Wolny net i wolno ladujacy sie system


(kubasx4) #1

Strasznie mi sie wolno laduja strony i nie wykorzystuje do konca lacza przy sciaganiu. A pozatym dlugo mi sie laduje system !!

Logfile of HijackThis v1.99.1

Scan saved at 13:25:28, on 2007-01-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program Files\Klienci\Klienci.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\mmc.exe

C:\Documents and Settings\kuba\Pulpit\hijackthis_199\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [Klienci] C:\Program Files\Klienci\Klienci.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4930/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{35336226-5358-4404-81DD-D0C86FA9C689}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

(adam9870) #2

Usuń kosmetycznie HJT.

Może przekroczyłeś limit pobierania danych?

Sprawdź MTU:

http://neostrada.info/faq.php?faq=mtuwindows

Podejrzewam, że system spowalnia Panda ponieważ nieźle potrafi zamulać.

Przejrzyj:


(kubasx4) #3

dzisij wyczailem ze po pewnym czasie korzystania z netu , przestaje do konca strony ladowac ??? (z firefoxa 2 korzystam) dac loga jeszcze raz ?


(adam9870) #4

Pokaż nowy log z HijackThis i SilentRunners.

Przeskanuj http://www.ewido.net/en/ i pokaż raport.

Czy od dawna tak się dzieje?

Czy kontaktowałeś się już w tej sprawie z prowiderem?


(kubasx4) #5

to jest z Silent Runners

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"isamonitor.exe" = "C:\Program Files\Video ActiveX Object\isamonitor.exe" [file not found]

"none" = "C:\Program Files\Video ActiveX Object\pmsngr.exe" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]

"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"]

"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"]

"Klienci" = "C:\Program Files\Klienci\Klienci.exe" ["CAP Software - Tomasz Czech"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

"{6DD33479-D4D0-4666-93C8-F6DC46668518}" = "Recover deleted files from your CD or DVD"

  -> {HKLM...CLSID} = "Recover deleted files from your CD or DVD"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DISKIN~1\CDANDD~1\contmenu.dll" [null data]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> avldr\DLLName = "avldr.dll" ["Panda Software"]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

DiskInternals_cd_recovery\(Default) = "{6DD33479-D4D0-4666-93C8-F6DC46668518}"

  -> {HKLM...CLSID} = "Recover deleted files from your CD or DVD"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DISKIN~1\CDANDD~1\contmenu.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\kuba\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

c:\program files\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 16

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"]

Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"]

Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"]

Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"]

Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"]

Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]

Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 50 seconds, including 7 seconds for message boxes)

Złączono Posty : 16.01.2007 (Wto) 20:52to z HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 20:56:22, on 2007-01-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program Files\Klienci\Klienci.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\WINDOWS\system32\wscntfy.exe

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\kuba\Moje dokumenty\hijackthis_199\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [Klienci] C:\Program Files\Klienci\Klienci.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4930/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{35336226-5358-4404-81DD-D0C86FA9C689}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

(adam9870) #6

Start => uruchom => wpisz regedit i kliknij OK => przejdź do klucza:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

i skasuj z prawokliku znajdujące się tam wartości isamonitor.exe i none

Dla pewności użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu pokaż nowy log z Silenta oraz zawartość pliku c:\rapport.txt


(kubasx4) #7

ewido mi wykrylo i dalem aby usunelo :slight_smile:

__________________________________________________

ewido anti-spyware online scanner

	http://www.ewido.net

__________________________________________________



Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\kuba\Cookies\kuba@ad.adocean[2].txt

Risk: Medium


Name: Adware.Generic

Path: HKU\S-1-5-21-1844237615-764733703-725345543-1003\Software\Internet Security

Risk: Medium


Name: Adware.Generic

Path: HKU\S-1-5-21-1844237615-764733703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}

Risk: Medium


Name: Adware.Generic

Path: HKU\S-1-5-21-1844237615-764733703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.20:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.21:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.28:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.31:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.80:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.81:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adbrite

Path: :mozilla.127:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adbrite

Path: :mozilla.129:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adbrite

Path: :mozilla.131:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.2o7

Path: :mozilla.132:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adrevolver

Path: :mozilla.152:C:\Documents and Settings\kuba\Dane aplikacji\Mozilla\Firefox\Profiles\pwj3hpi4.default\cookies.txt

Risk: Medium


Name: Adware.AntiVermins

Path: C:\Program Files\AntiVermins

Risk: Medium


Name: Adware.SaveNow

Path: C:\Program Files\DAEMON Tools\SetupDTSB.exe

Risk: Medium


Name: Downloader.Zlob.bjo

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP8\A0000390.dll

Risk: High


Name: Downloader.Zlob.bke

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP8\A0000392.exe

Risk: High


Name: Downloader.Zlob.bjo

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP8\A0000398.dll

Risk: High


Name: Downloader.Zlob.bke

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP8\A0000400.exe

Risk: High


Name: Downloader.Zlob.biy

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP8\A0000408.exe

Risk: High


Name: Downloader.Zlob.bjo

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000430.dll

Risk: High


Name: Downloader.Zlob.bke

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000431.exe

Risk: High


Name: Downloader.Zlob.aom

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000459.exe

Risk: High


Name: Downloader.Zlob.aom

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000460.exe

Risk: High


Name: Downloader.Zlob.bdi

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000464.dll

Risk: High


Name: Adware.WorldSecurityOnline

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000501.dll

Risk: Medium


Name: Downloader.Zlob.bjo

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000502.dll

Risk: High


Name: Downloader.Zlob.bfj

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000505.exe

Risk: High


Name: Downloader.Zlob.bke

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000507.exe

Risk: High


Name: Not-A-Virus.Hoax.Win32.Renos.fo

Path: C:\System Volume Information\_restore{775E5C49-6667-4387-80CF-4C3276E38352}\RP9\A0000508.exe

