Witam,

Nie dalej jak wczoraj moja siostra dorwała się do kompa i zostawiła niezły bałagan..:–/ Wydawało mi się, źe to blaster ale chyba nie, bo tool symanteca niczego nie wykrył..Jeśli chodzi o objawy, to :
1) Pojawia mi się komunikat RPC z odliczaniem 60–sekundowym (wklejałem patche microsoftu ale nic nie pomogło). Dzieje się to podczas skanu ad–aware se..Wpisanie komendy shutdown–a teź nic nie daje...
2) Nie działa mi IE nagle, tak więc musze sobie wybić z
głowy skan mks'em..Pozostaje mozilla..
3) Próbowałem włączyć zaporę win ale to teź nic nie daje..

Oto log :

Logfile of HijackThis v1.98.2
Scan saved at 13:18:22, on 2005–01–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32 tvdm.exe
C:PROGRA~1KeyboardIkeymain.exe
C:Program FilesHewlett–PackardDigital ImagingUnloadhpqcmon.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
C:Program FilesWinampWinampa.exe
C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnf.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesJavajre1.5.0injusched.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesWinampwinamp.exe
C:PROGRA~1MOZILL~1FIREFOX.EXE
C:PROGRA~1WINZIPwinzip32.exe
C:Documents and SettingsKubaUstawienia lokalneTempHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=152294
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=152294
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=152294
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F3 – REG:win.ini: load=d:softwarecollinswatch.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL (file missing)
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [iKeyWorks] C:PROGRA~1KeyboardIkeymain.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb03.exe
O4 – HKLM..Run: [CamMonitor] C:Program FilesHewlett–PackardDigital Imaging\Unloadhpqcmon.exe
O4 – HKLM..Run: [Share–to–Web Namespace Daemon] C:Program FilesHewlett–PackardHP Share–to–Webhpgs2wnd.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0injusched.exe
O4 – HKLM..RunServices: [MsWindows SysDate] sysmsvc.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:OFFICE~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:OFFICE~1OFFICE11REFIEBAR.DLL
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MusicUnlimited/ie/bridge–c2.cab
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/217f1cad743b0a61cc21/netzip/RdxIE601.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{4F900698–5CA0–4294–A959–102A36F959AA}: NameServer = 194.204.152.34,194.204.159.1,80.48.201.10
O17 – HKLMSystemCS1ServicesTcpip..{4F900698–5CA0–4294–A959–102A36F959AA}: NameServer = 194.204.152.34,194.204.159.1,80.48.201.10
O17 – HKLMSystemCS2ServicesTcpip..{4F900698–5CA0–4294–A959–102A36F959AA}: NameServer = 194.204.152.34,194.204.159.1,80.48.201.10

DZIĘKUJĘ ZA WSZELKĄ POMOC !!!