ładnie prosze o sprawdzenie loga

12.09.06, 22:42
Logfile of HijackThis v1.99.1
Scan saved at 22:38:35, on 2006-09-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\wpln\polonica\polonica.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Adam\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {7E18D1E8-5DC6-4CC6-8D79-473A97F22026} -
media64.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt
Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-
Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-
Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-
Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD
Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [License Manager] "C:\Program
Files\License_Manager\license_manager.exe " /silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O15 - Trusted Zone: www.windowsecurity.com
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) -
www.lemontv.pl/lmctrls.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
ax.emsisoft.com/asquared.cab
O16 - DPF: {E5EE81D5-C49F-45E5-B42F-0B7AEEDD047C} (Druk Control) -
lph1.lexpolonica.pl/lexpolonica/printTempl/export.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC937B05-526A-485C-9BCD-
308CAB9B598F}: NameServer = 85.255.116.71 85.255.112.191
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\hpzipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32
\slserv.exe

net wolno dziala, po jakims czasie nagle w ogole wszystko siada, klikam na
ikonki IE albo Mozilli i ...nic sie nie dzieje. nie moge nawet wyłączyć
laptopa komendą, muszę "siłowo" przytrzymać parę sek. przycisk zasilania.
Bardzo się martwię ze to moze nie wirusy a kwestia hardwear`u..;((
DZiek z gory za pomoc ;)
    • Gość: Kolobos Re: ładnie prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 13.09.06, 07:39
      Masz piracki windows bez aktualizacji jak widac:
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Wiec zamknij porty przy pomocy wwdc oraz oczywiscie nie uzywaj IE.

      W hjt usun:
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R3 - URLSearchHook: (no name) - {7E18D1E8-5DC6-4CC6-8D79-473A97F22026} -
      media64.dll (file missing)
      O4 - HKCU\..\Run: [License Manager] "C:\Program
      Files\License_Manager\license_manager.exe " /silent <- katalog Lic... usun z dysku.
      O15 - Trusted Zone: www.windowsecurity.com
      O17 - HKLM\System\CCS\Services\Tcpip\..\{AC937B05-526A-485C-9BCD-
      308CAB9B598F}: NameServer = 85.255.116.71 85.255.112.191 <- usun te podmienione adresy dns'ow i ustaw takie jak zaleca Twoj dostawca internetu (lub w opcjach polaczenia ustaw opcje automatycznego uzyskiwania adresow dns).


      Do tego mozesz wylaczyc w Start->Uruchom->msconfig te programy:
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
      O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-
      Packard\OrderReminder\OrderReminder\OrderReminder.exe
      O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD
      Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
Pełna wersja