Spowalnia mi kompa


(Dario1111) #1

chcialbym sprawdzic log...ale jak to sie robi?

spowalnia mi komp...nie wiem czy musze juz formatowac czy jeszcze uda nam sie powalczyc! !!

dziekuje bardzo


(Bbieniol) #2

Wrzuć zestaw logów - HijackThis + Silent Runners

Opis tutaj -> http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(Gutek) #3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222


(Dario1111) #4

Gutek czy tak może być?

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Złączono Posta : 19.10.2006 (Czw) 22:24

sorrki


(Bbieniol) #5

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.

W trybie awaryjnym usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowy log z Hijacka + log z Silent Runners


(Dario1111) #6

z tym Silent Runners nie moge sobie poradzic

tak?


(adam9870) #7

Log masz już ok.

W czym konkretnie w silencie nie możesz sobie poradzić ??


(Dario1111) #8

jak klikam w link do programu to mi wyskakuje duzo tekstu?!nic nie mam do pobrania?


(Bbieniol) #9

Klikasz prawy przycisk myszy na ten link -> http://www.silentrunners.org/Silent%20Runners.vbs -> zapisz element docelowy jako -> zapisujesz -> włączasz -> klikasz NO -> czekasz, aż się pojawi że log jest skończony i wklejasz na forum loga :slight_smile:


(Dario1111) #10

jak klikam w link do programu to mi wyskakuje duzo tekstu?!nic nie mam do pobrania?


(Bbieniol) #11

Chyba wyraźnie napiałem - prawym przyciskiem myszy :!:


(Dario1111) #12

Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“internat.exe” = “internat.exe” [MS]

“McAfee.InstantUpdate.Monitor” = ““C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe” /STARTMONITOR” [“Network Associates, Inc.”]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]

“AtiTrayTools” = “C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe” [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Synchronization Manager” = “mobsync.exe /logon” [MS]

“ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”]

“McAfee Guardian” = ““C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe” /SU” [“Network Associates, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = “****A*EŢ” (unwritable string)

-> {HKLM…CLSID} = “bho2gr Class”

\InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”]

Złączono Posta : 19.10.2006 (Czw) 23:39

ok?


(Bbieniol) #13

Log jest urwany - poczekaj cierpliwie na komunikat, że log skończony - dopiero wtedy wklej go na forum :slight_smile:


(Dario1111) #14

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“internat.exe” = “internat.exe” [MS]

“McAfee.InstantUpdate.Monitor” = ““C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe” /STARTMONITOR” [“Network Associates, Inc.”]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]

“AtiTrayTools” = “C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe” [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Synchronization Manager” = “mobsync.exe /logon” [MS]

“ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”]

“McAfee Guardian” = ““C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe” /SU” [“Network Associates, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = “****A*LGS-5337F05B1FC\logos” (unwritable string)

-> {HKLM…CLSID} = “bho2gr Class”

\InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager”

-> {HKLM…CLSID} = “Sony Ericsson File Manager”

\InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

“FriendlyName” = “Moja bieżąca strona główna”

“Source” = “About:Home”

“SubscribedURL” = “About:Home”

Startup items in “logos” & “All Users” startup folders:


C:\Documents and Settings\logos\Menu Start\Programy\Autostart

“Product Registration” -> shortcut to: “I:\dc++\dowload\Sid Meier’s Pirates\CD1\ATR1.EXE /remind /language=PLK /PRNM=“Product”” [“Leader Technologies/Atari”]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”]

“GetRight - Tray Icon” -> shortcut to: “C:\Program Files\GetRight\getright.exe” [“Headlight Software, Inc.”]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINNT\system32\CSLSP.DLL [“Networks Associates Technologies, Inc.”], 01 - 11, 23

%SystemRoot%\system32\msafd.dll [MS], 12 - 14, 17 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 15 - 16

Toolbars, Explorer Bars, Extensions:


Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

Running Services (Display Name, Service Name, Path {Service DLL}):


Ati HotKey Poller, Ati HotKey Poller, “C:\WINNT\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]

AVSync Manager, AvSynMgr, ““C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe”” [“Network Associates, Inc.”]

LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]

McAfee Firewall, McAfee Firewall, ““C:\Program Files\McAfee\McAfee Firewall\CPD.EXE” /SERVICE” [“Network Associates, Inc.”]

McShield, McShield, ““C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe”” [“Network Associates, Inc.”]

System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]}

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpZJLanguageMonitor\Driver = “ZLMhp1.DLL” [“Zenographics”]

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 350 seconds.

---------- (total run time: 485 seconds)

Złączono Posta : 20.10.2006 (Pią) 0:10

teraz jest ok?


(Gutek) #15

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW!

jest czysto :slight_smile:


(Dario1111) #16

pozdrawiam