Proszę o pomoc w rozszyfrowaniu logu i sprawdzeniu czy nie mam jakiegoś syfu iż net zaczął zwalniać i ping szaleje od 400 do 900 :? oto link do logu http://www.wklejto.pl/39286
bednarpl ,
Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, mówiący o problemie.
Proszę poprawić pisownię w opisie problemu. W celu edycji swojego posta proszę skorzystać z przycisku Edytuj przy poście otwierającym temat.
Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.
Log źle wklejony - brak ukośników ** - co utrudnia jego analizę.
Nie wklejasz loga poprzez Przeglądaj… , tylko ręcznie kopiujesz jego zawartość w pole do wklejania tekstu.
W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkanaście minut) -> po skanie Kopiuj.
podaje jeszcze raz log z hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:40, on 2009-07-27
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
D:\programy\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Registry Defender\RegistryDefender.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [skyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [LCheck] C:\Program Files\Beniamin\LCheck.exe /check
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU…\Run: [Gadu-Gadu] “D:\programy\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: RegistryDefender.lnk = C:\Program Files\Registry Defender\RegistryDefender.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{7D68268A-1FA5-459D-AA22-146EF08370E0}: NameServer = 193.151.52.38,193.151.52.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
–
End of file - 6141 bytes
– Dodane 28.07.2009 (Wt) 10:26 –
a tutaj proszę log z OTL:
OTL logfile created on: 2009-07-27 23:15:57 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Artur\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
511,36 Mb Total Physical Memory | 261,23 Mb Available Physical Memory | 51,09% Memory free
1,22 Gb Paging File | 0,81 Gb Available in Paging File | 66,40% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 14,21 Gb Free Space | 72,76% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 10,46 Gb Free Space | 19,03% Space Free | Partition Type: NTFS
Drive E: | 689,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ARTUR-5A7788A18
Current User Name: Artur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2005-08-31 04:36:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007-02-06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) – c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
PRC - [2005-08-31 04:36:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE
PRC - [2005-08-30 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) – C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006-05-18 08:27:06 | 16,207,872 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.EXE
PRC - [2007-02-08 01:12:48 | 00,488,984 | ---- | M] (Logitech Inc.) – C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007-02-08 01:13:48 | 00,774,168 | ---- | M] () – C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2009-07-19 14:47:05 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007-02-06 17:43:26 | 00,252,704 | ---- | M] (Logitech Inc.) – C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) – D:\programy\Gadu-Gadu\gg.exe
PRC - [2007-03-30 13:34:08 | 25,263,144 | ---- | M] (Skype Technologies S.A.) – C:\Program Files\Skype\Phone\Skype.exe
PRC - [2007-03-12 14:03:30 | 00,149,040 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-04-03 11:47:44 | 02,416,640 | ---- | M] (Angle Interactive) – C:\Program Files\Registry Defender\RegistryDefender.exe
PRC - [2009-07-19 14:47:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wscntfy.exe
PRC - [2007-03-12 14:03:48 | 00,271,920 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007-03-12 14:03:52 | 00,910,896 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-02-08 01:12:20 | 00,230,936 | ---- | M] (Logitech Inc.) – C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007-03-30 13:22:04 | 01,914,824 | R— | M] (Skype Technologies) – C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2007-08-09 12:21:56 | 00,079,360 | ---- | M] (Opera Software) – C:\Program Files\Opera\Opera.exe
PRC - [2009-07-27 23:12:00 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Artur\Pulpit\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2003-02-20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe – (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-31 04:36:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe – (Ati HotKey Poller [Auto | Running])
SRV - [2005-08-30 21:05:00 | 00,516,096 | ---- | M] () – C:\WINDOWS\System32\ati2sgag.exe – (ATI Smart [Auto | Stopped])
SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])
SRV - [2008-04-15 00:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\irmon.dll – (Irmon [Auto | Running])
SRV - [2009-07-19 14:47:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService [Auto | Running])
SRV - [2007-02-06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) – c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe – (LVPrcSrv [Auto | Running])
SRV - [2007-02-06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) – C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe – (LVSrvLauncher [Auto | Stopped])
