Witam, mam duzy problem. Jestem uzytkownikiem liveboxa z neostrada 2mb. W trakcie dnia moj internet chodzi tak ze nie da sie z niego korzystac! Strony wczytuja sie nawet minutami… Nie wiem od czego moze to byc, jestem swiezo po formacie a problem i tak wystepuje… Prosze o pomoc…
Serwery prawdopodobnie są obciążone. Zadzwoń do TP i ponarzekaj trochę, to może coś z tym zrobią.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM…\Run: [setPoint] “C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE”
O4 - HKLM…\Run: [MMTray] “C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe”
O4 - HKLM…\Run: [ccApp] “C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe”
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU…\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU…\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [bitTorrent] “C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
i z silenta:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows Vista RC1
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Sidebar” = “C:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS]
“WindowsWelcomeCenter” = “rundll32.exe oobefldr.dll,ShowWelcomeCenter” [MS]
“LDM” = “C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [“Logitech”]
“(Default)” = “(empty string)” [file not found]
“StartCCC” = “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [null data]
“Gadu-Gadu” = ““C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“BitTorrent” = ““C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found]
“eMuleAutoStart” = “C:\Program Files (x86)\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Windows Defender” = “C:\Program Files\Windows Defender\MSASCui.exe -hide”
“(Default)” = “(empty string)” [file not found]
“Launch LGDCore” = ““C:\Program Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE” [“Logitech Inc.”]
“Launch LCDMon” = ““C:\Program Files\Logitech\G-series Software\LCDMon.exe”” [“Logitech Inc.”]
“Kernel and Hardware Abstraction Layer” = “KHALMNPR.EXE” [“Logitech Inc.”]
“RtHDVCpl” = “RAVCpl64.exe” [“Realtek Semiconductor”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{E7DE9B1A-7533-4556-9484-B26FB486475E}” = (no title provided)
-> {HKLM…CLSID} = “Network Map”
\InProcServer32(Default) = “C:\Windows\system32\shdocvw.dll” [MS]
“{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}” = “IGD Property Sheet Handler”
-> {HKLM…CLSID} = “IGD Property Page”
\InProcServer32(Default) = “C:\Windows\System32\icsigd.dll” [MS]
“{8856f961-340a-11d0-a96b-00c04fd705a2}” = “Microsoft Web Browser”
-> {HKLM…CLSID} = “Microsoft Web Browser”
\InProcServer32(Default) = “C:\Windows\system32\ieframe.dll” [MS]
“{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}” = “MSHTML Document”
-> {HKLM…CLSID} = “MHTML Document”
\InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS]
“{25336920-03f9-11cf-8fd0-00aa00686f13}” = “HTML Document”
-> {HKLM…CLSID} = “HTML Document”
\InProcServer32(Default) = “C:\Windows\system32\mshtml.dll” [MS]
“{74246bfc-4c96-11d0-abef-0020af6b0b7a}” = “Device Manager”
-> {HKLM…CLSID} = “Device Manager”
\InProcServer32(Default) = “C:\Windows\System32\devmgr.dll” [MS]
“{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}” = “MyDocuments menu and properties”
-> {HKLM…CLSID} = “MyDocuments menu and properties”
\InProcServer32(Default) = “C:\Windows\system32\mydocs.dll” [MS]
“{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}” = “Common Places Folder”
-> {HKLM…CLSID} = “Common Places FS Folder”
\InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS]
“{865e5e76-ad83-4dca-a109-50dc2113ce9a}” = “Programs Folder and Fast Items”
-> {HKLM…CLSID} = “Programs Folder and Fast Items”
\InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS]
“{21ec2020-3aea-1069-a2dd-08002b30309d}” = “Control Panel”
-> {HKLM…CLSID} = “Control Panel”
\InProcServer32(Default) = “shell32.dll” [MS]
“{25585dc7-4da0-438d-ad04-e42c8d2d64b9}” = “Client application shell extension”
-> {HKLM…CLSID} = “Client application shell extension”
