB5F1910-F110-11D2-BB9E-00C04F795683}\
                          "ButtonText" = "Messenger"
                          "MenuText" = "Windows Messenger"
                          "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


                          Running Services (Display Name, Service Name, Path {Service DLL}):
                          ------------------------------------------------------------------

                          DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec
                          Corporation"]
                          HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k
                          • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 31.10.05, 13:10
                            Doklej w nastepnym poscie koncowke bo w jednym sie caly nie zmiesci, a to co
                            jest wyglada ok wiec pewnie teszta tez jest ok.


                            • Gość: Burzaa Re: Czy w z mojego loga wynikają moje problemy ? IP: *.aster.pl / *.aster.pl 31.10.05, 14:09
                              Jest i końcówka ! Dzięki...

                              Toolbars, Explorer Bars, Extensions:
                              ------------------------------------

                              Extensions (Tools menu items, main toolbar menu buttons)

                              HKLM\Software\Microsoft\Internet Explorer\Extensions\
                              {FB5F1910-F110-11D2-BB9E-00C04F795683}\
                              "ButtonText" = "Messenger"
                              "MenuText" = "Windows Messenger"
                              "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


                              Running Services (Display Name, Service Name, Path {Service DLL}):
                              ------------------------------------------------------------------

                              DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec
                              Corporation"]
                              HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter"
                              {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
                              Klient Symantec AntiVirus, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1
                              \SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
                              Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft
                              Shared\VS7Debug\mdm.exe"" [MS]
                              NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA
                              Corporation"]
                              Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


                              Print Monitors:
                              ---------------

                              HKLM\System\CurrentControlSet\Control\Print\Monitors\
                              PDF Port\Driver = "C:\WINDOWS\System32\pdfports.dll" ["Adobe Systems
                              Incorporated."]


                              ----------
                              + This report excludes default entries except where indicated.
                              + To see *everywhere* the script checks and *everything* it finds,
                              launch it from a command prompt or a shortcut with the -all parameter.
                              + The search for DESKTOP.INI DLL launch points on all local fixed drives
                              took 57 seconds.
                              + The search for all Registry CLSIDs containing dormant Explorer Bars
                              took 26 seconds.
                              --------
                              • Gość: Kolobos Re: Czy w z mojego loga wynikają moje problemy ? IP: *.warszawa.sdi.tpnet.pl 31.10.05, 17:07
                                Wszystko jest ok, wiec powodem zapewne jest jakis program jak juz pisalem,
                                probowalas wszystko powylaczac/odinstalowac? :>
Pełna wersja