Nie dzialajace porty, spowolnienie systemu, ogolny syf

Shugga · 17 Maj 2007 16:27

prosze o sprawdzenie loga

“Silent Runners.vbs”, revision RED (R28) (Echo output), launched at: 17:56 Operating System: Windows XP Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”] “Gadu-Gadu” = ““E:\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ “^SetupICWDesktop” = “” [(file not found)] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ “Ptipbmf” = “rundll32.exe ptipbmf.dll,SetWriteCacheMode” [MS] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France T‚l‚com R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe” [“France T‚l‚com R&D”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s” [“Panda Software International”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “Adobe PDF Reader Link Helper” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” -> resolves to: {CLSID}\InprocServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “PostBootReminder” = “{7849596a-48ea-486e-8937-a2a3009f31a9}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “CDBurn” = “{fbeb8a05-beee-4442-804e-409d6c4515e9}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “WebCheck” = “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\System32\webcheck.dll” [MS] “SysTray” = “{35CEC8A3-2BE6-11D2-8773-92E220524153}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\System32\stobject.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! “avldr\DLLName” = “avldr.dll” [“Panda Software”] Startup items in “Bozena” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “E:\Microsoft Office\Office10\OSA.EXE -b -l” [MS] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Aktualizacje automatyczne, wuauserv, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wuauserv.dll” [MS]} Bufor wydruku, Spooler, “C:\WINDOWS\system32\spoolsv.exe” [MS] Dziennik zdarzeä, Eventlog, “C:\WINDOWS\system32\services.exe” [MS] France Telecom Routing Table Service, FTRTSVC, “C:\WINDOWS\System32\FTRTSVC.exe” [“France Telecom”] Harmonogram zadaä, Schedule, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\schedsvc.dll” [MS]} Instrumentacja zarzĄdzania Windows, winmgmt, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\wbem\WMIsvc.dll” [MS]} Klient DHCP, Dhcp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\dhcpcsvc.dll” [MS]} Klient DNS, Dnscache, “C:\WINDOWS\System32\svchost.exe -k NetworkService” {“C:\WINDOWS\System32\dnsrslvr.dll” [MS]} Klient ledzenia Ączy rozproszonych, TrkWks, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\trkwks.dll” [MS]} Kompozycje, Themes, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]} Konfiguracja zerowej sieci bezprzewodowej, WZCSVC, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wzcsvc.dll” [MS]} Logowanie pomocnicze, seclogon, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\seclogon.dll” [MS]} Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] Magazyn chroniony, ProtectedStorage, “C:\WINDOWS\system32\lsass.exe” [MS] Menedľer dysk˘w logicznych, dmserver, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\dmserver.dll” [“Microsoft Corp.”]} Menedľer kont zabezpieczeä, SamSs, “C:\WINDOWS\system32\lsass.exe” [MS] Menedľer poĄczeä usugi Dost©p zdalny, RasMan, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\rasmans.dll” [MS]} Menedľer przekazywania, uploadmgr, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll” [MS]} Numer seryjny nonika przenonego, WmdmPmSp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\mspmspsv.dll” [MS]} Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe”” [“Panda Software International”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe”” [“Panda Software International”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe”” [“Panda Software”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE”” [“Panda Software International”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Plug and Play, PlugPlay, “C:\WINDOWS\system32\services.exe” [MS] Pomoc i obsuga techniczna, helpsvc, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll” [MS]} Pomoc TCP/IP NetBIOS, LmHosts, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\lmhsvc.dll” [MS]} Posaniec, Messenger, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\msgsvc.dll” [MS]} PoĄczenia sieciowe, Netman, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\netman.dll” [MS]} PrzeglĄdarka komputera, Browser, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\browser.dll” [MS]} Rejestr zdalny, RemoteRegistry, “C:\WINDOWS\system32\svchost.exe -k LocalService” {“C:\WINDOWS\system32\regsvc.dll” [MS]} Rozpoznawanie lokalizacji w sieci (NLA), Nla, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\mswsock.dll” [MS]} Serwer, lanmanserver, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\srvsvc.dll” [MS]} Stacja robocza, lanmanworkstation, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wkssvc.dll” [MS]} System zdarzeä COM+, EventSystem, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\es.dll” [MS]} Telefonia, TapiSrv, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\tapisrv.dll” [MS]} Usuga Czas systemu Windows, W32Time, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\w32time.dll” [MS]} Usuga odnajdywania SSDP, SSDPSRV, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\ssdpsrv.dll” [MS]} Usuga przywracania systemu, srservice, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\srsvc.dll” [MS]} Usuga raportowania b©d˘w, ERSvc, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\ersvc.dll” [MS]} Usugi IPSEC, PolicyAgent, “C:\WINDOWS\System32\lsass.exe” [MS] Usugi kryptograficzne, CryptSvc, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\cryptsvc.dll” [MS]} Usugi terminalowe, TermService, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\termsrv.dll” [MS]} WebClient, WebClient, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\webclnt.dll” [MS]} Windows Audio, AudioSrv, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\audiosrv.dll” [MS]} Windows Image Acquisition (WIA), stisvc, “C:\WINDOWS\System32\svchost.exe -k imgsvc” {“C:\WINDOWS\system32\wiaservc.dll” [MS]} Wykrywanie sprz©tu powoki, ShellHWDetection, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]} Zawiadomienie o zdarzeniu systemowym, SENS, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\sens.dll” [MS]} Zdalne wywoywanie procedur (RPC), RpcSs, “C:\WINDOWS\system32\svchost -k rpcss” {“C:\WINDOWS\system32\rpcss.dll” [MS]} Zgodno† szybkiego przeĄczania uľytkownik˘w, FastUserSwitchingCompatibility, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]}

Logfile of HijackThis v1.99.1 Scan saved at 17:57:30, on 2007-05-17 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\PROGRA~1\NEOSTR~1\neostradatp.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe G:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{501BC072-6017-490F-AE53-0A780D5B770D}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{501BC072-6017-490F-AE53-0A780D5B770D}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe

Gutek · 17 Maj 2007 23:12

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Logi czyste