Komputer zwolnil

Vojtoos · 26 Wrzesień 2007 04:12

Witam serdecznie.

Bardzo prosze o sprawdzenie mojego loga.

Ogolnie chodzi o to ze komputer zwolnil, tak jakby nagle zabraklo pamieci ram… moja toshibka zawsze dzialala bez problemu.

Mam nadzieje ze da sie to rozwiazac z wasza pomoca!

Z gory dzieki

voytooz

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:08 PM, on 9/26/2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Free Download Manager\fdm.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Free Download Manager\fum\fum.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.co.uk/8SEENGB020100/FRWCompleteAddIns R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzedziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files\Free Download Manager\fdm.exe” -autorun O4 - HKCU…\Run: [Free Upload Manager] “C:\Program Files\Free Download Manager\fum\fum.exe” -autorun O4 - HKCU…\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitLord\BitLord.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/eng/poker_2_0_0_49.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b56907.cab O17 - HKLM\System\CCS\Services\Tcpip…{B11066E6-8DAD-4923-99EF-C554E99E57A3}: NameServer = 202.102.134.68 202.102.128.68 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Harmonogram automatycznej us3ugi LiveUpdate (Harmonogram automatycznej usługi LiveUpdate) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Us3uga Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe – End of file - 11070 bytes

Bieniol · 26 Wrzesień 2007 05:14

Tutaj jest czysto.

Wrzuć jeszcze log z ComboFix

Vojtoos · 26 Wrzesień 2007 05:25

Stokrotne dzieki,

wklejam loga z combofix’a

ComboFix 07-09-21.2 - “Fil P” 2007-09-26 13:18:30.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.117 [GMT 8:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))) . 2007-09-26 13:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-26 11:59 2007-09-26 11:44 2007-09-26 03:04 4 --a------ C:\WINDOWS\system32\proc683804487.bin 2007-09-26 02:02 2007-09-21 19:52 2007-09-21 19:52 2007-09-21 19:51 2007-09-20 21:36 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-09-20 21:34 2007-09-20 21:34 2007-09-20 21:34 2007-09-20 21:28 2007-09-19 23:19 2007-09-19 23:19 2007-09-17 23:11 2007-09-15 19:53 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-09-15 19:53 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-09-15 19:53 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-09-15 19:53 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-09-15 19:53 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-09-15 19:53 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-15 19:53 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-15 19:53 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-09-15 19:53 2007-09-15 19:53 2007-09-15 19:48 2007-09-14 21:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-09-14 21:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-09-14 21:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-09-14 21:30 2007-09-13 15:48 2007-09-12 21:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-09-12 21:59 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-09-12 21:19 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-09-12 21:19 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-09-12 21:19 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-09-12 21:19 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-09-12 21:19 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-09-12 21:19 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-09-12 21:19 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-09-12 21:19 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-09-12 21:19 2007-09-12 02:50 2007-09-11 23:47 2007-09-11 23:25 2007-09-11 23:16 2007-09-11 23:16 2007-09-11 23:04 98,304 -----c— C:\WINDOWS\system32\dllcache\nlhtml.dll 2007-09-11 23:04 29,696 -----c— C:\WINDOWS\system32\dllcache\mimefilt.dll 2007-09-11 23:04 192,000 -----c— C:\WINDOWS\system32\dllcache\offfilt.dll 2007-09-11 22:57 2007-09-11 22:57 2007-09-11 22:46 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe 2007-09-11 22:46 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll 2007-09-11 22:46 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-09-11 22:46 2007-09-11 22:45 2007-09-11 22:19 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-11 22:17 2007-09-11 22:06 2007-09-11 22:04 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-09-11 22:01 2007-09-11 21:58 202,240 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys 2007-09-11 21:56 2007-09-11 21:54 2007-09-11 21:54 2007-09-11 21:53 2007-09-11 21:53 2007-09-11 21:52 2007-09-11 21:52 2007-09-11 21:51 2007-09-11 21:51 2007-09-11 21:47 2007-09-11 21:46 2007-09-11 21:29 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-11 21:10 2007-09-11 21:05 69,120 -----c— C:\WINDOWS\system32\dllcache\ciodm.dll 2007-09-11 21:05 1,439,744 -----c— C:\WINDOWS\system32\dllcache\query.dll 2007-09-11 21:05 1,013,248 -----c— C:\WINDOWS\system32\dllcache\kernel32.dll 2007-09-11 20:53 2007-09-11 20:52 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-09-11 20:41 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-11 20:38 458,752 --a------ C:\WINDOWS\system32\w29NCPA.dll 2007-09-11 20:38 3,222,784 --a------ C:\WINDOWS\system32\drivers\w29n51.sys 2007-09-11 20:38 1,654,784 --a------ C:\WINDOWS\system32\W29MLRES.DLL 2007-09-11 20:33 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-09-11 20:33 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-26 13:04 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 21:11 --------- d-------- C:\Program Files\Symantec 2007-09-11 20:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec 2007-09-11 20:40 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite L20_03209000-PL_PSL20E-00C00.MRK 2007-08-16 16:17 51568 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-26 14:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-06-08 17:02] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-06-08 16:59] “Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2005-06-08 17:03] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 20:44] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 20:43] “Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 20:25] “PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2004-11-17 16:56] “NDSTray.exe”=“NDSTray.exe” [] “SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [] “dla”=“C:\WINDOWS\system32\dla\tfswctrl.exe” [2005-05-31 11:33] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-02-06 17:41] “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2007-09-11 21:10] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “CFSServ.exe”=“CFSServ.exe” [] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-09-14 10:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 18:00] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 18:04] “Free Download Manager”=“C:\Program Files\Free Download Manager\fdm.exe” [2007-09-09 22:36] “Free Upload Manager”=“C:\Program Files\Free Download Manager\fum\fum.exe” [2007-07-29 20:13] “Free Uploader Oe Integration”=“C:\Program Files\Free Download Manager\FUM\fumoei.exe” [2007-06-10 19:02] “MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.exe” [2007-08-16 16:19] “BitComet”=“C:\Program Files\BitLord\BitLord.exe” [] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 20:44:06] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] Auto\command- fun.xls.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2125b121-606c-11dc-96f0-0016362ae0f4}] Auto\command- E:\fun.xls.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2125b122-606c-11dc-96f0-0016362ae0f4}] Auto\command- F:\fun.xls.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-09-19 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe “2007-09-21 12:16:02 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Fil P.job” - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-26 13:21:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e] “ImagePath”="“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc] “ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ] “ServiceDll”="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] “ImagePath”=“system32\DRIVERS\hidusb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSFHWICH] “ImagePath”=“system32\DRIVERS\HSFHWICH.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSF_DPV] “ImagePath”=“system32\DRIVERS\HSF_DPV.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] “ImagePath”=“System32\Drivers\HTTP.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter] “ServiceDll”="%SystemRoot%\System32\w3ssl.dll" . Completion time: 2007-09-26 13:22:15 C:\ComboFix-quarantined-files.txt … 2007-09-26 13:22 . — E O F —

Frefol · 26 Wrzesień 2007 05:26

Usuń:

I daj loga z ComboFixa(temat przyklejony)

jessica · 26 Wrzesień 2007 07:57

Oprócz tego, co zalecił @Frefol :

Po restarcie klucz się odrodzi, ale będzie już czysty.

Potem wyszukaj na wszystkich dyskach, także przenośnych (“C:”, “E:”, “F:”), pliki " fun.xls.exe" i usuń je.

jessi