Risk: Low


Name: Backdoor.Hupigon.kg

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP64\A0052445.exe

Risk: High


Name: Proxy.Horst.dd

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP66\A0054533.exe

Risk: High


Name: Proxy.Horst.dp

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP68\A0055753.exe

Risk: High


Name: Trojan.Agent.xo

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP70\A0057725.exe

Risk: High


Name: Trojan.Agent.xo

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP70\A0057749.exe

Risk: High


Name: Trojan.Agent.xo

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP70\A0057803.exe

Risk: High


Name: Trojan.Agent.xo

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP71\A0057815.exe

Risk: High


Name: Trojan.Agent.xo

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP71\A0057978.exe

Risk: High


Name: Proxy.Horst.eb

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP72\A0058974.exe

Risk: High


Name: Proxy.Horst.eb

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP73\A0059013.exe

Risk: High


Name: Backdoor.Hupigon.kg

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP74\A0060158.exe

Risk: High


Name: Proxy.Horst.em

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP76\A0070307.exe

Risk: High


Name: Proxy.Horst.av

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP80\A0073636.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP87\A0078279.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP95\A0079151.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP95\A0079152.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP95\A0080279.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP95\A0080281.exe

Risk: High


Name: Worm.VB.dz

Path: D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}\RP95\A0080282.exe

Risk: High

(adam9870) #8

Skoro dałeś na usunięcie to Ok.

Przeskanuj ponownie ewido i jeśli już wykonałeś to co radziłem w poprzednim poście, to pokaż nowe logi i zawartość pliku c:\rapport.txt


(kubasx4) #9

nowy log z Silent Runners :

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"NVRaidService" = "C:\WINDOWS\system32\nvraidservice.exe" ["NVIDIA Corporation"]

"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"]

"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"]

"Klienci" = "C:\Program Files\Klienci\Klienci.exe" ["CAP Software - Tomasz Czech"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

"{6DD33479-D4D0-4666-93C8-F6DC46668518}" = "Recover deleted files from your CD or DVD"

  -> {HKLM...CLSID} = "Recover deleted files from your CD or DVD"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DISKIN~1\CDANDD~1\contmenu.dll" [null data]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> avldr\DLLName = "avldr.dll" ["Panda Software"]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

DiskInternals_cd_recovery\(Default) = "{6DD33479-D4D0-4666-93C8-F6DC46668518}"

  -> {HKLM...CLSID} = "Recover deleted files from your CD or DVD"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DISKIN~1\CDANDD~1\contmenu.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found]

Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"

  -> {HKLM...CLSID} = "Panda Antivirus"

                   \InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\kuba\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

c:\program files\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 16

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"]

Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"]

Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"]

Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"]

Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"]

Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]

Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 76 seconds, including 5 seconds for message boxes)

Złączono Posty : 16.01.2007 (Wto) 21:34i z haijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 21:38:07, on 2007-01-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program Files\Klienci\Klienci.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\WINDOWS\system32\wscntfy.exe

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\kuba\Moje dokumenty\hijackthis_199\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [Klienci] C:\Program Files\Klienci\Klienci.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4930/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{35336226-5358-4404-81DD-D0C86FA9C689}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Złączono Posty : 16.01.2007 (Wto) 21:35

robie jeszcze raz z ewido i mi znowu wykrylo ale z firefoxa i chyba to sa coockie ale nie wszystko , jak skonczy c to pokaze znowu


(adam9870) #10

Logi są czyste.

Czy użyłeś SmitFraudFix? Jeśli nie to użyj i pokaż raport -> c:\rapport.txt.

Wykrywaniem Cookie itp. rzeczy z Firefoxa nie przejmuj się, ponieważ nie jest to szkodliwe.


(kubasx4) #11

tu jest log z SmitFraudFix :

SmitFraudFix v2.132


Scan done at 22:06:50,45, 2007-01-16

Run from C:\Documents and Settings\kuba\Moje dokumenty\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode


»»»»»»»»»»»»»»»»»»»»»»»» C:\



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web



»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32



»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kuba



»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kuba\Application Data



»»»»»»»»»»»»»»»»»»»»»»»» Start Menu



»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\kuba\Ulubione


C:\DOCUME~1\kuba\Ulubione\Online Security Test.url FOUND !


»»»»»»»»»»»»»»»»»»»»»»»» Desktop



»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 



»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys



»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Moja bieľĄca strona g˘wna"



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"




»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32



»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

(adam9870) #12

SmitFraudFix użyj z opcji numer 2 w trybie awaryjnym.

Tryb awaryjny uruchamiasz tak:

Dodatkowo ze względu na ten wpis:

możesz użyć narzędzia Rustock.b-fix i również pokazać raport.


(kubasx4) #13
*************************Rustock.b-fix -- By ejvindh*************************

2007-01-16 22:18:04,92


No Rustock.b-rootkits found


*******************************End of Logfile********************************

Złączono Posty : 16.01.2007 (Wto) 22:14

SmitFraudFix v2.132


Scan done at 22:14:36,40, 2007-01-16

Run from C:\Documents and Settings\kuba\Moje dokumenty\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"



»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

(adam9870) #14

Już jest ok :slight_smile:


(kubasx4) #15

dzieki wielki , qrczaki .... ale masz leb :stuck_out_tongue: :smiley:

moge juz skasowac te programy ?? :slight_smile:


(adam9870) #16

Jeśli chcesz to skasuj ale nie zajmują one dużo miejsca i mogą się jeszcze kiedyś przydać. Tak więc decyzja należy do Ciebie.


(kubasx4) #17

a czy to jest normlane ze uzycie procesora jest na wartosci 100% i praktycznie nie schodzi !!