prosba o spr logow... ;)

[roco]

moj temat ktory jest kilka tematow nizej to post z zupelnie innymi logami !!!

mam na kompie 2 systemy, jeden moj drugi reszty rodziny, ten nalezy do reszty... ;/

wiec, powiem krotko narobil sie balagan, trojany... itp., przeskanowane rpzez ad-aware


HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 17:52:01, on 2006-07-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\windows\System32\smss.exe
E:\windows\system32\csrss.exe
E:\windows\system32\services.exe
E:\windows\system32\lsass.exe
E:\windows\system32\svchost.exe
E:\windows\System32\svchost.exe
E:\windows\System32\svchost.exe
E:\windows\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\windows\system32\spoolsv.exe
E:\windows\System32\nvsvc32.exe
E:\windows\System32\RUNDLL32.EXE
E:\windows\SOUNDMAN.EXE
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\windows\System32\0mcamcap.exe
E:\windows\System32\dxvwlcha.exe
E:\windows\System32\114af81c.exe
E:\windows\System32\clcbt.exe
E:\windows\thiselt.exe
E:\windows\pop06ap2.exe
E:\windows\System32\jsssvc.exe
E:\windows\System32\5b45ae7.exe
E:\Documents and Settings\Mama\server.exe
E:\windows\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\windows\System32\SMBOLS~1\msconfig.exe
E:\PROGRA~1\COMMON~1\iriw\iriwm.exe
E:\Program Files\?asks\w?auboot.exe
E:\Documents3072.exe
E:\PROGRA~1\COMMON~1\iriw\iriwa.exe
E:\Program Files\Messenger\blogo.exe
F:\antywiry\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {AB0A3909-ADB3-D64C-9B3C-8EBAD94A1AC2} - E:\windows\System32\xfqp.dll
F2 - REG:system.ini: Shell=Explorer.exe, E:\windows\System32\sgwit.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,eceleaq.exe
O2 - BHO: (no name) - {06040735-C9D7-ED23-A314-EC1C839BB4E6} - E:\windows\System32\jrjlve.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AB0A3909-ADB3-D64C-9B3C-8EBAD94A1AC2} - E:\windows\System32\xfqp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [DCOM Server] E:\windows\System32\dxvwlcha.exe
O4 - HKLM\..\Run: [114af81c.exe] E:\windows\System32\114af81c.exe
O4 - HKLM\..\Run: [spoolsvv] E:\windows\System32\spoolsvv.exe
O4 - HKLM\..\Run: [clcbt.exe] E:\windows\System32\clcbt.exe
O4 - HKLM\..\Run: [pop06apelt] E:\windows\thiselt.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [sysvx] E:\windows\sysvx_.exe
O4 - HKLM\..\Run: [pop06ap] E:\windows\pop06ap2.exe
O4 - HKLM\..\Run: [jssvc23] jsssvc.exe
O4 - HKLM\..\Run: [5b45ae7.exe] E:\windows\System32\5b45ae7.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] E:\Documents and Settings\Mama\server.exe
O4 - HKLM\..\RunServices: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [114af81c.exe] E:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\114af81c.exe
O4 - HKCU\..\Run: [taskdir] E:\windows\System32\taskdir.exe
O4 - HKCU\..\Run: [Tttp] "E:\windows\System32\SMBOLS~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [pro] C:\lbety.exe
O4 - HKCU\..\Run: [iriw] E:\PROGRA~1\COMMON~1\iriw\iriwm.exe
O4 - HKCU\..\Run: [5b45ae7.exe] E:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\5b45ae7.exe
O4 - HKCU\..\Run: [Xiupe] E:\Program Files\?asks\w?auboot.exe
O4 - HKCU\..\Run: [WinMedia] E:\Documents3072.exe
O4 - HKCU\..\Run: [shell] "E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe"
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\windows\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\windows\System32\dmonwv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Program Files\IrfanView\Ebay\Ebay.htm
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O20 - AppInit_DLLs: E:\windows\System32\taskmgr.dll
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: cfgmngr32 - E:\windows\system32\cfgmngr32.dll
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O20 - Winlogon Notify: SensSrv - E:\windows\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: winm32 - E:\windows\SYSTEM32\winm32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - E:\windows\System32\dxvwlcha.exe
O21 - SSODL: kzXBwfkxyUi - {C4FB32E9-6E51-9843-D1FB-9522AC139C46} - E:\windows\System32\baee.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\windows\System32\nvsvc32.exe

przy robieniu loga z sillenta wyskakuje cus takiego ;/;/

[SER]

