Problem z laptopem proszę o pomoc


(Iga 37) #1

Mam problem ze swoim laptopem. Przy włączeniu wyskakuje błąd z windows explorer. Do tego co ok 30 sekund pojawia się niebieski ekran i wyskakuje okienko:

ustawienia spersonalizowane

c:recycles...

do tego laptop chodzi wolno i czasem się nie wyłącza

podaje log z hijackthis i proszę o pomoc:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09:56, on 2008-04-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\P4P\P4P.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\acovcnt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - ‹EF99BD32-C1FB-11D2-892F-0090271D4F88› - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - ‹02478D38-C3F9-4EFB-9B51-7695ECA05670› - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - ‹06849E9F-C8D7-4D59-B87D-784B7D6BE0B3› - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - ‹1E8A6170-7264-4D0F-BEAE-D42A53123C75› - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - ‹22BF413B-C6D2-4d91-82A9-A0F997BA588C› - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - ‹53707962-6F74-2D53-2644-206D7942484F› - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - ‹761497BB-D6F0-462C-B6EB-D4DAF1D92D43› - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - ‹90222687-F593-4738-B738-FBEE9C7B26DF› - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Yahoo! Toolbar - ‹EF99BD32-C1FB-11D2-892F-0090271D4F88› - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM..\Run: [pdfFactory Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\‹B8E1DD85-8582-4c61-B58F-2F227FCA9A08›\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\‹B8E1DD85-8582-4c61-B58F-2F227FCA9A08›\AlertEng.dll"

O4 - HKCU..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O9 - Extra button: (no name) - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - ‹77BF5300-1474-4EC7-9980-D32B190E9B07› - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - ‹DFB852A3-47F8-48C4-A200-58CAB36FD2A2› - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - ‹DFB852A3-47F8-48C4-A200-58CAB36FD2A2› - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - ‹e2e2dd38-d088-4134-82b7-f2ba38496583› - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: ‹0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75› (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: ‹644E432F-49D3-41A1-8DD5-E099162EEEC5› (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: ‹6E32070A-766D-4EE6-879C-DC1FA91D2FC3› (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6917913609

O16 - DPF: ‹9A9307A0-7DA4-4DAF-B042-5009F29E09E1› (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O16 - DPF: ‹BDBDE413-7B1C-4C68-A8FF-C5B2B4090876› (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: skype4com - ‹FFC8B962-9B40-4DFF-9458-1830C7DD7F5D› - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\‹B8E1DD85-8582-4c61-B58F-2F227FCA9A08›\PIFSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 13172 bytes


(huber2t) #2

W logu syfu nie widać

Pokaż log z Combofix


(Iga 37) #3

ComboFix 08-04-24.1 - Jarosław Miszczak 2008-04-26 19:13:03.1 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1402 [GMT 2:00]

Running from: C:\Documents and Settings\Jarosław Miszczak\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\p4p

C:\Program Files\p4p\Bookmark.ini

C:\Program Files\p4p\P4P.exe

C:\Program Files\p4p\RING.WAV

.

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))

.

2008-04-26 19:02 . 2008-04-26 19:02

2008-04-26 16:01 . 2008-04-26 16:02

2008-04-26 15:50 . 2008-04-26 19:23 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe

2008-04-26 14:33 . 2008-04-26 14:33

2008-04-26 13:08 . 2008-04-26 13:08

2008-04-25 08:19 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-04-25 08:19 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-04-25 08:19 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-04-24 23:34 . 2008-04-24 23:34

2008-04-24 23:34 . 2008-04-24 23:34

2008-04-24 23:01 . 2007-11-08 06:05

2008-04-24 23:01 . 2007-11-08 06:29

2008-04-24 23:01 . 2007-11-08 06:05

2008-04-24 23:01 . 2007-11-08 06:05

2008-04-24 23:01 . 2007-11-08 06:29

2008-04-24 23:01 . 2007-11-08 06:05

2008-04-24 23:01 . 2007-11-08 07:10

2008-04-24 23:01 . 2007-11-08 06:35

2008-04-24 23:01 . 2007-11-08 06:05

2008-04-24 23:01 . 2008-04-24 23:01

2008-04-24 23:01 . 2008-04-26 19:12 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG

2008-04-24 22:22 . 2008-04-24 22:22

2008-04-24 22:22 . 2008-04-26 14:48 910 --a------ C:\WINDOWS\wincmd.ini

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF

2008-04-24 22:22 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF

2008-04-12 08:11 . 2008-04-12 08:11

2008-04-11 16:58 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-04-11 16:58 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-04-11 16:58 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-04-11 16:57 . 2008-04-11 16:57

2008-04-11 16:52 . 2008-04-11 16:52

2008-04-11 16:52 . 2008-04-11 16:52

2008-04-11 14:37 . 2008-04-11 14:37

2008-04-01 00:44 . 2008-04-01 00:44

2008-04-01 00:06 . 2008-04-01 00:06

2008-04-01 00:04 . 2008-04-01 00:04

2008-03-27 22:03 . 2008-03-27 22:03

2008-03-27 22:03 . 2008-03-27 22:03 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-03-27 22:00 . 2008-03-27 22:00

2008-03-27 22:00 . 2008-03-27 22:00

2008-03-27 22:00 . 2008-03-27 22:00

2008-03-27 21:59 . 2008-03-27 21:59

2008-03-27 16:42 . 2008-03-27 16:42

2008-03-27 12:04 . 2008-03-27 12:04

2008-03-27 12:04 . 2008-03-27 12:04

2008-03-27 11:38 . 2008-03-27 11:38

2008-03-27 11:38 . 2008-04-26 11:45 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-27 11:38 . 2008-04-26 11:45 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-27 11:38 . 2008-04-26 11:45 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-27 10:02 . 2008-03-27 10:02

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 18:08 --------- d-----w C:\Documents and Settings\Jarosław Miszczak\Dane aplikacji\BESTplayer

2008-03-22 14:52 --------- d-----w C:\Program Files\Robin Hood

2008-03-22 14:51 --------- d-----w C:\Program Files\Lalka Klara - Stylistka

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-20 03:10 --------- d-----w C:\Program Files\MSXML 6.0

2008-03-20 03:05 --------- d-----w C:\Program Files\MSXML 4.0

2008-03-18 15:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-18 15:14 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-03-18 15:14 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-18 15:14 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-03-18 14:17 0 ----a-w C:\WINDOWS\system32\drivers\1043_ASUSTeK_F3E.alu

2008-03-16 10:21 --------- d-----w C:\Program Files\Counter-Strike 1.6

2008-03-12 14:21 --------- d-----w C:\Documents and Settings\Jarosław Miszczak\Dane aplikacji\Media Player Classic

2008-03-12 13:56 --------- d-----w C:\Documents and Settings\Jarosław Miszczak\Dane aplikacji\Kingston

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 08:07 --------- d-----w C:\Program Files\Undercover

2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:59 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

[HKEY_CLASSES_ROOT\CLSID{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 17:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MultiFrame"="C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 14:07 999792]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-14 05:56 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-14 05:55 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-14 05:55 138008]

"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-06-29 15:44 225280]

"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]

"SkyTel"="SkyTel.EXE" [2006-05-17 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-08 06:11 573440]

"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 15:41 49520]

"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-13 11:55 815104]

"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2007-11-08 06:47 37232]

"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2007-11-08 06:47 33136]

"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-04 03:14 61440]

"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 22:59 115816]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-15 00:11 771704]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]

"PowerForPhone"="C:\Program Files\P4P\P4P.exe" []

"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-06-26 16:23 851968]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49 974848]

"pdfFactory Dyspozytor v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-08-24 15:07 503808]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 16:57:26 2756608]

Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32 74308]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R2 MSSQL$INSERTGT;MSSQL$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [2002-12-17 16:26]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-04 12:06]

S3 SQLAgent$INSERTGT;SQLAgent$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlagent.EXE [2002-12-17 16:23]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2940f1ba-ba2e-11dc-a2ef-001d60c6ea05}]

\Shell\AutoRun\command - F:\v.cmd

\Shell\explore\Command - F:\v.cmd

\Shell\open\Command - F:\v.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{37cde0d9-bc42-11dc-a2f5-001d60c6ea05}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-04-21 18:00:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jarosław Miszczak.job"

  • c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2008-04-26 19:28:08

ComboFix-quarantined-files.txt 2008-04-26 17:28:02

Pre-Run: 61,312,565,248 bajtów wolnych

Post-Run: 62,166,237,184 bajtów wolnych

215 --- E O F --- 2008-04-12 23:17:53


(huber2t) #4

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Folder::

C:\FOUND.002

C:\FOUND.001

C:\FOUND.000


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.


(Iga 37) #5

Próbowałem tak zrobić. Program rozpoczyna początkowo pracę, ale się nie włącza i nie powstaje log.


(jessica) #6

W takim razie spróbuj inaczej:

1) Do Notatnika wklej:

Windows Registry Editor Version 5.00


[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940f1ba-ba2e-11dc-a2ef-001d60c6ea05}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37cde0d9-bc42-11dc-a2f5-001d60c6ea05}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerForPhone"=-

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). 2) Ściągnij -->Avenger. wklej do niego ten tekst:

Folders to delete:


C:\FOUND.002

C:\FOUND.001

C:\FOUND.000

C:\RECYCLER

Kliknij w "Execute" i zatwierdź restart komputeraa.

Zrestartuj komputer.

Daj raport z Avengera z C:\avenger.txt.

jessi


(Iga 37) #7

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Folder "C:\FOUND.002" deleted successfully.

Folder "C:\FOUND.001" deleted successfully.

Folder "C:\FOUND.000" deleted successfully.

Error: folder "C:\RECYCLER" not found!

Deletion of folder "C:\RECYCLER" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

To jest ten log, ale chyba się naprawiło bo przestało wyskakiwać. Znalazłem wirusa amvo.exe i usunąłem go. Czy to możliwe, że to on stał się sprawcą zamieszania? Jeżeli by coś się działo to jeszcze jutro napisze.


(Asterisk) #8

iga_37 ,

Proszę do stosowanie się do tematu

Zasady wklejania logów na forum


(huber2t) #9

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum


(Iga 37) #10

27 kwiecień 2008 11:14:10

System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus27/04/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus727193

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Mój komputer

C:\

D:\

E:\

Statystyki skanowania

Liczba skanowanych obiektów 57361

Liczba wykrytych wirusów 4

Liczba zainfekowanych obiektów 42

Liczba podejrzanych obiektów 0

Czas trwania skanowania 01:12:44

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe Zainfekowanych: Worm.Win32.AutoRun.czg pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SYSTEM Object is locked pominięty

C:\WINDOWS\system32\config\SOFTWARE Object is locked pominięty

C:\WINDOWS\system32\config\DEFAULT Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\Temp\spnserv.dat Object is locked pominięty

C:\WINDOWS\Temp\spserv.dat Object is locked pominięty

C:\WINDOWS\Temp\Perflib_Perfdata_220.dat Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\LiveUpdate\2008-04-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Common Client\settings.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SubEng\submissions.idx Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtViEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtNvEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtMoEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtScEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtErEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtTxFEvt.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtETmp\42385357.TMP Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SRTSP\SrtETmp\CE4383A0.TMP Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\SPPolicy.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\SPStart.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\SPStop.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBValid.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBConfig.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBRefr.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBNotify.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBSetCfg.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBSetCfg2.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBSetUsr.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBStHash.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBSetLoc.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBSetDev.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBDetect.log Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\SPBBC\BBDebug.log Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Temp\~DFF6EA.tmp Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Temp\~DFFB3C.tmp Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Historia\History.IE5\MSHist012008042720080428\index.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\index.dat Object is locked pominięty

