Problem s USB, Hijack

majso · Napísal **majso**: 29.04.2008 21:30

Hay mam problem s tym, ze ked strcim usb pc zmrzne

, plis ceknite Hijack log

Kód:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:51, on 29. 4. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
D:\majso\mIRC v6.15 sk\mirc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
D:\majso\Qip\qip.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=043008 serial=DR11CEZ-0626067-NDX
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] D:\majso\Qip\qip.exe
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Psi.lnk = C:\Program Files\Psi\psi.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\katka\Dokumenty\w32q\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - .DEFAULT Startup: Psi.lnk = C:\Program Files\Psi\psi.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\katka\Dokumenty\w32q\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F09428A-CF8F-434C-B8E4-57A14F0DA5A1}: NameServer = 85.237.0.65 85.237.1.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F09428A-CF8F-434C-B8E4-57A14F0DA5A1}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

--
End of file - 6387 bytes

br4n0 · Napísal **br4n0**: 03.05.2008 21:36

Zapni zobrazenie skrytých súborov, pozri sa, či je na tom kľúči autorun.inf, prípadne podozrivé exe súbory a pošli combofix log.

majso · Napísal autor témy **majso**: 16.05.2008 16:19

ak strcim do pc hocjaky USB kluc, pripadne iPod pc okamzite zmrzne..

Dzimbo · Napísal **Dzimbo**: 18.05.2008 22:04

ked vytiahnes tak ide v poho? ci trea reset?

majso · Napísal autor témy **majso**: 19.05.2008 8:48

Dzimbo píše:

ked vytiahnes tak ide v poho? ci trea reset?

Treba reset.

Dzimbo · Napísal **Dzimbo**: 20.05.2008 19:51

vyskusaj ho este na inom compe ze ako ide tam..

OmeGa · Napísal **OmeGa**: 21.05.2008 16:47

stlac lavy shift a pripoj usb. to zakaze autorun, a pc by nemalo zmrznut. potom usb otvarat pravym klikom. nie dvojklikom (inak aktivujes autorun)

majso · Napísal autor témy **majso**: 22.05.2008 10:57

OmeGa píše:

stlac lavy shift a pripoj usb. to zakaze autorun, a pc by nemalo zmrznut. potom usb otvarat pravym klikom. nie dvojklikom (inak aktivujes autorun)

no nepomohlo.. skusal som takto iPod aj kluc a nic..pocitac zmrzne a pomoze len tvrdy restart,
btw. zistil som, ze ak pripojim digitalny fotoaparat vsetko funguje ako ma.. zaujimave

majso · Napísal autor témy **majso**: 25.05.2008 21:39

Takze uz ziadna ina moznost, len reinstall?

OmeGa · Napísal **OmeGa**: 25.05.2008 22:20

mas autorun virus, treba ho odstranit, a reinstall ti nepomoze. pripojis usb, a uz mas virus. proste musis odstranit autorun virus. sprav co ti poradil br4no..

majso · Napísal autor témy **majso**: 26.05.2008 7:54

OmeGa píše:

mas autorun virus, treba ho odstranit, a reinstall ti nepomoze. pripojis usb, a uz mas virus. proste musis odstranit autorun virus. sprav co ti poradil br4no..

skusim sformatnut cely iPod, ze co to spravi.. ale nepredpokladm ze to je autorun virus, pretoze ten iPodide na inom pc uplne v pohode aj ostatne kluce..

Qpkqkma · Napísal **Qpkqkma**: 26.05.2008 15:08

Ako sa nato divam vsetko ej Ok, len su tu nejake divne halze, pokial tieto ipcky poznas, napis:

O17-HKLM\System\CS1\Services\Tcpip\..\{6F09428A-CF8F-434C-B8E4-57A14F0DA5A1}: NameServer = 85.237.0.65 85.237.1.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F09428A-CF8F-434C-B8E4-57A14F0DA5A1}: NameServer = 85.237.0.65 85.237.1.66

O4 - .DEFAULT Startup: Psi.lnk = C:\Program Files\Psi\psi.exe (User 'Default user')

O4 - S-1-5-18 Startup: Psi.lnk = C:\Program Files\Psi\psi.exe (User 'SYSTEM')

psi.exe vies o tom?

majso · Napísal autor témy **majso**: 26.05.2008 19:51

PSI je IM klient, pouziva ho sestra..

tie ip neviem co to je zac.. su podobne ako tie co mi hadze DHCP

a zistil som dalsiu haluz, ak som skusal strcit kluc a tak zapnut PC..tak PC ani nenabootuje sekne sa v bootovacom procese..

br4n0 · Napísal **br4n0**: 27.05.2008 17:56

Tak softvér možeme definitívne vylúčiť. Nerozoberal si comp a nezapájal znovu USB? Robí to na všetkých USB?

majso · Napísal autor témy **majso**: 27.05.2008 22:18

br4n0 píše:

Tak softvér možeme definitívne vylúčiť. Nerozoberal si comp a nezapájal znovu USB? Robí to na všetkých USB?

Na live CD linuxu mi bezi USB bez problemov, cize hw mozme vylucit..

a ano skusal som aj ine kluce, detto

Problem s USB, Hijack

Podobné témy