Prosze o sprawdzenie loga - combofix i hijackthis

[Kacper1144]

Combofix

ComboFix 08-10-11.04 - Administrator 2008-10-13 13:53:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.13 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0003E4D2
C:\Program Files\myglobalsearch\bar\Cache\0003E767
C:\Program Files\myglobalsearch\bar\Cache\0003E8E4.bin
C:\Program Files\myglobalsearch\bar\Cache\0003ECC3.bin
C:\Program Files\myglobalsearch\bar\Cache\0003EE54.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Recycled\Recycled
C:\Recycled\Recycled\ctfmon.exe
C:\WINDOWS\system32\setup.ini
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-13 do 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-10 14:59 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 15:33 . 2008-10-07 15:34 <DIR> d-------- C:\Program Files\BearShare
2008-10-07 15:33 . 2008-10-07 15:33 <DIR> d-------- C:\My Downloads
2008-10-05 10:52 . 2008-10-05 10:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer
2008-10-05 10:33 . 2008-10-08 13:45 <DIR> d-------- C:\Temp
2008-10-04 12:56 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-04 12:54 . 2008-10-04 12:54 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-04 12:44 . 2008-10-04 12:44 <DIR> d-------- C:\Program Files\Panda Security
2008-09-27 13:36 . 1998-10-29 14:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-27 13:12 . 2008-09-27 13:12 <DIR> d-------- C:\Program Files\directx
2008-09-22 19:32 . 2008-09-22 19:34 <DIR> d-------- C:\Program Files\SET FlashMenu
2008-09-21 19:16 . 2008-09-21 19:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-21 19:16 . 2008-09-21 19:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-09-21 19:02 . 2008-09-21 19:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-21 19:02 . 2008-09-21 19:02 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-09-21 19:02 . 2008-09-21 19:02 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-09-21 18:53 . 2008-09-21 18:53 <DIR> d-------- C:\Program Files\Sony Ericsson Mobile Communications AB
2008-09-21 18:37 . 2008-09-21 18:37 <DIR> d-------- C:\Program Files\Avanquest update
2008-09-21 18:37 . 2008-09-21 18:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\BVRP Software
2008-09-21 18:34 . 2008-09-24 14:50 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-09-21 18:34 . 2008-09-21 18:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sony Ericsson
2008-09-21 18:34 . 2008-09-21 18:34 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-09-16 14:27 . 2008-09-16 14:27 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FastStone
2008-09-13 11:58 . 2008-09-14 11:20 32 --a------ C:\WINDOWS\0
2008-09-13 11:58 . 2008-09-13 11:58 0 --a------ C:\WINDOWS\system32\0

