Obciązenie procesroa 100% - prosze o sprawdzenie LOGa


(Krzysiek21) #1

Nie wiem jakim cudem ale dzisiaj nagle pojawiło sie obciązenie procka 100%,podejrzewam iz dzieciaki cos mogły sciągnac na kompa bo samo od siebie sie nie dzieje,w dodatku jakims cudem kalendarz XP nie chce mi sie z chiny ludowe właczyc,prosze o sprawdzenie loga;

Logfile of HijackThis v1.99.1

Scan saved at 20:40:31, on 2006-08-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FA8092-7782-429F-B38C-30317FF0CE39}: NameServer = 10.0.0.2

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\lv2009fme.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

(Myszonus) #2

Zastosuj narzędzie Look2Me-Destroyer(ściągnij i włącz w trybie awaryjnym), po użyciu tego narzędzia daj log z L2MFix (instalujesz --> odpalasz --> wybierasz opcje tworzenia loga (nr 1). --> nie restartuj kompa.


(Krzysiek21) #3

Cos nbie chce ten prgoramik działa.Po uruchomieniu go w trybie awaryjnym i zaznaczeniu w okienku programu pod pustym polem ( bo inaczej przyciski od wyboru ocji sa nie aktywne) pojawiaja mi sie dwa takie komunikaty:

Look2Me Destroyer has dedected that the Task Scheluder Service is not running and will start is now

Po kliknieciu OK pokazuje mi sie drugi komunikat:

Look2Me Destroyer will now close and will reopen in approximately 1minute.When it Look2Me Destroyer restart click the scan button to continue.

Jakies sugestie jak go uruchmic?

Rbie tak jak kolega wyzej napisał,sciagnałem i uruchomiłem w trybie awaryjnym...


(Myszonus) #4

:slight_smile:


(Krzysiek21) #5

To juz nie aktulane.

Złączono Posta : 22.08.2006 (Wto) 22:53

prawie udało sie uruchomiuc........pisze prawie bo w trybie normnlanym mi dziala a w trybie awaryjnym nie :?

wyskakuje info ze usługa nie dostepna.Ja sobie z tym poradzic?

Złączono Posta : 23.08.2006 (Sro) 12:09

wklejam jeszcze log z Silent Runners

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"(Default)" = (empty string)

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]

"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]

"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"]

"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s" ["Panda Software International"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"BigDogPath" = "C:\WINDOWS\VM_STI.EXE BenQ Web Camera" ["VM."]

"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{78937438-2D6D-4b71-BF15-9BC5E900089A}" = "Windows"

  -> {HKCU...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\htbt32.dll" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"



Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]

"Kalendarz XP" -> shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data]



Enabled Scheduled Tasks:

------------------------


"At1" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]

"At2" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]

"At5" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Panda anti-virus service, PAVSRV, "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"]

Panda Firewall Service, PAVFIRES, "C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe" ["Panda Software"]

SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 10 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 8 seconds.

---------- (total run time: 41 seconds)

(Kuz5) #6

Nie podałeś najważniejszych informacji o problemie

Jaki proces zżera tyle procka ??

Jakieś komunikaty wyskakuja itp. ??

Z czym ??

Przecież go uruchomiłeś, to w czym problem, zapuść skan i tyle

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go

Ważne:


(Krzysiek21) #7

Mowa o LM2Fix,Myszak u góry napisał aby zrobił loga w trybie awaryjnym,miałem problem z uruchomieniem go,ale jakos dałem radę,ale w trybie awaryjnym nie dam rady zrobic liga z LM2Fix bo sie zamyka,natomiast w trybie normlanym mogę.

Wklejam wiec to co mi zlogował:

Log z LM2Fix ( robiony w trybie normlanym)

Look2Me-Destroyer V1.0.12


Scanning for infected files.....

