Bardzo wolna neostrada

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam, mam duzy problem. Jestem uzytkownikiem liveboxa z neostrada 2mb. W trakcie dnia moj internet chodzi tak ze nie da sie z niego korzystac! Strony wczytuja sie nawet minutami… Nie wiem od czego moze to byc, jestem swiezo po formacie a problem i tak wystepuje… Prosze o pomoc…

#2

Serwery prawdopodobnie są obciążone. Zadzwoń do TP i ponarzekaj trochę, to może coś z tym zrobią.

#3

Gelo112

Wrzuć loga z HiJack This i Silent Runners. :slight_smile:

#4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM…\Run: [setPoint] “C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE”

O4 - HKLM…\Run: [MMTray] “C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe”

O4 - HKLM…\Run: [ccApp] “C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe”

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU…\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bitTorrent] “C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized

O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

i z silenta:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows Vista RC1

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Sidebar” = “C:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS]

“WindowsWelcomeCenter” = “rundll32.exe oobefldr.dll,ShowWelcomeCenter” [MS]

“LDM” = “C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [“Logitech”]

“(Default)” = “(empty string)” [file not found]

“StartCCC” = “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [null data]

“Gadu-Gadu” = ““C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]

“BitTorrent” = ““C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found]

“eMuleAutoStart” = “C:\Program Files (x86)\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Windows Defender” = “C:\Program Files\Windows Defender\MSASCui.exe -hide”

“(Default)” = “(empty string)” [file not found]

“Launch LGDCore” = ““C:\Program Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE” [“Logitech Inc.”]

“Launch LCDMon” = ““C:\Program Files\Logitech\G-series Software\LCDMon.exe”” [“Logitech Inc.”]

“Kernel and Hardware Abstraction Layer” = “KHALMNPR.EXE” [“Logitech Inc.”]

“RtHDVCpl” = “RAVCpl64.exe” [“Realtek Semiconductor”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{E7DE9B1A-7533-4556-9484-B26FB486475E}” = (no title provided)

-> {HKLM…CLSID} = “Network Map”

\InProcServer32(Default) = “C:\Windows\system32\shdocvw.dll” [MS]

“{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}” = “IGD Property Sheet Handler”

-> {HKLM…CLSID} = “IGD Property Page”

\InProcServer32(Default) = “C:\Windows\System32\icsigd.dll” [MS]

“{8856f961-340a-11d0-a96b-00c04fd705a2}” = “Microsoft Web Browser”

-> {HKLM…CLSID} = “Microsoft Web Browser”

\InProcServer32(Default) = “C:\Windows\system32\ieframe.dll” [MS]

“{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}” = “MSHTML Document”

-> {HKLM…CLSID} = “MHTML Document”

\InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS]

“{25336920-03f9-11cf-8fd0-00aa00686f13}” = “HTML Document”

-> {HKLM…CLSID} = “HTML Document”

\InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS]

“{74246bfc-4c96-11d0-abef-0020af6b0b7a}” = “Device Manager”

-> {HKLM…CLSID} = “Device Manager”

\InProcServer32(Default) = “C:\Windows\System32\devmgr.dll” [MS]

“{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}” = “MyDocuments menu and properties”

-> {HKLM…CLSID} = “MyDocuments menu and properties”

\InProcServer32(Default) = “C:\Windows\system32\mydocs.dll” [MS]

“{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}” = “Common Places Folder”

-> {HKLM…CLSID} = “Common Places FS Folder”

\InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS]

“{865e5e76-ad83-4dca-a109-50dc2113ce9a}” = “Programs Folder and Fast Items”

-> {HKLM…CLSID} = “Programs Folder and Fast Items”

\InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS]

“{21ec2020-3aea-1069-a2dd-08002b30309d}” = “Control Panel”

-> {HKLM…CLSID} = “Control Panel”

\InProcServer32(Default) = “shell32.dll” [MS]

“{25585dc7-4da0-438d-ad04-e42c8d2d64b9}” = “Client application shell extension”

-> {HKLM…CLSID} = “Client application shell extension”

\InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS]

“{4d5c8c2a-d075-11d0-b416-00c04fb90376}” = “Microsoft CommBand”

-> {HKLM…CLSID} = “Microsoft CommBand”

\InProcServer32(Default) = “C:\Windows\system32\browseui.dll” [MS]