Nie powiem - syf jest straszny, ale skoro dałeś log, to chyba chcesz walczyć

======================

Silentem zajmiemy za chwilkę, a narazie "z lekka" oczyścimy HijackThis

E:\windows\System32\0mcamcap.exe
E:\windows\System32\dxvwlcha.exe
E:\windows\System32\114af81c.exe
E:\windows\System32\clcbt.exe
E:\windows\thiselt.exe
E:\windows\pop06ap2.exe
E:\windows\System32\jsssvc.exe
E:\windows\System32\5b45ae7.exe
E:\windows\System32\SMBOLS~1\msconfig.exe
E:\PROGRA~1\COMMON~1\iriw\iriwm.exe
E:\Program Files\?asks\w?auboot.exe
E:\Documents3072.exe
E:\PROGRA~1\COMMON~1\iriw\iriwa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {AB0A3909-ADB3-D64C-9B3C-8EBAD94A1AC2} - E:\windows\System32\xfqp.dll
F2 - REG:system.ini: Shell=Explorer.exe, E:\windows\System32\sgwit.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,eceleaq.exe
O2 - BHO: (no name) - {06040735-C9D7-ED23-A314-EC1C839BB4E6} - E:\windows\System32\jrjlve.dll (file missing)
O2 - BHO: (no name) - {AB0A3909-ADB3-D64C-9B3C-8EBAD94A1AC2} - E:\windows\System32\xfqp.dll

O4 - HKLM\..\Run: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKLM\..\Run: [DCOM Server] E:\windows\System32\dxvwlcha.exe
O4 - HKLM\..\Run: [114af81c.exe] E:\windows\System32\114af81c.exe
O4 - HKLM\..\Run: [spoolsvv] E:\windows\System32\spoolsvv.exe
O4 - HKLM\..\Run: [clcbt.exe] E:\windows\System32\clcbt.exe
O4 - HKLM\..\Run: [pop06apelt] E:\windows\thiselt.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [sysvx] E:\windows\sysvx_.exe
O4 - HKLM\..\Run: [pop06ap] E:\windows\pop06ap2.exe
O4 - HKLM\..\Run: [jssvc23] jsssvc.exe
O4 - HKLM\..\Run: [5b45ae7.exe] E:\windows\System32\5b45ae7.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] E:\Documents and Settings\Mama\server.exe
O4 - HKLM\..\RunServices: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe
O4 - HKCU\..\Run: [0mcamcap] E:\windows\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [114af81c.exe] E:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\114af81c.exe
O4 - HKCU\..\Run: [taskdir] E:\windows\System32\taskdir.exe
O4 - HKCU\..\Run: [Tttp] "E:\windows\System32\SMBOLS~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [pro] C:\lbety.exe
O4 - HKCU\..\Run: [iriw] E:\PROGRA~1\COMMON~1\iriw\iriwm.exe
O4 - HKCU\..\Run: [5b45ae7.exe] E:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\5b45ae7.exe
O4 - HKCU\..\Run: [Xiupe] E:\Program Files\?asks\w?auboot.exe
O4 - HKCU\..\Run: [WinMedia] E:\Documents3072.exe
O4 - HKCU\..\Run: [shell] "E:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe"

O20 - AppInit_DLLs: E:\windows\System32\taskmgr.dll
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: cfgmngr32 - E:\windows\system32\cfgmngr32.dll
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O20 - Winlogon Notify: SensSrv - E:\windows\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: winm32 - E:\windows\SYSTEM32\winm32.dll

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - E:\windows\System32\dxvwlcha.exe
O21 - SSODL: kzXBwfkxyUi - {C4FB32E9-6E51-9843-D1FB-9522AC139C46} - E:\windows\System32\baee.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)

Usuwasz wpisy w trybie awaryjnym, z wyłączonym Przywracaniem Systemu + pogrubione pliki/foldery ręcznie z dysku Potem dajesz nowy log

BTW.

