prosze o sprawdzenie loga

**Posty:** 175 · przez **McLeo** 17 Paź 2007, 17:49

robilem reinstal windowsa i po tym upload neta jest prawie ciagle max co uniemozliwia mi dobre korzystanie z neta chodzi tylko kilka minut...

log kijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:57, on 2007-10-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC4E73D-3204-45FD-BEFD-72A0C418EAFC}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

--
End of file - 3397 bytes

log combo fix

ComboFix 07-10-17.8 - norbert 2007-10-17 17:34:27.1 - NTFSx86
Running from: C:\Documents and Settings\norbert\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 17:01 <DIR> d-------- C:\Program Files\Google
2007-10-17 16:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-17 16:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-17 16:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-17 16:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-17 16:49 <DIR> d-------- C:\Documents and Settings\norbert\Gadu-Gadu
2007-10-17 16:48 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-10-17 16:26 <DIR> d-------- C:\Program Files\Ares
2007-10-17 15:40 <DIR> d-------- C:\Program Files\Smart Projects
2007-10-16 21:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 21:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-16 21:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-10-16 21:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-10-16 21:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-16 21:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-10-16 20:55 513,536 --a------ C:\WINDOWS\system32\msoft87783.exe
2007-10-16 20:54 8,192 --ah----- C:\WINDOWS\system32\rbdvfrb.exe
2007-10-16 20:53 513,536 --a------ C:\WINDOWS\system32\msoft65731.exe
2007-10-16 20:52 513,536 -r-hs---- C:\WINDOWS\wuauapl.exe
2007-10-16 19:51 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-16 16:20 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-16 16:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 16:11 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-16 16:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-10-16 16:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-16 16:10 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-16 16:09 <DIR> dr------- C:\Program Files
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2007-10-16 16:09 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2007-10-16 16:09 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2007-10-16 16:07 <DIR> d-------- C:\Documents and Settings\norbert\Dane aplikacji\Ahead
2007-10-16 16:06 <DIR> d-------- C:\Documents and Settings\norbert\Dane aplikacji\atitray
2007-10-16 16:03 <DIR> d-------- C:\Program Files\Nero
2007-10-16 16:03 <DIR> d-------- C:\Program Files\Common Files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 14:54 --------- d-----w C:\Program Files\AutoConnect
2007-10-16 14:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 13:59 --------- d-----w C:\Program Files\Winamp
2007-10-16 13:36 --------- d-----w C:\Documents and Settings\norbert\Dane aplikacji\Sports Interactive
2007-10-16 13:33 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-16 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 13:33 --------- d-----w C:\Program Files\SAGEM
2007-10-16 13:28 --------- d-----w C:\Program Files\kX Project
2007-10-16 13:27 --------- d-----w C:\Program Files\MultiRes
2007-10-16 13:26 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v2.6.87 Uninstall.exe
2007-10-16 13:26 --------- d-----w C:\Program Files\Radeon Omega Drivers
2007-10-16 13:24 --------- d-----w C:\Program Files\VIA Technologies, Inc
2007-10-16 13:23 --------- d-----w C:\Program Files\Intel
2007-10-16 13:18 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-16 13:16 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-11-23 02:05 C:\WINDOWS\system32\atiptaxx.exe]
"kX Mixer"="C:\WINDOWS\System32\kxmixer.exe" []
"NWEReboot"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-17 16:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-17 17:02]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-16 15:33:15]

*Newly Created Service* - AMON
*Newly Created Service* - CATCHME
*Newly Created Service* - NOD32DRV
*Newly Created Service* - NOD32KRN
*Newly Created Service* - WS2IFSL
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 17:36:25
Windows 5.1.2600 NTFS

scanning hidden processes ...

C:\WINDOWS\wuauapl.exe [1364] 0x81A13268

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 17:37:55
.
--- E O F ---

dodaje rowniez raport z SDFix'a

SDFix: Version 1.104

Run by norbert on 2007-10-17 at 17:41

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"wuauapl.exe"="wuauapl.exe:*:Enabled:SYSTEM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"wuauapl.exe"="wuauapl.exe:*:Enabled:SYSTEM"

Remaining Files:
---------------

Files with Hidden Attributes:

C:\WINDOWS\wuauapl.exe
C:\WINDOWS\system32\rbdvfrb.exe

Finished!

