coockie
(Coockie3)
30 Styczeń 2008 17:21
#1
Witam mam taki oto problem ze co jakis czas komputer sie zawiesza (po chwili odwiesza), restartuje sie albo sam przełącza użytkowników mam zainstalowanego noda i spybota ale nic nie wykrywaja. Wklejam Logi z Hijacka i z Combofixa proszę o pomoc. ;]
Hijack:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:02, on 2008-01-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – End of file - 4054 bytes
Combofix:
ComboFix 07-08-09.3 - “coockie” 2008-01-30 18:16:58.6 - NTFSx86 BĄd CScript: Nie moľna znale«† aparatu skrypt˘w “VBScript” dla skryptu “C:\ComboFix\osid.vbs”. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\winlog.exe ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) 2008-01-29 10:38 2008-01-25 13:06 2008-01-20 15:59 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-20 15:59 2008-01-20 15:48 2008-01-20 15:48 2008-01-20 09:35 2008-01-02 11:22 2008-01-02 01:31 2008-01-01 19:29 2008-01-01 19:28 2008-01-01 19:28 2007-12-30 14:48 2007-12-30 14:45 2007-12-30 14:45 2007-12-04 22:10 2007-12-03 23:11 2007-12-02 21:59 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-12-02 21:59 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-12-02 21:59 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-12-02 21:59 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-12-02 21:59 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-12-02 21:59 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-02 21:59 2007-12-02 21:59 2007-12-02 21:59 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-01-29 10:58 3484 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-16 22:19 --------- d-------- C:\DOCUME~1\coockie\DANEAP~1\teamspeak2 2008-01-10 07:45 --------- d-------- C:\DOCUME~1\coockie\DANEAP~1\Tlen.pl 2008-01-02 01:31 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-12-29 18:08 --------- d-------- C:\Program Files\Ventrilo 2007-12-21 22:32 --------- d-------- C:\DOCUME~1\coockie\DANEAP~1\foobar2000 2007-12-02 22:47 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-12-02 22:06 --------- d-------- C:\Program Files\Messenger 2007-11-29 16:28 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-23 15:45 575 --a------ C:\WINDOWS\eReg.dat 2007-11-05 22:36 298104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-05 21:57 50706 --a------ C:\WINDOWS\system32\perfc015.dat 2007-11-05 21:57 358102 --a------ C:\WINDOWS\system32\perfh015.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-05 22:36] “SoundMan”=“SOUNDMAN.EXE” [2003-10-08 10:41 C:\WINDOWS\SOUNDMAN.EXE] “UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” [] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-10-29 16:50] “nwiz”=“nwiz.exe” [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-10-29 16:50] “WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2006-12-26 08:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2005-05-31 00:04] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “MSPCLOCK”=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 18:18:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-01-30 18:18:49 C:\ComboFix-quarantined-files.txt … 2008-01-30 18:18 — E O F —
Leon1
(Leon$)
30 Styczeń 2008 17:54
#2
wpisy
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{5 3172480-4791-11D0-A5D6-28DB04C10000}
usuń HijackThisem >> Fix checked
To nie wina wirusów raczej sprzętu lub sterowników
skorzystaj z tego Debugger Windows - lekarstwo na blue screen i resety http://forum.purepc.pl/index.php?showtopic=104416
Gutek
(Gutek)
30 Styczeń 2008 18:16
#3
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350
Pozdrawiam Gutek2222