proszę o sprawdzenie loga

IP: *.telsat.wroc.pl 29.09.06, 00:09
Witam
Laptop sam mi się wyłącza i pojawia się dziwny komunikat o błędzie systemu i
potrzebie ściągnięcia registry cleanera
Czy to jakiś wirus?
    • Gość: rafał Przepraszam zapomniałem wkleić.. IP: *.telsat.wroc.pl 29.09.06, 00:10
      Logfile of HijackThis v1.99.1
      Scan saved at 00:04:35, on 29/09/2006
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\BT Digital Access USB\vstartx.exe
      C:\Program Files\BT Digital Access USB\gisdnlog.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\00THotkey.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\WINDOWS\System32\TPWRTRAY.EXE
      C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
      C:\Program Files\Microsoft Works\WksSb.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\BT Digital Access USB\gsyno.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\Derek Shimeld\Desktop\HijackThis.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\FinePixViewer\QuickDCF.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.yahoo.com/
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
      Files\Microsoft Money\System\mnyviewer.dll
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
      Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft
      Works\WkDetect.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
      Money\System\Activation.exe"
      O4 - HKLM\..\Run: [GazelDisplay] "C:\Program Files\BT Digital Access
      USB\gsyno.exe" -h
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
      Express.exe"
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: Exif Launcher.lnk = C:\Program
      Files\FinePixViewer\QuickDCF.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
      O4 - Global Startup: Network Device Switch.lnk = ?
      O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} -
      C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
      C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=www.freeserve.com/
      O23 - Service: BT Digital Access USB start up (Gazel Startup) - Unknown owner -
      C:\Program Files\BT Digital Access USB\vstartx.exe" /s (file missing)
      O23 - Service: ISDN connection log (GisdnLog) - Unknown owner - C:\Program
      Files\BT Digital Access USB\gisdnlog.exe" -s (file missing)

      • Gość: Kolobos Re: Przepraszam zapomniałem wkleić.. IP: *.crowley.pl 29.09.06, 00:25
        Masz piracki windows bez aktualizacji wiec nic dziwnego, ze jakis syf laczy sie z Twoim komputerem i wyswietla Ci wiadomosc za posrednictwem messengera...
        Zamknij porty przy pomocy wwdc oraz zmien przegladarke na Opere lub Firefox i nie uzywaj wiecej IE.

        W hjt usun:
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm

Pełna wersja