Prosze o sprawdzenie loga

Witam, mam problem, komp szaleje. Zawsze po uruchomieniu wyskakuje komunikat od firewalla ze jadra systemu NT zostalo zmienione itp. Po czym wyskakuje proba polaczenia z netem przez rozne aplikacje np. explorer.exe . Panda nic nie wykrywa. Prosze o pomoc. :Log normalny, oraz startup log.:

Logfile of HijackThis v1.97.7

Scan saved at 20:52:52, on 2005-11-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\csrss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\wdfmgr.exe

C:\WINXP\system32\wbem\wmiprvse.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\alg.exe

C:\WINXP\system32\CTHELPER.EXE

C:\WINXP\system32\RUNDLL32.EXE

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\WINXP\system32\rundll32.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\DO INSTALKI\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINXP\SiSUSBrg.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium 2006 antivirus + antispyware\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium 2006 antivirus + antispyware\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium 2006 antivirus + antispyware\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium 2006 antivirus + antispyware\pavlsp.dll

O15 - Trusted Zone: http://skaner.mks.com.pl 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

Oto log startup. :

StartupList report, 2005-11-03, 20:51:30

StartupList version: 1.52

Started from : D:\DO INSTALKI\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\csrss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\wdfmgr.exe

C:\WINXP\system32\wbem\wmiprvse.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\alg.exe

C:\WINXP\system32\CTHELPER.EXE

C:\WINXP\system32\RUNDLL32.EXE

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\WINXP\system32\rundll32.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\DO INSTALKI\HijackThis.exe


Listing of startup folders:

Shell folders Common Startup:

[C]

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Picture Package Menu.lnk = ?

Picture Package VCD Maker.lnk = ?


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINXP\system32\userinit.exe,


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

WINDVDPatch = CTHELPER.EXE

UpdReg = C:\WINXP\UpdReg.EXE

Jet Detection = “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

SiSUSBRG = C:\WINXP\SiSUSBrg.exe

Easy-PrintToolBox = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

WinampAgent = C:\Program Files\Winamp\winampa.exe

NeroFilterCheck = C:\WINXP\system32\NeroCheck.exe

DAEMON Tools-1033 = “C:\Program Files\D-Tools\daemon.exe” -lang 1033

QuickTime Task = “C:\Program Files\QuickTime\qttask.exe” -atboottime

NWEReboot =

MKS_MENU = C:\Program Files\MKS\Bin\mks_menu.exe

APVXDWIN = “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE” /s

NvCplDaemon = RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINXP\system32\ctfmon.exe

Komunikator = C:\Program Files\Tlen.pl\tlen.exe


Shell & screensaver key from C:\WINXP\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU…\Policies: Shell=*Registry key not found*

HKLM…\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


Enumerating Download Program Files:

[ActiveScan Installer Class]

InProcServer32 = C:\WINXP\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan … asinst.cab

[MainControl Class]

InProcServer32 = C:\WINXP\system32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINXP\system32\SHELL32.dll

CDBurn: C:\WINXP\system32\SHELL32.dll

WebCheck: C:\WINXP\system32\webcheck.dll

SysTray: C:\WINXP\system32\stobject.dll

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

LOG Ok, hm… nie wiem co może być przyczyną. Dokładnie coś wiecej podaje komunikat?

:? :?

wklej loga z najnowszej wersji

http://www.merijn.org/files/hijackthis.zip 8)

detektyw wiesz co to log Oto log startup. - chociaż zastanawia mnie coś, ale niech da nowy LOG z hijacka i od razu log z Silent Runners

zastanawiajace jest ze zawsze po odpaleniu windows i pojawieniu sie komunikatu ze jadra systemu NT has changed, po krotkim czasie firewall wywala komunikat :port attack is logged . Ktos moze probuje przejac kontrole nad kompem? Moze provider looka co zasysyam ?

log z ostatniej wersji hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 22:35:07, on 2005-11-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\csrss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\wdfmgr.exe

C:\WINXP\system32\wbem\wmiprvse.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\alg.exe

C:\WINXP\system32\CTHELPER.EXE

C:\WINXP\system32\RUNDLL32.EXE

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\WINXP\system32\rundll32.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINXP\SiSUSBrg.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://skaner.mks.com.pl 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O20 - Winlogon Notify: avldr - C:\WINXP\SYSTEM32\avldr.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

log z

startup :

StartupList report, 2005-11-03, 22:36:54

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Administrator\Pulpit\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\csrss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\system32\wdfmgr.exe

C:\WINXP\system32\wbem\wmiprvse.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\alg.exe

C:\WINXP\system32\CTHELPER.EXE

C:\WINXP\system32\RUNDLL32.EXE

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\WINXP\system32\rundll32.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe


Listing of startup folders:

Shell folders Common Startup:

[C]

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Picture Package Menu.lnk = ?

Picture Package VCD Maker.lnk = ?


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINXP\system32\userinit.exe,


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

WINDVDPatch = CTHELPER.EXE

UpdReg = C:\WINXP\UpdReg.EXE

Jet Detection = “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

SiSUSBRG = C:\WINXP\SiSUSBrg.exe

Easy-PrintToolBox = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

WinampAgent = C:\Program Files\Winamp\winampa.exe

NeroFilterCheck = C:\WINXP\system32\NeroCheck.exe

DAEMON Tools-1033 = “C:\Program Files\D-Tools\daemon.exe” -lang 1033

QuickTime Task = “C:\Program Files\QuickTime\qttask.exe” -atboottime

NWEReboot =

MKS_MENU = C:\Program Files\MKS\Bin\mks_menu.exe

APVXDWIN = “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE” /s

NvCplDaemon = RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINXP\system32\ctfmon.exe

Komunikator = C:\Program Files\Tlen.pl\tlen.exe


Shell & screensaver key from C:\WINXP\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU…\Policies: Shell=*Registry key not found*

HKLM…\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


Enumerating Download Program Files:

[ActiveScan Installer Class]

InProcServer32 = C:\WINXP\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan … asinst.cab

[MainControl Class]

InProcServer32 = C:\WINXP\system32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINXP\system32\SHELL32.dll

CDBurn: C:\WINXP\system32\SHELL32.dll

WebCheck: C:\WINXP\system32\webcheck.dll

SysTray: C:\WINXP\system32\stobject.dll

Silent Runners ( 1 raz odpalilem :slight_smile: ) :

“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINXP\system32\ctfmon.exe” [MS]

“Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“SmcService” = “C:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [“Sygate Technologies, Inc.”]

“WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”]

“UpdReg” = “C:\WINXP\UpdReg.EXE” [“Creative Technology Ltd.”]

“Jet Detection” = ““C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”” [empty string]

“SiSUSBRG” = “C:\WINXP\SiSUSBrg.exe” [“Silicon Integrated Systems Corp.”]

“Easy-PrintToolBox” = “C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” [“CANON INC.”]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

“NeroFilterCheck” = “C:\WINXP\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“DAEMON Tools-1033” = ““C:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“NWEReboot” = (empty string)

“MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [file not found]

“APVXDWIN” = ““C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE” /s” [“Panda Software International”]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“NvMediaCenter” = “RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\Audiodev.dll” [MS]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\Audiodev.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “CorelDRAW Shell Extension Component”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll” [“Corel Corporation”]

“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]

“{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”]

“{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens Device ContextMenuHandler”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”]

“{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}” = “Siemens SX1 PropertySheetHandler”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll” [“Siemens AG”]

“{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL” [“Panda Software International”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINXP\system32\nvshell.dll” [“NVIDIA Corporation”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! avldr\DLLName = “avldr.dll” [“Panda Software”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL” [“Panda Software International”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL” [“Panda Software International”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “Administrator” & “All Users” startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]

“Picture Package Menu” -> shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe” [“Sony Corporation”]

“Picture Package VCD Maker” -> shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h” [“Sony Corporation.”]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll ["Panda Software "], 01 - 03, 17

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:


Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{327C2873-E90D-4C37-AA9D-10AC9BABA46C}” = “Easy-WebPrint”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


NVIDIA Display Driver Service, NVSvc, “C:\WINXP\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe”” [“Panda Software”]

Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe”” [“Panda Software”]

Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe”” [“Panda Software Internacional”]

Panda Network Manager, PNMSRV, “C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE” [“Panda Software”]

Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”]

Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe”” [“Panda Software”]

Sygate Personal Firewall, SmcService, “C:\Program Files\Sygate\SPF\smc.exe” [“Sygate Technologies, Inc.”]

Windows User Mode Driver Framework, UMWdf, “C:\WINXP\system32\wdfmgr.exe” [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor PIXMA iP3000\Driver = “CNMLM61.DLL” [“CANON INC.”]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer “No” at the first message box.

---------- (total run time: 30 seconds)

LOG-i Ok

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

po uzyciu ww programu nie mam netu:(…

screen po odpaleniu

jadro4mh.th.gif

NetBios ma być odznaczony w Windows Worms Doors Cleanera

A jak dasz yes w Sygate to jest Ok? Drugie pytanie po co masz 2 firewalle? Jak nie poskutkuje odznacz wszystko