“{92337A8C-E11D-11D0-BE48-00C04FC30DF6}” = “OlePrn.PrinterURL”

-> {HKLM…CLSID} = “prturl Class”

\InProcServer32(Default) = “C:\Windows\system32\oleprn.dll” [MS]

“{16C2C29D-0E5F-45f3-A445-03E03F587B7D}” = “group_wab_auto_file”

-> {HKLM…CLSID} = “.group shell context menu”

\InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS]

“{CF67796C-F57F-45F8-92FB-AD698826C602}” = “contact_wab_auto_file”

-> {HKLM…CLSID} = “.contact shell context menu”

\InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS]

“{90b9bce2-b6db-4fd3-8451-35917ea1081b}” = “Search Execute Command”

-> {HKLM…CLSID} = “CLSID_SearchExecute”

\InProcServer32(Default) = “ExplorerFrame.dll” [MS]

“{1a184871-359e-4f67-aad9-5b9905d62232}” = “Microsoft Windows Font File Context Menu Handler”

-> {HKLM…CLSID} = “Microsoft Windows Font Context Menu Handler”

\InProcServer32(Default) = “fontext.dll” [MS]

“{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}” = “Microsoft Windows Font Previewer”

-> {HKLM…CLSID} = “Microsoft Windows Font Preview Handler”

\InProcServer32(Default) = “fontext.dll” [MS]

“{BC65FB43-1958-4349-971A-210290480130}” = “Network Explorer Property Sheet Handler”

-> {HKLM…CLSID} = “Ncd Property Page”

\InProcServer32(Default) = “C:\Windows\System32\NcdProp.dll” [MS]

“{0a4286ea-e355-44fb-8086-af3df7645bd9}” = “Windows Media Player”

-> {HKLM…CLSID} = “&Windows Media Player”

\InProcServer32(Default) = “C:\PROGRA~1\WI4EB4~1\wmpband.dll” [MS]

“{BB6B2374-3D79-41DB-87F4-896C91846510}” = “EMDFileProperties”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “emdmgmt.dll” [MS]

“{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}” = “Sync Center Simple Conflict Presenter”

-> {HKLM…CLSID} = “Simple Conflict Presenter”

\InProcServer32(Default) = “C:\Windows\System32\SyncCenter.dll” [MS]

“{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}” = (no title provided)

-> {HKLM…CLSID} = “Windows Anytime Upgrade”

\InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS]

“{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}” = “PhotoAcqDropTarget”

-> {HKLM…CLSID} = “PhotoAcqDropTarget”

\InProcServer32(Default) = “C:\Program Files\Windows Photo Gallery\PhotoAcq.dll” [MS]

“{91ADC906-6722-4B05-A12B-471ADDCCE132}” = “Touch Band”

-> {HKLM…CLSID} = “Touch Pointer”

\InProcServer32(Default) = “C:\Windows\System32\TouchX.dll” [MS]

“{7D4734E6-047E-41e2-AEAA-E763B4739DC4}” = “Windows Media Player Play as Playlist Context Menu Handler”

-> {HKLM…CLSID} = “WMP Play Folder As Playlist Launcher”

\InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS]

“{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}” = “GameUX.RichGameMediaThumbnail”

-> {HKLM…CLSID} = “RichGameMediaThumbnail Class”

\InProcServer32(Default) = “C:\Windows\System32\gameux.dll” [MS]

“{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}” = “Tablet PC Input Panel”

-> {HKLM…CLSID} = “Tablet PC Input Panel”

\InProcServer32(Default) = “C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll” [MS]

“{6b9228da-9c15-419e-856c-19e768a13bdc}” = “Windows gadget DropTarget”

-> {HKLM…CLSID} = “Windows gadget DropTarget”

\InProcServer32(Default) = “C:\Program Files\Windows Sidebar\sbdrop.dll” [MS]

“{8A734961-C4AA-4741-AC1E-791ACEBF5B39}” = “Windows Media Player Shop Music Context Menu Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS]

“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”

-> {HKLM…CLSID} = “SimpleShlExt Class”

\InProcServer32(Default) = “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll” [empty string]

“{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}” = “Logitech Setpoint Extension”

-> {HKLM…CLSID} = “KbLogiExt Class”

\InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\kbcplext.dll” [“Logitech Inc.”]

