Marquez
(Andrzej Janus2)
1 Sierpień 2006 08:12
#1
Ostatnio komp ostro zwolnil, czasami gdy np. stoi sobie 3h sam nikt go nie uzywa, a potem ktos zacznie uzywac to ostro zwalnia, wsumie nic innego jak restart bo tak to nic sie nie da zrobic…
Log z Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 09:58:26, on 2006-08-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\mssvcc.exe C:\WINDOWS\System32\mssecure.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Documents and Settings\TonyCorleone\Pulpit\utorrent\utorrent.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\TonyCorleone\Pulpit\Narzedzia Antywirusowe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\System32\safeie.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM…\Run: [msconfig38] mssvcc.exe O4 - HKLM…\Run: [secures23] mssecure.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [CloneCDTray] “d:\Program Files\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\RunServices: [msconfig38] mssvcc.exe O4 - HKLM…\RunServices: [secures23] mssecure.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Startup: Ikeymain.lnk = D:\A4Tech\Keyboard\Ikeymain.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{3E7FAC0E-5534-448E-81A8-38F90BC528E4}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Log z Silenta:
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “AutoConnect” = “C:\Program Files\AutoConnect\AutoConnect.exe” [“http://autoconnect.prv.pl ”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “Logitech Utility” = “Logi_MwX.Exe” [“Logitech Inc.”] “msconfig38” = “mssvcc.exe” [null data] “secures23” = “mssecure.exe” [null data] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045” [“DT Soft Ltd.”] “CloneCDTray” = ““d:\Program Files\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {B5D4581D-ED6A-4905-A267-25BAF7BE79C1}(Default) = “SafeIE Utility” -> {HKLM…CLSID} = “FiltrateIE Class” \InProcServer32(Default) = “C:\WINDOWS\System32\safeie.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\TonyCorleone\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “TonyCorleone” & “All Users” startup folders: -------------------------------------------------------------- C:\Documents and Settings\TonyCorleone\Menu Start\Programy\Autostart “Ikeymain” -> shortcut to: “D:\A4Tech\Keyboard\Ikeymain.exe” [“A4Tech Co.,Ltd.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {35980F6E-A258-4E50-953D-813BB8556899}\ “ButtonText” = “WellGet” “Exec” = “C:\Program Files\WellGet\WellGet.exe” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 80 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 45 seconds. ---------- (total run time: 259 seconds)
Z góry dzięki za pomoc.
Ściągnij Windows Woorms Door Cleaner , odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.
1.Startujesz do trybu awaryjnego
2.Wyłanczasz przywracanie systemu (tylko Me/Xp)
3.Kasujesz wpisy w HijackThis
4.Kasujesz pogrubione pliki/foldery
5.Dajesz nowy log z hjt + log z Silent Runners