Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Problem w tym ze mam niebieska tapete i pisze tam

beztytuu2me.png

Ogólnie komp rzezi sie strasznie wolno dziala… Prosze o pomoc! !!

Jako ochrone uzywam Avast!4Home i SpySwepper.

Mam Pentium2 700,128 ram, nvidiaRIVAtnt2…

P.S Chcialem zmienic ochrone co polecacie bo ta mnie zawiodla… :evil:

#2

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Zastosuj Usuwanie tapety SpySheriff

Masz plik “z pytajnikiem” - n?tdde.exe , jak usunąć zobacz TU

#3

Gutek dzieki ale nie moge wylaczyc Przywracania Systemu. Pisze ze napotkal blad na dysku i trzeba restartowac kompa. restartuje ale dalej tak pisze. Czy sa jakies sposoby na to?

#4

A bez tego wykonałes instrukcje usuwania???

#5

Nie tylko jak jest sposob usuwania SpySheriff to tego rega zrobilem i przynajmniej tapeta jest normalna. Tylko komp nie ma tej szybkosci co przedtem, wrecz krzaczy :cry:

P.S Za co dostałem ostrzeżenie? :?

#6

Daj log z Silent Runners

Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989

#7

Oto log z SR:

Mam nadzieje ze w czym pomoze ten log… :?

#8

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG.

#9

Zrobiłem tak jak kazales, usunołem ręcznie te pliki ktore kazales. Zapodaje loga z Hijacka.

Oto on :

Oto log z SilentRunners:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"ldvwnsa.exe" = "C:\WINDOWS\system\ldvwnsa.exe" [file not found]


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"SpySweeper" = "c:\Spy Sweeper\SpySweeper.exe /0" ["Webroot Software, Inc."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"Windows installer" = (empty string)

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]

"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)

                                       \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

gnmffgmk\(Default) = "{bd5a8b6b-545c-4d41-9b20-a3d9a2e4bc6f}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\gekff.dll" [null data]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll" ["Kaspersky Labs."]

MakeFile Class\(Default) = "{D8504558-278D-4A93-BCBC-75B142CAA3B3}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\vdshell.dll" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

FolderShell Class\(Default) = "{24C0824F-BC16-41DB-9845-DE545941C3B0}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\vdshell.dll" [file not found]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KAV Shared Files\AvpShlEx.dll" ["Kaspersky Labs."]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Wojdi\Dane aplikacji\Opera\Opera\profile\Skin\borussia_1024x768.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Wojdi" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\DRWEBSP.DLL ["Doctor Web Ltd."], 01 - 04

%SystemRoot%\system32\mswsock.dll [MS], 05 - 07, 10 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 177 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 139 seconds.

---------- (total run time: 492 seconds)

Prosze także o informacje jakim programem dokladnie sprawdzic Autostart, poniewaz moj PC uruchamia sie prawie 2 minuty :roll:

#10

Zobacz Optymalizacja XP: http://www.searchengines.pl/phpbb203/in … topic=5989

Jak ostatnio zrób fix-a i będzie OK :wink: