Nie wiem jakim cudem ale dzisiaj nagle pojawiło sie obciązenie procka 100%,podejrzewam iz dzieciaki cos mogły sciągnac na kompa bo samo od siebie sie nie dzieje,w dodatku jakims cudem kalendarz XP nie chce mi sie z chiny ludowe właczyc,prosze o sprawdzenie loga;
Logfile of HijackThis v1.99.1
Scan saved at 20:40:31, on 2006-08-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FA8092-7782-429F-B38C-30317FF0CE39}: NameServer = 10.0.0.2
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\lv2009fme.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Myszak
(Myszonus)
22 Sierpień 2006 18:47
#2
Zastosuj narzędzie Look2Me-Destroyer (ściągnij i włącz w trybie awaryjnym), po użyciu tego narzędzia daj log z L2MFix (instalujesz --> odpalasz --> wybierasz opcje tworzenia loga (nr 1). --> nie restartuj kompa.
Cos nbie chce ten prgoramik działa.Po uruchomieniu go w trybie awaryjnym i zaznaczeniu w okienku programu pod pustym polem ( bo inaczej przyciski od wyboru ocji sa nie aktywne) pojawiaja mi sie dwa takie komunikaty:
Look2Me Destroyer has dedected that the Task Scheluder Service is not running and will start is now
Po kliknieciu OK pokazuje mi sie drugi komunikat:
Look2Me Destroyer will now close and will reopen in approximately 1minute.When it Look2Me Destroyer restart click the scan button to continue .
Jakies sugestie jak go uruchmic?
Rbie tak jak kolega wyzej napisał,sciagnałem i uruchomiłem w trybie awaryjnym…
To juz nie aktulane.
Złączono Posta : 22.08.2006 (Wto) 22:53
prawie udało sie uruchomiuc…pisze prawie bo w trybie normnlanym mi dziala a w trybie awaryjnym nie :?
wyskakuje info ze usługa nie dostepna.Ja sobie z tym poradzic?
Złączono Posta : 23.08.2006 (Sro) 12:09
wklejam jeszcze log z Silent Runners
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"(Default)" = (empty string)
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s" ["Panda Software International"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE BenQ Web Camera" ["VM."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{78937438-2D6D-4b71-BF15-9BC5E900089A}" = "Windows"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\htbt32.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
"Kalendarz XP" -> shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"At1" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At2" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]
"At5" -> launches: "C:\DOCUME~1\ADMINI~1\Pulpit\Look2Me-Destroyer.exe /task" ["Atribune.org"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Panda anti-virus service, PAVSRV, "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"]
Panda Firewall Service, PAVFIRES, "C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe" ["Panda Software"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 10 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 41 seconds)
kuz5
(Kuz5)
23 Sierpień 2006 18:05
#6
Nie podałeś najważniejszych informacji o problemie
Jaki proces zżera tyle procka ??
Jakieś komunikaty wyskakuja itp. ??
Krzysiek21:
Ja sobie z tym poradzic?
Z czym ??
Przecież go uruchomiłeś, to w czym problem, zapuść skan i tyle
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go
Ważne:
Myszak:
daj log z L2MFix
Mowa o LM2Fix,Myszak u góry napisał aby zrobił loga w trybie awaryjnym,miałem problem z uruchomieniem go,ale jakos dałem radę,ale w trybie awaryjnym nie dam rady zrobic liga z LM2Fix bo sie zamyka,natomiast w trybie normlanym mogę.
Wklejam wiec to co mi zlogował:
Log z LM2Fix ( robiony w trybie normlanym)
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 2006-08-23 11:44:12
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164600.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164601.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164602.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164603.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164604.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164605.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164606.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164607.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164608.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164609.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164610.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164611.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164612.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164613.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164614.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164615.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164616.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164617.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164618.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164619.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164620.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164621.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164622.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164623.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164624.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164625.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164626.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164627.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164628.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164629.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164630.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164631.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164632.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164633.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164634.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164635.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164636.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164637.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164638.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164639.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164640.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164641.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164642.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164643.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164644.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164645.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164646.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164647.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164648.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164649.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164650.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164651.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164652.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164653.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164654.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164655.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164656.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164657.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164658.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164659.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164660.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164661.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164662.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164663.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164664.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164665.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164666.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164667.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164668.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164669.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164670.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164671.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164672.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164673.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164674.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164675.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164676.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164677.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164678.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164679.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164680.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164681.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164682.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164683.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164684.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164685.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164686.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164687.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164688.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164689.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164690.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164691.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164692.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164693.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164694.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164695.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164696.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164697.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164698.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164699.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164700.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164701.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164702.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164703.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164704.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164705.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164706.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164707.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164708.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164709.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164710.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164711.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164712.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164713.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164714.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164715.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164716.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164717.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164718.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164719.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164720.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164721.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164722.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164723.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164724.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164725.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164726.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164727.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164728.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164729.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164730.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164731.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164732.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164733.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164734.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164735.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164736.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164737.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164738.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164739.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164740.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164741.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164742.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164743.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164744.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164745.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164746.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164747.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164748.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164749.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164750.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164751.dll
Infected! C:\System Volume Information\_restore{08409EBF-1691-47ED-936D-DE739F07EB80}\RP58\A0164752.dll
Ha,chyba mam gada który mi zżera tyle,w menedzerze urządzeń jest cos takiego jak PavFires.exe który własnie co chwilę “winduje” CPU w góra,od 0 do 100% co pól minuty,spada i wzrasta odrazu.
Druga sprawa to obok tego PavFires.exe jest tez Pavsrv51.exe,ale on praktycznie nie obciąza CPU.
No i na koniec Proces Bezczynnosci Systemu tez zjada dochodzi do 90% i opada na dól.Czy to jest jakis robak ten PavFire.exe? i czy to za jego ssprawa tak mi zżera CPU?
Na stronie kaspersky lab znalazłem o tym informacje:
http://www.kaspersky.pl/about.html?s=ne … newsid=737
“Bagle.ay zamyka następujące procesy programów antywirusowych, zapór ogniowych oraz innych aplikacji zabezpieczających” spis wszystkich a wsród nich własnie ten PavFires.exe.
Pomoze ktos to zwalczyc?
Myszak
(Myszonus)
23 Sierpień 2006 18:46
#8
no i gdzie on jest ?
przywracanie systemu. Wyłącz je i puść wszystko w dym.
Myszak:
no i gdzie on jest ? .
Juz jest,sory bo jestem dzisiaj z deka wytrącopny z równowagi…
Przywracanie systemu wyłaczone, ale dalej jest 100%;daje log z LM2Fix
L2MFIX find log 032106
Myszak
(Myszonus)
23 Sierpień 2006 20:48
#10
:hmmm: A podaj lokalizację tego .exe …
Bo PavFires.exe to od Pandy.
A co L2MFix - wg mnie to już ok ale poczekaj jeszcze na czyjąś opinię dla potwietrdzenia.
Krzysiek21
(Krzysiek21)
23 Sierpień 2006 21:00
#11
No fakt,to od Pandy C\Program Files\Panda Software\Panda Antyvirus Platinum\Firewall
Tylko co ona tam tam “mieli”? że jest az 100% obciazenia? :o
Nadmieniam iz nigdy wczesniej mi sie tak nie działo :?
Mozecie mi napisac jak bezpiecznie w miare odinstalowac Pande?.
Czyli tak aby nie zostało smieci po niej,moze ona tak po d… daje?
Myszak
(Myszonus)
23 Sierpień 2006 21:07
#12
Fakt Panda potrzebuje mocnego sprzętu
Co do wywalenia pandy :
Płatne :
Ashampoo UnInstaller Platinum 2 - pozwala usunąć aplikację i pozostałości po niej.
jv16 PowerTools 2006 - można by rzec - jw
Za free :
RegCleaner 4.3.0.780 - skoro nie widać różnicy to po co przepłacać ? :mrgreen:
ba-M-bo
(Maniac 7)
23 Sierpień 2006 22:09
#13
ja /cenzura/ mam to samo
jak odpalam system wtedy jest najgorzej (gdy sie odpalaja wszystkie programy) i teraz proca nie moge podkrecac nawet ciut ciut bo to wtedy komp sie resi… :?
a to mi najbardziej zre :mrgreen:
wmplayer.exe 25 088
SVCHOST.EXE 24 184
iexplore.exe 23 456
GG.EXE 23 299
Myszak
(Myszonus)
23 Sierpień 2006 22:21
#14
ba-M-bo i co w związku z tym ? Czego oczekujesz ? :hmmm:
ba-M-bo
(Maniac 7)
23 Sierpień 2006 23:59
#15
uswiadamiam krzysia ze nie jest sam
Krzysiek21
(Krzysiek21)
24 Sierpień 2006 11:17
#16
Zaraz bede ja wywalał,jak myslisz Kapsersky tez tak bedzie obciazał system jak Panda,czy jest bardziej lekki dla systemu?
na tym kompie co jestem ( siostry) to wcale komp nie jest słaby.Ale chyba Panda na niego za silna