jest takie coś :
właczam kompa,wszystko chodzi..ale co 5min koomputer sie zawiesza na 2-3minuty,monitor robi sie czary tak jakby był wyłaczony a komputer chodzi..potem znowu wsszzystko wraca do normy ale nie na długo,max 15min..a co którys raz jest tak,że ko0mputer sam sie wyłacza ;( najczesciej dzieje się to w grze jak gram na przez interent ;// gra to Counter-Strike 1.5..co sie dzieje? czy to wina tego zasilacza co ma napiecie złe ?
log z hijack jeszcze raz daje i do tego z combofixa :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:55, on 2007-11-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dom\Moje dokumenty\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livescore.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mks.com.pl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139655056968
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.146.224.245:85/activex/AxisCamControl.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG7\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
--
End of file - 5780 bytes
[ Dodano: Dzisiaj o 0:56 ] po ComboFix wyskoczył jakiś bład WINDOWSA czy czegos na srodku ekranu ;//
- Kod: Zaznacz wszystko
ComboFix 07-11-08.1 - Dom 2007-11-17 0:52:55.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.294 [GMT 1:00]
Running from: C:\Documents and Settings\Dom\Moje dokumenty\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.
2007-11-13 11:15 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-11-13 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-11-09 20:21 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Uniblue
2007-11-02 01:52 <DIR> d-------- C:\Program Files\Yeosoft
2007-10-31 01:14 1,277 --a------ C:\WINDOWS\mozver.dat
2007-10-30 22:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-30 21:21 <DIR> d-------- C:\Deckard
2007-10-30 21:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-29 21:30 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Grisoft
2007-10-29 21:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-21 09:24 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Ashampoo Photo Commander 5
2007-10-21 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2007-10-21 09:07 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-21 09:07 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\ACD Systems
2007-10-21 09:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-18 17:40 <DIR> d-------- C:\Program Files\InterMute
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 23:20 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-16 23:09 --------- d-----w C:\Program Files\HLSW
2007-11-16 15:06 --------- d-----w C:\Program Files\ArcaMicroScan
2007-11-16 14:47 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:15 --------- d-----w C:\Program Files\Winamp
2007-11-11 19:20 --------- d-----w C:\Program Files\SpeedFan
2007-11-09 00:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:02 --------- d-----w C:\Program Files\SkanerOnline
2007-10-30 11:08 --------- d-----w C:\Program Files\Gadu-Gadu
2007-10-29 20:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-29 20:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-10-29 17:16 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-27 13:11 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\teamspeak2
2007-09-05 17:36 1,159,168 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2007-08-31 15:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-03-13 15:59 3,995,195 ----a-w C:\Program Files\gg76.exe
2006-02-16 11:55 18,341,074 ----a-w C:\Program Files\klcodec284f.exe
2006-02-11 13:38 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2006-02-10 15:10 7,799,000 ----a-w C:\Program Files\kerio.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-08_ 1.05.58.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-01-28 11:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2004-08-11 00:45:04 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2005-01-28 11:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2004-08-11 00:45:04 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2005-01-28 11:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2004-08-11 00:45:06 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2005-01-28 11:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2004-08-11 00:45:06 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2005-01-28 11:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-11 00:45:06 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2005-01-28 11:44:28 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2004-08-11 00:45:04 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
- 2005-01-28 11:44:28 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2004-08-11 00:45:04 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 11:44:28 413,944 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2004-08-11 00:45:06 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
- 2005-01-28 11:44:28 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2004-08-11 00:45:06 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 11:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2004-08-11 00:45:04 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2005-01-28 11:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2004-08-11 00:45:04 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 11:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2004-08-11 00:45:06 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
- 2005-01-28 11:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2004-08-11 00:45:06 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
- 2005-01-28 11:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2004-08-11 00:45:06 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 28,672 2004-09-29 09:37:26 C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe
----a-w 28,672 2004-09-29 08:37:26 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
----a-w 171,448 2006-03-01 16:57:56 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 C:\WINDOWS\SOUNDMAN.EXE]
"SpeedTouch USB Diagnostics"="C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 09:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-07-03 00:37]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 09:37:26]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-10 12:55:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2004-10-01 19:34 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 16:25:43 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 00:56:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 0:58:07
.
--- E O F ---
