W7 32b - samoistne zamknięcia systemu


(Viper1988) #1

Witam.

Od jakiegoś czasu mam dosyć irytujący problem.

Po formacie i zainstalowaniu świeżego systemu jakieś 2 tyg temu, pojawił się problem.

Co jakiś czas samoistnie zamyka się system. I nie to że komputer traci drastycznie zasilanie. 

Po prostu czy gram, czy grzebiąc w necie, nagle pojawia się "Zamykanie systemu windows", wylogowywanie i komp się wyłącza.

Próbowałem wyłączyć WiFi żeby wyeliminować atak na kompa, ale nic to nie daje. Jakieś pomysły?

 

P.S - jeżeli to pomoże to mogę nagrać z tego filmik.


(system) #2

Nie zrobił Ci ktoś czasem kawału z shutdown ?

 

Sprawdz w autostart, rejestrze czy czasem nie masz takiego lub podobnego zapisu

shutdown -t 300 -s -f -c "Tu dowolny komunikat"

Spróbuj określić czas od uruchomienia komputera do momentu samoistnego wyłączenie, czy jest prawie zawsze taki sam ?

 

Jeśli tak to na przed spodziewanym wyłączeniem z konsoli wpisz:

shutdown -a

Kiedyś to był stary kawał. Ale może to być to samo.

 

Tu jest pełny opis składni, duże pole do popisu aby doprowadzić np księgowego do nerwicy :stuck_out_tongue:

http://technet.microsoft.com/en-us/library/c432f5cf-c5aa-4665-83af-0ec52c87112e

 

Najczęściej takie coś przybiera formę nazwa.bat umieszczony w autostart, może być w zaplanowanych zadaniach czy poprostu odpala się z rejestru jak wiele innych programów.

 

 

Bo jakos nie widzę jaka mogła by być przycznyna techniczna aby tak się działo, że następuje poprostu zamknięcie. Chyba, że wirus kawalarz.


(Azi) #3

Sasser tak robił - stary wirusek ale jak widać dalej krąży.

http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html - powinno wystarczyć, zainstaluj, pobierz sygnatury (jeśli zdążysz, jak nie - tryb awaryjny) - podaj wyniki.

 

Albo w sumie prościej: http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1706-99

"Download Removal Tool"


(system) #4

O ile pamiętam to była automatyczna łata w już w XP która zapobiegała temu. Wirus był ale nie mógł nic zrobić.


(Viper1988) #5

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-11-27
Scan Time: 00:54:19
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.26.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Kris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279223
Time Elapsed: 8 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 7
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1828, , [bba40d33e696f145d4af61d36d95d030]
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\updateSourceApp.exe, 1992, , [d986ab953a42a6908bb2b430e120a759]
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\utilSourceApp.exe, 2184, , [57080e32f587d660d964f0f41fe244bc]
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe, 4180, , [fe6182becab25dd90cd502df0ff29769]
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BOASHelper.exe, 3512, , [adb28bb5f28a2d093bea9f9d39cacb35]
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BrowserAdapter.exe, 2596, , [adb28bb5f28a2d093bea9f9d39cacb35]
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.PurBrowse.exe, 1292, , [adb28bb5f28a2d093bea9f9d39cacb35]
 
Modules: 1
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\{ace2b20f-b3b3-47fb-a927-66e97533cf14}.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
 
Registry Keys: 24
PUP.Optional.SourceApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SourceApp, , [d986ab953a42a6908bb2b430e120a759], 
PUP.Optional.SourceApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util SourceApp, , [57080e32f587d660d964f0f41fe244bc], 
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc4.00.5030318, , [fe6182becab25dd90cd502df0ff29769], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\CLSID\{9f7ab9c4-4da3-440e-ba84-95903165f129}, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7e25cc08-8611-435a-bed7-60dd82b4fde5}, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9F7AB9C4-4DA3-440E-BA84-95903165F129}, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\CLSID\{9F7AB9C4-4DA3-440E-BA84-95903165F129}\INPROCSERVER32, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [540b79c7e59756e04d408a70bd45ee12], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{60795004-05ce-4992-8494-ff332d4bc1e6}Gw, , [cf907ac695e712243770c390f01339c7], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw, , [67f8a99779032f0792152d2649ba45bb], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{ace2b20f-b3b3-47fb-a927-66e97533cf14}Gw, , [97c875cb621ac5714463242f42c12bd5], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw, , [500fab9591ebb383990e65ee9e65c23e], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{ace2b20f-b3b3-47fb-a927-66e97533cf14}w, , [eb74e35d304ca492707601b1b153a759], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\SourceApp, , [352a75cbe597c472d8c1b308a46015eb], 
PUP.Optional.AppEnable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update AppEnable, , [75ead66a1b6142f47ab25a611ee6758b], 
PUP.Optional.SourceApp.A, HKU\S-1-5-21-3602045241-2896561444-1641725993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SourceApp, , [243b073976069b9b1a8082397c8846ba], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3602045241-2896561444-1641725993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [69f6f14fd2aaa09671920677e41fe41c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3602045241-2896561444-1641725993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [76e9320ef785ec4a91a4d2c1cb392ad6], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SourceApp, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [adb28bb5f28a2d093bea9f9d39cacb35], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3602045241-2896561444-1641725993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, , [76e9320ef785ec4a91a4d2c1cb392ad6]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.AppEnable.A, C:\Program Files\AppEnable, , [4d1254ec6e0e1d197f2935060df6e719], 
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009, , [e17e85bbed8ffe389b103407ba493dc3], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\TEMP, , [adb28bb5f28a2d093bea9f9d39cacb35], 
 
