prosze o sprawdzenie loga (komputer się wyłancza)

**Posty:** 8 · przez **gora_55** 12 Maj 2007, 15:34

Dzien dobry mam problem poniewaz po kilku minutach pracy komputera wylancza mi się on . Jest to spowodowane jakimś wirusem bardzo prosze o sprawdzenie LOGA

Logfile of HijackThis v1.99.1
Scan saved at 15:15:59, on 2007-05-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Kod: Zaznacz wszystko
Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\System32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\SOUNDMAN.EXE H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\PROGRA~1\NEOSTR~1\CnxMon.exe H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe H:\Program Files\DAEMON Tools\daemon.exe H:\Program Files\Common Files\Real\Update_OB\realsched.exe H:\WINDOWS\System32\wbem\wbemstest.exe H:\WINDOWS\System32\ctfmon.exe H:\Program Files\Gadu-Gadu\gg.exe H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe H:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe H:\PROGRA~1\NEOSTR~1\NeostradaTP.exe H:\PROGRA~1\NEOSTR~1\ComComp.exe H:\PROGRA~1\NEOSTR~1\Watch.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Program Files\Opera\Opera.exe H:\Documents and Settings\gora_5\Pulpit\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [WooCnxMon] H:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [LXSUPMON] H:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Flashget] H:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [ICQ Lite] "H:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe O4 - HKLM\..\Run: [MSN MESSENGER 9.0] messengerr.exe O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe O4 - HKLM\..\Run: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKLM\..\Run: [SYSTEM] winmgrd.exe O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKLM\..\RunServices: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [tasmgr] C:\Program Files\Internet Explorer\tasmgr.exe O4 - HKCU\..\Run: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe O4 - HKCU\..\RunServices: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\Xfire.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: DSLMON.lnk = H:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Stáhnout FlashGetem - H:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Stáhnout všechno FlashGetem - H:\Program Files\FlashGet\jc_all.htm O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{129A08C5-4439-4A38-A243-BBBD8DEF4492}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{129A08C5-4439-4A38-A243-BBBD8DEF4492}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: LexBce Server (LexBceS) - Unknown owner - H:\WINDOWS\system32\LEXBCES.EXE (file missing) O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\System32\PnkBstrA.exe (file missing) O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\System32\PnkBstrB.exe

Kod: Zaznacz wszystko

[ Dodano: Dzisiaj o 18:09 ]
NIkt mi nie pomoże :oops:

**Posty:** 18165 · przez **wojtas** 12 Maj 2007, 19:56

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\Run: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\Run: [SYSTEM] winmgrd.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0]messengerr.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [tasmgr] C:\Program Files\Internet Explorer\tasmgr.exe
O4 - HKCU\..\Run: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe
O4 - HKCU\..\RunServices: [Server Runtime Process] H:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi z Hijack This oraz Silent runners

prosze o sprawdzenie loga (komputer się wyłancza)

Prosze o sprawdzenie Loga (Komputer się wyłancza)

Kto jest na forum