Gdzie antywirus i firewall

=======================

Bym zapomniał

Potem otwierasz Notatnik i wklejasz w nim to:

; DelDomains.inf Š 11-28-04 | Revised 01-15-06
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
; http://mvps.org/winhelp2002/restricted.htm
;
; Revised to include the EscDomains key
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
; Note: you will not see any onscreen action.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

Plik -> Zapisz jako... -> zmieniasz rozszerzenie z TXT na Wszystkie pliki -> nazwa Red.inf

Naciskasz PPM na plik i wybierasz Instaluj

=============

E:\Program Files\Messenger\blogo.exe

Znasz to

[roco]

po wszystkim co kazales.......

widze ze niektore wpisy zostaly ;/;/

Logfile of HijackThis v1.99.1
Scan saved at 19:44:04, on 2006-07-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\windows\System32\smss.exe
E:\windows\system32\winlogon.exe
E:\windows\system32\services.exe
E:\windows\system32\lsass.exe
E:\windows\system32\svchost.exe
E:\windows\System32\svchost.exe
E:\windows\system32\spoolsv.exe
E:\windows\System32\nvsvc32.exe
E:\windows\Explorer.EXE
E:\windows\System32\RUNDLL32.EXE
E:\windows\SOUNDMAN.EXE
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\windows\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WinRAR\wWinRAR.exe
\?\E:\windows\system32\WBEM\WMIADAP.EXE
F:\antywiry\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe, E:\windows\System32\sgwit.exe
F2 - REG:system.ini: UserInit=E:\windows\SYSTEM32\Userinit.exe,eceleaq.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] E:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\windows\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\windows\System32\dmonwv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Program Files\IrfanView\Ebay\Ebay.htm
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: winm32 - E:\windows\SYSTEM32\winm32.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\windows\System32\nvsvc32.exe

[SER]

No to tak:

F2 - REG:system.ini: Shell=Explorer.exe, E:\windows\System32\sgwit.exe
F2 - REG:system.ini: UserInit=E:\windows\SYSTEM32\Userinit.exe,eceleaq.exe
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: winm32 - E:\windows\SYSTEM32\winm32.dll

Usuwasz (sposób usuwania bez zmian). Potem nowy log

==========================

E:\Program Files\WinRAR\wWinRAR.exe

Nie wiem, co to jest, więc dodatkowo przeskanuj kompa -> www.ewido.net/en/download

Potem wklejasz nowe logi z HijackThis i Ewido :)

[roco]

O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll (file missing)

tego nie idzie wywalic... red moze cos wymysli... mam to samo na drugim systemie..., i przez killboxa tez nie idzie..., a w katalogu dokumenty nie ma katalogu settings.... dlatego nie idzie usunac...

suwasz (sposób usuwania bez zmian)

mialem wszystkie pliki usuniete (oprocz tego co wyzej pisalem) i pojawily sie na nowo ;/;/ i tu jest problem...

[jeff]

a w katalogu dokumenty nie ma katalogu settings.... dlatego nie idzie usunac...

wklej w pasku na górze scieżkę

E:\Documents and Settings\All Users\Dokumenty\Settings\

zrób na pokazywanie ukrytych plików/folderów. Robisz w trybie awaryjnym ?

[roco]

jak wklejam to na pasek to pusty folder sie pokazuje

MAM WŁACZONE POKAZYWANIE UKRYTYCH PLIKOW I FOLDEROW !! (pisalem to w kilka tematow nizej, przy innym logu, bo ten sam problem jest...)

[SER]

Wrzuć nowy log. Zobaczymy, co tam jeszcze siedzi