Scan started at 2006-08-23 11:44:12


Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164600.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164601.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164602.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164603.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164604.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164605.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164606.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164607.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164608.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164609.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164610.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164611.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164612.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164613.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164614.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164615.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164616.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164617.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164618.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164619.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164620.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164621.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164622.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164623.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164624.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164625.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164626.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164627.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164628.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164629.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164630.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164631.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164632.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164633.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164634.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164635.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164636.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164637.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164638.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164639.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164640.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164641.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164642.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164643.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164644.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164645.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164646.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164647.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164648.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164649.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164650.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164651.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164652.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164653.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164654.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164655.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164656.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164657.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164658.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164659.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164660.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164661.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164662.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164663.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164664.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164665.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164666.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164667.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164668.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164669.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164670.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164671.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164672.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164673.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164674.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164675.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164676.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164677.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164678.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164679.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164680.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164681.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164682.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164683.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164684.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164685.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164686.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164687.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164688.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164689.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164690.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164691.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164692.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164693.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164694.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164695.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164696.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164697.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164698.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164699.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164700.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164701.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164702.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164703.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164704.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164705.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164706.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164707.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164708.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164709.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164710.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164711.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164712.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164713.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164714.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164715.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164716.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164717.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164718.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164719.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164720.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164721.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164722.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164723.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164724.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164725.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164726.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164727.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164728.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164729.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164730.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164731.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164732.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164733.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164734.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164735.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164736.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164737.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164738.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164739.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164740.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164741.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164742.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164743.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164744.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164745.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164746.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164747.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164748.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164749.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164750.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164751.dll

Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164752.dll

Ha,chyba mam gada który mi zżera tyle,w menedzerze urządzeń jest cos takiego jak PavFires.exe który własnie co chwilę "winduje" CPU w góra,od 0 do 100% co pól minuty,spada i wzrasta odrazu.

Druga sprawa to obok tego PavFires.exe jest tez Pavsrv51.exe,ale on praktycznie nie obciąza CPU.

No i na koniec Proces Bezczynnosci Systemu tez zjada dochodzi do 90% i opada na dól.Czy to jest jakis robak ten PavFire.exe? i czy to za jego ssprawa tak mi zżera CPU?

Na stronie kaspersky lab znalazłem o tym informacje:

http://www.kaspersky.pl/about.html?s=ne ... newsid=737

"Bagle.ay zamyka następujące procesy programów antywirusowych, zapór ogniowych oraz innych aplikacji zabezpieczających" spis wszystkich a wsród nich własnie ten PavFires.exe.

Pomoze ktos to zwalczyc?


(Myszonus) #8

no i gdzie on jest ? :wink:

przywracanie systemu. Wyłącz je i puść wszystko w dym.


(Krzysiek21) #9

Juz jest,sory bo jestem dzisiaj z deka wytrącopny z równowagi....

Przywracanie systemu wyłaczone, ale dalej jest 100%;daje log z LM2Fix

L2MFIX find log 032106

(Myszonus) #10

:hmmm: A podaj lokalizację tego .exe ...

Bo PavFires.exe to od Pandy.

A co L2MFix - wg mnie to już ok ale poczekaj jeszcze na czyjąś opinię dla potwietrdzenia.


(Krzysiek21) #11

No fakt,to od Pandy C\Program Files\Panda Software\Panda Antyvirus Platinum\Firewall

Tylko co ona tam tam "mieli"? że jest az 100% obciazenia? :o

Nadmieniam iz nigdy wczesniej mi sie tak nie działo :?

Mozecie mi napisac jak bezpiecznie w miare odinstalowac Pande?.

Czyli tak aby nie zostało smieci po niej,moze ona tak po d..... daje?


(Myszonus) #12

Fakt Panda potrzebuje mocnego sprzętu :wink:

Co do wywalenia pandy :

Płatne :

Ashampoo UnInstaller Platinum 2 - pozwala usunąć aplikację i pozostałości po niej.

jv16 PowerTools 2006 - można by rzec - jw :stuck_out_tongue:

Za free :

RegCleaner 4.3.0.780 - skoro nie widać różnicy to po co przepłacać ? :mrgreen:


(Maniac 7) #13

ja /cenzura/ mam to samo :frowning: :frowning:

jak odpalam system wtedy jest najgorzej (gdy sie odpalaja wszystkie programy) i teraz proca nie moge podkrecac nawet ciut ciut bo to wtedy komp sie resi... :?

a to mi najbardziej zre :mrgreen:

wmplayer.exe 25 088

SVCHOST.EXE 24 184

iexplore.exe 23 456

GG.EXE 23 299


(Myszonus) #14

ba-M-bo i co w związku z tym ? Czego oczekujesz ? :hmmm:


(Maniac 7) #15

uswiadamiam krzysia ze nie jest sam :slight_smile:


(Krzysiek21) #16

Zaraz bede ja wywalał,jak myslisz Kapsersky tez tak bedzie obciazał system jak Panda,czy jest bardziej lekki dla systemu?

na tym kompie co jestem ( siostry) to wcale komp nie jest słaby.Ale chyba Panda na niego za silna :expressionless: