Startup Programs (PIOTRU¦) 2007-05-23 13.46.36.txt

Strasznie Duże Obci±zenie Procesora !

Wydaje mi sie ze to przez procesor ale sam nie wiem... Usunolem te które mowiles a teraz daje w zalaczniku to o co prosiles


" Silent Runners.vbs " , revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by " {++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [MS]
" MsnMsgr " = " " C:\Program Files\MSN Messenger\MsnMsgr.Exe " /background " [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
" SpeedTouch USB Diagnostics " = " " C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe " /icon " [ " THOMSON multimedia " ]
" ATIModeChange " = " Ati2mdxx.exe " [ " ATI Technologies, Inc. " ]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Adobe PDF Reader Link Helper "
\InProcServer32\(Default) = " C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll " [ " Adobe Systems Incorporated " ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Megaupload Toolbar "
\InProcServer32\(Default) = " C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL " [ " MegaUpload " ]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Windows Live Toolbar Helper "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " FlashFXP Helper for Internet Explorer "
\InProcServer32\(Default) = " C:\PROGRA~1\FlashFXP\IEFlash.dll " [ " IniCom Networks, Inc. " ]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
" {42071714-76d4-11d1-8b24-00a0c9068ff3} " = " Rozszerzenie CPL kadrowania wyświetlania "
- & gt; {HKLM...CLSID} = " Rozszerzenie CPL kadrowania wyświetlania "
\InProcServer32\(Default) = " deskpan.dll " [file not found]
" {88895560-9AA2-1069-930E-00AA0030EBC8} " = " Rozszerzenie ikony HyperTerminalu "
- & gt; {HKLM...CLSID} = " HyperTerminal Icon Ext "
\InProcServer32\(Default) = " C:\WINDOWS\system32\hticons.dll " [ " Hilgraeve, Inc. " ]
" {B41DB860-8EE4-11D2-9906-E49FADC173CA} " = " WinRAR shell extension "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
" {42042206-2D85-11D3-8CFF-005004838597} " = " Microsoft Office HTML Icon Handler "
- & gt; {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = " C:\Program Files\Microsoft Office\OFFICE11\msohev.dll " [MS]
" {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} " = " Messenger Sharing Folders "
- & gt; {HKLM...CLSID} = " Moje foldery udost?pniania "
\InProcServer32\(Default) = " C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll " [MS]
" {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} " = " NeroCoverEd Live Icons "
- & gt; {HKLM...CLSID} = " NeroCoverEdLiveIcons Class "
\InProcServer32\(Default) = " C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll " [ " Nero AG " ]
" {B327765E-D724-4347-8B16-78AE18552FC3} " = " NeroDigitalIconHandler "
- & gt; {HKLM...CLSID} = " NeroDigitalIconHandler Class "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll " [ " Nero AG " ]
" {7F1CF152-04F8-453A-B34C-E609530A9DC8} " = " NeroDigitalPropSheetHandler "
- & gt; {HKLM...CLSID} = " NeroDigitalPropSheetHandler Class "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll " [ " Nero AG " ]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
& lt; & lt; ! & gt; & gt; " {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} " = " Microsoft AntiMalware ShellExecuteHook "
- & gt; {HKLM...CLSID} = " Microsoft AntiMalware ShellExecuteHook "
\InProcServer32\(Default) = " C:\PROGRA~1\WIFD1F~1\MpShHook.dll " [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
" WPDShServiceObj " = " {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
- & gt; {HKLM...CLSID} = " WPDShServiceObj Class "
\InProcServer32\(Default) = " C:\WINDOWS\system32\WPDShServiceObj.dll " [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
& lt; & lt; ! & gt; & gt; text/xml\CLSID = " {807553E5-5146-11D5-A672-00B0D022E945} "
- & gt; {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = " C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL " [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = " NeroDigitalExt.NeroDigitalColumnHandler "
- & gt; {HKLM...CLSID} = " NeroDigitalColumnHandler Class "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll " [ " Nero AG " ]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = " PDF Column Info "
- & gt; {HKLM...CLSID} = " PDF Shell Extension "
\InProcServer32\(Default) = " C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll " [ " Adobe Systems, Inc. " ]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = " {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} "
- & gt; {HKLM...CLSID} = " NeroCoverEdContextMenu Class "
\InProcServer32\(Default) = " C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll " [ " Nero AG " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

" shutdownwithoutlogon " = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

" undockwithoutlogon " = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

" DisableTaskMgr " = (REG_DWORD) hex:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
" Wallpaper " = " C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
" Wallpaper " = " C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp "


Startup items in " Piotr " & " All Users " startup folders:
-------------------------------------------------------

C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart
" CiDial 2.3 " - & gt; shortcut to: " C:\Program Files\CiDial\CiDial.exe " [null data]


Enabled Scheduled Tasks:
------------------------

" MP Scheduled Scan " - & gt; launches: " C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges " [MS]
" Sprawdź aktualizacje paska narz?dzi Windows Live Toolbar " - & gt; launches: " C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE " [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]
000000000002\LibraryPath = " %SystemRoot%\System32\winrnr.dll " [MS]
000000000003\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
" {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "
- & gt; {HKLM...CLSID} = " Windows Live Toolbar "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]
" {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} "
- & gt; {HKLM...CLSID} = " Megaupload Toolbar "
\InProcServer32\(Default) = " C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL " [ " MegaUpload " ]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
" {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} " = (no title provided)
- & gt; {HKLM...CLSID} = " Windows Live Toolbar "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]
" {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} " = (no title provided)
- & gt; {HKLM...CLSID} = " Megaupload Toolbar "
\InProcServer32\(Default) = " C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL " [ " MegaUpload " ]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = " & Badanie "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = " C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL " [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
" ButtonText " = " Badanie "

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
" MenuText " = " @xpsp3res.dll,-20001 "
" Exec " = " %windir%\Network Diagnostic\xpnetdiag.exe " [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

LightScribeService Direct Disc Labeling Service, LightScribeService, " " C:\Program Files\Common Files\LightScribe\LSSrvc.exe " " [ " Hewlett-Packard Company " ]
NetLimiter, nlsvc, " " C:\Program Files\NetLimiter 2 Pro\nlsvc.exe " " [ " Locktime Software " ]
Us?uga Messenger Sharing Folders USN Journal Reader, usnjsvc, " " C:\Program Files\MSN Messenger\usnsvc.exe " " [MS]
Windows Defender, WinDefend, " " C:\Program Files\Windows Defender\MsMpEng.exe " " [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = " mdimon.dll " [MS]


----------
& lt; & lt; ! & gt; & gt; : Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer " No " at the
first message box and " Yes " at the second message box.
---------- (total run time: 38 seconds, including 7 seconds for message boxes)


Download file - link to post