Syf na kompie

woojtek_89 · 3 Listopad 2006 15:04

mam win xp i system zaczyna mi bardzo (bardzo) powoli śmigać. oto muj log z jacka:

Logfile of HijackThis v1.99.1

Scan saved at 16:03:46, on 2006-11-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\DAEMON Tools\daemon.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Konnekt\konnekt.exe

E:\Program Files\Save\Save.exe

E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

E:\Program Files\uTorrent\utorrent.exe

E:\Program Files\Winamp\winamp.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [DAEMON Tools] “E:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Konnekt] “E:\Program Files\Konnekt\konnekt.exe” /autostart

O4 - HKCU…\Run: [WhenUSave] “E:\Program Files\Save\Save.exe”

O4 - HKCU…\Run: [skype] “E:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Startup: µTorrent (2).lnk = E:\Program Files\uTorrent\utorrent.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

pomocy :?

adam9870 · 3 Listopad 2006 15:06

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

W trybie awaryjnym skasuj zaznaczony folder ręcznie z dysku natomiast wpis w hjt.

Po wykonaniu pokaż nowy log z hjt oraz SilentRunners.

Optymalizacja:

Start => uruchom => msconfig => zakładka uruchamianie => możesz odznaczyć:

Jeśli nie korzystasz z zaawansowanych usług tekstowych to je wyłącz: Panel sterowania => Opcje regionalne => Języki => Szczegóły => Zaawansowane => zaznacz wyłącz zaawansowane usługi tekstowe

Jeśli nie potrzebujesz µTorrent’a w autostarcie to start => wszystkie programy => autostart i kasacja z prawokliku.

Jeśli nie korzystasz z Messenger’a to go usuń: Start => uruchom => wpisz:

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

woojtek_89 · 3 Listopad 2006 15:48

teraz to wyglada tak;

silence runnners:

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “E:\WINDOWS\system32\ctfmon.exe” [MS]

“Konnekt” = ““E:\Program Files\Konnekt\konnekt.exe” /autostart” [“Stamina”]

“WhenUSave” = ““E:\Program Files\Save\Save.exe”” [file not found]

“Skype” = ““E:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“WinampAgent” = “E:\Program Files\Winamp\winampa.exe” [null data]

“DAEMON Tools” = ““E:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]

“NeroFilterCheck” = “E:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “E:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete”

-> {HKLM…CLSID} = “IE Microsoft AutoComplete”

\InProcServer32(Default) = “E:\WINDOWS\system32\browseui.dll” [MS]

“{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band”

-> {HKLM…CLSID} = “History Band”

\InProcServer32(Default) = “E:\WINDOWS\system32\shdocvw.dll” [MS]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “E:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “E:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “E:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp”

DESKTOP.INI DLL launch in local fixed drive directories:

WARNING! J: is an unreadable partition!

Startup items in “admin” & “All Users” startup folders:

E:\Documents and Settings\admin\Menu Start\Programy\Autostart

“µTorrent (2)” -> shortcut to: “E:\Program Files\uTorrent\utorrent.exe” [null data]

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“BlueSoleil” -> shortcut to: “E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe” [“IVT Corporation”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “E:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

BlueSoleil Hid Service, BlueSoleil Hid Service, “E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]

Windows User Mode Driver Framework, UMWdf, “E:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

<>: Suspicious data at a malware launch point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 167 seconds.

---------- (total run time: 282 seconds)

jacek:

Logfile of HijackThis v1.99.1

Scan saved at 16:50:14, on 2006-11-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\DAEMON Tools\daemon.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Konnekt\konnekt.exe

E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

E:\Program Files\uTorrent\utorrent.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Program Files\Winamp\winamp.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\admin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM…\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU…\Run: [WhenUSave] “E:\Program Files\Save\Save.exe”

O4 - Startup: µTorrent (2).lnk = E:\Program Files\uTorrent\utorrent.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

juz ok??

Gutek · 3 Listopad 2006 15:52

usuń wpis HJT

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE - POPRAW