chcialbym sprawdzic log…ale jak to sie robi?
spowalnia mi komp…nie wiem czy musze juz formatowac czy jeszcze uda nam sie powalczyc!
dziekuje bardzo
chcialbym sprawdzic log…ale jak to sie robi?
spowalnia mi komp…nie wiem czy musze juz formatowac czy jeszcze uda nam sie powalczyc!
dziekuje bardzo
Wrzuć zestaw logów - HijackThis + Silent Runners
Opis tutaj -> http://forum.dobreprogramy.pl/viewtopic.php?t=36654
Gutek czy tak może być?
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Pozdrawiam Gutek2222
Złączono Posta : 19.10.2006 (Czw) 22:24
sorrki
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.
W trybie awaryjnym usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
Po zabiegach nowy log z Hijacka + log z Silent Runners
z tym Silent Runners nie moge sobie poradzic
tak?
Log masz już ok.
W czym konkretnie w silencie nie możesz sobie poradzić ??
jak klikam w link do programu to mi wyskakuje duzo tekstu?!nic nie mam do pobrania?
Klikasz prawy przycisk myszy na ten link -> http://www.silentrunners.org/Silent%20Runners.vbs -> zapisz element docelowy jako -> zapisujesz -> włączasz -> klikasz NO -> czekasz, aż się pojawi że log jest skończony i wklejasz na forum loga
jak klikam w link do programu to mi wyskakuje duzo tekstu?!nic nie mam do pobrania?
Chyba wyraźnie napiałem - prawym przyciskiem myszy :!:
Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“internat.exe” = “internat.exe” [MS]
“McAfee.InstantUpdate.Monitor” = ““C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe” /STARTMONITOR” [“Network Associates, Inc.”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]
“AtiTrayTools” = “C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Synchronization Manager” = “mobsync.exe /logon” [MS]
“ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”]
“McAfee Guardian” = ““C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe” /SU” [“Network Associates, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = “****A*EŢ” (unwritable string)
-> {HKLM…CLSID} = “bho2gr Class”
\InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”]
Złączono Posta : 19.10.2006 (Czw) 23:39
ok?
Log jest urwany - poczekaj cierpliwie na komunikat, że log skończony - dopiero wtedy wklej go na forum
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“internat.exe” = “internat.exe” [MS]
“McAfee.InstantUpdate.Monitor” = ““C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe” /STARTMONITOR” [“Network Associates, Inc.”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]
“AtiTrayTools” = “C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Synchronization Manager” = “mobsync.exe /logon” [MS]
“ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”]
“McAfee Guardian” = ““C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe” /SU” [“Network Associates, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = “****A*LGS-5337F05B1FC\logos” (unwritable string)
-> {HKLM…CLSID} = “bho2gr Class”
\InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager”
-> {HKLM…CLSID} = “Sony Ericsson File Manager”
\InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Active Desktop web content (hidden if disabled):
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
“FriendlyName” = “Moja bieżąca strona główna”
“Source” = “About:Home”
“SubscribedURL” = “About:Home”
Startup items in “logos” & “All Users” startup folders:
C:\Documents and Settings\logos\Menu Start\Programy\Autostart
“Product Registration” -> shortcut to: “I:\dc++\dowload\Sid Meier’s Pirates\CD1\ATR1.EXE /remind /language=PLK /PRNM=“Product”” [“Leader Technologies/Atari”]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”]
“GetRight - Tray Icon” -> shortcut to: “C:\Program Files\GetRight\getright.exe” [“Headlight Software, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINNT\system32\CSLSP.DLL [“Networks Associates Technologies, Inc.”], 01 - 11, 23
%SystemRoot%\system32\msafd.dll [MS], 12 - 14, 17 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 15 - 16
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, “C:\WINNT\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]
AVSync Manager, AvSynMgr, ““C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe”” [“Network Associates, Inc.”]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
McAfee Firewall, McAfee Firewall, ““C:\Program Files\McAfee\McAfee Firewall\CPD.EXE” /SERVICE” [“Network Associates, Inc.”]
McShield, McShield, ““C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe”” [“Network Associates, Inc.”]
System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]}
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpZJLanguageMonitor\Driver = “ZLMhp1.DLL” [“Zenographics”]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
took 350 seconds.
---------- (total run time: 485 seconds)
Złączono Posta : 20.10.2006 (Pią) 0:10
teraz jest ok?
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW!
jest czysto
pozdrawiam