SRV - [2007-03-12 14:03:48 | 00,271,920 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – (NMIndexingService [On_Demand | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose [On_Demand | Stopped])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe – (UMWdf [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2005-03-09 08:53:00 | 00,036,352 | R— | M] (Advanced Micro Devices) – C:\WINDOWS\System32\DRIVERS\AmdK8.sys – (AmdK8 [system | Running])
DRV - [2005-08-31 04:42:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\DRIVERS\ati2mtag.sys – (ati2mtag [On_Demand | Running])
DRV - [2009-06-04 05:10:14 | 00,100,224 | ---- | M] () – C:\Program Files\sXe Injected\ddsxei.sys – (ddsxeiservice [On_Demand | Stopped])
DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\DRIVERS\HDAudBus.sys – (HDAudBus [On_Demand | Running])
DRV - [2006-05-16 11:32:58 | 04,275,712 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\System32\drivers\RtkHDAud.sys – (IntcAzAudAddService [On_Demand | Running])
DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\DRIVERS\irsir.sys – (irsir [On_Demand | Running])
DRV - [2007-02-06 17:42:40 | 01,691,808 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\LVcKap.sys – (LVcKap [On_Demand | Running])
DRV - [2007-02-06 17:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) – C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys – (LVMVDrv [On_Demand | Stopped])
DRV - [2007-02-06 17:45:04 | 00,025,632 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys – (LVPr2Mon [On_Demand | Running])
DRV - [2007-02-03 20:32:34 | 00,041,504 | R— | M] (Logitech Inc.) – C:\WINDOWS\System32\drivers\LVUSBSta.sys – (LVUSBSta [On_Demand | Running])
DRV - [2006-04-24 11:52:28 | 00,100,736 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\system32\DRIVERS\nvata.sys – (nvata [boot | Running])
DRV - [2006-03-22 08:24:00 | 00,052,736 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\NVENETFD.sys – (NVENETFD [On_Demand | Running])
DRV - [2006-03-22 08:24:02 | 00,018,944 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\nvnetbus.sys – (nvnetbus [On_Demand | Running])
DRV - [2007-02-03 20:27:15 | 00,014,240 | R— | M] (Logitech Inc.) – C:\WINDOWS\System32\DRIVERS\lv302af.sys – (pepifilter [On_Demand | Running])
DRV - [2007-02-03 20:27:27 | 00,938,272 | R— | M] (Logitech Inc.) – C:\WINDOWS\System32\DRIVERS\LV302V32.SYS – (PID_PEPI [On_Demand | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20 [boot | Running])
DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])
DRV - [2008-04-14 02:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\usbaudio.sys – (usbaudio [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-583907252-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-583907252-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKU\S-1-5-21-583907252-854245398-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - URLSearchHook: {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-583907252-854245398-1801674531-1003\S-1-5-21-583907252-854245398-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
FF - HKLM\software\mozilla\Firefox\extensions\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-19 14:47:05 | 00,000,000 | —D | M]
O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Local Strike Toolbar) - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM…\Toolbar: (Local Strike Toolbar) - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Toolbar\WebBrowser: (Local Strike Toolbar) - {2C650B7D-AA32-4798-AF1A-FD8EF806D89F} - C:\Program Files\Local_Strike\tbLoc1.dll (Conduit Ltd.)
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM…\Run: [LCheck] C:\Program Files\Beniamin\LCheck.exe File not found
O4 - HKLM…\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM…\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM…\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [skyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Run: [Gadu-Gadu] D:\programy\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Run: [LogitechSetup] E:\Setup\Setup.exe File not found
O4 - HKU\S-1-5-21-583907252-854245398-1801674531-1003…\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\RegistryDefender.lnk = C:\Program Files\Registry Defender\RegistryDefender.exe (Angle Interactive)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-854245398-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc … wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-02 15:03:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O33 - MountPoints2{13baadc3-6a0e-11de-84f8-0016178feff8}\Shell\AutoRun\command - “” = hkn6k.bat
O33 - MountPoints2{13baadc3-6a0e-11de-84f8-0016178feff8}\Shell\open\Command - “” = hkn6k.bat
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
i dalsza część logu
Napisałem Ci przecież jak masz wklejać logi.
Jak nie tak, to logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.
Logi wklejasz na wklej.org lub wklej.to
Nie pakuj logów w archiwa, bo nie wiadomo co może się z nimi przypałętać. ;/
W uciętym logu OTL nic nie widać.
ok. wcześniej nie działała mi strona wklej.org ani eklej.to więc przepraszam za problem. byłem na stronie wklej.org wkleiłem ręcznie log z hijackthis podaje link http://wklej.org/id/127058/
– Dodane 28.07.2009 (Wt) 10:46 –
tutaj podaje log z OTL: http://wklej.org/id/127061/
– Dodane 28.07.2009 (Wt) 10:48 –
a tu z GMER: http://wklej.org/id/127063/
mam nadzieję że teraz już wszystko pasuje…