Jaac

Wszystko wykonane. Wielkie dzięki za pomoc.

Nie jestem pewien czy zniknęły więc wkleję otl.

OTL.Txt

System look

SystemLook.txt

Wydaje sie byc w porzadku

SystemLook.txt

OTL.Txt

08082011_092020-1.txt

Poprzednie załaczniki usunalem bo nie moglem wkleic nowych.

OTL.Txt

SystemLook.txt

Wynikowy raport:

ComboFix.txt

System look

SystemLook 30.07.11 by jpshortstuff

Log created at 12:39 on 07/08/2011 by user

Administrator - Elevation successful

========== dir ==========

C:\Windows\system64 - Parameters: "/s"

---Files---

consrv.dll --a---- 31744 bytes [23:31 13/07/2009] [01:39 14/07/2009]

(edytowane - kopia katalogu Windows)

========== regfind ==========

Searching for "system64"

No data found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Debug"=""

@="mnmsrvc"

"Kmode"="\SystemRoot\System32\win32k.sys"

"Optional"="Posix"

"Posix"="%SystemRoot%\system32\psxss.exe"

"Required"="Debug Windows"

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

-= EOF =-

System look

SystemLook 30.07.11 by jpshortstuff

Log created at 11:07 on 04/08/2011 by user

Administrator - Elevation successful

========== filefind ==========

Searching for "wshtcpip.dll"

C:\Windows\System32\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91

C:\Windows\system64\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91

C:\Windows\SysWOW64\WSHTCPIP.DLL --a---- 9216 bytes [23:12 13/07/2009] [01:16 14/07/2009] EE5C8E27C37B79CB54A2FCEEED2DC262

C:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91

C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL --a---- 9216 bytes [23:12 13/07/2009] [01:16 14/07/2009] EE5C8E27C37B79CB54A2FCEEED2DC262

Searching for "wship6.dll"

C:\Windows\System32\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF

C:\Windows\system64\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF

C:\Windows\SysWOW64\wship6.dll --a---- 10752 bytes [23:12 13/07/2009] [01:16 14/07/2009] 73E8667A19FEEDD856DF2695E9E511D4

C:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF

C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\wship6.dll --a---- 10752 bytes [23:12 13/07/2009] [01:16 14/07/2009] 73E8667A19FEEDD856DF2695E9E511D4

Searching for "wshqos.dll"

C:\Windows\System32\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D

C:\Windows\system64\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D

C:\Windows\SysWOW64\wshqos.dll --a---- 13824 bytes [23:53 13/07/2009] [01:16 14/07/2009] 81F08948A0F1475894C99D4D19A158A8

C:\Windows\winsxs\amd64_microsoft-windows-qos_31bf3856ad364e35_6.1.7600.16385_none_0a405a377155a88a\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D

C:\Windows\winsxs\wow64_microsoft-windows-qos_31bf3856ad364e35_6.1.7600.16385_none_14950489a5b66a85\wshqos.dll --a---- 13824 bytes [23:53 13/07/2009] [01:16 14/07/2009] 81F08948A0F1475894C99D4D19A158A8

-= EOF =-

System look

SystemLook.txt

1. Na podstawie danych z otl.

2. Zrobione

OTL.Txt

:OTL

O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - File not found

O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - File not found

O3 - HKU\S-1-5-21-1645522239-1417001333-1658580976-1004\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - File not found

SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

[2011-07-26 10:47:26 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe

 

:Reg

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="about:blank"

 

:Commands

[emptyflash]

[emptytemp]

Kaspersky TDSSKiller nic nie wyrkył.

Program Avast znalazł wirusa win32:Malware-gen w c:\windows\assembly\tmp\u w pliku 800000cb.

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 25

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader 9.1 MUI

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Symantec Norton Online Backup NOBuAgent.exe

Symantec Norton Online Backup NOBuClient.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

OTL.Txt

Extras.Txt