prosze o pomoc

**Posty:** 18165 · przez **wojtas** 17 Paź 2007, 18:36

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\msoft87783.exe
C:\WINDOWS\system32\rbdvfrb.exe
C:\WINDOWS\system32\msoft65731.exe
C:\WINDOWS\wuauapl.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 175 · przez **McLeo** 17 Paź 2007, 19:03

log ComboFix

ComboFix 07-10-17.8 - norbert 2007-10-17 18:55:56.2 - NTFSx86
Running from: C:\Documents and Settings\norbert\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\norbert\Pulpit\CFScript.txt.txt

FILE::
C:\WINDOWS\system32\msoft65731.exe
C:\WINDOWS\system32\msoft87783.exe
C:\WINDOWS\system32\rbdvfrb.exe
C:\WINDOWS\wuauapl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msoft65731.exe
C:\WINDOWS\system32\msoft87783.exe
C:\WINDOWS\system32\rbdvfrb.exe
C:\WINDOWS\wuauapl.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 17:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-17 17:01 <DIR> d-------- C:\Program Files\Google
2007-10-17 16:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-17 16:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-17 16:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-17 16:49 <DIR> d-------- C:\Documents and Settings\norbert\Gadu-Gadu
2007-10-17 16:48 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-10-17 16:26 <DIR> d-------- C:\Program Files\Ares
2007-10-17 15:40 <DIR> d-------- C:\Program Files\Smart Projects
2007-10-16 21:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 21:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-16 21:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-10-16 21:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-10-16 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-10-16 21:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-16 21:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-10-16 19:51 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-16 16:20 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-16 16:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 16:11 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-16 16:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-10-16 16:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-16 16:10 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-16 16:09 <DIR> dr------- C:\Program Files
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2007-10-16 16:09 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2007-10-16 16:09 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2007-10-16 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2007-10-16 16:09 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-10-16 16:09 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2007-10-16 16:07 <DIR> d-------- C:\Documents and Settings\norbert\Dane aplikacji\Ahead
2007-10-16 16:06 <DIR> d-------- C:\Documents and Settings\norbert\Dane aplikacji\atitray
2007-10-16 16:03 <DIR> d-------- C:\Program Files\Nero
2007-10-16 16:03 <DIR> d-------- C:\Program Files\Common Files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 15:44 --------- d-----w C:\Program Files\AutoConnect
2007-10-16 14:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-16 13:59 --------- d-----w C:\Program Files\Winamp
2007-10-16 13:36 --------- d-----w C:\Documents and Settings\norbert\Dane aplikacji\Sports Interactive
2007-10-16 13:33 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-16 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 13:33 --------- d-----w C:\Program Files\SAGEM
2007-10-16 13:28 --------- d-----w C:\Program Files\kX Project
2007-10-16 13:27 --------- d-----w C:\Program Files\MultiRes
2007-10-16 13:26 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v2.6.87 Uninstall.exe
2007-10-16 13:26 --------- d-----w C:\Program Files\Radeon Omega Drivers
2007-10-16 13:24 --------- d-----w C:\Program Files\VIA Technologies, Inc
2007-10-16 13:23 --------- d-----w C:\Program Files\Intel
2007-10-16 13:18 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-16 13:16 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((( snapshot@2007-10-17_17.36.44,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-16 19:19:14 393,216 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-10-17 15:41:24 1,126,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2007-10-16 19:19:14 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-10-17 15:41:24 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-11-23 02:05 C:\WINDOWS\system32\atiptaxx.exe]
"kX Mixer"="C:\WINDOWS\System32\kxmixer.exe" []
"NWEReboot"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-17 16:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-17 17:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-16 15:33:15]

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 18:58:02
Windows 5.1.2600 NTFS

scanning hidden processes ...

C:\WINDOWS\wuauapl.exe [1356] 0x80FDB448

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 18:59:13
C:\ComboFix2.txt ... 2007-10-17 17:37
.
--- E O F ---

log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02, on 2007-10-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1935655697-839522115-1003\..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray (User '?')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC4E73D-3204-45FD-BEFD-72A0C418EAFC}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Local Service - Unknown owner - C:\WINDOWS\wuauapl.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

--
End of file - 3618 bytes

**Posty:** 18165 · przez **wojtas** 17 Paź 2007, 19:32

juz powinno byc ok

prosze o sprawdzenie loga

prosze o sprawdzenie loga

Kto jest na forum