Kontrola logov - nebezpecne objekty

jcdenton12 · Příspěvek od **jcdenton12** » sob 3. bře 2007, 18:59

dobry den potreboval by som vasu pomoc
mam problem s pripojenim na internet
mam Orange Hhuawei e220 hsdpa modem a som takmer spokojny
download 2.2-2.8Mbps a pingy okolo 100ms
problem je s uploadom
konkretne nejde uploadovat subor vacsi ako 49kB
s predchadzajucim zadacom modemom neslo uploadovat subor vacsi ako 8kB
tento problem vyriesil reinstall win xp ale momentalne to neprichadza do uvahy
pouzivam COMODO firevall a AVS(up to date), Micro World Antivirus(up to date) a mam win xp sp2(bez updatov)
kaspersky(avs) nic nenajde
tu je log z hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:44:42, on 3. 3. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\AOL\Active Virus Shield\avp.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\VMware\VMware Server\vmserverdWin32.exe
D:\totalcmd\TOTALCMD.EXE
D:\Program Files\microworldantivirus\mwavscan.com
D:\PROGRA~1\MICROW~1\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
D:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEB67D8E-CA3C-4709-9652-16A588590283}: NameServer = 213.151.200.30 213.151.208.161
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware

Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual

Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\Program Files\VMware\VMware

Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

a tu je log z micro world antivirus

Object "srng/shopnav Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\vmappsdk.MksCompatCtl.11" refers to invalid object "{7DABFF61-6A84-4E64-908D-C662E2C4102A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".comodofirewall". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DWG". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sum". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sup". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".up2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xxx". Action Taken: No Action Taken.

tie dva objekty sa vyskytli aj pred reinstallom ked prestal fungovat upload takze nejaka spojitost by tam byt mohla
poradte prosim cim by to mohlo byt

likc · Příspěvek od **likc** » sob 3. bře 2007, 19:50

Log se mi jevi vcelku v poradku. Jediny, co neznam je tohle,
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe" ale nejspis sis to tam nainataloval sam.
Pak uz jen ze neni dobre pouzivat naraz nekolik antiviru.
Vyzkousel bych mwav, ten toho najde dost.

jcdenton12 · Příspěvek od **jcdenton12** » sob 3. bře 2007, 19:59

ten huawei je ovladac k modemu
ten by mal byt ok

viac antivirov??
pouzivam avs ktory bezi nepretrzite(rezident) a ked mam problem s niecim tak zapnem MWAv
ten log z mwavu este doplnim lebo mi bezi full test
jo len tak btw mi avs hlasil ze nasiel warezov-a ale po update ked som ich dal zmazat tak hlasi ze secko bolo neutralized a uz ho nenajde
to len keby ta infoska nejako pomohla

likc · Příspěvek od **likc** » sob 3. bře 2007, 20:08

Beru zpet, to byl ten bezici mwav scan. Ja ze nejsem zvykly ho v logu vidat a ze ho mas na decku.

jcdenton12 · Příspěvek od **jcdenton12** » sob 3. bře 2007, 20:16

no takze logy su kompletne
dufam ze mi pomozete

lebo upload napr ako pisat tuto odpoved ide
asi preto ze data ktore posielam su mensie ako 8kB/49kB
ale napr subor vacsi ako 8kB/49kB nejde upnut nikde
mensi ide taktiez bez problemu

a pls ako sa zbavyt tych dvoch spywerov co su hrubym pisomo?

thx moc

likc · Příspěvek od **likc** » ned 4. bře 2007, 11:37

No a to Ti mwav nenabidnul, ze je smaze, nebo je minimalne nasel?
Ty dva parchanti nejsou nic extra, mel by je normalni antispy odhalit. Jinac muzes pouzit tyto dva. Vybral jsem je namatkou, ale melo by to chodit.
na prvni
http://www.superadblocker.com/downloads ... locker.exe
a na druhy
http://www.spywareremove.com/SpywareScanner1354p2s2.exe

jcdenton12 · Příspěvek od **jcdenton12** » ned 4. bře 2007, 11:41

no ja tym aplikaciam moc neverim
som skusil tiez nieco stiahnut a ten system to potom mal problem rozchodit
proste odstrani dany spyware a prida vlastny
ak to je nejaka znama znacka tak sa potom ospravedlnujem

nejako manualne ze del file+del z registrov sa neda?

