Problem Z Win Xp

62.21.10.* napisał:

Witam,
ostatnio zauważylem, ze komp mi sie samoistnie restartuje. Wg mnie powoem tego nie jest harware a jakies wiry, spyware adware itp. DOdatkowo po kazdym restarcie winda pokazuje komunikat o odzyskaniu sprawnosci po powaznym bledzie(czy cos takiego ), oraz komunikat blad internat.exe, nie znaleziono wpisu getprocessflags w bibliotece kernel32.dll (screen załączony) , czytalem na jakims zagranicznym forum ze to tez spowodowane jest spywarem.


Zalaczam log z hjt:



Logfile of HijackThis v1.99.1
Scan saved at 09:08:36, on 2005-04-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\crauto.exe
C:\Documents and Settings\contact\Pulpit\FanSpeed1_2_0\fanspeedNT.exe
C:\WINDOWS\System32\drivers\IMountSRV.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msoffice.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\private-zone.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\Xhrmy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\atts.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\n?tdde.exe
C:\PROGRA~1\COMMON~1\fzkw\fzkwm.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\contact\Moje dokumenty\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
F3 - REG:win.ini: run=C:\WINDOWS\System32\msoffice.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {59AB33CE-97A0-4CDC-9D56-750F91D1690C} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: (no name) - {9024881A-019D-4833-AAAB-428FE8911FF2} - C:\WINDOWS\System32\wmshj.dll
O2 - BHO: (no name) - {A009B81B-2CDE-7D76-879E-00A2D9A232C5} - C:\WINDOWS\System32\wmshj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: msdxmLC.dll,-11045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [internat.exe] E:\WINDOWS\SYSTEM\INTERNAT.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\System32\web.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Wras] C:\WINDOWS\System32\atts.exe
O4 - HKCU\..\Run: [Tgxwj] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKCU\..\Run: [fzkw] C:\PROGRA~1\COMMON~1\fzkw\fzkwm.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Microsoft AntiSpyware helper - {2A260D4E-8C47-4542-AF3C-68A648B9213B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2A260D4E-8C47-4542-AF3C-68A648B9213B} - (no file) (HKCU)
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.[COLOR=red][ciach!][/COLOR]to.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {126A89A4-A8FB-7259-D53B-465566FB52E4} - http://67.19.178.86/1/rdgPL1742.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 - DPF: {25FB41D0-0815-7A88-5017-7E6E2A8B743A} - http://67.19.178.86/1/rdgPL1742.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112540980688
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: crauto - Unknown owner - C:\WINDOWS\System32\drivers\crauto.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\Documents and Settings\contact\Pulpit\FanSpeed1_2_0\fanspeedNT.exe" (file missing)
O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\System32\drivers\IMountSRV.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: PMounter - Unknown owner - C:\WINDOWS\SYSTEM32\PMounter.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

83.21.144.* napisał:

standard ad aware +natywirus.

80.48.154.* napisał:

zacznij od włączenia skanera on-line pandy antivirus, a później avas! po odłączeniu się od sieci powinno zadziałać

195.69.80.* napisał:

Co Wy mu piszecie za idiotyzmy, z logów widać że chłopak ma dwa antywirusy (!). Wieczorem postaram się napisać czego się pozbyć z tego loga o ile ktoś mnie nie uprzedzi.

212.182.69.* napisał:

C:\WINDOWS\System32\msoffice.exe
C:\WINDOWS\System32\devldr32.exe

83.26.92.* napisał:

W jakis sposob sie 'restartuje"? Zamyka sie normalnie system i restart, czy wyglada to na reset?

Wejdz we wlasciwosci systemu - zaawansowane - [uruchamianie i odzyskiwanie ] Ustawienia - tam ODZNACZ opcje 'Automatycznie uruchom ponownie'.

62.21.10.* napisał:

reset jest nagly bez zadnych bluescreenow i komunikatow, tak jakby odlaczono zasilanie. Skanowanie ... hmm pomyslcie ... najepierw wszystko skanowalem. 3 antywirami juz, dodatkowo ad aware i s&d. Jakies pomysly jeszcze ?
a denerwuje mnie ten komuniat przy kazdym wlaczeniu kompa ... jak to usunac ?

195.69.80.* napisał:

Z loga wywal:


no i tradycyjnie - zmień przeglądarkę.

62.21.10.* napisał:

dzialam na operze tylko z przyczyn odgornych (format), musialem jakos downloadnac opere wykorzystujac ie ... no dzieki

problem z bootowaniem
Mam big problem zaszyfrowalem cfolder w win 2000 i help me:)
Mam problem z systemem!!!!!!!POMOCY!!!
Dziwny problem z ikoną "Stacja dysków CD"
Win Xp i problemy z instalacją...........
problem dot. stacji dyskietek i startu win xp
Win Server 2003 - problemos ;]
PROBLEM Z DYSKIEM!!
IE6 - problem ze strona startowa
Win98SE - mały problemik
Problem: Konfiguracja SDI na Win2003
Problem z windowsami i grami :(
Win 98 SE - wylaczanie - problem
Problem z Systemem od pamieci
IE - pare problemów

00 01 02 03 04 05 06 07 08 09 10 11 12 13