Mam problem z kompem, wolno startuje, zawiesza sie, a nawet mój mądry braciszek zainstalował 2 antywirusy jak widzę w logu. Powiedzcie jak to odkręcić bez formatowania.

Podaję log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:21:37, on 2008-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\PC Tools Internet Security\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\PROGRAMIKI\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\PC Tools Internet Security\pctsAuxs.exe

C:\Program Files\PC Tools Internet Security\pctsSvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Pulpit\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ … ch/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ … .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ … .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [iSTray] “C:\Program Files\PC Tools Internet Security\pctsTray.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - HKUS.DEFAULT…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘Default user’)

O4 - S-1-5-18 Startup: RocketDock.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\RocketDock\RocketDock.exe (User ‘SYSTEM’)

O4 - S-1-5-18 Startup: TransBar.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\TransBar\TransBar.exe (User ‘SYSTEM’)

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User ‘SYSTEM’)

O4 - S-1-5-18 Startup: Y’z Shadow.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\PROGRAMIKI\Vista Inspirat 2\YzShadow\YzShadow.exe (User ‘SYSTEM’)

O4 - S-1-5-18 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User ‘SYSTEM’)

O4 - .DEFAULT Startup: RocketDock.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\RocketDock\RocketDock.exe (User ‘Default user’)

O4 - .DEFAULT Startup: TransBar.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\TransBar\TransBar.exe (User ‘Default user’)

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\UberIcon\UberIcon Manager.exe (User ‘Default user’)

O4 - .DEFAULT Startup: Y’z Shadow.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\PROGRAMIKI\Vista Inspirat 2\YzShadow\YzShadow.exe (User ‘Default user’)

O4 - .DEFAULT Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y’z Shadow.lnk = C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\PROGRAMIKI\Vista Inspirat 2\YzShadow\YzShadow.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Skanuj przy użyciu Dr.Web - http://www.drweb.com/online/drweb-online-en.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se9563.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerd … 0.0.67.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso … 2084566500

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 0397763203

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burger … yer_v4.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe

–

End of file - 10456 bytes

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Daj log z -----> ComboFix.

Panel sterowania > dodaj\usuń programy i wywal jednego.

ściągam combofixa,ale niepokoi mnie jeszcze to yahoo, nie pamiętam żebym coś takiego instalowała.

Yahoo to jest taki pasek do IE. Możesz go wywalić.

O to się nie bój.

Niestety z combofixA nic nie będzie, ściągnęłam, uruchomiłam i pokazuje mi, że nie może go uruchomić bo nie wie w jakim programie został utworzony, pojawił mi się niebieski ekran z napisem, że zamyka windowsa aby nie uszkodzić kompa, i zaczął zrzucać pamięć fizyczną. Zrobiła przywracanie.

Spróbuj jeszcze raz uruchomić.

usuń go z dysku

Pobierz jeszcze raz Combofix http://www.searchengines.pl/index.php?s … ntry395642 przeskanuj daj log

Mów od razu, przecież jestem ciemnota w tych sparwach. Jeden zawał przeżyłam ale jestem gotowa na drugi. Ściągam.

W dniu 26.07.2008 , o godzinie 14:43 został dopisany post przez Olalla

ściągnęłma, uruchomiłam, pojawia się nały ekranik niebieski i coś zapipczało i pojawił się napis po angielsku (nie mam pojęcia co znaczy) i tak lub nie

potwierdzi ć tak przecież pod linkiem masz wszystko opisane i jakie komunikaty

i co należy robić

Jakimś cudem mam.

ComboFix 08-07-25.7 - Benq 2008-07-26 14:47:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.594 [GMT 2:00]

Running from: C:\Program Files\Combo-Fix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))

.

