Problem przy starcie systemu - log

ewlinna · 28 Lipiec 2007 18:02

Włączając komputer w pewnym momencie wszystko sie zatrzymuje a na ekranie widać tylko różne napisany( czy jak to nazwać. Nie znam się za bardzo an tych rzeczach). Trzeba wtedy poczekać około 5 minut i wszystko rusza dalej jak gdyby nigdy nic.

Po drugie komputer często mi bardzo muli, to samo internet (ale to jest prawdopodobnie spowodowane uTorrentem). Bardzo często także antywirus (panda) wykrywa mi trojany. Wcześniej miałam avasta (dziennie nieraz ok. 40 komunikatów o wykryciu trojana), oraz Kaspersky’ego i było to samo.

Ogólnie mam wrażenie, że z moim komputerem jest coś nie tak.

Oto log:

Logfile of HijackThis v1.99.1 Scan saved at 19:51:24, on 2007-07-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe D:\programy\Gadu-Gadu\gg.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Software\Panda Antivirus 2007\avciman.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimreal.exe C:\Documents and Settings\ewelina\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\programy\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\programy\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM…\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE” /s O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [Gadu-Gadu] “D:\programy\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{D251D303-2318-4338-887F-4B721CE0117A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Start BT in service - Unknown owner - D:\programy\bluesoleil\StartSkysolSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

jessica · 28 Lipiec 2007 18:48

Ten w/w wpis sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz go>> Fix checked.

Plik powinien usunąć samoczynnie ComboFix --> http://forum.dobreprogramy.pl/viewtopic.php?t=36654 (na dole strony z linku).

.Oczywiście daj potem z ComboFixa log (wklej na http://wklej.org/.

.

ewlinna · 28 Lipiec 2007 21:13

“ewelina” - 2007-07-28 22:43:49 [GMT 2:00] - ComboFix 07-07-24 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system\smss.exe ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 ))))))))))))))))))))))))))))))) 2007-07-28 17:39 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll 2007-07-28 17:09 2007-07-26 20:18 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-07-26 20:18 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-07-26 20:18 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-07-26 20:18 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-07-26 20:18 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-07-26 20:17 2007-07-26 20:17 2007-07-26 20:17 2007-07-26 16:43 2007-07-26 16:13 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-26 16:13 2007-07-26 15:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-07-26 15:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-07-26 15:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-07-26 15:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-07-26 15:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-07-26 15:21 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-07-26 15:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-07-26 15:19 2007-07-25 18:13 2007-07-25 17:45 1,078,601 --a------ C:\WINDOWS\screen saver mp3 01.scr 2007-07-25 17:40 2007-07-25 17:38 2007-07-24 11:20 817,664 —h----- C:\WINDOWS\system32\wodfamoh.dll 2007-07-23 18:05 2007-07-23 17:55 2007-07-23 17:04 2007-07-23 11:10 2007-07-23 10:27 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-22 12:13 71,680 --------- C:\WINDOWS\system32\drivers\PAVDRV51.SYS 2007-07-22 12:13 45,056 --a------ C:\WINDOWS\system32\avldr.dll 2007-07-22 12:13 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2007-07-22 12:13 2007-07-22 12:13 2007-07-22 12:02 2007-07-21 12:42 2007-07-07 19:21 2007-07-07 19:21 2007-07-07 10:42 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-28 14:08:39 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-26 18:17:55 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-07-22 10:16:30 68,554 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-22 10:16:30 439,538 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-19 21:14:19 -------- d-----w C:\DOCUME~1\ewelina\DANEAP~1\Skype 2007-07-07 08:21:31 283 ----a-w C:\WINDOWS\comm.bin 2007-07-07 06:34:33 -------- d-----w C:\Program Files\Lx_cats 2007-06-20 20:53:36 77,824 ----a-w C:\WINDOWS\insmall.dll 2007-06-19 11:16:25 257 ----a-w C:\WINDOWS\msdres.bin 2007-06-08 18:01:28 -------- d-----w C:\Program Files\MSXML 4.0 2007-06-08 15:49:20 -------- d-----w C:\Program Files\Bonjour 2007-06-08 14:54:36 -------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-06-08 09:18:04 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-08 09:12:45 85 ----a-w C:\AUTOEXEC.BAT 2007-06-07 21:23:43 -------- d-----w C:\DOCUME~1\ewelina\DANEAP~1\Sony Setup 2007-06-05 14:29:11 -------- d-----w C:\Program Files\TGTSoft 2007-05-31 13:59:12 287 ----a-w C:\WINDOWS\PowerReg.dat 2007-05-31 13:58:16 -------- d-----w C:\Program Files\Common Files\Vbox 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-03-03 12:00] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe” [2007-01-25 18:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 20:31] “Gadu-Gadu”=“D:\programy\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll R0 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\Drivers\vbtenum.sys R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys R1 PCLEPCI;PCLEPCI;??\C:\WINDOWS\system32\drivers\pclepci.sys R1 StyleXPHelper;StyleXPHelper;??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe R2 pavdrv;Panda Antivirus Filter Driver for x86;??\C:\WINDOWS\system32\Drivers\pavdrv51.sys R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 Start BT in service;Start BT in service;D:\programy\bluesoleil\StartSkysolSvc.exe S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b86bcd4-d13b-11da-a671-ad7e452717fb}] AutoRun\command- H:\autorun\autorun.exe Contents of the ‘Scheduled Tasks’ folder 2007-07-26 04:14:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-28 22:46:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-28 22:48:01 C:\ComboFix-quarantined-files.txt … 2007-07-28 22:47 — E O F —

jessica · 28 Lipiec 2007 22:27

Sprawdź ten plik:

najedź myszką na jego ikonkę i zobacz, co tam pisze, jaka Firma, itp.

Ewentualnie możesz też sprawdzić na http://virusscan.jotti.org/

Opis, jak korzystać z JOTTI --> http://otfans.pl/forums/showthread.php?tid=552

albo na http://www.virustotal.com/en/indexf.html

(korzysta się podobnie jak z JOTTI).

.

ewlinna · 29 Lipiec 2007 09:45

Nie wiem czy dobrze to zrobiłam, ale prosze:

opis: Small install/uninstall

Firma: Softwhile

Wersja pliku: 1.0.1.6

Data utworzenia: 2007-06-20 22:53

Rozmiar: 76.0 kb

ze strony http://www.virustotal.com/en/indexf.html (skanery niczego nie wykryły)

Dodatkowe informacje

File size: 77824 bytes

MD5: 569b354cfa66e4d1bb5ade67dc1308da

SHA1: f4ae1c120dddac78820458f3a62b829be1407456

jessica · 29 Lipiec 2007 09:59

Jeśli skanery nic nie wykryły, to uznajemy, że wszystko jest OK, bo ja tu nic więcej podejrzanego nie widzę.

.