Witam
Ostatnio zauwazylem na kilku komputerach w sieci taka sytuacje:
mniej wiecej po 30 - 40 minutach przestaja sie otwierac strony www
gadu-gadu, tlen, emule, radia internetowe chodza bez zarzutu,
ping do bramy i do hostow w internecie [zarowno po ip jak i po nazwach] tez chodzi
tracert nie pokazuje zmian w trasach
aby strony chodzily ponownie wystarczy wylaczyc polaczenie sieciowe i wlaczyc je ponownie.
oto przykladowy log z komputera w momencie wystapienia bledu:
NETSTAT:
Aktywne połączenia
Protokół Adres lokalny Obcy adres Stan
TCP xxx-comp:http 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:epmap 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:https 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:microsoft-ds 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:1550 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:60799 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:1026 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:1060 localhost:1061 USTANOWIONO
TCP xxx-comp:1061 localhost:1060 USTANOWIONO
TCP xxx-comp:12025 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:12080 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:12110 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:12119 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:12143 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:netbios-ssn 0.0.0.0:0 NASŁUCHIWANIE
TCP xxx-comp:1042 71.227.93.43:23480 USTANOWIONO
TCP xxx-comp:1052 217.17.45.145:https USTANOWIONO
TCP xxx-comp:1152 72.5.124.55:http OCZEKIWANIE_ZAMKN
TCP xxx-comp:1153 193.219.28.113:http OCZEKIWANIE_ZAMKN
TCP xxx-comp:1227 67.159.5.97:20972 USTANOWIONO
TCP xxx-comp:1616 64.213.200.101:http CZAS_OCZEKIWANIA
UDP xxx-comp:microsoft-ds *:*
UDP xxx-comp:isakmp *:*
UDP xxx-comp:1025 *:*
UDP xxx-comp:1110 *:*
UDP xxx-comp:1111 *:*
UDP xxx-comp:1197 *:*
UDP xxx-comp:1200 *:*
UDP xxx-comp:1202 *:*
UDP xxx-comp:4500 *:*
UDP xxx-comp:60799 *:*
UDP xxx-comp:ntp *:*
UDP xxx-comp:1035 *:*
UDP xxx-comp:1053 *:*
UDP xxx-comp:1900 *:*
UDP xxx-comp:ntp *:*
UDP xxx-comp:netbios-ns *:*
UDP xxx-comp:netbios-dgm *:*
UDP xxx-comp:1900 *:*
HIJACK:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:39:33, on 2007-03-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp5\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\FlashGet\flashget.exe
D:\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3641FE7B-E64A-4B67-A9F4-A9E250BE20DA}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7380 bytes
Na komputerach wlaczony jest avast, sa rowniez skanowane spybotsd oraz adaware.
Jakies sugestie?
Z gory dzieki