Marmot Opublikowano 14 Sierpnia 2008 Udostępnij Opublikowano 14 Sierpnia 2008 Witam. Ostatnio mam pewien problem ze swoim systemem. Mianowicie, co jakiś czas, zazwyczaj co godzinę, z niewiadomych przyczyn zapycha mi się całkowicie łącze uploadu. Trwa to jakąś minutę - dwie i później jest wszystko dobrze. Bardzo mi to uprzykrza życie, szczególnie, że lubię grać online i to wyjątkowo przeszkadza w takich rozgrywkach. Nie jest to na 99% wina łącza internetowego, ponieważ sprawdzałem na drugim systemie wgranym na komputerze i nie dzieje się tam nic takiego. Sprawdziłem system antywirusem (AVG Free) ale nic nie znalazł. HiJackThis raczej też nic podejrzanego nie znalazł, o to log z niego: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:52:37, on 2008-08-14 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe D:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe D:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe D:\PROGRA~1\AVG\AVG8\avgtray.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\Program Files\FlashGet\flashget.exe D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe D:\program files\steam\steam.exe D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe D:\Program Files\Portrait Displays\Pivot Software\floater.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Picasa2\PicasaMediaDetector.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe D:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe D:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN D:\Program Files\Styler\Styler.exe D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\WINDOWS\System32\svchost.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\TC UP\totalcmd.exe D:\Program Files\foobar2000\foobar2000.exe D:\Program Files\Last.fm\LastFM.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - D:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DT HWP] D:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [PivotSoftware] "D:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [steam] "d:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.3.lnk = D:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe O4 - Startup: Styler.lnk = ? O4 - Startup: YouTube Uploader.lnk = D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - D:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 8819 bytes Internetowa analiza Hijacka wyrzuciła mi tylko podejrzenia związane z GoogleUpdate, YouTubeUploader, oraz parę z innymi programami, ale to tylko przez to, że zamiast c:\programme, miał d:\program files ;p . Wie ktoś może jak rozwiązać ten problem? Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Harv Opublikowano 14 Sierpnia 2008 Udostępnij Opublikowano 14 Sierpnia 2008 Raczej w tym logu nic nie ma. Spróbuj skontaktowac sie tymi, od których masz sieć. Niech przyjdzie serwisant i spróbuje naprawic. Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Marmot Opublikowano 14 Sierpnia 2008 Autor Udostępnij Opublikowano 14 Sierpnia 2008 Sprawdzałem, wina internetu raczej to nie jest, bo jak pisałem, sprawdzałem na drugim systemie i tam czegoś takiego nie było. Moim zdaniem, siedzi jakiś syf w systemie i wysyła pewnie jakieś pakiety, możliwe, że jakiś botnet, ale szczerze mówiąc, nic w tym logu nie widzę, tak samo przeglądając procesy nic nie widzę ;p . Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Harv Opublikowano 14 Sierpnia 2008 Udostępnij Opublikowano 14 Sierpnia 2008 Daj loga z Silent Runnersa O4 - HKLM\..\Run: [nwiz] nwiz.exe /install wywal to plax jesli nie masz NVIDII to to moze być problem Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Marmot Opublikowano 14 Sierpnia 2008 Autor Udostępnij Opublikowano 14 Sierpnia 2008 Również nie widzę nic podejrzanego, ale może ktoś zauważy. "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Steam" = ""d:\program files\steam\steam.exe" -silent" ["Valve Corporation"] "LightScribe Control Panel" = "D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"] "Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Picasa Media Detector" = "D:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "DAEMON Tools Lite" = ""D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] "Google Update" = ""D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "DT HWP" = "D:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder" ["Portrait Displays, Inc"] "PivotSoftware" = ""D:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"" ["Portrait Displays, Inc."] "AVG8_TRAY" = "D:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."] "EPSON Stylus DX4800 Series" = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"" ["SEIKO EPSON CORPORATION"] "RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "NeroFilterCheck" = "D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "Flashget" = "D:\Program Files\FlashGet\flashget.exe /min" ["FlashGet.com"] "BootSkin Startup Jobs" = ""D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs" [empty string] "Adobe Reader Speed Launcher" = ""D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "D:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter" -> {HKLM...CLSID} = "AVG Safe Search" \InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] {ADECBED6-0366-4377-A739-E69DFBA04663}\(Default) = (no title provided) -> {HKLM...CLSID} = "Catcher Class" \InProcServer32\(Default) = "D:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll" ["Moyea Software Co., Ltd."] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "D:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{544F5441-4C43-4D44-5550-5348454C4C00}" = "TCUP: Shell Extention" -> {HKLM...CLSID} = "TCUP: Shell Extention" \InProcServer32\(Default) = "D:\PROGRA~1\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL" [null data] "{654D0431-C930-43C4-B8DA-9AA01BA5B486}" = "PDI GUI Engine COM Obj" -> {HKLM...CLSID} = "PDI GUI Engine COM Obj" \InProcServer32\(Default) = "D:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll" ["Portrait Displays, Inc"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."] TCUPShellExt\(Default) = "{544F5441-4C43-4D44-5550-5348454C4C00}" -> {HKLM...CLSID} = "TCUP: Shell Extention" \InProcServer32\(Default) = "D:\PROGRA~1\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Convert\(Default) = "{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Program Files\Microsoft DirectX SDK (August 2007)\Utilities\Bin\x86\TxView.DLL" [MS] TCUPShellExt\(Default) = "{544F5441-4C43-4D44-5550-5348454C4C00}" -> {HKLM...CLSID} = "TCUP: Shell Extention" \InProcServer32\(Default) = "D:\PROGRA~1\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG8 Shell Extension Class" \InProcServer32\(Default) = "D:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "D:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "D:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""D:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] PDVDPlayDVDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa2" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "D:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."] TC UP\ "Provider" = "Total Commander Ultima Prime" "InvokeProgID" = "TC UP\AutoPlay" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\TC UP\AutoPlay\shell\open\command\(Default) = "D:\Program Files\TC UP\TC UP.exe /O /T /L="%1"" [null data] Startup items in "Tomek" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\Tomek\Menu Start\Programy\Autostart "OpenOffice.org 2.0.3" -> shortcut to: "D:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe" [null data] "Styler" -> shortcut to: "D:\Documents and Settings\Tomek\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe" [null data] "YouTube Uploader" -> shortcut to: "D:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe" ["YouTube, LLC"] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "BlueSoleil" -> shortcut to: "D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] "{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = (no title provided) -> {HKLM...CLSID} = "StylerToolBar" \InProcServer32\(Default) = "D:\Program Files\Styler\TB\StylerTB.dll" ["StyleFantasist"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "D:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG8 E-mail Scanner, avg8emc, "D:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."] AVG8 WatchDog, avg8wd, "D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."] BlueSoleil Hid Service, BlueSoleil Hid Service, "D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] LightScribeService Direct Disc Labeling Service, LightScribeService, ""D:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "D:\WINDOWS\system32\PnkBstrA.exe" [null data] Portrait Displays Display Tune Service, DTSRVC, "D:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe" [null data] SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, ""D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS" [MS] SQL Server VSS Writer, SQLWriter, ""D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"" [MS] Sunbelt Personal Firewall 4, SPF4, ""D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"] Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus DX4800 Series 2KMonitor5E\Driver = "E_FLMADE.DLL" ["SEIKO EPSON CORPORATION"] ---------- (launch time: 2008-08-14 23:29:51) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 61 seconds, including 8 seconds for message boxes) Poza tym, mam nVidię (FX 5200 <3 ). Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Filar Społeczności Ranmus Opublikowano 15 Sierpnia 2008 Filar Społeczności Udostępnij Opublikowano 15 Sierpnia 2008 Zainstaluj program pokroju Netlimiter (sam go używam), będacyfirewallem i limiterem łącza dla poszczególnych aplikacji i procesów, a następnie sprawdź co zużywa upload. Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Marmot Opublikowano 15 Sierpnia 2008 Autor Udostępnij Opublikowano 15 Sierpnia 2008 Więc tak, popatrzyłem trochę i takie rzeczy zauważyłem: - Flashget co jakiś czas (coś koło godziny) wysyła jakąś sporą ilość informacji, jednak jest to 2kB/s, więc nie powinno to blokować. - Last.FM - wiadomo, podczas scrobblowania zajmuje łącze (ok. 4kB/s zajmuje na chwilę), ale to raczej nie to, bo mam last.fm od dłuższego czasu i nagle teraz by zaczął łącze zapychać? - Firefox po wyłączeniu wciąż siedzi w pamięci i od czasu do czasu pobiera i wysyła jakieś informacje. Też wątpię, że to to, bo bardzo często grałem przy włączonej przeglądarce i jedyne co się działo to ścinająca się gra, jak miałem stronę z elementami flasha otwartą. Na inne procesy, jak Steam, które zajmują co 5 sekund 11B/s, to nawet uwagi nie zwracałem ;p . Jest w NetLimiterze 2 gdzieś opcja, żeby wszystko zapisywał do jakiegoś pliku? Bo sprawdziłbym grając, bo możliwe, że coś od gry mi zapycha łącze, a zanim przełączyłbym alt+tabem, to wieki miną przy moim komputerze... Odnośnik do komentarza Udostępnij na innych stronach Więcej opcji udostępniania...
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się