“{B9B9F083-2B04-452A-8691-83694AC1037B}” = “Logitech Setpoint Extension”

-> {HKLM…CLSID} = “LogiExt Class”

\InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\mcplext.dll” [“Logitech Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]

Default executables:

<> HKLM\Software\Classes\htafile\shell\open\command(Default) = “C:\Windows\SysWOW64\mshta.exe “%1” %*” [MS]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“NoActiveDesktop” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“ConsentPromptBehaviorAdmin” = (REG_DWORD) hex:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

“ConsentPromptBehaviorUser” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

“EnableInstallerDetection” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

“EnableLUA” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

“EnableSecureUIAPaths” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

“EnableVirtualization” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

“PromptOnSecureDesktop” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Conrol: Switch to the secure desktop when prompting for elevation}

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

“FilterAdministratorToken” = (REG_DWORD) hex:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\Windows\Web\Wallpaper\img34.jpg”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Users\Gelo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\Windows\system32\logon.scr” [MS]

Startup items in “Gelo” & “All Users” startup folders:

C:\Users\Gelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

“CCC” -> shortcut to: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” [null data]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]

“Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [“Adobe Systems Incorporated”]

“Logitech Desktop Messenger” -> shortcut to: “C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start” [“Logitech”]

“Logitech SetPoint” -> shortcut to: “C:\Program Files\Logitech\SetPoint\SetPoint.exe” [“Logitech Inc.”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS]

000000000004\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS]

000000000005\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]

000000000006\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HOSTS file

C:\Windows\System32\drivers\etc\HOSTS

maps: 2 domain names to IP addresses,

1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati External Event Utility, Ati External Event Utility, “C:\Windows\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]

Dostęp do urządzeń interfejsu HID, hidserv, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\hidserv.dll” [MS]}

Dziennik zdarzeń systemu Windows, Eventlog, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)}

Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”]

Pomoc IP, iphlpsvc, “C:\Windows\System32\svchost.exe -k NetSvcs” {(missing data)}

Pomoc TCP/IP NetBIOS, lmhosts, “C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)}

Przeglądarka komputera, Browser, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\browser.dll” [MS]}

Symantec AppCore Service, SymAppCore, ““C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe”” [“Symantec Corporation”]

Symantec Core LC, Symantec Core LC, ““C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”]

Symantec Event Manager, ccEvtMgr, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]

Symantec Lic NetConnect service, CLTNetCnService, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h cltCommon” [“Symantec Corporation”]

Symantec Settings Manager, ccSetMgr, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]

Usługa interfejsu magazynu sieciowego, nsi, “C:\Windows\system32\svchost.exe -k LocalService” {(missing data)}

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]}

Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]}

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 43 seconds, including 5 seconds for message boxes)

#5

Gelo112 , a może byś dał tak kompletnego loga? :?

#6

Logfile of HijackThis v1.99.1

Scan saved at 15:22:43, on 2007-02-25

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:

C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Program Files (x86)\Logitech\SetPoint\KEM.exe

C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Internet Explorer\ieuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Gadu-Gadu\gg.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil9b.exe

C:\Users\Gelo\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM…\Run: [setPoint] “C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE”

O4 - HKLM…\Run: [MMTray] “C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe”

O4 - HKLM…\Run: [ccApp] “C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe”

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU…\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bitTorrent] “C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized

O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#7

a moze po prostu pokasuj rejestry z neostrady i bedzie szybciej chodzila… !!

moze masz wlaczony ogrom programow…roznie to moze byc

#8

Krzychuu jak już namawiasz do loga , to może byś go tak łaskawie sprawdził? :-s

W logu okej.

Start=Uruchom=Msconfig=Uruchamianie=Odznacz te wpisy.

W trybie awaryjnym usun wpisy HJT a folder i pliki ręcznie

#9

Sam plik userinit jest OK, nie usuwaj go, tylko wpis z Hijacka można usunąć kosmetycznie.

Daruj sobie proszę

Złączono Posta : 29 Marzec 2007, 21:12:58

Sam plik userinit jest OK, nie usuwaj go, tylko wpis z Hijacka można usunąć kosmetycznie.

Daruj sobie proszę

Gelo112 proszę objąć log w tagi CODE - jeśli nie wiesz jak zrobić, masz opisane w ważnym temacie w dziale Bezpieczeństwo u góry.