uprzemie prosze o sprawdzenie log-a

[kermit_666]

Logfile of HijackThis v1.99.1
Scan saved at 16:07:10, on 2006-07-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\STOPzilla!\szntsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\UAService7.exe
D:\Program Files\AlienGUIse\wbload.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\taskmgr.exe
D:\Documents and Settings\i_see_u_drown\Pulpit\hijackthis_199\HijackThis.exe

O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AttuneClientEngine] D:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pbmini] "D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe" -hide
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [svchost32] D:\WINDOWS\lost screensaver.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spy Sweeper Fix.lnk = D:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1054722.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c570.cab?f202dc1bf19098fd841ec104a338b981e63de974874ce3ecdd0a4623a9ccf718b081c094f674ec1d10dbad82205ca1316e108f935f48ffefb4a1e4dbcf8b2591ca615a72:9684ee894110deb52d2f2698305fce9c
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1054722.exe
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\I_SEE_~1\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - D:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\System32\UAService7.exe

[Hellfire]

Podaj powod wstawienia loga (co sie dzieje z komputerem itp.)

[kermit_666]

Windows Xp się uruchamia, ale po pewnym czasie się wiesza, lub np. włącza się i nie da się kompletnie niczego uruchomić, nawet otworzyć foldera, po prpstu się nic nie dzieje


edit

na pasku zadan pokazuje sie czasem wykrzyknik w żółtym trójkąciku.. IE sie wiesza, gg nie chodzi

[Red]

usuwasz z wylaczonym przywracaniem systemu w xp i w trybie awaryjnym f8

O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O4 - HKLM\..\Run: [AttuneClientEngine] D:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKCU\..\Run: [svchost32] D:\WINDOWS\lost screensaver.exe
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1054722.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c570.cab?f202dc1bf19098fd841ec104a338b981e63de974874ce3ecdd0a4623a9ccf718b081c094f674ec1d10dbad82205ca1316e108f935f48ffefb4a1e4dbcf8b2591ca615a72:9684ee894110deb52d2f2698305fce9c
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1054722.exe

zaznacz te wpisy w hijacku i zafixuj ,to co pogrubiłem usun recznie i daj log do kontroli po restarcie.

[kermit_666]

wykasowalem co kazales jednak niewiele to dalo.

Problem wyglada tak nie moge wlaczyc gg, kiedy wyrzuce incredimaila z paska zadan, to gg juz dziala, za to kiedy chodzi gg to to sie nie da wlaczyc zadnego foldera itp.

[Red]

prosze o log do kontroli

[kermit_666]

Logfile of HijackThis v1.99.1
Scan saved at 18:24:16, on 2006-07-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\STOPzilla!\szntsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AlienGUIse\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\UAService7.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
D:\DOCUME~1\I_SEE_~1\USTAWI~1\Temp\Adobelm_Cleanup.0001
D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
D:\DOCUME~1\I_SEE_~1\USTAWI~1\Temp\Adobelm_Cleanup.0001
D:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Program Files\Gadu-Gadu\gg.exe
D:\Documents and Settings\i_see_u_drown\Pulpit\hijackthis_199\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pbmini] "D:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe" -hide
O4 - HKLM\..\Run: [UVS10 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spy Sweeper Fix.lnk = D:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\I_SEE_~1\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - D:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\System32\UAService7.exe

[Red]

No nic ,log wyglada ok......jesli masz jeszcze ochote sie pobawic to przeskanuj kompa online:
http://www.kaspersky.pl/virusscanner.html
i wrzuc wynik na forum.

[kermit_666]

Nie moge klikać na żadne przyciski - nic sie nie dzieje (także się nie da przeskanować)

[Red]

zrob to przez IE ,niestety tak trzeba

[kermit_666]

IE się zawiesza, a w Operze i Mozilli sie nie da.. To chyba celowe dzialanie jakiegos shitu..

[Red]

no to jeszcze jedna magia .Sciagnij :
http://download.bleepingcomputer.com/sUBs/combofix.exe

kliknij dwa razy na niego ,wybierz "Y" i enter.Czekasz na działanie i loga ktory sie wygeneruje,wklejasz go tu na forum do sprawdzenia ...

[kermit_666]

Start Time= 2006-07-16 19:49:55,75
Running from: D:\Documents and Settings\i_see_u_drown\Pulpit

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-16 19:48:16 683 ( A.... ) "D:\Combo.bat"
2006-07-14 03:27:38 ( .D... ) "D:\Documents and Settings\i_see_u_drown\Dane aplikacji\Reallusion"
2006-07-14 03:26:20 ( .D... ) "D:\Program Files\Common Files\Reallusion"
2006-07-14 03:26:18 ( .D... ) "D:\Program Files\Reallusion"
2006-07-13 19:09:36 ( .D... ) "D:\Program Files\Sonic 3D"
2006-07-07 08:02:08 ( .D... ) "D:\Program Files\KONAMI"
2006-07-06 22:04:28 ( .D... ) "D:\Program Files\MarBit"
2006-07-06 00:40:56 ( .D... ) "D:\Program Files\PictureClip"
2006-07-06 00:40:46 249856 ( ..... ) "D:\WINDOWS\Setup1.exe"
2006-07-05 19:15:42 ( .D... ) "D:\Program Files\Football TV"
2006-07-03 17:03:38 ( .D... ) "D:\Program Files\Common Files\Borland Shared"
2006-07-03 10:37:20 98304 ( A.... ) "D:\WINDOWS\system32\CmdLineExt.dll"
2006-06-25 02:42:06 ( .D... ) "D:\Program Files\Easy GIF Animator"
2006-06-24 02:54:56 580114 ( A.... ) "D:\WINDOWS\system32\x264vfw.dll"
2006-06-24 02:54:54 ( .D... ) "D:\Program Files\x264"
2006-06-18 17:59:52 ( .D... ) "D:\Program Files\bobyte"
2006-06-17 20:19:16 848 ( A.SH. ) "D:\WINDOWS\system32\KGyGaAvL.sys"
2006-06-17 20:19:16 848 ( A.SH. ) "D:\WINDOWS\system32\KGyGaAvL.sys"
2006-06-02 00:10:26 3596288 ( A.... ) "D:\WINDOWS\system32\qt-dx331.dll"
2006-06-02 00:09:58 593920 ( A.... ) "D:\WINDOWS\system32\dpuGUI11.dll"
2006-06-02 00:09:58 344064 ( A.... ) "D:\WINDOWS\system32\dpus11.dll"
2006-06-02 00:09:58 294912 ( A.... ) "D:\WINDOWS\system32\dpu11.dll"
2006-06-02 00:09:58 294912 ( A.... ) "D:\WINDOWS\system32\dpu10.dll"
2006-06-02 00:09:58 200704 ( A.... ) "D:\WINDOWS\system32\dtu100.dll"
2006-06-02 00:09:58 90112 ( A.... ) "D:\WINDOWS\system32\dpl100.dll"
2006-06-02 00:09:58 57344 ( A.... ) "D:\WINDOWS\system32\dpv11.dll"
2006-06-02 00:09:58 53248 ( A.... ) "D:\WINDOWS\system32\dpuGUI10.dll"
2006-06-02 00:07:46 536576 ( A.... ) "D:\WINDOWS\system32\DivXsm.exe"
2006-06-02 00:07:38 1044480 ( A.... ) "D:\WINDOWS\system32\libdivx.dll"
2006-06-02 00:07:38 200704 ( A.... ) "D:\WINDOWS\system32\ssldivx.dll"
2006-06-02 00:07:34 245408 ( A.... ) "D:\WINDOWS\system32\unicows.dll"
2006-06-02 00:07:00 778240 ( A.... ) "D:\WINDOWS\system32\divx_xx07.dll"
2006-06-02 00:06:58 778240 ( A.... ) "D:\WINDOWS\system32\divx_xx0c.dll"
2006-06-02 00:06:58 761856 ( A.... ) "D:\WINDOWS\system32\divx_xx11.dll"
2006-06-02 00:06:58 619156 ( A.... ) "D:\WINDOWS\system32\DivX.dll"
2006-06-02 00:06:34 118784 ( A.... ) "D:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-02 00:06:34 12288 ( A.... ) "D:\WINDOWS\system32\DivXWMPExtType.dll"
2006-05-31 11:02:04 624640 ( A.... ) "D:\WINDOWS\system32\aswBoot.exe"
2006-05-31 10:54:36 90112 ( A.... ) "D:\WINDOWS\system32\AVASTSS.scr"
2006-05-28 20:49:36 ( .D... ) "D:\Program Files\Windows Media Components"
2006-05-28 20:49:10 ( .D... ) "D:\Program Files\Common Files\Ulead Systems"
2006-05-27 23:30:14 737280 ( A.... ) "D:\WINDOWS\iun6002.exe"
2006-05-26 15:29:14 5120 ( A.... ) "D:\WINDOWS\system32\ff_vfw.dll"
2006-05-21 12:46:02 ( .D... ) "D:\Documents and Settings\i_see_u_drown\Dane aplikacji\uTorrent"
2006-05-21 12:28:50 ( .D... ) "D:\Documents and Settings\i_see_u_drown\Dane aplikacji\Azureus"
2006-05-21 12:28:42 ( .D... ) "D:\Program Files\Azureus"
2006-05-20 16:51:32 ( .D... ) "D:\Program Files\Andos DuRiE"
2006-05-20 16:40:06 ( .D... ) "D:\Program Files\DURIE"
2006-05-02 11:13:30 176167 ( A.... ) "D:\WINDOWS\system32\rmoc3260.dll"
2006-05-02 11:13:06 6656 ( A.... ) "D:\WINDOWS\system32\pndx5016.dll"
2006-05-02 11:13:06 5632 ( A.... ) "D:\WINDOWS\system32\pndx5032.dll"
2006-05-02 11:13:00 278528 ( A.... ) "D:\WINDOWS\system32\pncrt.dll"
2006-04-28 22:45:04 176167 ( A.... ) "D:\WINDOWS\system32\rmocx.dll"
2006-04-17 02:20:44 6692889 ( A.... ) "D:\WINDOWS\Lost Screensaver 2.SCR"
2006-04-17 02:19:54 5128413 ( A.... ) "D:\WINDOWS\LOST Screensaver 1.SCR"
2006-03-08 16:36:12 39716 ( A.... ) "D:\Program Files\default.br1"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-16 19:48 683 D:\Combo.bat
2006-07-03 17:03 210˙032 D:\WINDOWS\system32\DBCLIENT.DLL
2006-07-03 10:36 62˙672 D:\WINDOWS\system32\xinput1_1.dll
2006-07-03 10:35 61˙136 D:\WINDOWS\system32\xinput9_1_0.dll
2006-07-03 10:35 230˙096 D:\WINDOWS\system32\xactengine2_0.dll
2006-07-03 10:35 229˙584 D:\WINDOWS\system32\xactengine2_1.dll
2006-07-03 10:35 2˙388˙176 D:\WINDOWS\system32\d3dx9_30.dll
2006-07-03 10:35 2˙337˙488 D:\WINDOWS\system32\d3dx9_25.dll
2006-07-03 10:35 2˙332˙368 D:\WINDOWS\system32\d3dx9_29.dll
2006-07-03 10:35 2˙323˙664 D:\WINDOWS\system32\d3dx9_28.dll
2006-07-03 10:35 2˙319˙568 D:\WINDOWS\system32\d3dx9_27.dll
2006-07-03 10:35 2˙297˙552 D:\WINDOWS\system32\d3dx9_26.dll
2006-07-03 10:35 2˙222˙800 D:\WINDOWS\system32\d3dx9_24.dll
2006-07-03 10:35 14˙032 D:\WINDOWS\system32\x3daudio1_0.dll
2006-06-24 02:54 580˙114 D:\WINDOWS\system32\x264vfw.dll
2006-06-17 20:19 848 D:\WINDOWS\system32\KGyGaAvL.sys
2006-06-10 10:31 90˙112 D:\WINDOWS\system32\AVASTSS.scr
2006-06-10 10:31 624˙640 D:\WINDOWS\system32\aswBoot.exe
2006-06-02 00:10 3˙596˙288 D:\WINDOWS\system32\qt-dx331.dll
2006-06-02 00:09 90˙112 D:\WINDOWS\system32\dpl100.dll
2006-06-02 00:09 593˙920 D:\WINDOWS\system32\dpuGUI11.dll
2006-06-02 00:09 57˙344 D:\WINDOWS\system32\dpv11.dll
2006-06-02 00:09 53˙248 D:\WINDOWS\system32\dpuGUI10.dll
2006-06-02 00:09 344˙064 D:\WINDOWS\system32\dpus11.dll
2006-06-02 00:09 294˙912 D:\WINDOWS\system32\dpu11.dll
2006-06-02 00:09 294˙912 D:\WINDOWS\system32\dpu10.dll
2006-06-02 00:09 200˙704 D:\WINDOWS\system32\dtu100.dll
2006-06-02 00:07 536˙576 D:\WINDOWS\system32\DivXsm.exe
2006-06-02 00:07 245˙408 D:\WINDOWS\system32\unicows.dll
2006-06-02 00:07 200˙704 D:\WINDOWS\system32\ssldivx.dll
2006-06-02 00:07 1˙044˙480 D:\WINDOWS\system32\libdivx.dll
2006-06-02 00:06 778˙240 D:\WINDOWS\system32\divx_xx0c.dll
2006-06-02 00:06 778˙240 D:\WINDOWS\system32\divx_xx07.dll
2006-06-02 00:06 761˙856 D:\WINDOWS\system32\divx_xx11.dll
2006-06-02 00:06 619˙156 D:\WINDOWS\system32\DivX.dll
2006-06-02 00:06 12˙288 D:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-02 00:06 118˙784 D:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update"="D:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
"HPDJ Taskbar Utility"="D:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="D:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DownloadAccelerator"="D:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP"
"ISUSPM Startup"="D:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"D:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"STOPzilla"=""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="D:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"pbmini"="\"D:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMiniStater.exe\" -hide"
"UVS10 Preload"="D:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"MSConfig"="D:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"D:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"IncrediMail"="D:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"Gadu-Gadu"="\"D:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieżąca strona główna"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e1,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,e6,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e1,00,00,00,00,00,00,00,1f,04,00,00,e6,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"



Contents of the 'Scheduled Tasks' folder

Completion time: 2006-07-16 19:51:27,21
ComboFix ver 06.07.15 - This logfile is located at D:\ComboFix.txt

ComboFix.2006-07-16.194955.txt

[Red]

No bardzo mi przykro ,ale ty masz system juz czysty ,zupełnie nic nie widac .Moze jest jakis konflikt pomiedzy programami w trayu ,ale nie wiem jaki

[kermit_666]

ja tymbardziej niewiem no ale dzieki wielkie za pomoc