cargt3
(cargt3)
17 Listopad 2006 20:38
#1
Logfile of HijackThis v1.99.1 Scan saved at 21:37:55, on 2006-11-17 Platform: Unknown Windows (WinNT 6.00.1504) MSIE: Internet Explorer v7.00 (7.00.5600.16384) Running processes: E:\Windows\system32\taskeng.exe E:\Windows\system32\Dwm.exe E:\Windows\Explorer.EXE E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe E:\Windows\SOUNDMAN.EXE E:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe E:\Windows\ehome\ehtray.exe E:\Program Files\Windows Sidebar\sidebar.exe E:\Windows\ehome\ehmsas.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Windows\System32\WScript.exe D:\Programy\Anty Virusy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [speedTouch USB Diagnostics] “E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [APVXDWIN] “E:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE” /s O4 - HKLM…\RunServices: [PSIMSVC] “E:\Program Files\Panda Software\Panda Antivirus 2007\PSIMSVC.exe” O4 - HKCU…\Run: [ehTray.exe] E:\Windows\ehome\ehTray.exe O4 - HKCU…\Run: [sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{7105F946-3F26-4E0A-B64A-315F281BACF4}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - E:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows Vista RC1 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ehTray.exe” = “E:\Windows\ehome\ehTray.exe” [MS] “Sidebar” = “E:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Windows Defender” = “E:\Program Files\Windows Defender\MSASCui.exe -hide” “SpeedTouch USB Diagnostics” = ““E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NWEReboot” = “(empty string)” [file not found] “APVXDWIN” = ““E:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE” /s” [“Panda Software International”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “E:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “E:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “E:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “ConsentPromptBehaviorAdmin” = (REG_DWORD) hex:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} “ConsentPromptBehaviorUser” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} “EnableInstallerDetection” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} “EnableLUA” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} “EnableSecureUIAPaths” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} “EnableVirtualization” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} “PromptOnSecureDesktop” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Conrol: Switch to the secure desktop when prompting for elevation} “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “FilterAdministratorToken” = (REG_DWORD) hex:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “E:\Windows\Web\Wallpaper\img19.jpg” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “E:\Windows\Web\Wallpaper\img19.jpg” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “E:\Windows\system32\AVASTSS.scr” [file not found] Startup items in “Karol” & “All Users” startup folders: ------------------------------------------------------- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup “Adobe Reader Speed Launch” -> shortcut to: “E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS] 000000000005\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] 000000000006\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: E:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll [“Panda Software International”], 01 - 06, 21 %SystemRoot%\system32\mswsock.dll [MS], 07 - 20
Problem występuje w Windowsie Vista
Zdaje mi się że ktoś ,porwał winsock’’
adam9870
(adam9870)
17 Listopad 2006 20:45
#2
Logi są ok.
Co masz na myśli pisząc “podskakują” ?? Czy w IE także tak się dzieje czy tylko FF? Jest to jedna z wersji testowych Visty, a FF nie został wydany na nią więc np. to może być tego powodem.
Pliki znajdujące się w łańcuchu WinSock także są ok <= są one od Visty.
cargt3
(cargt3)
17 Listopad 2006 20:50
#3
Podskakują to znaczy strona rusza się ok. 0.5 cm. w górę i w duł cały czas.
Problem zacząłem mieć dopiero dzisiaj a Viste mam kilka tygodni. Z IE raczej nie korzystam.
przemo86
(Przemoxmx)
17 Listopad 2006 21:55
#4
ja tez tak miałem musisz najpierw odinstalować FF potem usunąć folder mozilla/firefox z dokumend and settings i zainstalować ponownie innego sposobu nie znam