Kaminagr
(Kasia Graul)
13 Czerwiec 2007 21:06
#1
Od kilku dni przy każdym włączeniu komputera na dysku C jest coraz mniej pamięci (np. wczoraj przy wyłączeniu 175MB, dziś nagle 65MB). Komputer przeszukałam przy pomocy AdAware i Mks-vir online (ten drugi znalazł dwa trojany, ale problem pozostał), zainstalowane mam też Norton Protection Center, ale nie chce skanować i zawiesza się po przeszukaniu czterech-pięciu plików.
Proszę o sprawdzenie loga i wyjaśnienie, co robić, żeby uratować pamięć.
Ach, no i dziś jeszcze do tego zniknął Windows Media Player.
Logfile of HijackThis v1.99.1 Scan saved at 22:45:12, on 2007-06-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe C:\Program Files\Apoint2K\Apntex.exe D:\Ashampoo\Uninstaler\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\sllights.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\WIESLAW\LOCALS~1\Temp\Rar$EX04.749\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM…\Run: [osCheck] “D:\norton internet security\osCheck.exe” O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll” O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe” O4 - HKLM…\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUPXPTWK.EXE /TWEAK O4 - HKCU…\Run: [uIWatcher] D:\Ashampoo\Uninstaler\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm184 O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony… - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podœwietl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - D:\slownik\Pardon 2\Pardon.exe (file missing) O9 - Extra ‘Tools’ menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - D:\slownik\Pardon 2\Pardon.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O15 - Trusted Zone: http://www.mks.com.pl O15 - Trusted Zone: http://www.zkmgdynia.pl O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab O16 - DPF: {3E873CB7-D5F5-43EF-AC4A-1F97D3118265} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\diskeeper lite\DKService.exe O23 - Service: Harmonogram automatycznej uslugi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\norton internet security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
aju
(aju)
13 Czerwiec 2007 22:05
#2
qrczak13
(qrczak13)
13 Czerwiec 2007 22:27
#3
Folder usuń w trybie awaryjnym, a wpisy w HJT.
Po wykonaniu w/w daj log z ComboFix .
Kaminagr
(Kasia Graul)
13 Czerwiec 2007 23:37
#4
Dzięki za podpowiedzi, starałam się wszystko “posprzątać” według wskazówek i chyba zadziałało:)) A to jest log z ComboFix:
C:\install.log C:\Program Files\install.log ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-14 01:08 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 21:05 2007-05-31 22:50 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-13 22:19:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-13 10:51:23 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-12 18:43:43 -------- d-----w C:\Program Files\Windows NT 2007-06-01 06:54:14 -------- d-----w C:\DOCUME~1\WIESLAW\APPLIC~1\Skype 2007-05-31 20:51:23 -------- d-----w C:\Program Files\Skype 2007-05-10 16:00:12 -------- d-----w C:\DOCUME~1\WIESLAW\APPLIC~1\LimeWire 2007-05-08 22:59:55 -------- d-----w C:\DOCUME~1\WIESLAW\APPLIC~1\uTorrent 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 21:13:50 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-17 19:40:17 -------- d-----w C:\DOCUME~1\WIESLAW\APPLIC~1\vlc 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17] {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216}=C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL [2003-02-20 02:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AtiPTA”=“atiptaxx.exe” [2001-12-22 00:58 C:\WINDOWS\system32\atiptaxx.exe] “ATIModeChange”=“Ati2mdxx.exe” [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe] “Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2001-10-19 21:46] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 11:22] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe” [2006-07-26 03:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “UIWatcher”=“D:\Ashampoo\Uninstaler\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe” [2003-05-29 11:51] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-14 01:23:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-14 1:26:19 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-14 01:25 — E O F —
qrczak13
(qrczak13)
14 Czerwiec 2007 18:33
#5