2008-07-26 14:46 . 2008-07-26 14:47 2,662,930 --a------ C:\Program Files\Combo-Fix.exe

2008-07-26 14:34 . 2008-07-26 14:34

2008-07-26 14:34 . 2008-07-26 14:34 812,344 --a------ C:\Program Files\HJTInstall.exe

2008-07-26 14:16 . 2008-07-26 14:23

2008-07-25 10:10 . 2008-07-25 10:10

2008-07-25 10:09 . 2008-07-25 10:09 7,683,667 --a------ C:\Program Files\kerio-kpf-4.2.0-785-win.exe

2008-07-25 10:02 . 2008-07-25 10:02

2008-07-25 10:00 . 2008-07-25 10:01 15,083,520 --a------ C:\Program Files\SpyBot_[www.darmoweprogramy.org].exe

2008-07-23 19:56 . 2008-07-23 20:01

2008-07-23 11:44 . 2008-07-23 11:44

2008-07-23 11:40 . 2008-07-23 11:40

2008-07-23 10:22 . 2008-07-23 10:22 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-23 10:21 . 2008-07-23 10:21 8,215,056 --a------ C:\Program Files\Firefox Setup 3.0.1.exe

2008-07-22 20:50 . 2008-07-22 20:50

2008-07-22 20:48 . 2008-07-26 14:39

2008-07-22 20:48 . 2008-07-22 20:48

2008-07-22 20:48 . 2008-07-22 20:48

2008-07-22 20:48 . 2008-07-22 20:48

2008-07-22 20:48 . 2008-03-04 16:49 159,144 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-07-22 20:48 . 2008-02-25 15:38 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys

2008-07-22 20:48 . 2007-12-05 13:32 81,320 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-07-22 20:48 . 2007-12-05 13:32 66,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-07-22 20:48 . 2008-02-01 11:58 42,408 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-07-22 20:48 . 2007-11-30 16:17 40,872 --a------ C:\WINDOWS\system32\drivers\pctmp.sys

2008-07-22 20:48 . 2007-11-30 16:17 29,608 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-07-22 20:48 . 2007-11-30 16:17 18,344 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys

2008-07-16 15:16 . 2008-07-16 15:16

2008-07-16 15:12 . 2008-07-26 14:40

2008-07-11 19:53 . 2008-07-11 19:53

2008-07-11 19:53 . 1999-11-10 10:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2008-07-11 19:53 . 2008-07-11 19:53 361 --a------ C:\WINDOWS\system32\QuickTime.qtp

2008-07-11 19:52 . 2008-07-22 20:28

2008-07-11 13:06 . 2008-07-22 19:53

2008-07-11 10:02 . 2008-07-11 10:02

2008-07-10 20:11 . 2008-07-10 20:11

2008-07-10 18:06 . 2008-07-10 18:06 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys

2008-07-10 18:05 . 2008-07-10 18:05

2008-07-10 18:05 . 2005-04-20 21:31 474,624 -----c— C:\WINDOWS\system32\dllcache\wzcsvc.dll

2008-07-10 18:05 . 2006-11-01 09:17 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-07-10 18:05 . 2005-04-20 21:31 52,736 -----c— C:\WINDOWS\system32\dllcache\wzcsapi.dll

2008-07-10 18:05 . 2005-04-20 01:54 14,592 -----c— C:\WINDOWS\system32\dllcache\ndisuio.sys

2008-07-10 18:03 . 2008-07-16 10:55

2008-07-10 12:52 . 2007-06-27 18:33 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys

2008-07-10 12:52 . 2007-06-27 18:53 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys

2008-07-10 12:52 . 2007-06-27 18:33 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys

2008-07-10 12:52 . 2007-06-27 18:31 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys

2008-07-09 21:07 . 2008-07-10 16:35

2008-07-09 20:10 . 2008-07-09 20:10

2008-07-09 17:02 . 2008-07-09 17:18

2008-07-07 20:18 . 2008-07-09 16:52 9,548 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-07-07 20:09 . 2008-07-07 20:09

