Wylancza mi sie komputer. Pomocy


(Thomas70) #1

Mam problem z komputerem. Wylancza mi sie sam w roznych momentach. a czasem wyskakuje ze jest problem z service.exe i wyskakuje okienko ze system zostanie wylaczony za 1 min i tez tak sie dzieje. Oto moj log z hijack.

Logfile of HijackThis v1.99.1

Scan saved at 14:25:41, on 2007-06-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Lexmark 3300 Series\lxccmon.exe

C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender9\vsserv.exe

C:\WINDOWS\system32\lxcccoms.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Paweł Skrobański\Pulpit\anty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [soft2] C:\WINDOWS\1401843.exe

O4 - HKLM…\Run: [dnse] “C:\Program Files\Common Files\DriveCleaner Free\dnse.exe” -c

O4 - HKLM…\Run: [dcsm] “C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe”

O4 - HKLM…\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM…\Run: [bDNewsAgent] “C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe”

O4 - HKLM…\Run: [bDSwitchAgent] “C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe”

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Error Safe] “C:\Program Files\Error Safe Free\ers.exe” /min

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O10 - Broken Internet access because of LSP provider ‘abcdefgh.dll’ missing

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Mam nadzieje ze ktos mi pomoze i wytlumaczy co i jak zrobic bo ja laik jesli chodzi o te sprawy. Wiec z gory dziekuje i czekam na szybka i w miare zrozumiala prze ze mnie odpowiedz


(JNJN) #2

Poczytaj tematy przyklejone w tym dziale i popraw posta,używaj polskich znaków.JNJN


(Gutek) #3

w trybie awaryjnym usuń wpisy HJT, a pliki i folder usuń ręcznie.

Użyj http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html

Daj log z Combofix

Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik abcdefgh.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish


(Thomas70) #4

To log z combo fix. Z gory dziekuje. Jak narazie wylanczyl mi sie tylko raz wiec chyba jeszcze cos jest nie tak.

ComboFix 07-06-11.3 - C:\Documents and Settings\Pawe Skrobaäski\Pulpit\ComboFix.exe

“Pawe Skrobaäski” - 2007-06-12 14:34:23 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))

2007-06-12 13:40 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-02 16:17 9,600 --a------ C:\WINDOWS\system32\drivers\NtApm.sys

2007-06-02 16:12

2007-05-29 17:36 134,260 --a------ C:\WINDOWS\system32\alt.exe

2007-05-25 15:38

2007-05-20 19:57

2007-05-20 19:56 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-05-14 18:30 169 --a------ C:\WINDOWS\system32\sams.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 12:32:26 -------- d-----w C:\DOCUME~1\PAWESK~1\DANEAP~1\Skype

2007-06-02 07:27:24 -------- d-----w C:\Program Files\Lx_cats

2007-05-24 18:59:19 -------- d-----w C:\Program Files\MGrenda

2007-05-24 15:47:20 143,624 ----a-w C:\WINDOWS\system32\abcdefgh.dll

2007-05-21 18:42:51 -------- d-----w C:\Program Files\eMule

2007-04-28 08:25:23 68,554 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-04-28 08:25:23 439,538 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-04-18 17:03:44 -------- d-----w C:\DOCUME~1\PAWESK~1\DANEAP~1\Google

2007-04-18 17:03:15 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-04-18 17:03:15 -------- d-----w C:\Program Files\Google

2007-04-18 17:02:52 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-03-31 13:40:40 43,668 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe

2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 16:06]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-07-31 12:45]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 11:12]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-11-27 17:38]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-01-27 14:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“appinit_dlls”=sockspy.dll

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-12 14:37:17

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

cmd.exe [4024]

scanning hidden autostart entries …

scanning hidden files …

**************************************************************************

Completion time: 2007-06-12 14:38:10

C:\ComboFix-quarantined-files.txt … 2007-06-12 14:37

— E O F —


(Gutek) #5

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\system32\abcdefgh.dll

C:\WINDOWS\system32\sams.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.