C:\Documents and Settings\Jarosław Miszczak\Cookies\index.dat Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked pominięty

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked pominięty

C:\Program Files\ATK Hotkey\HControl.exe Object is locked pominięty

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked pominięty

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked pominięty

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\LOG\ERRORLOG Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\master.mdf Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\mastlog.ldf Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\model.mdf Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\modellog.ldf Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\tempdb.mdf Object is locked pominięty

C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Data\templog.ldf Object is locked pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0041875.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0041876.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0042861.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tya pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0042866.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0042867.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042879.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042880.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042895.DLL Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tya pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042897.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042898.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042926.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042927.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042965.DLL Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tya pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042966.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042967.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042985.DLL Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tya pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042990.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042991.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0043004.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0043005.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0043066.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0044011.DLL Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tya pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP47\A0049043.INF Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP57\A0070872.exe Zainfekowanych: Worm.Win32.AutoRun.czg pominięty

C:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP57\change.log Object is locked pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0041877.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0041878.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0042868.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP38\A0042869.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042881.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042882.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042899.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP39\A0042900.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042928.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042929.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042968.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042969.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042992.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP40\A0042993.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0043006.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.tot pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP41\A0043007.inf Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

D:\System Volume Information_restore{76B004DC-948E-4A32-A782-39B81272E4ED}\RP47\A0049053.INF Zainfekowanych: Trojan-PSW.Win32.OnLineGames.thx pominięty

Proces skanowania został zakończony.

Widzę, że coś znalazło, ale nie bardzo wiem co teraz zrobić.


(huber2t) #11

Opróżnij kosz

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja


(Iga 37) #12

ok zrobiłem tak jak napisałeś ale nie bardzo wiem co mi to daje.


(huber2t) #13

W tej sposób usunełaś wszystkie wirusy jakie miałaś na dysku


(Iga 37) #14

niestety wirusy nadal są. A ja nie powinienem jakoś w kasperskim ich usunąć?


(huber2t) #15

Kasperskim onnline się nie da, da się jeśli masz normalną instalowaną wersję

Przeskanuj komputer tym jeszcze raz (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum


(Iga 37) #16

Skanowałem dziś jeszcze raz kasperskim, który znów znalazł dwa virusy

Dodatkowo total commander można włączyć tylko w trybie awaryinym ponieważ normalnie zamiast się otworzyć to on się odinstalowuje

podaje log z hijackthis, ponieaż wydaje mi się on trochę dziwny, proszę o pomoc:

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:40:54, on 2008-04-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesIntelWirelessBinS24EvMon.exe

C:WINDOWSExplorer.EXE

c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

c:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

C:Program FilesASUSASUS Data Security ManagerADSMSrv.exe

C:Program FilesATKGFNEXGFNEXSrv.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

C:Program FilesIntelWirelessBinEvtEng.exe

c:Program FilesCommon FilesLightScribeLSSrvc.exe

C:Program FilesMicrosoft SQL ServerMSSQL$INSERTGTBinnsqlservr.exe

C:Program FilesIntelWirelessBinRegSrvc.exe

C:Program FilesCommon FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe

C:Program FilesASUSNB ProbeSPMspmgr.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

C:WINDOWSsystem32igfxtray.exe

C:WINDOWSsystem32hkcmd.exe

C:WINDOWSsystem32igfxpers.exe

C:Program FilesATK HotkeyHcontrol.exe

C:Program FilesATKOSD2ATKOSD2.exe

C:WINDOWSRTHDCPL.EXE

C:Program FilesMotorolaSMSERIALsm56hlpr.exe

C:Program FilesASUSASUS Live UpdateALU.exe

C:WINDOWSsystem32igfxsrvc.exe

C:Program FilesWireless Console 2wcourier.exe

C:Program FilesASUSATK MediaDMEDIA.EXE

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

C:WINDOWSASScrPro.exe

C:Program FilesASUSTekASUSDVDPDVDServ.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesASUSPower4 GearBatteryLife.exe

