Vista-nie działa hibernacja, antyvir, menedżer zadań

Dla specjalistów Bezpieczeństwo
#1

Witam,

mam problem: nie działa hibernacja (komp z powrotem wraca do pracy), nie można włączyć menedżera zadań, nie chce się odpalić antywirus (Dr.Web), Avira sie zacina, w trybie awaryjnym skan przez Avirę-ok, przy Dr.Web zatrzymalo się na ntkrnlpa.exe.

Bardzo proszę o pomoc - what to do???

Proszę o jasne wytłumaczenie, bo jestem z branży medycznej, nie informatycznej;)

Pzdrw:)))

Poniżej log z hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 11:28:38, on 2009-08-08

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Opera\opera.exe

C:\Users\Admin\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM…\Run: [HWSetup] \HWSetup.exe hwSetUP

O4 - HKLM…\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [Camera Assistant Software] “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe”

O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM…\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min

O4 - HKLM…\Run: [net] “C:\Windows\system32\net.net

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU…\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red … &site=home (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: mpbook - {1D80410C-BBCF-4D08-AC3A-0BBAF4CE1D75} - c:\program files\interna\InternaHandler.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#2

:arrow: Daj log z OTL

#3

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

#4

oto Logi

dodam, że pod koniec działania ComboFix też się zaciął,

OTL.txt - http://www.wklejto.pl/40137

Extras.txt - http://www.wklejto.pl/40139

pzdrw:)

#5

Wklej w oknie Custom Scans/Fixes wklej :

Kliknij Run Fix.

Daj log z usuwania i nowy log z OTL

#6

No więc zniknęły wszystkie programu z menu: Start, wszystko z pulpitu, przeglądarke odpaliłem z Program files, ale pozostałych sie nie da:(((

nie mogę odpalić kilku ważnych programów, m.in. CorelX3

czy to tak ma być??? czy to okres przejściowy?

log z OTL: http://www.wklejto.pl/40144

Dodane 08.08.2009 (So) 14:16

zniknęło wszystko w panelu sterowania, wywala monit o oryginalności systemu - JAK to wszytko przywrócić???

Dodane 08.08.2009 (So) 15:38

przywracanie systemu tez nie działa, kopii zapasowej nie da sie otworzyć, wywala: katastrofalny błąd 0x8000FFFF

bardzo prosze o szybką pomoc

pzdrw