a tusite preco mi nejde upload suborov vacsich ako 49kB??
nejaky regcleaner/tune up utilitka by to nefixla?

mam taky pocit ako keby nevedeli prejst pakety prec odo mna
a teda sa pohrat s velkostou paketov alebo take neco?

dik za rady

likc · Příspěvek od **likc** » ned 4. bře 2007, 11:59

Ze by jednoucelovy antiviry neco natahali? To jsem snad jeste neslysel. Normalne bych je stahnul, pouzil a zas odinstaloval. Problem je ten, ze nevime co rucne smazat.
No ten savenow Adware ma co do cineni s prenosama, ale jestli to bude to, co Ti dela problemy, tezko rict. Muzes pak skusit sekci site modemy, internet. Treba Ti tam nekdo poradi.

jcdenton12 · Příspěvek od **jcdenton12** » ned 4. bře 2007, 13:36

takze ani jeden soft nenasiel nic ine okrem par cookies

nejake dalsie rady?
dalsie softy alebo nieco?

likc · Příspěvek od **likc** » ned 4. bře 2007, 13:50

ted jsem vicemene nahodou spustil mwav a ten savenow mi to naslo taky

ale kdyz jsem dal scan and clean, tak ho to normalne smazlo. Kdyz jen scan, tak zadna akce - logicky. To same jak u Tebe. Tak ze to je asi posledni vec, ktera me napadla. Nechat mwav vsechno, co najde opravit.

jcdenton12 · Příspěvek od **jcdenton12** » ned 4. bře 2007, 18:24

preciste mwav-om
upload nejde
microsoft update nejde (ked dam update vlastni/expresni tak vyhodi chybu Číslo chyby: 0x80072EE2
nedostanem sa anu ku genuine validation)
zeby tam este nejaky bordel ostal?
tusite cim moze byt ten upload?
viem ze ked system reinstalujem tak to pobezi, ale to si teraz nemozem dovolit

likc · Příspěvek od **likc** » ned 4. bře 2007, 18:38

Zkus vypnut firewall - comodo. Ta chyba pri updatu se vztahuje k problemum s pripojenim na net.

// joa ta aplikace VMware je po compu docela dost rozlezla. Jsi si jeji funkci jisty? Co ji taky skusit vypnout, jestli se to nezlepsi?

jcdenton12 · Příspěvek od **jcdenton12** » ned 4. bře 2007, 18:52

FW vypnuty
ms update Číslo chyby: 0x8024402C

mam na kompe este jedny win xp nainstalovane
da sa povedat celkom ciste, iba par veci na taktovanie+benchovanie
na nic ide upload v pohode
aj ms update fachci

da sa z toho nieco vydedukovat?

da sa nejako upravit prva instalacia aby fachcila ako druha?

likc · Příspěvek od **likc** » ned 4. bře 2007, 19:12

To je podobna chyba te predchozi. Ve winXP by nekde v nastaveni pripojeni k netu nebo nastaveni protokolu TCP/IP mela byt zaskrtavaci volba Limit TCP Maximum Segment Size (MSS) - limitovani velikosti segmentu. Zkus ji odskrtnout/zaskrtnout. (ja mam w2k, tam to nemam) Nebo to jde jeste najit v registrech. viz tahle stranka http://support.microsoft.com/kb/314053/ oddíl EnablePMTUBHDetect (kazdopadne si predtim zazalohuj registry).

Pak je tu jeste napad, ze by jsi se pripojil pres nejakou verejnou proxy a zkusil to.

pak je tu cely clanek o teto chybe a moznostech jejiho opraveni. http://www.updatexp.com/0x8024402c.html