2008-07-07 20:04 . 2008-07-07 20:04

2008-07-07 13:25 . 2008-07-07 13:32

2008-07-07 13:20 . 2008-07-07 13:25

2008-07-07 13:20 . 2008-07-07 13:20 96,320 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2008-07-07 13:20 . 2008-07-07 13:20 81,984 --a------ C:\WINDOWS\system32\drivers\psh_drv.sys

2008-07-01 17:36 . 2008-07-07 12:42

2008-07-01 17:36 . 2008-07-01 17:36

2008-07-01 14:10 . 2008-07-01 14:10 168 --ahs---- C:\Documents and Settings\desktop.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-26 12:49 1,421,312 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-07-26 12:49 1,421,312 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-07-26 12:49 1,417,216 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-07-26 12:49 1,417,216 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-07-26 12:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search Destroy

2008-07-25 07:49 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE

2008-07-23 18:01 --------- d-----w C:\Program Files\FrostWire

2008-07-23 09:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2008-07-22 21:26 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\Skype

2008-07-10 16:03 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-10 14:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-07 13:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Zylom

2008-07-06 19:22 --------- d-----r C:\Program Files\Gadu-Gadu

2008-07-01 14:01 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-07-01 12:10 168 --sha-w C:\Program Files\desktop.ini

2008-06-23 19:55 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\AdobeUM

2008-06-21 07:08 --------- d-s—w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft

2008-06-21 07:08 --------- d-s—w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft

2008-06-21 07:08 --------- d-s—w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft

2008-06-21 07:08 --------- d-----w C:\Program Files\Google

2008-06-21 07:08 --------- d-----w C:\Program Files\epson

2008-06-21 07:08 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\mIRC

2008-06-21 07:08 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\LimeWire

2008-06-21 07:08 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\CyberLink

2008-06-21 07:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Trend Micro

2008-06-20 20:16 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\Spik

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 14:16 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\vlc

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-07 14:48 --------- d-----w C:\Program Files\FrameShow

2008-05-31 20:05 84,439 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-05-31 20:05 7,204 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-31 20:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-31 19:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ashampoo

2008-05-31 14:01 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\PhotoFrameShow

2008-05-29 17:06 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\Styler

2008-05-28 18:16 --------- d-----w C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Dane aplikacji\Reallusion

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2007-11-11 19:06 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe

2006-03-02 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 23:48 479232]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“RTHDCPL”=“RTHDCPL.EXE” [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

Y’z Shadow.lnk - C:\Documents and Settings\Benq.BENQ-D2E62E8DCA\Moje dokumenty\PROGRAMIKI\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\WINDOWS\system32\sessmgr.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\FrostWire\FrostWire.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-04 16:49]

R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2007-11-30 16:17]

R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2007-11-30 16:17]

S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]

S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]

S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]

S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the ‘Scheduled Tasks’ folder

2008-07-26 C:\WINDOWS\Tasks\GlaryInitialize.job - s !230C:\Program Files\Glary Utilities\initialize.exeBenqGlary Utilities Initialization0 []

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/

R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com

R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/ … .yahoo.com

O8 -: Eksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: Skanuj przy użyciu Dr.Web - http://www.drweb.com/online/drweb-online-en.html

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

O16 -: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burger … yer_v4.cab

C:\WINDOWS\Downloaded Program Files\GoBitGamesPlayer.inf

C:\WINDOWS\Downloaded Program Files\GoBitGamesPlayer.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-26 14:51:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\snmp.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-07-26 14:54:31 - machine was rebooted [benq]

ComboFix-quarantined-files.txt 2008-07-26 12:54:26

Pre-Run: 80,551,702,528 bajtów wolnych

Post-Run: 81,348,595,712 bajt˘w wolnych

218 — E O F — 2008-07-11 08:02:54

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

Dzięki serdeczne za cierpliwość i pomoc- zaraz zabieram się do roboty, a później zakatrupię braciszka.