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 16:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-10-07 13:18 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-10-05 15:33 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-09-27 11:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 11:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-25 10:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2008-09-25 09:04 --------- d-----w C:\Program Files\Unlocker
2008-09-24 12:58 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-24 12:56 --------- d-----w C:\Program Files\Nokia
2008-09-24 12:54 --------- d-----w C:\Program Files\Notepad++
2008-09-24 12:54 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++
2008-09-24 12:34 --------- d-----w C:\Program Files\Utilities
2008-09-18 11:43 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-12 14:22 --------- d-----w C:\Program Files\Ericsson
2008-09-11 14:37 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-09 14:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-09-09 11:20 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Teleca
2008-09-09 11:18 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Sony Ericsson
2008-09-06 15:25 --------- d-----w C:\Program Files\QuickTime
2008-09-06 15:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-09-06 13:03 --------- d-----w C:\Program Files\Apple Software Update
2008-09-06 13:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple
2008-09-05 21:31 267,816 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 21:30 952,872 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-05 17:13 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nokia
2008-09-05 17:07 --------- d-----w C:\Program Files\DIFX
2008-09-05 17:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\PC Suite
2008-09-05 17:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite
2008-09-05 17:04 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-05 17:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Downloaded Installations
2008-09-05 12:23 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-03 20:16 --------- d-----w C:\Program Files\NET
2008-09-02 13:25 --------- d-----w C:\Program Files\uTorrent
2008-08-30 11:59 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-08-30 11:59 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-08-29 14:27 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Vision Thing
2008-08-29 13:51 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\fltk.org
2008-08-26 20:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-26 19:45 --------- d-----w C:\Program Files\Microsoft Works
2008-08-26 19:44 --------- d-----w C:\Program Files\MSBuild
2008-08-26 19:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-26 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-26 10:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-08-16 15:17 --------- d-----w C:\Program Files\Opera
2008-08-15 18:54 --------- d-----w C:\Program Files\MarBit
2008-08-15 16:53 --------- d-----w C:\Program Files\sisagp
2008-08-01 13:46 1,717,848 ----a-w C:\WINDOWS\system32\skype4com.dll
2008-07-22 16:20 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd
2008-07-22 16:20 28,672 ----a-w C:\WINDOWS\system32\setupold.exe
2008-07-22 16:17 98,304 ----a-w C:\WINDOWS\system32\makecab.exe
2008-07-22 16:17 501,760 ----a-w C:\WINDOWS\system32\usp10.dll
2008-07-22 13:36 955,392 ----a-w C:\WINDOWS\system32\wsecedit.dll
2008-07-22 13:36 9,753,600 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-07-22 13:36 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2008-07-22 13:36 208,896 ----a-w C:\WINDOWS\system32\wscript.exe
2008-07-22 13:36 2,600,448 ----a-w C:\WINDOWS\system32\wpdshext.dll
2008-07-22 13:35 358,912 ----a-w C:\WINDOWS\winhlp32.exe
2008-07-22 13:35 2,327,552 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-07-22 13:35 1,409,536 ----a-w C:\WINDOWS\system32\wiashext.dll
2008-07-22 13:34 487,424 ----a-w C:\WINDOWS\system32\user32.dll
2008-07-22 13:34 3,647,488 ----a-w C:\WINDOWS\system32\wiadefui.dll
2008-07-22 13:34 126,976 ----a-w C:\WINDOWS\system32\verifier.exe
2008-07-22 13:34 1,539,072 ----a-w C:\WINDOWS\system32\wextract.exe
2008-07-22 13:34 1,538,560 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2008-07-22 13:33 77,824 ----a-w C:\WINDOWS\system32\stobject.dll
2008-07-22 13:33 744,960 ----a-w C:\WINDOWS\system32\sxs.dll
2008-07-22 13:33 630,784 ----a-w C:\WINDOWS\system32\sysocmgr.exe
2008-07-22 13:33 541,696 ----a-w C:\WINDOWS\system32\sti_ci.dll
2008-07-22 13:33 450,560 ----a-w C:\WINDOWS\system32\themeui.dll
2008-07-22 13:33 30,208 ----a-w C:\WINDOWS\system32\stimon.exe
2008-07-22 13:33 261,120 ----a-w C:\WINDOWS\system32\upnpui.dll
2008-07-22 13:33 256,512 ----a-w C:\WINDOWS\system32\tapiui.dll
2008-07-22 13:33 202,240 ----a-w C:\WINDOWS\system32\tcpmonui.dll
2008-07-22 13:33 187,392 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-07-22 13:32 78,336 ----a-w C:\WINDOWS\system32\srclient.dll
2008-07-22 13:32 58,880 ----a-w C:\WINDOWS\system32\sol.exe
2008-07-22 13:32 541,696 ----a-w C:\WINDOWS\system32\spider.exe
2008-07-22 13:32 52,224 ----a-w C:\WINDOWS\system32\shscrap.dll
2008-07-22 13:32 407,040 ----a-w C:\WINDOWS\system32\smlogcfg.dll
2008-07-22 13:32 307,712 ----a-w C:\WINDOWS\system32\srrstr.dll
2008-07-22 13:32 3,435,008 ----a-w C:\WINDOWS\system32\shimgvw.dll
2008-07-22 13:32 134,656 ----a-w C:\WINDOWS\system32\sigverif.exe
2008-07-22 13:32 122,368 ----a-w C:\WINDOWS\system32\sndvol32.exe
2008-07-22 13:31 997,888 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-07-22 13:31 39,936 ----a-w C:\WINDOWS\system32\sendmail.dll
2008-07-22 13:31 39,424 ----a-w C:\WINDOWS\system32\runonce.exe
2008-07-22 13:31 2,589,184 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-07-22 13:31 188,416 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-07-22 13:31 171,008 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-07-22 13:31 111,104 ----a-w C:\WINDOWS\system32\servdeps.dll
2008-07-22 13:30 62,976 ----a-w C:\WINDOWS\system32\remotepg.dll
2008-07-22 13:30 59,904 ----a-w C:\WINDOWS\system32\rasphone.exe
2008-07-22 13:30 538,624 ----a-w C:\WINDOWS\system32\regwizc.dll
2008-07-22 13:30 487,424 ----a-w C:\WINDOWS\system32\photowiz.dll
2008-07-22 13:30 48,128 ----a-w C:\WINDOWS\system32\rcimlby.exe
2008-07-22 13:30 45,056 ----a-w C:\WINDOWS\system32\odbcad32.exe
2008-07-22 13:30 40,448 ----a-w C:\WINDOWS\system32\perfmon.exe
2008-07-22 13:30 29,696 ----a-w C:\WINDOWS\system32\regedt32.exe
2008-07-22 13:30 217,088 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-07-22 13:30 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2008-07-22 15:34 487424 5f1ccdf37f28a88d0473b0c9ea1e0d58 C:\WINDOWS\system32\user32.dll

2008-07-22 15:15 361600 e88631e21a9caca06104802f9e915115 C:\WINDOWS\system32\drivers\tcpip.sys

2008-07-22 15:29 2190208 5fb59f2506787a7e036b7c2eff1cce24 C:\WINDOWS\system32\ntoskrnl.exe

2008-07-22 15:25 1528832 b49a80a502fd86b2f05bc7bbd723ddab C:\WINDOWS\explorer.exe

2008-07-22 15:23 40448 0277e1a3e8b337555a45943808451981 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-07-22 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-09-21 13352]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffe988b0-7d97-11dd-ad85-0007955f2630}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'

2008-09-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-11 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-09-05 14:19]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKU-Default-Run-VisualTaskTips - C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6p8cxrwp.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 13:59:53
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-13 14:02:21
ComboFix-quarantined-files.txt 2008-10-13 12:02:16

Przed: 496 218 112 bajtów wolnych
Po: 734,179,328 bajtów wolnych

247 --- E O F --- 2008-10-10 15:12:18






Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:14, on 2008-10-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe
C:\Program Files\Gadu-Gadu\gg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{387E75AF-BCAC-400F-A6C7-2B3695F88B0D}: NameServer = 217.116.100.65 217.116.100.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 5141 bytes

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Otwórz notatnik i wklej do niego:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\0
C:\WINDOWS\system32\0

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffe988b0-7d97-11dd-ad85-0007955f2630}]


Plik zapisz jako CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

fix w hijackthis

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

Logi dajesz na http://www.wklej.eu/ lub na http://wklej.org a w poście dajesz tylko link

[Kacper1144]

http://www.wklej.eu/index.php?id=6bd1ea1326

i coś jeszcze trzeba?

[huber2t]

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!