Problem z internetem oraz z WIN2000


(Miki 113) #1

Witam

Mam powazny problem z sys win2000 mam licencje na ten program natomiast nie mam plyty aby zformatowac dysk i postawic nowy system.

Na obecnym systemie przy starcie pokazuje ze brakuje jakiegos pliku, oraz co chwila pojawiaja sie rozne komunikaty typu: od systemu do alert,

od sekurity do alert, itp. Ponad to bardz wszystko mieli i wolno porusza sie po internecie.

PC to plyta K7S8XE+ procesor AMD Barton 3800 Ram 256m Grafika 64m, internet speed touch transfer 3,5m komputer pracuje w Angli.

Bardzo prosze o pomoc


(qrczak13) #2

Wyłącz posłańca:

start > uruchom > services.msc > zatrzymaj i wyłącz posłaniec/messenger.

Proponuje wrzucić logi wg TEGO.


(Miki 113) #3

usunolem poslanca natomiast nie wiem co zrobic z tym komunikatem na starcie

Złączono Posta : 17.11.2006 (Pią) 20:00

Dodalem logi prosze o pomoc


(Joan Sunshine) #4
  1. W HJT odpalonym w trybie awaryjnym zaznaczasz wpisy i klikasz na dole "Fix checked" , to co na czerwono usuwasz ręcznie z dysku:

  1. Po zabiegach nowe logi z HiJacka oraz koniecznie z Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle). :slight_smile:

I zainstaluj SP4.


(qrczak13) #5

Zrób jak napisała Joan. I czy po tym pojawia się komunikat na starcie, jak tak to przepisz go tu.


(Miki 113) #6

wszystko ok ale

Jak wszedlem w trybie awaryjnym przy tej rozdzielczosci nie widac tego co mam usunac, ponad to nie wiem jak to zaznaczy na czerwono, co to jest Silent Runners i co to jest instalacja SP4

sory jestem cienki w tym temacie bardzo prosze o poprowadzenie mnie bardziej szczegolowo z gory dzieki


(qrczak13) #7

To jak się otworzy HJT poprzesuwaj go w prawo żebyś widział kratki do zaznaczenia tych wpisów. Potem fix checked.

Wchodzisz w ten folder i kasujesz ibm00005.exe z dysku (wywal z kosza).

Silent runners masz TU opisane co i jak, czytaj uważnie.

SP4 - service pack 4 - http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/sp4pl.mspx


(Miki 113) #8

nie wiem czy dobrze ale wywalilem po zaznaczeniu ptaswzkiem cala pozycje nie tak jak pokazywal kolega tylko ibm00005.exe znaczac na czerwono PC uruchomil sie prawidlowo bez komunikatu o bledzie.

Natomiast co do SP4 to jest wersja PL a ja mam program Angielski czy moge zainstalowac PL


(Joan Sunshine) #9

Jeśli usunąłeś plik z dysku, to jest dobrze :slight_smile:

A tu jest angielski SP4: http://www.microsoft.com/windows2000/do ... p4Eng.mspx

I nalegam na log z SilentRunners :wink:


(Miki 113) #10

ok napewno to zrobie na dzis i tak juz duzo jak uruchomie ten program podam log.

Narazie jest lepiej ale strony otwieraja sie wolno i mieli

Złączono Posta : 19.11.2006 (Nie) 17:59

wita

przesylam log17:01 19/11/2006"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"internat.exe" = "internat.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"STManager" = ""C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b" ["THOMSON"]

"IncrediMail" = ""C:\Program Files\IncrediMail\bin\IncMail.exe" /c" ["IncrediMail, Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Synchronization Manager" = "mobsync.exe /logon" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

IMMenuShellExt(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

-> {HKLM...CLSID} = "IMMenuShellExt Class"

\InProcServer32(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINNT\Web\Wallpaper\Windows 2000.jpg"

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 110 seconds.

---------- (total run time: 182 seconds)