Proszę o sprawdzenie loga :-)


(P.Piotrek) #1

Komputer strasznie wolno chodzi:

Windows XP

IE 6.0

NortonAntyvirus

Regularnie skanowany skanerami on-line, Spyboot Serch & Destroy i Ad-Aware

Logfile of HijackThis v1.98.2

Scan saved at 10:02:20, on 2004-11-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\LANczat\LANczat.exe

C:\Program Files\Serv-U\ServUTray.exe

C:\Program Files\3M\PSNLite\PsnLite.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\3M\PSNLite\PSNGive.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\PROGRA~1\SERV-U\ServUDaemon.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\TotalCmd\TOTALCMD.EXE

E:\Piotrek\Programy\Dalej\AntySzpiegi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://poczta.fm/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [LANczat] C:\Program Files\LANczat\LANczat.exe

O4 - HKCU..\Run: [servUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab


(Xiao19) #2

1.)

jak sie korzysta z IE i jeszcze na codzien

bez SP2 czy nawet SP1 to sie niedziw :o :o

2.)

brak poblokowania groznych portow itd.

brak najnowszej laty zapewne dla IE

Update for Internet Explorer 6 for XP Service Pack 2 (KB885932)

3.)

Masz pakiecik Nortona to sie musisz

przyzwyczajac ze po instacji masz komp

o klase wolniejszy to na poczatek

a co do Loga to raczej czysty

kasujesz

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

[uzywasz zostawiasz /NIE/ kasujesz]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

[dubel]

INFO

na czas skanowania programami szpiegujacymi wylaczasz

ochrone rzeczywista Nortona

sciagasz

SpySubtractPRO+CWShredder_v2.00

http://im0.intermute.com/bin/downloads/ ... btract.EXE

dalej PestPatrol

http://download.zonelabs.com/bin/free/p ... olHome.exe

INFO:

skanujesz partycje systemowa

Ustawiasz na stale ochrone rzeczywista

Options/AutomaticScans

dajesz Launch

w PPMem, PPControl, CookiePatrol

nastepnie

Spybot Search and Destroy V1.3.2b

http://js-http.skycn.net:8181/down/spybotsd132b.exe

/mirror/

http://xj-http.skycn.net:8080/down/spybotsd132b.exe

skanujesz skanerami AV

--GeCAD (RAV)--

http://www.ravantivirus.com/scan/

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

Na koniec jesli nadal bedziesz uzywac IE

sciagasz nakladke AvantBrowser ,Maxthon np.

oraz

zainstaluj i zabezpiecz przegladarke/i

progsem

SpywareBlaster

http://www.javacoolsoftware.com/sbdownload.html

i pamietaj o zamknieciu portow /ALL/ w tym progsie

Windows Worms Doors Cleaner v1.4.1

http://www.firewallleaktester.com/tools/wwdc.exe

INFO:

http://forum.dobreprogramy.pl/viewtopic ... ht=blaster

Ostatecznie czyscisz rejestr ,programikiem jv16 PowerTools 1.4 np.

http://www.macecraft.com/downloads/jv16pt_setup.exe

czy RegSupreme 1.2

http://www.macecraft.com/downloads/RegSupreme_setup.exe

mozesz zrobic takze scandisk HDD oraz defragmentacje