Files: 58
RiskWare.Tool.CK, C:\Windows\KMService.exe, , [bba40d33e696f145d4af61d36d95d030], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\updateSourceApp.exe, , [d986ab953a42a6908bb2b430e120a759], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\utilSourceApp.exe, , [57080e32f587d660d964f0f41fe244bc], 
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe, , [fe6182becab25dd90cd502df0ff29769], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\SourceAppbho.dll, , [65fa231dabd1191d6ece21c3867bed13], 
PUP.Optional.InstallCore, C:\Users\Kris\Desktop\SpeedFan(13166)-dp (1).exe, , [233c3808b4c893a3b7d835b618e9966a], 
PUP.Optional.BPlug, C:\Users\Kris\AppData\Local\Temp\784A.tmp, , [b3ac360aff7d38fe68273293d829f808], 
PUP.Optional.Somoto.A, C:\Users\Kris\AppData\Local\Temp\nsgF6C0.tmp, , [2639b38db0ccd462151827424ab7aa56], 
PUP.Optional.Somoto, C:\Users\Kris\AppData\Local\Temp\bitool.dll, , [382748f8fd7f1521038dff8c8d758c74], 
PUP.Optional.AstroNet, C:\Users\Kris\AppData\Local\Temp\ICReinstall_x86[1].exe, , [c699a39d007c8ea81bcde46465a08080], 
Trojan.Dropped, C:\Windows\Temp\km$\hidcon.exe, , [90cf43fdc3b93bfb951c3ec6837fee12], 
RiskWare.Tool.CK, C:\Windows\Temp\km$\KMService.exe, , [8dd292aecab285b1e0a3d95b44be2ad6], 
Hacktool.ChewWGA, C:\Users\Kris\Downloads\CW (1).eXe, , [c09f50f0a4d8989e463a77ef25dbf60a], 
Hacktool.ChewWGA, C:\Users\Kris\Downloads\CW.eXe, , [aeb194ac205c84b27a065610cc346b95], 
PUP.Optional.OpenCandy, C:\Users\Kris\Downloads\DTLite4491-0356.exe, , [e77858e8e8944ee886c7cdb04db839c7], 
PUP.Optional.AstroNet, C:\Users\Kris\Downloads\Opera(12614)-dp.exe, , [362981bf6715072f0fd94cfc56af39c7], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{60795004-05ce-4992-8494-ff332d4bc1e6}Gw.sys, , [cf907ac695e712243770c390f01339c7], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}Gw.sys, , [67f8a99779032f0792152d2649ba45bb], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{ace2b20f-b3b3-47fb-a927-66e97533cf14}Gw.sys, , [97c875cb621ac5714463242f42c12bd5], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw.sys, , [500fab9591ebb383990e65ee9e65c23e], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{ace2b20f-b3b3-47fb-a927-66e97533cf14}w.sys, , [eb74e35d304ca492707601b1b153a759], 
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak, , [e17e85bbed8ffe389b103407ba493dc3], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\0, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\cbhpcldfkfngnofgkbglpfapcbapknme.crx, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\SourceApp.ico, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\SourceAppUninstall.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\updateSourceApp.InstallState, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\610d5cbcee0149d295d8.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\610d5cbcee0149d295d864.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\7za.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\ace2b20fb3b347fba927.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\ace2b20fb3b347fba92764.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\BrowserAdapter.7z, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BOAS.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BOAS.zip, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BOASHelper.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BOASPRT.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BrowserAdapter.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.BrowserAdapter64.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.PurBrowse.exe, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.PurBrowse.zip, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\SourceApp.PurBrowseG.zip, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\sqlite3.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\utilSourceApp.InstallState, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\{610d5cbc-ee01-49d2-95d8-9ea07b8aca33}64.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\{ace2b20f-b3b3-47fb-a927-66e97533cf14}.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\{ace2b20f-b3b3-47fb-a927-66e97533cf14}64.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.BOAS.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.Bromon.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.BroStats.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.BrowserAdapter.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.CompatibilityChecker.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.FFUpdate.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.GCUpdate.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.IEUpdate.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.PurBrowse.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
PUP.Optional.SourceApp.A, C:\Program Files\SourceApp\bin\plugins\SourceApp.PurBrowseG.dll, , [adb28bb5f28a2d093bea9f9d39cacb35], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Trochę jednak tego napchało. Dałem wszystko w kwarantannę.

Jak na razie zaobserwowałem że pierwszy raz wyłączył się o 22:50 a drugi ok 00:50 więc mniej więcej 2h.