C:Program FilesASUSSplendidACMON.exe

C:Program FilesIntelWirelessbinZCfgSvc.exe

C:Program FilesIntelWirelessBinifrmewrk.exe

C:WINDOWSsystem32ACEngSvr.exe

C:WINDOWSSystem32spoolDRIVERSW32X863fppdis3a.exe

C:Program FilesATK HotkeyATKOSD.exe

C:Program FilesJavajre1.6.0_05binjusched.exe

C:WINDOWSsystem32xwbvywd.exe

C:Program FilesASUSAsus MultiFrameMultiFrame.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:WINDOWSsystem32xwbvywd.exe

C:Program FilesGPSoftwareDirectory Opusdopusrt.exe

C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe

C:Program FilesATK HotkeyKBFiltr.exe

C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

C:WINDOWSsystem32acovcnt.exe

C:Program FilesAdobeReader 8.0Readerreader_sl.exe

C:Program FilesIntelWirelessBinDot1XCfg.exe

C:Program FilesATK HotkeyWDC.exe

C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe

C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe

C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = �ącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.5NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [ATKHOTKEY] "C:Program FilesATK HotkeyHcontrol.exe"

O4 - HKLM..Run: [ATKOSD2] "C:Program FilesATKOSD2ATKOSD2.exe"

O4 - HKLM..Run: [skyTel] SkyTel.EXE

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [sMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe

O4 - HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe

O4 - HKLM..Run: [Wireless Console 2] "C:Program FilesWireless Console 2wcourier.exe"

O4 - HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [ASUS Camera ScreenSaver] C:WINDOWSASScrProlog.exe

O4 - HKLM..Run: [ASUS Screen Saver Protector] C:WINDOWSASScrPro.exe

O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesASUSTekASUSDVDPDVDServ.exe"

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [osCheck] "c:Program FilesNorton Internet SecurityosCheck.exe"

O4 - HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1

O4 - HKLM..Run: [ACMON] "C:Program FilesASUSSplendidACMON.exe"

O4 - HKLM..Run: [intelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"

O4 - HKLM..Run: [intelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM..Run: [pdfFactory Dyspozytor v3] "C:WINDOWSSystem32spoolDRIVERSW32X863fppdis3a.exe" /source=HKLM

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"

O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [Windows Serviece Agents] xwbvywd.exe

O4 - HKLM..RunServices: [Windows Serviece Agents] xwbvywd.exe

O4 - HKCU..Run: [MultiFrame] C:Program FilesASUSAsus MultiFrameMultiFrame.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [Windows Serviece Agents] xwbvywd.exe

O4 - HKCU..Run: [Directory Opus Desktop Dblclk] "C:Program FilesGPSoftwareDirectory Opusdopusrt.exe" /dblclk

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'US�UGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'US�UGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6917913609

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:Program FilesASUSASUS Data Security ManagerADSMSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:Program FilesATKGFNEXGFNEXSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:Program FilesNorton Internet SecurityisPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:Program FilesCommon FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe

O23 - Service: spmgr - Unknown owner - C:Program FilesASUSNB ProbeSPMspmgr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

--

End of file - 13176 bytes


(Asterisk) #17

iga_37

Uwaga na przyszłość - proszę o dostosowanie

się do tematu

Zasady wklejania logów na forum

Zapoznaj się proszę z tą stroną i zmień tytuł na

konkretny. Inaczej temat poleci do śmietnika.


(huber2t) #18

Daj nowy log z Hijackthis i combofix ale tym razem z ukośnikami