\InProcServer32(Default) = “C:\Windows\system32\shell32.dll” [MS]
“{4d5c8c2a-d075-11d0-b416-00c04fb90376}” = “Microsoft CommBand”
-> {HKLM…CLSID} = “Microsoft CommBand”
\InProcServer32(Default) = “C:\Windows\system32\browseui.dll” [MS]
“{92337A8C-E11D-11D0-BE48-00C04FC30DF6}” = “OlePrn.PrinterURL”
-> {HKLM…CLSID} = “prturl Class”
\InProcServer32(Default) = “C:\Windows\system32\oleprn.dll” [MS]
“{16C2C29D-0E5F-45f3-A445-03E03F587B7D}” = “group_wab_auto_file”
-> {HKLM…CLSID} = “.group shell context menu”
\InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS]
“{CF67796C-F57F-45F8-92FB-AD698826C602}” = “contact_wab_auto_file”
-> {HKLM…CLSID} = “.contact shell context menu”
\InProcServer32(Default) = “C:\Program Files\Common Files\System\wab32.dll” [MS]
“{90b9bce2-b6db-4fd3-8451-35917ea1081b}” = “Search Execute Command”
-> {HKLM…CLSID} = “CLSID_SearchExecute”
\InProcServer32(Default) = “ExplorerFrame.dll” [MS]
“{1a184871-359e-4f67-aad9-5b9905d62232}” = “Microsoft Windows Font File Context Menu Handler”
-> {HKLM…CLSID} = “Microsoft Windows Font Context Menu Handler”
\InProcServer32(Default) = “fontext.dll” [MS]
“{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}” = “Microsoft Windows Font Previewer”
-> {HKLM…CLSID} = “Microsoft Windows Font Preview Handler”
\InProcServer32(Default) = “fontext.dll” [MS]
“{BC65FB43-1958-4349-971A-210290480130}” = “Network Explorer Property Sheet Handler”
-> {HKLM…CLSID} = “Ncd Property Page”
\InProcServer32(Default) = “C:\Windows\System32\NcdProp.dll” [MS]
“{0a4286ea-e355-44fb-8086-af3df7645bd9}” = “Windows Media Player”
-> {HKLM…CLSID} = “&Windows Media Player”
\InProcServer32(Default) = “C:\PROGRA~1\WI4EB4~1\wmpband.dll” [MS]
“{BB6B2374-3D79-41DB-87F4-896C91846510}” = “EMDFileProperties”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “emdmgmt.dll” [MS]
“{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}” = “Sync Center Simple Conflict Presenter”
-> {HKLM…CLSID} = “Simple Conflict Presenter”
\InProcServer32(Default) = “C:\Windows\System32\SyncCenter.dll” [MS]
“{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}” = (no title provided)
-> {HKLM…CLSID} = “Windows Anytime Upgrade”
\InProcServer32(Default) = “C:\Windows\System32\shdocvw.dll” [MS]
“{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}” = “PhotoAcqDropTarget”
-> {HKLM…CLSID} = “PhotoAcqDropTarget”
\InProcServer32(Default) = “C:\Program Files\Windows Photo Gallery\PhotoAcq.dll” [MS]
“{91ADC906-6722-4B05-A12B-471ADDCCE132}” = “Touch Band”
-> {HKLM…CLSID} = “Touch Pointer”
\InProcServer32(Default) = “C:\Windows\System32\TouchX.dll” [MS]
“{7D4734E6-047E-41e2-AEAA-E763B4739DC4}” = “Windows Media Player Play as Playlist Context Menu Handler”
-> {HKLM…CLSID} = “WMP Play Folder As Playlist Launcher”
\InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS]
“{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}” = “GameUX.RichGameMediaThumbnail”
-> {HKLM…CLSID} = “RichGameMediaThumbnail Class”
\InProcServer32(Default) = “C:\Windows\System32\gameux.dll” [MS]
“{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}” = “Tablet PC Input Panel”
-> {HKLM…CLSID} = “Tablet PC Input Panel”
\InProcServer32(Default) = “C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll” [MS]
“{6b9228da-9c15-419e-856c-19e768a13bdc}” = “Windows gadget DropTarget”
-> {HKLM…CLSID} = “Windows gadget DropTarget”
\InProcServer32(Default) = “C:\Program Files\Windows Sidebar\sbdrop.dll” [MS]
“{8A734961-C4AA-4741-AC1E-791ACEBF5B39}” = “Windows Media Player Shop Music Context Menu Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Windows\system32\wmpshell.dll” [MS]
“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”
-> {HKLM…CLSID} = “SimpleShlExt Class”
\InProcServer32(Default) = “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll” [empty string]
“{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}” = “Logitech Setpoint Extension”
-> {HKLM…CLSID} = “KbLogiExt Class”
\InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\kbcplext.dll” [“Logitech Inc.”]
