W ciągu ostatniego tygodnia 2 x miałem blue screena. W obu przypadkach sprawdziłem w menadżerze zdarzeń, ze jakiś remote access byl przyczyną tego.
W związku z tym podaję loga z combofixa:
"User" - 2007-09-05 11:32:43 Service Pack 2
ComboFix 07-05.13.2.V - Running from: "C:\Documents and Settings\User\My Documents\downloads\"
((((((((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 ))))))))))))))))))))))))))))))))))
2007-09-03 07:36
dodatkowo mam plik combofix-quarantined
tak ma sieciówkę i zauważyłem, że jak pokazał się ten blue screen to była tam informacja o błędzie z driverem właśnie dla sieciówki - dlaczego tak - nie wiem, po resecie znów działało.
użyłem SDFIX i to jest raport:
SDFix: Version 1.84
Run by Administrator - Wed 09/05/2007 - 16:30:43.45
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\hwftnai.exe - Deleted
C:\ibiocpq.exe - Deleted
C:\qbsoqyl.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\OMRON\\CX-Server\\CXSDI_PortMan.exe"="C:\\Program Files\\OMRON\\CX-Server\\CXSDI_PortMan.exe:*:Enabled:PortMan Module"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.703\\Ethernet_UDP.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.703\\Ethernet_UDP.exe:*:Enabled:Ethernet_UDP"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX46.813\\Ethernet_UDP.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX46.813\\Ethernet_UDP.exe:*:Enabled:Ethernet_UDP"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX50.250\\Ethernet_UDP.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX50.250\\Ethernet_UDP.exe:*:Enabled:Ethernet_UDP"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX45.4938\\Ethernet_UDP.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX45.4938\\Ethernet_UDP.exe:*:Enabled:Ethernet_UDP"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\Ethernet_UDP\\Ethernet_UDP.exe"="C:\\Program Files\\Ethernet_UDP\\Ethernet_UDP.exe:*:Enabled:Ethernet_UDP"
"C:\\Program Files\\KEPServerEx\\opcquickclient.exe"="C:\\Program Files\\KEPServerEx\\opcquickclient.exe:*:Enabled:OPC Quick Client"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\KEPServerEx\\ServerMain.exe"="C:\\Program Files\\KEPServerEx\\ServerMain.exe:*:Enabled:servermain.exe"
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="C:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"C:\\Program Files\\Multiway\\Multiway.exe"="C:\\Program Files\\Multiway\\Multiway.exe:*:Enabled:Multiway"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\PL7\PL7SYS\SERVERS\SERVER.DLL
C:\WINDOWS\system32\NTICDMK32.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\!KillBox\systk6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
Finished
Poźniej uruchomiłem catchme.exe i scan nic nie wykazał:
SDFix: Version 1.84
Run by User - 2007-09-05 - 20:19:11,53
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Checking For Files with Hidden Attributes:
C:\PL7\PL7SYS\SERVERS\SERVER.DLL
C:\WINDOWS\system32\NTICDMK32.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\!KillBox\systk6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
Finished
Pozdrawiam i dzięki - komp chodzi znacznie lepiej - internet również