Proszę o sprawdzenie Loga

przez **!.D@w!d.!** » 31 Maj 2007, 22:08

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:06:25, on 2007-05-31 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe C:Program FilesD-Toolsdaemon.exe C:Program FilesEset od32kui.exe C:Program FilesBearShareBearShare.exe C:Program FilesWinampWinampa.exe C:WINDOWSSystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGadu-Gadugg.exe C:Program FilesCommon FilesAheadlibNMBgMonitor.exe C:Program FilesATI TechnologiesATI.ACECLI.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesWinampwinamp.exe C:Program FilesEset od32krn.exe C:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSsystem32cmd.exe C:DOCUME~1MJKOMP~1USTAWI~1TempRar$EX00.983HijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [SYSTEM] winmgrd.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime O4 - HKLM..Run: [HP Software Update] C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imaginginhpotdd01.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE O4 - HKLM..Run: [BearShare] "C:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSSystem32NeroCheck.exe O4 - HKLM..RunServices: [SYSTEM] winmgrd.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [SYSTEM] winmgrd.exe O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe" O4 - HKCU..RunServices: [SYSTEM] winmgrd.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEset od32krn.exe

przez **pp3088** » 01 Cze 2007, 00:01

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL
O4 - HKLM..Run: [SYSTEM] winmgrd.exe
O4 - HKCU..Run: [SYSTEM] winmgrd.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..RunServices: [SYSTEM] winmgrd.exe
O4 - Global Startup: ATI CATALYST – pasek zadań.

Usunąć.

przez **!.D@w!d.!** » 21 Cze 2007, 11:32

Log po formacie. Do sprawdzenia pp[b]

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 11:30, on 2007-06-21 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Winamp\winamp.exe C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\Rar$EX00.104\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

przez **pp3088** » 21 Cze 2007, 12:06

O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe
O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe

Usuń plik i wpisy.

przez **!.D@w!d.!** » 26 Cze 2007, 18:56

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 18:54, on 2007-06-26 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\Rar$EX00.462\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

P.S nadal to świństwo jest ;/

Z combofixa mam takie coś :

Kod: Zaznacz wszystko: ComboFix 07-06-3B - Running from: "D:\I)@W!I)\Internetowe\" ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 ))))))))))))))))))))))))))))))) 2007-06-26 16:25 <DIR> d-------- C:\ATI 2007-06-26 07:56 <DIR> d-------- C:\!KillBox 2007-06-25 18:53 69,120 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-06-25 18:53 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-06-25 18:53 53,248 --a------ C:\WINDOWS\system32\devenum.dll 2007-06-25 18:53 525,824 --a------ C:\WINDOWS\system32\qedit.dll 2007-06-25 18:53 383,488 --a------ C:\WINDOWS\system32\qdvd.dll 2007-06-25 18:53 380,928 --a------ C:\WINDOWS\system32\dpnet.dll 2007-06-25 18:53 363,520 --a------ C:\WINDOWS\system32\dsound.dll 2007-06-25 18:53 307,200 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-06-25 18:53 276,480 --a------ C:\WINDOWS\system32\qdv.dll 2007-06-25 18:53 265,728 --a------ C:\WINDOWS\system32\ddraw.dll 2007-06-25 18:53 22,528 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-06-25 18:53 204,288 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-06-25 18:53 195,072 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-06-25 18:53 177,152 --a------ C:\WINDOWS\system32\qcap.dll 2007-06-25 18:53 173,056 --a------ C:\WINDOWS\system32\dinput8.dll 2007-06-25 18:53 156,160 --a------ C:\WINDOWS\system32\dinput.dll 2007-06-25 18:53 153,600 --a------ C:\WINDOWS\system32\qasf.dll 2007-06-25 18:53 104,448 --a------ C:\WINDOWS\system32\dmusic.dll 2007-06-25 18:53 1,689,600 --a------ C:\WINDOWS\system32\d3d9.dll 2007-06-25 18:53 1,250,304 --a------ C:\WINDOWS\system32\quartz.dll 2007-06-25 18:53 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll 2007-06-25 18:53 1,134,592 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-06-25 18:48 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2007-06-22 16:04 <DIR> d-------- C:\Program Files\SubEdit-Player 2007-06-21 13:13 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-21 13:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-06-21 13:13 <DIR> d-------- C:\Program Files\ffdshow 2007-06-20 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\AntiVir PersonalEdition Classic 2007-06-18 20:11 <DIR> d-------- C:\Program Files\TechSmith 2007-06-18 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TechSmith 2007-06-18 20:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-18 16:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-06-18 11:19 <DIR> d-------- C:\Program Files\The All-Seeing Eye 2007-06-16 12:54 <DIR> d---s---- C:\DOCUME~1\MJKOMP~1\UserData 2007-06-15 14:19 4 --a------ C:\WINDOWS\system32\proc1795523372.bin 2007-06-15 14:19 <DIR> d-------- C:\DOCUME~1\MJKOMP~1\DANEAP~1\GanymedeNet 2007-06-15 13:48 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-06-15 13:48 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-06-15 13:48 <DIR> dr------- C:\WINDOWS\Web 2007-06-15 13:48 <DIR> d--h----- C:\WINDOWS\inf 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\WinSxS 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\twain_32 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\wins 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\spool 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ras 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\npp 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\mui 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\IME 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ias 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\export 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\config 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\3076 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\2052 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1054 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1045 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1042 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1041 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1037 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1033 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1031 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1028 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1025 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\security 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Resources 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\repair 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\mui 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\msapps 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\msagent 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Media 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\ime 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Help 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Debug 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Cursors 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Config 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\AppPatch 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\addins 2007-06-15 13:48 <DIR> d-------- C:\WINDOWS 2007-06-15 13:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-15 13:06 <DIR> d--hs---- C:\WINDOWS\CSC 2007-06-15 13:05 <DIR> d-------- C:\WINDOWS\pss 2007-06-15 12:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-06-15 12:56 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-21 11:47:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-15 10:33:57 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-15 10:33:57 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-15 10:05:03 -------- d-----w C:\Program Files\Usługi online 2007-04-05 18:15:55 144,357 ----a-w C:\WINDOWS\system32\atiicdxx.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 11:11] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-01-10 05:39 C:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-15 13:26] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "SYSTEM"=winmgrd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\Winampa.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-26 18:57:14 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-26 18:57:40 --- E O F ---

przez **pp3088** » 26 Cze 2007, 19:10

http://www.instalki.pl/programy/downloa ... leaner.php

Zamień znaczki na zielone i usuń plik.

przez **!.D@w!d.!** » 26 Cze 2007, 19:53

Hmmm... jak :roll:

mam Close i klikam to dusze tam 'tak' 'tak' pozniej mam taki wykrzyknik i robie Enable ale pozniej znowu mi pokazują sie czerwony X w kółeczku.Możesz mi dokładnie opisać jak to zrobić

przez **!.D@w!d.!** » 04 Lip 2007, 17:40

Log do sprawdzenia :wink:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:40:07, on 2007-07-04 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\Rar$EX00.592\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

przez **VampirLord** » 04 Lip 2007, 17:46

nie dopatrzyłem się jakiś robaków

ale doradzam wyłaczyć niektóre procesy tak dla zdrowotności xD
np ati

Starter

przez **pp3088** » 04 Lip 2007, 18:20

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe
start>>uruchom>>msconfig>> odznacz ta pozycje, następnie fix w HiJacku.

przez **!.D@w!d.!** » 18 Lip 2007, 17:04

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:03:50, on 2007-07-18 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\Rar$EX00.714\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpdj - HP - C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\hpdj.exe

Zapodac jeszcze z czegoś innego Loga ?

przez **LucaS** » 18 Lip 2007, 17:21

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe

Tylko to. Plik usun w awaryjnym przy wylaczonym przywracaniu.

przez **!.D@w!d.!** » 07 Sie 2007, 15:41

Logfile of HijackThis v1.99.1
Scan saved at 15:40:57, on 2007-08-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\Rar$EX00.727\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\MJKOMP~1\USTAWI~1\Temp\hpdj.exe (file missing)

Log do sprawdzenia :wink:

Z góry dzieki:]

przez **LucaS** » 07 Sie 2007, 16:00

Czysto ;]

Ale daj logi z Silenta i ComboFix'a to pp sprawdzi. Ewentualnie slake, bo zauważyłem, że też zna się na rzeczy

przez **!.D@w!d.!** » 07 Sie 2007, 17:43

ComboFix

ComboFix 07-06-3B - Running from: "D:\I)@W!I)\Internetowe\"

((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))

2007-06-26 16:25 <DIR> d-------- C:\ATI
2007-06-26 07:56 <DIR> d-------- C:\!KillBox
2007-06-25 18:53 69,120 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-06-25 18:53 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-25 18:53 53,248 --a------ C:\WINDOWS\system32\devenum.dll
2007-06-25 18:53 525,824 --a------ C:\WINDOWS\system32\qedit.dll
2007-06-25 18:53 383,488 --a------ C:\WINDOWS\system32\qdvd.dll
2007-06-25 18:53 380,928 --a------ C:\WINDOWS\system32\dpnet.dll
2007-06-25 18:53 363,520 --a------ C:\WINDOWS\system32\dsound.dll
2007-06-25 18:53 307,200 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-06-25 18:53 276,480 --a------ C:\WINDOWS\system32\qdv.dll
2007-06-25 18:53 265,728 --a------ C:\WINDOWS\system32\ddraw.dll
2007-06-25 18:53 22,528 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-06-25 18:53 204,288 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-06-25 18:53 195,072 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-06-25 18:53 177,152 --a------ C:\WINDOWS\system32\qcap.dll
2007-06-25 18:53 173,056 --a------ C:\WINDOWS\system32\dinput8.dll
2007-06-25 18:53 156,160 --a------ C:\WINDOWS\system32\dinput.dll
2007-06-25 18:53 153,600 --a------ C:\WINDOWS\system32\qasf.dll
2007-06-25 18:53 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-06-25 18:53 1,689,600 --a------ C:\WINDOWS\system32\d3d9.dll
2007-06-25 18:53 1,250,304 --a------ C:\WINDOWS\system32\quartz.dll
2007-06-25 18:53 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-06-25 18:53 1,134,592 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-06-25 18:48 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-22 16:04 <DIR> d-------- C:\Program Files\SubEdit-Player
2007-06-21 13:13 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-21 13:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-21 13:13 <DIR> d-------- C:\Program Files\ffdshow
2007-06-20 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\AntiVir PersonalEdition Classic
2007-06-18 20:11 <DIR> d-------- C:\Program Files\TechSmith
2007-06-18 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TechSmith
2007-06-18 20:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 16:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-06-18 11:19 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-06-16 12:54 <DIR> d---s---- C:\DOCUME~1\MJKOMP~1\UserData
2007-06-15 14:19 4 --a------ C:\WINDOWS\system32\proc1795523372.bin
2007-06-15 14:19 <DIR> d-------- C:\DOCUME~1\MJKOMP~1\DANEAP~1\GanymedeNet
2007-06-15 13:48 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-06-15 13:48 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-06-15 13:48 <DIR> dr------- C:\WINDOWS\Web
2007-06-15 13:48 <DIR> d--h----- C:\WINDOWS\inf
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\WinSxS
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\twain_32
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\wins
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\spool
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ras
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\npp
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\mui
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\IME
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\ias
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\export
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\config
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\3076
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\2052
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1054
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1045
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1042
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1041
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1037
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1033
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1031
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1028
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32\1025
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system32
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\system
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\security
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Resources
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\repair
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\mui
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\msapps
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\msagent
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Media
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\ime
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Help
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Debug
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Cursors
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\Config
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\AppPatch
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS\addins
2007-06-15 13:48 <DIR> d-------- C:\WINDOWS
2007-06-15 13:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-15 13:06 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-15 13:05 <DIR> d-------- C:\WINDOWS\pss
2007-06-15 12:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-06-15 12:56 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 11:47:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-15 10:33:57 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-15 10:33:57 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-15 10:05:03 -------- d-----w C:\Program Files\Usługi online
2007-04-05 18:15:55 144,357 ----a-w C:\WINDOWS\system32\atiicdxx.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 11:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-01-10 05:39 C:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-15 13:26]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SYSTEM"=winmgrd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 18:57:14
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 18:57:40

--- E O F ---

PS. Co chwile znika mi puplit i włącza sie wszystko od nowa....

Date mam po angielsku nie wiem co sie dzieje

W trayu pokazuja sie ikony jak przy starci systemu

Proszę o sprawdzenie Loga

Proszę o sprawdzenie Loga

Kto jest na forum