Prośba o sprawdzenie loga - poważny problem

IP: *.adsl.inetia.pl 11.03.07, 14:20
Witam,
Proszę o sprawdzenie loga. Od 2 dni po paru minutach komputer przy połączeniu
z netem wiesza się. Nie mam możliwości otworzyc/zamknąc żadnego okna, nie mam
dostępu do pasku, menu start, zatrzymuje się czas w systemie, nie odpowiada
klawiatura. Jedynym wyjściem pozostaje restart komputera (ctrl+alt+delete nie
działa).
Proszę o pomoc/radę
    • Gość: Robert Re: Prośba o sprawdzenie loga - poważny problem IP: *.adsl.inetia.pl 11.03.07, 14:21
      Logfile of HijackThis v1.99.1
      Scan saved at 14:15:52, on 2007-03-11
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Netia\Net\netianet.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      D:\Robert\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      szukaj.wp.pl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_09\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
      runtime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -
      lang 1033
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
      Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09
      \bin\jusched.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
      quiet
      O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe
      O4 - Startup: UniSpiker-2.6.lnk = ?
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
      Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
      Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \dslmon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O16 - DPF: {33331111-1111-1111-1111-611111193429} -
      www.www2.p0rt2.com/files/_ipsec_.cab
      O16 - DPF: {33331111-1111-1111-1111-615111193427} -
      O16 - DPF: {33331111-1131-1111-1111-611111193428} -
      O16 - DPF: {33331111-1234-1111-1111-615111193427} -
      www.www2.p0rt2.com/files/epl48bd.cab
      O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
      mks.com.pl/skaner/SkanerOnline.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133018361343
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
      (MsnMessengerSetupDownloadControl Class) -
      messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{59556D59-3F77-484C-8CBE-53CE896B517B}:
      NameServer = 83.238.255.76 213.241.79.37
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F22BC925-E76E-4971-97D4-FBACBFF85C20}:
      NameServer = 192.168.0.1,83.142.201.12
      O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
      G:\Player\__CDS2.dll (file missing)
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
      Files\Skype\Plugin Manager\Skype4COM.dll (file missing)
      O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
      O20 - Winlogon Notify: rpccd - C:\WINDOWS\System32\rpccd.dll (file missing)
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
      Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
      GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
      Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
      \IDriverT.exe
      O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32
      \dllcache\qxchost.exe (file missing)
      O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
      Files\MKS\Bin\mksmonsv.exe (file missing)
      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
      Inc. - C:\Program Files\Sygate\SPF\smc.exe

      • Gość: Kolobos Re: Prośba o sprawdzenie loga - poważny problem IP: *.escom.net.pl 11.03.07, 15:18
        To normalne kiedy ma sie piracki windows bez aktualizacji i sciaga sie trojany!

        Zamknij porty przy pomocy wwdc.exe, zmien przegladarke na Opere i nie uzywaj wiecej IE.

        W hjt usun:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
        O16 - DPF: {33331111-1111-1111-1111-611111193429} -
        www.www2.p0rt2.com/files/_ipsec_.cab
        O16 - DPF: {33331111-1111-1111-1111-615111193427} -
        O16 - DPF: {33331111-1131-1111-1111-611111193428} -
        O16 - DPF: {33331111-1234-1111-1111-615111193427} -
        www.www2.p0rt2.com/files/epl48bd.cab
        O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
        G:\Player\__CDS2.dll (file missing)
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
        Files\Skype\Plugin Manager\Skype4COM.dll (file missing)
        O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
        O20 - Winlogon Notify: rpccd - C:\WINDOWS\System32\rpccd.dll (file missing)
        exe

        Uslugi do kasacji (opis usuwania w naglowku forum):
        O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32
        \dllcache\qxchost.exe (file missing)
        O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
        Files\MKS\Bin\mksmonsv.exe (file missing)

        Na koniec skan:
        www.pandasoftware.com/activescan/pol/activescan_principal.htm
        www.spywareinfo.com/xscan.php
        www.bitdefender.com/scan8/ie.html
    • Gość: Robert Stan nie uległ zmianie IP: *.neoplus.adsl.tpnet.pl 12.03.07, 14:06
      Oto aktualny stan logów po zmianach:

      HIJACK
      Logfile of HijackThis v1.99.1
      Scan saved at 19:40:39, on 2007-03-11
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\PROGRA~1\Sygate\SPF\smc.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Netia\Net\netianet.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe
      D:\Robert\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_09\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
      runtime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -
      lang 1033
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
      Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09
      \bin\jusched.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
      quiet
      O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe
      O4 - Startup: UniSpiker-2.6.lnk = ?
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
      Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
      Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \dslmon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
      mks.com.pl/skaner/SkanerOnline.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si
      te.cab?1133018361343
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
      (MsnMessengerSetupDownloadControl Class) -
      messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F22BC925-E76E-4971-97D4-FBACBFF85C20}:
      NameServer = 192.168.0.1,83.142.201.12
      O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
      G:\Player\__CDS2.dll (file missing)
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
      Files\Skype\Plugin Manager\Skype4COM.dll (file missing)
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -
      Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA
      GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
      Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
      \IDriverT.exe
      O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
      Files\MKS\Bin\mksmonsv.exe (file missing)
      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
      Inc. - C:\Program Files\Sygate\SPF\smc.exe

      SILENT RUNNERS
      "Silent Runners.vbs", revision R50, www.silentrunners.org/
      Operating System: Windows XP
      Output limited to non-default values, except where indicated by "{++}"


      Startup items buried in registry:
      -------------------------------
      • Gość: Robert Re: Stan nie uległ zmianie_silent runners IP: *.neoplus.adsl.tpnet.pl 12.03.07, 14:08
        "Silent Runners.vbs", revision R50, www.silentrunners.org/
        Operating System: Windows XP
        Output limited to non-default values, except where indicated by "{++}"


        Startup items buried in registry:
        -------------------------------
        • Gość: Kolobos Re: Stan nie uległ zmianie_silent runners IP: *.escom.net.pl 12.03.07, 14:48
          Log z SR sie nie zmiescil i raczej watpie, ze Twoj problem ma zwiazek z tym forum. Masz raczej jakis problem sprzetowy.
Pełna wersja