Inwazja wirusów i szkodliwego oprogramowania. HijackThis log

[misial91]

Witam.
Ostatnio miałem "inwazję" wirusów i szkodliwego oprogramowania i teraz nie jestem pewien czy usunąłem wszystko. Prosiłbym więc o sprawdzenie mi logów. Z góry dziękuje.

HiJackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:43, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Dell\QuickSet\quickset.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Dell\MediaDirect\PCMService.exe
E:\Program Files\Winamp\winampa.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\Program Files\Dell Support Center\bin\sprtcmd.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beta.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell QuickSet] D:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "D:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "D:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [WinampAgent] e:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DellSupportCenter] "D:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "D:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5940CCA-DE48-4BD1-9EA7-E740C4BED82D}: NameServer = 172.16.1.254,217.96.23.251
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - D:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - D:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - D:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 10555 bytes


Combo-Fix

Kod: Zaznacz wszystko

ComboFix 08-07-25.6 - Admin 2008-07-26  4:44:49.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.1448 [GMT -7:00]
Running from: D:\Documents and Settings\Admin\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-26 to 2008-07-26  )))))))))))))))))))))))))))))))
.

2008-07-26 04:43 . 2008-07-26 04:43   <DIR>   d--------   D:\Program Files\Trend Micro
2008-07-26 01:53 . 2008-07-26 04:40   <DIR>   d--------   D:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 01:53 . 2008-07-26 01:53   <DIR>   d--------   D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 01:53 . 2008-07-26 01:53   <DIR>   d--------   D:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-07-26 01:43 . 2008-07-20 23:08   225,280   --a------   D:\Program Files\Uninstall My Global Search Bar.dll
2008-07-25 23:12 . 2008-07-25 23:12   <DIR>   d--------   D:\Program Files\Alwil Software
2008-07-25 01:47 . 2008-07-26 03:16   <DIR>   d--------   D:\Program Files\Google
2008-07-25 01:47 . 2008-07-26 01:20   <DIR>   d-a------   D:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 00:39 . 2008-07-25 00:39   <DIR>   d--------   D:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-11 15:52 . 2008-07-11 15:52   <DIR>   d--------   D:\Documents and Settings\Admin\Application Data\BESTplayer
2008-07-09 08:00 . 2008-06-20 10:36   245,248   ---------   D:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-09 08:00 . 2008-06-20 02:32   225,920   ---------   D:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-09 08:00 . 2008-06-20 03:44   138,368   ---------   D:\WINDOWS\system32\dllcache\afd.sys
2008-07-09 08:00 . 2006-08-16 05:08   100,352   ---------   D:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-03 14:41 . 2008-07-03 14:41   <DIR>   d--------   D:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-03 14:41 . 2008-07-05 03:08   88   -r-hs----   D:\WINDOWS\system32\C3707734E7.sys
2008-06-29 15:37 . 2008-06-29 15:46   <DIR>   d--------   D:\Program Files\PhotoScape

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 11:17   ---------   d-----w   D:\Documents and Settings\Admin\Application Data\Skype
2008-07-26 10:16   ---------   d-----w   D:\Program Files\Windows Desktop Search
2008-07-26 08:43   ---------   d-----w   D:\Program Files\CyberLink
2008-07-26 08:43   ---------   d-----w   D:\Program Files\BearShare Applications
2008-07-26 08:25   ---------   d-----w   D:\Documents and Settings\Admin\Application Data\skypePM
2008-07-21 06:09   ---------   d-----w   D:\Program Files\BearShare
2008-07-10 02:02   6,580   --sha-w   D:\WINDOWS\system32\KGyGaAvL.sys
2008-07-10 02:02   ---------   d-----w   D:\Documents and Settings\Admin\Application Data\Corel
2008-07-09 22:24   ---------   d-----w   D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-05 10:11   ---------   d-----w   D:\Program Files\Corel
2008-07-05 10:11   ---------   d-----w   D:\Program Files\Common Files\Corel
2008-07-03 21:41   ---------   d-----w   D:\Program Files\Common Files\InstallShield
2008-06-21 00:08   ---------   d-----w   D:\Program Files\microsoft frontpage
2008-06-20 23:57   ---------   d-----w   D:\Program Files\SkanerOnline
2008-06-20 17:36   245,248   ----a-w   D:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36   147,968   ----a-w   D:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:44   360,960   ----a-w   D:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   360,960   ----a-w   D:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   D:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32   225,920   ----a-w   D:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10   272,128   ------w   D:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10   272,128   ------w   D:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:14   203,008   ------w   D:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55   1,288,192   ----a-w   D:\WINDOWS\system32\quartz.dll
2008-05-07 04:55   1,288,192   ------w   D:\WINDOWS\system32\dllcache\quartz.dll
2007-12-08 01:55   32   ----a-w   D:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-26 01:32   476,752   ----a-w   D:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-11-26 01:12   16,384   --sha-w   D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-11-26 01:12   32,768   --sha-w   D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-11-26 01:12   32,768   --sha-w   D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007112520071126\index.dat
2007-11-26 01:12   32,768   --sha-w   D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-10-07 21:55  2182144  a09c144d8d5a460b8ebfa56f913715d2   D:\WINDOWS\system32\ntkrnlpa.exe