“{B9B9F083-2B04-452A-8691-83694AC1037B}” = “Logitech Setpoint Extension”
-> {HKLM…CLSID} = “LogiExt Class”
\InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\mcplext.dll” [“Logitech Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
Default executables:
<> HKLM\Software\Classes\htafile\shell\open\command(Default) = “C:\Windows\SysWOW64\mshta.exe “%1” %*” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NoActiveDesktop” = (REG_DWORD) hex:0x00000001
{unrecognized setting}
“NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000001
{unrecognized setting}
“ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“ConsentPromptBehaviorAdmin” = (REG_DWORD) hex:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
“ConsentPromptBehaviorUser” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
“EnableInstallerDetection” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
“EnableLUA” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
“EnableSecureUIAPaths” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
“EnableVirtualization” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
“PromptOnSecureDesktop” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
“FilterAdministratorToken” = (REG_DWORD) hex:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\Windows\Web\Wallpaper\img34.jpg”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Users\Gelo\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\Windows\system32\logon.scr” [MS]
Startup items in “Gelo” & “All Users” startup folders:
C:\Users\Gelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
“CCC” -> shortcut to: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” [null data]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]
“Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [“Adobe Systems Incorporated”]
“Logitech Desktop Messenger” -> shortcut to: “C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start” [“Logitech”]
“Logitech SetPoint” -> shortcut to: “C:\Program Files\Logitech\SetPoint\SetPoint.exe” [“Logitech Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS]
000000000005\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000006\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
HOSTS file
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati External Event Utility, Ati External Event Utility, “C:\Windows\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
Dostęp do urządzeń interfejsu HID, hidserv, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\hidserv.dll” [MS]}
Dziennik zdarzeń systemu Windows, Eventlog, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)}
Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ““C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe”” [“Symantec Corporation”]
Pomoc IP, iphlpsvc, “C:\Windows\System32\svchost.exe -k NetSvcs” {(missing data)}
Pomoc TCP/IP NetBIOS, lmhosts, “C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted” {(missing data)}
Przeglądarka komputera, Browser, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\browser.dll” [MS]}
Symantec AppCore Service, SymAppCore, ““C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe”” [“Symantec Corporation”]
Symantec Core LC, Symantec Core LC, ““C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”]
Symantec Event Manager, ccEvtMgr, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]
Symantec Lic NetConnect service, CLTNetCnService, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h cltCommon” [“Symantec Corporation”]
Symantec Settings Manager, ccSetMgr, ““C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon” [“Symantec Corporation”]
Usługa interfejsu magazynu sieciowego, nsi, “C:\Windows\system32\svchost.exe -k LocalService” {(missing data)}
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]}
Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]}
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 43 seconds, including 5 seconds for message boxes)
Gelo112 , a może byś dał tak kompletnego loga? :?
Logfile of HijackThis v1.99.1
Scan saved at 15:22:43, on 2007-02-25
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Running processes:
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files (x86)\Logitech\SetPoint\KEM.exe
C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Gadu-Gadu\gg.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9b.exe
C:\Users\Gelo\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM…\Run: [setPoint] “C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE”
O4 - HKLM…\Run: [MMTray] “C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe”
O4 - HKLM…\Run: [ccApp] “C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe”
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU…\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU…\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [bitTorrent] “C:\Program Files (x86)\BitTorrent\bittorrent.exe” --force_start_minimized
O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
a moze po prostu pokasuj rejestry z neostrady i bedzie szybciej chodzila…
moze masz wlaczony ogrom programow…roznie to moze byc
Krzychuu jak już namawiasz do loga , to może byś go tak łaskawie sprawdził? :-s
W logu okej.
Start=Uruchom=Msconfig=Uruchamianie=Odznacz te wpisy.
W trybie awaryjnym usun wpisy HJT a folder i pliki ręcznie
Sam plik userinit jest OK, nie usuwaj go, tylko wpis z Hijacka można usunąć kosmetycznie.
Daruj sobie proszę
Złączono Posta : 29 Marzec 2007, 21:12:58
Sam plik userinit jest OK, nie usuwaj go, tylko wpis z Hijacka można usunąć kosmetycznie.
Daruj sobie proszę
Gelo112 proszę objąć log w tagi CODE - jeśli nie wiesz jak zrobić, masz opisane w ważnym temacie w dziale Bezpieczeństwo u góry.