prosze o sprawdzenie

[Sythev]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:18, on 2007-10-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dom\Moje dokumenty\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livescore.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: UniSpiker-2.6.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: UniSpiker-2.6.lnk = ? (User 'Default user')
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mks.com.pl
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139655056968
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.146.224.245:85/activex/AxisCamControl.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5628 bytes

[Dzi@dek]

Opisz tego log-a bo temat poleci do kosza.

[Sythev]

witam !

daje loga bo komputer czesto sie zawiesza i po 1min znowu chodzi normalnie.. na pasku zadan np: gg zamiast czerwonego słoneczka jest czarne a inne ikony wygladaja inaczej niż 2dni temu.. skanowałem kompa ArcaOnline i nic nie wykryło,potem SpywareDoctor i Ad-Adwere i tez nic nie wykryło.. gram w Counter-Strike i na serverach miałem zawsze "ping lag" do 30..a teraz mam ponad 60.. łacze słabo chodzi może jest jakis robak na łaczu czy cos ;/ wogóle coś słabo ten komputer zaczął chodzic..

Kod: Zaznacz wszystko

ComboFix 07-10-17.8 - Dom 2007-10-17 15:55:24.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.216 [GMT 2:00]
Running from: C:\Documents and Settings\Dom\Moje dokumenty\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-09-17 to 2007-10-17  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 13:22   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-17 04:37   ---------   d-----w   C:\Program Files\SpeedFan
2007-10-16 21:21   ---------   d-----w   C:\Program Files\HLSW
2007-10-16 18:54   ---------   d-----w   C:\Program Files\ArcaMicroScan
2007-10-10 13:47   ---------   d-----w   C:\Program Files\Winamp
2007-10-07 20:25   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-10-06 07:51   ---------   d-----w   C:\Program Files\Java
2007-10-03 16:05   ---------   d-----w   C:\Program Files\Spyware Doctor
2007-09-14 20:51   ---------   d-----w   C:\Program Files\SkanerOnline
2007-09-13 18:42   ---------   d-----w   C:\Program Files\Setup
2007-09-13 17:04   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit
2007-09-13 17:04   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit
2007-09-13 17:04   ---------   d-----w   C:\Program Files\RadLinker
2007-09-13 17:04   ---------   d-----w   C:\Program Files\MultiRes
2007-09-13 17:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 17:04   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\ArcaBit
2007-09-13 16:55   ---------   d-----w   C:\Program Files\ArcaBit
2007-09-13 16:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-09-13 16:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\avg7
2007-09-05 17:36   1,159,168   ----a-w   C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2007-09-05 17:36   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2007-09-05 09:49   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\teamspeak2
2007-08-31 15:49   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2007-08-29 15:12   ---------   d-----w   C:\Program Files\Common Files\Java
2007-08-26 20:41   ---------   d-----w   C:\Program Files\TuneUp Utilities 2007
2007-08-26 19:15   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\BearShare
2007-08-07 21:42   16,968,497   ----a-w   C:\rad_w2kxp_omega_2590_7z.exe
2006-03-27 15:19   6,577,024   ----a-w   C:\Program Files\sdstart.exe
2006-03-13 15:59   3,995,195   ----a-w   C:\Program Files\gg76.exe
2006-02-20 08:56   1,416,944   ----a-w   C:\Program Files\WM9Codecs.exe
2006-02-16 11:55   18,341,074   ----a-w   C:\Program Files\klcodec284f.exe
2006-02-11 13:38   5,862,994   ----a-w   C:\Program Files\ts2_client_rc2_2032.exe
2006-02-10 15:10   7,799,000   ----a-w   C:\Program Files\kerio.exe
.

(((((((((((((((((((((((((((((   snapshot_2007-09-15_225709,18   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-19 22:47:22   109,056   ----a-w   C:\WINDOWS\catchme.exe
+ 2007-09-28 07:06:08   135,168   ----a-w   C:\WINDOWS\catchme.exe
+ 2003-05-07 10:26:54   192,512   ----a-w   C:\WINDOWS\Downloaded Program Files\CamCli.dll
+ 2003-05-07 10:26:54   180,224   ----a-w   C:\WINDOWS\Downloaded Program Files\ijl11.dll
- 2007-07-11 23:22:00   135,168   ----a-w   C:\WINDOWS\system32\java.exe
+ 2007-09-24 20:30:28   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 20:30:30   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 21:31:42   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2007-07-22 16:39:27   279,552   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2007-10-05 08:07:31   279,552   ----a-w   C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w            28,672 2004-09-29 09:37:26  C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe
----a-w            28,672 2004-09-29 08:37:26  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

----a-w           171,448 2006-03-01 16:57:56  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

----a-w            75,520 2006-12-15 02:23:27  C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
"SpeedTouch USB Diagnostics"="C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 10:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-07-03 01:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 10:37:26]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-10 13:55:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2004-10-01 20:34 204800]

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 15:24:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 15:58:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 16:00:51
.
   --- E O F ---

[wojtas]

te pliki :

C:\WINDOWS\Downloaded Program Files\CamCli.dll
C:\WINDOWS\Downloaded Program Files\ijl11.dll

przeskanuj tu:

http://virusscan.jotti.org/
http://www.virustotal.com/

daj raporty

[Sythev]

wszedzie było 0% i not found..nic nie znalazlo w tych plikach..

a LOGi wszystkie okej ?

co jeszcze można zrobic zeby polepszyc prace komputera ?

[wojtas]

zrob defragmentacje dysku

[Sythev]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:20, on 2007-10-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dom\Moje dokumenty\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livescore.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mks.com.pl
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139655056968
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.146.224.245:85/activex/AxisCamControl.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{38E37073-CBDA-4949-819D-F15C95424FB3}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5168 bytes

[ Dodano: Dzisiaj o 18:19 ]
dam jeszcze raz logi z HiJack i Combofixa bo chyba cos jest w logach..

jeszcze raz prosze o sprawdzenie..

zaraz dam COMBOFIXA.

[ Dodano: Dzisiaj o 18:25 ]

Kod: Zaznacz wszystko

ComboFix 07-10-17.8 - Dom 2007-10-18 18:21:00.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.227 [GMT 2:00]
Running from: C:\Documents and Settings\Dom\Moje dokumenty\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-09-18 to 2007-10-18  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 16:18   ---------   d-----w   C:\Program Files\HLSW
2007-10-18 15:49   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-17 22:24   167   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-17 04:37   ---------   d-----w   C:\Program Files\SpeedFan
2007-10-16 18:54   ---------   d-----w   C:\Program Files\ArcaMicroScan
2007-10-10 13:47   ---------   d-----w   C:\Program Files\Winamp
2007-10-07 20:25   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-10-06 07:51   ---------   d-----w   C:\Program Files\Java
2007-10-03 16:05   ---------   d-----w   C:\Program Files\Spyware Doctor
2007-09-14 20:51   ---------   d-----w   C:\Program Files\SkanerOnline
2007-09-13 18:42   ---------   d-----w   C:\Program Files\Setup
2007-09-13 17:04   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit
2007-09-13 17:04   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit
2007-09-13 17:04   ---------   d-----w   C:\Program Files\RadLinker
2007-09-13 17:04   ---------   d-----w   C:\Program Files\MultiRes
2007-09-13 17:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 17:04   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\ArcaBit
2007-09-13 16:55   ---------   d-----w   C:\Program Files\ArcaBit
2007-09-13 16:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-09-13 16:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\avg7
2007-09-05 17:36   1,159,168   ----a-w   C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2007-09-05 17:36   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2007-09-05 09:49   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\teamspeak2
2007-08-31 15:49   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2007-08-29 15:12   ---------   d-----w   C:\Program Files\Common Files\Java
2007-08-26 20:41   ---------   d-----w   C:\Program Files\TuneUp Utilities 2007
2007-08-26 19:15   ---------   d-----w   C:\Documents and Settings\Dom\Dane aplikacji\BearShare
2007-08-07 21:42   16,968,497   ----a-w   C:\rad_w2kxp_omega_2590_7z.exe
2006-03-27 15:19   6,577,024   ----a-w   C:\Program Files\sdstart.exe
2006-03-13 15:59   3,995,195   ----a-w   C:\Program Files\gg76.exe
2006-02-20 08:56   1,416,944   ----a-w   C:\Program Files\WM9Codecs.exe
2006-02-16 11:55   18,341,074   ----a-w   C:\Program Files\klcodec284f.exe
2006-02-11 13:38   5,862,994   ----a-w   C:\Program Files\ts2_client_rc2_2032.exe
2006-02-10 15:10   7,799,000   ----a-w   C:\Program Files\kerio.exe
.

(((((((((((((((((((((((((((((   snapshot_2007-09-15_225709,18   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-19 22:47:22   109,056   ----a-w   C:\WINDOWS\catchme.exe
+ 2007-09-28 07:06:08   135,168   ----a-w   C:\WINDOWS\catchme.exe
+ 2003-05-07 10:26:54   192,512   ----a-w   C:\WINDOWS\Downloaded Program Files\CamCli.dll
+ 2003-05-07 10:26:54   180,224   ----a-w   C:\WINDOWS\Downloaded Program Files\ijl11.dll
- 2007-07-11 23:22:00   135,168   ----a-w   C:\WINDOWS\system32\java.exe
+ 2007-09-24 20:30:28   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 20:30:30   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 21:31:42   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2007-07-22 16:39:27   279,552   ----a-w   C:\WINDOWS\system32\swreg.exe
+ 2007-10-05 08:07:31   279,552   ----a-w   C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w            28,672 2004-09-29 09:37:26  C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe
----a-w            28,672 2004-09-29 08:37:26  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

----a-w           171,448 2006-03-01 16:57:56  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

----a-w            75,520 2006-12-15 02:23:27  C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
"SpeedTouch USB Diagnostics"="C:\Program Files\ThomsonNetia\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 10:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-07-03 01:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 10:37:26]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-10 13:55:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2004-10-01 20:34 204800]

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 15:24:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 18:24:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 18:27:01
C:\ComboFix2.txt ... 2007-10-17 16:00
.
   --- E O F ---

[wojtas]

czysto

[Sythev]

ok dzieki