2007-10-07 21:48  2302464  465e3e1178812be755634457f4a778bf   D:\WINDOWS\system32\ntoskrnl.exe

2007-10-07 18:31  975360  d96ec9dae043c3bee37ee9099336470e   D:\WINDOWS\explorer.exe
2007-10-07 18:31  1224192  8084a78f85e634d4387bb4caa775ade8   D:\WINDOWS\icon_TMP\explorer.exe
2007-10-07 18:31  1033216  7712df0cdde3a5ac89843e61cd5b3658   D:\WINDOWS\system_backup\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-05-18 01:30 1230848]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"RocketDock"="D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 15:05 630784]
"DellSupportCenter"="D:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 03:54 2131392]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 16:51 21877544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-07-13 00:34 8466432]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 00:34 81920]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Dell QuickSet"="D:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]
"dscactivate"="D:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="D:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"WinampAgent"="e:\Program Files\Winamp\winampa.exe" [2006-03-10 10:45 35328]
"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"DellSupportCenter"="D:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 07:38 78008]
"nwiz"="nwiz.exe" [2007-07-13 00:34 1626112 D:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 15:26 303104 D:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-05-18 01:30 1230848]

D:\Documents and Settings\Admin\Start Menu\Programs\Startup\
RocketDock.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 15:05:02 630784]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-07 20:19:48 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^Styler.lnk]
path=D:\Documents and Settings\Admin\Start Menu\Programs\Startup\Styler.lnk
backup=D:\WINDOWS\pss\Styler.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^TransBar.lnk]
path=D:\Documents and Settings\Admin\Start Menu\Programs\Startup\TransBar.lnk
backup=D:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=D:\Documents and Settings\Admin\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=D:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=D:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 00:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iastor76;iastor76;D:\WINDOWS\system32\drivers\iastor76.sys [2007-10-07 18:02]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
.
- - - - ORPHANS REMOVED - - - -

Notify-WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://beta.onet.pl/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{D5940CCA-DE48-4BD1-9EA7-E740C4BED82D}: NameServer = 172.16.1.254,217.96.23.251
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
D:\WINDOWS\Downloaded Program Files\ArcaOnline.inf
D:\WINDOWS\system32\ArcaMicroScanUpdater.exe
D:\WINDOWS\system32\ArcaOnlineUninstall.exe
D:\WINDOWS\system32\ArcaOnline.dll

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
D:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
D:\WINDOWS\system32\SkanerOnlineUninstall.exe
D:\WINDOWS\system32\SkanerOnline.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 04:46:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\explorer.exe
-> D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-07-26  4:47:50
ComboFix-quarantined-files.txt  2008-07-26 11:47:13

Pre-Run: 9,063,874,560 bytes free
Post-Run: 9,159,577,600 bytes free

180   --- E O F ---   2008-07-25 05:05:58


[huber2t]

fix w hijackthis

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
D:\Program Files\Uninstall My Global Search Bar.dll


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklejto.pl a w poście dajesz tylko link

[misial91]

Zrobiłem więc tak i:
http://wklejto.pl/6799

[huber2t]

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!