Your computer is infected

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich, nie jestem żadnym informatykiem, tylko zwykłym użytkownikiem komputera. Mam właśnie problem z wyskakującym okienkiem

'Your computer is infected

Windows has detected spyware infection!

It is recomended to use special antispyware tools to pervent data loss. Windows

will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware! ’

na pasku objawia sie to czerwonym kółkiem z białym krzyżykiem i cały czas wyskakuje ten komunikat i zaczyna coś ściągać “PC Antispyware 2010” wyłączam to bo nie wiem nawet co to jest.

W ogóle mój komputer strasznie ‘muli’ a komunikator GG włącza sie tylko wtedy kiedy pierwszy raz włączam komputer a potem już nie.

Proszę o pomoc bo nie wiem co mam z tym zrobić, i jak bym mogła prosić o wyrozumiałość i tłumaczenie mi wszystkich tych nie zrozumiałych terminów o których tu mówicie.

Dziękuję z góry i prosze o pomoc

#2

Pobierz Combofix i uruchom.

Pokaż log.

Podczas pobierania i skanowania Combofixem należy wyłączyć wszelkie antywirusy i firewalle.

#3

ściągnełam ComboFix i RSIT i sie zacięłam :expressionless:

Wyskoczyło mi tylko takie coś w notatniku:

info.txt logfile of random’s system information tool 1.06 2009-08-18 16:43:07

======Uninstall list======

–>C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer–>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Flash Player 10 ActiveX–>C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin–>C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0.5 - Polish–>MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70500000002}

ALLPlayer V2.2–>C:\Program Files\MarBit\ALLPlayer\UnGins.exe “C:\Program Files\MarBit\ALLPlayer\install.log”

ALLPlayer V2.3.1–>“C:\Program Files\MarBit\ALLPlayer\unins000.exe”

ArcSoft Software Suite–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe” -l0x9

ATI Control Panel–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe”

ATI Display Driver–>rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HydraVision–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe”

DX-Ball 1.09–>C:\PROGRA~1\DX-Ball\UNWISE.EXE C:\PROGRA~1\DX-Ball\INSTALL.LOG

Enable S3 for USB Device–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"

Free_Lunch_Design Toolbar–>C:\PROGRA~1\FREE_L~1\UNWISE.EXE /U C:\PROGRA~1\FREE_L~1\INSTALL.LOG

free-downloads.net Toolbar–>C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG

Gadu-Gadu 7.7–>C:\Program Files\Gadu-Gadu\Setup.exe

HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall

HP Customer Participation Program 9.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Deskjet All-In-One Software 9.0–>C:\Program Files\HP\Digital Imaging{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat

HP Imaging Device Functions 9.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential 2.01–>C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing–>MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update–>MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HPSSupply–>MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Java 2 Runtime Environment, SE v1.4.0_03–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe” Anytext

Java Web Start–>“C:\Program Files\Java Web Start\uninst-javaws.exe”

Java 6 Update 11–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Microsoft Office XP Professional z programem FrontPage–>MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9}

Narzędzie Software Uninstall Utility firmy ATI–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

Neostrada TP–>C:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe

Nero Suite–>C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

Opera 9.64–>MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

PhotoFiltre Studio–>“C:\Program Files\PhotoFiltre Studio\Uninst.exe”

Poprawka systemu Windows XP - KB822603–>C:\WINDOWS$NtUninstallKB822603$\spuninst\spuninst.exe

Realtek AC’97 Audio–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE

REALTEK Gigabit and Fast Ethernet NIC Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe” -l0x15 REMOVE

Skype web features–>MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}

Skype™ 4.1–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SMPlayer 0.6.6–>“C:\Program Files\SMPlayer\unins000.exe”

SpeedTouch USB Software–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe” /l0009 -Control_Panel

Super KULKI V4.0 Beta1–>C:\Program Files\MarBit\Kulki\UnGins.exe “C:\Program Files\MarBit\Kulki\install.log”

VIA Integrated Setup Wizard–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}

Virtual DJ - Atomix Productions–>C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG

Winamp–>“C:\Program Files\Winamp\UninstWA.exe”

Windows Media Format Runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll

WinRAR archiver–>C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: NATO-G558I1ZOY1

Event Code: 7036

Dodane 18.08.2009 (Wt) 16:51

i jeszcze mi wyskoczy;o takie coś :

Logfile of random’s system information tool 1.06 (written by random/random)

Run by gg at 2009-08-18 16:41:10

Microsoft Windows XP Professional Dodatek Service Pack. 1

System drive C: has 976 MB (10%) free of 10 GB

Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:43:06, on 2009-08-18

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\System32\twex.exe

C:\WINDOWS\System32\sdra64.exe

C:\WINDOWS\System32\twext.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\braviax.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Opera\opera.exe

Dodane 18.08.2009 (Wt) 16:53

przepraszam tu jest całość :

Logfile of random’s system information tool 1.06 (written by random/random)

Run by gg at 2009-08-18 16:41:10

Microsoft Windows XP Professional Dodatek Service Pack. 1

System drive C: has 976 MB (10%) free of 10 GB

Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:43:06, on 2009-08-18

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\System32\twex.exe

C:\WINDOWS\System32\sdra64.exe

C:\WINDOWS\System32\twext.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\braviax.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\gg\Pulpit\HJTInstall.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Documents and Settings\gg\Pulpit\RSIT.exe

C:\Program Files\trend micro\gg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll

R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\twex.exe,C:\WINDOWS\System32\sdra64.exe,C:\WINDOWS\System32\twext.exe,

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll

O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [braviax] braviax.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [braviax] C:\WINDOWS\System32\braviax.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: ikowin32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip…{B8F4D1E4-3D39-4366-9538-F374CB9B6D16}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

End of file - 8140 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-09-29 845340]

{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-10 2215960]

{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre1.dll [2009-08-10 2215960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]

“SoundMan”=C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536]

“WooCnxMon”=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]

“SpeedTouch USB Diagnostics”=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]

“WOOWATCH”=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]

“WOOTASKBARICON”=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]

“WinampAgent”=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

“HP Software Update”=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

“ArcSoft Connection Service”=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]

“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-20 136600]

“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

“NWEReboot”= []

“braviax”=C:\WINDOWS\system32\braviax.exe [2009-08-18 11264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [2002-09-29 13312]

“Gadu-Gadu”=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]

“MSMSGS”=C:\Program Files\Messenger\msmsgs.exe [2002-08-20 1511453]

“AlcoholAutomount”=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

“NBJ”=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25727272]

“braviax”=C:\WINDOWS\System32\braviax.exe [2009-08-18 11264]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

C:\Documents and Settings\gg\Menu Start\Programy\Autostart

ikowin32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

“AppInit_DLLS”=“C:\WINDOWS\System32\cru629.dat”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

“SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“EnableProfileQuota”=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“dontdisplaylastusername”=0

“legalnoticecaption”=

“legalnoticetext”=

“shutdownwithoutlogon”=1

“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

“NoDriveTypeAutoRun”=95000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-18 16:41:11 ----D---- C:\Program Files\trend micro

2009-08-18 16:41:10 ----D---- C:\rsit

2009-08-18 09:07:03 ----A---- C:\WINDOWS\braviax.exe

2009-08-18 09:05:50 ----A---- C:\WINDOWS\System32\wisdstr.exe

2009-08-18 09:05:48 ----A---- C:\WINDOWS\System32\braviax.exe

2009-07-22 15:06:26 ----D---- C:\Documents and Settings\gg\Dane aplikacji\skypePM

2009-07-22 15:04:38 ----D---- C:\Documents and Settings\gg\Dane aplikacji\Skype

2009-07-22 15:03:02 ----D---- C:\Program Files\Common Files\Skype

2009-07-22 15:02:59 ----RD---- C:\Program Files\Skype

2009-07-22 15:02:53 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype

2009-07-22 14:59:06 ----A---- C:\WINDOWS\System32\iuengine.dll

======List of files/folders modified in the last 1 months======

2009-08-18 16:41:11 ----RD---- C:\Program Files

2009-08-18 14:17:02 ----D---- C:\Program Files\Neostrada TP

2009-08-18 12:51:07 ----D---- C:\WINDOWS\Prefetch

2009-08-18 12:48:01 ----D---- C:\WINDOWS\Temp

2009-08-18 12:45:38 ----D---- C:\WINDOWS\Debug

2009-08-18 09:07:03 ----D---- C:\WINDOWS\system32

2009-08-18 09:07:03 ----D---- C:\WINDOWS

2009-08-18 09:06:05 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-18 09:05:48 ----RSHDC---- C:\WINDOWS\System32\dllcache

2009-08-18 09:05:44 ----SHD---- C:\WINDOWS\Installer

2009-08-18 09:05:44 ----HD---- C:\Config.Msi

2009-08-16 00:27:53 ----A---- C:\WINDOWS\NeroDigital.ini

2009-08-15 12:54:10 ----D---- C:\Program Files\Kalendarz XP

2009-08-10 18:54:49 ----D---- C:\Program Files\free-downloads.net

2009-08-10 18:54:33 ----D---- C:\Program Files\Free_Lunch_Design

2009-08-09 12:05:10 ----D---- C:\WINDOWS\System32\CatRoot2

2009-07-22 15:03:02 ----D---- C:\Program Files\Common Files

2009-07-22 15:00:15 ----HD---- C:\Program Files\WindowsUpdate

2009-07-21 13:40:49 ----D---- C:\Documents and Settings\gg\Dane aplikacji\Ahead

2009-07-21 13:22:53 ----D---- C:\WINDOWS\System32\NtmsData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-09-29 35200]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]

R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]

R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-29 57344]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984]

R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-29 57984]

R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]

S3 aiz4rkke;aiz4rkke; C:\WINDOWS\System32\drivers\aiz4rkke.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]

S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]

S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]

S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832]

R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2002-09-29 12800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-20 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-01-20 73728]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-09-29 12800]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-09-29 12800]

R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-09-29 12800]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-09-29 24064]

-----------------EOF-----------------

#4

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

Nie prosiłem o log RSIT, tylko Combofix.

#5

to jak to mam zrobić, bo już pisalam że sie zabardzo nie orientuje. :expressionless:

Dodane 19.08.2009 (Śr) 14:31

chyba jednak będe musiała zatrudnić kogoś kto mi to zrobi wszystko, bo ten ściągnięty combofix wogóle sie nie otwiera a żeby dzisiaj załączałam chyba 15 razy komputer bo cały czas sie wystko zacinało :expressionless:

on raczej nadaje sie na złom, nie do naprawy jakiejkolwiek :expressionless:

#6

Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pełny skan - jak coś znajdzie to usuń zaznaczone - pokaż log

Pobierz program SDFix