Logi - Uporczywe systemowe błędy

Witam

Mamy pewien problem, ciągle wyslkakują jakies systemowe błędy, oraz wiele rzeczy nie chodzi takich jak IE i nieraz Połaczenie internetu.
Nadomiar tego jeszcze skasowały sie archiwa GG, i raz zmieniło się samo hasło dostępowe do systemu
Proszę o sprawdzenie moich Logów

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:00, on 2008-04-04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\NEOSTR~1\neostradatp.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAE4D6CF-7088-4A6A-87CD-B9F8F2F5C38E}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5401 bytes

i z silenta

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"
-> {HKLM...CLSID} = "My Global Search Bar BHO"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Tomek" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"ATI CATALYST – pasek zadań" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki dla ochrony WWW"


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
Kaspersky Anti-Virus 7.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -r" ["Kaspersky Lab"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


---------- (launch time: 2008-04-04 14:40:59)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 1104 seconds, including 6 seconds for message boxes)

Z góry dziękuje za pomoc

Odapl hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix.



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL


co do silenta:to czysto.

Po wykonaniu tego możesz dorzucić loga z combofixa.

oto Logi z COmbo

ComboFix 08-04-04.1 - Tomek 2008-04-05 14:38:04.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.137 [GMT 2:00]
Running from: C:\Documents and Settings\Tomek\Pulpit\Combo fix\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]9018C94
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]9018F73
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]9019196.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]9019484.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]9019629.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\winscrvs.exe

.
(((((((((((((((((((((((((   Files Created from 2008-03-05 to 2008-04-05  )))))))))))))))))))))))))))))))
.

2008-04-04 14:26 . 2008-04-04 14:26	<DIR>	d--------	C:\Program Files\Trend Micro
2008-04-03 10:09 . 2008-04-03 10:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-04-02 16:47 . 2008-04-02 16:47	<DIR>	d--------	C:\Program Files\Unlock Codes Calculator (by Crux)
2008-03-31 00:23 . 2008-03-31 00:23	<DIR>	d--------	C:\Documents and Settings\Tomek\Dane aplikacji\Media Player Classic
2008-03-29 14:15 . 2008-03-29 14:15	91,700	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-03-29 14:15 . 2008-03-29 14:15	85,860	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-03-29 14:14 . 2008-04-05 14:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-03-29 14:14 . 2008-04-05 14:46	10,872,096	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-29 14:14 . 2008-04-05 14:46	145,784	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-29 14:14 . 2008-04-05 14:46	48,672	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-29 14:14 . 2008-04-05 14:46	11,852	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-26 22:57 . 2008-03-26 22:57	<DIR>	d--------	C:\Program Files\Alcohol Soft
2008-03-26 22:57 . 2008-03-26 22:57	223,128	--a------	C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-03-26 22:44 . 2008-03-26 22:44	642,560	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2008-03-26 22:44 . 2008-03-26 22:44	90,240	--a------	C:\WINDOWS\system32\drivers\sptd8509.sys
2008-03-26 22:25 . 2008-03-26 22:25	<DIR>	d--------	C:\Program Files\Yahoo!
2008-03-26 22:25 . 2008-03-26 22:25	<DIR>	d--------	C:\Program Files\CCleaner
2008-03-26 08:16 . 2008-04-05 14:20	<DIR>	d--------	C:\Documents and Settings\Tomek\Dane aplikacji\skypePM
2008-03-26 08:16 . 2008-03-26 08:16	32	--a------	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-26 08:15 . 2008-03-26 08:15	<DIR>	d--------	C:\Program Files\Skype
2008-03-26 08:15 . 2008-03-26 08:15	<DIR>	d--------	C:\Program Files\Common Files\Skype
2008-03-26 08:15 . 2008-03-26 08:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-22 16:43 . 2008-03-22 16:43	<DIR>	d--------	C:\WUTemp
2008-03-22 16:43 . 2002-08-29 02:32	28,160	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-22 16:43 . 2002-08-29 02:32	28,160	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-22 16:42 . 2003-08-25 19:06	182,880	--a------	C:\WINDOWS\system32\iuengine.dll
2008-03-22 16:42 . 2003-08-25 19:06	182,880	--a--c---	C:\WINDOWS\system32\dllcache\iuengine.dll
2008-03-19 00:43 . 2008-03-19 00:43	754	--a------	C:\WINDOWS\WORDPAD.INI
2008-03-17 21:24 . 2008-04-05 14:48	<DIR>	d--------	C:\Documents and Settings\Tomek\Dane aplikacji\Skype
2008-03-16 13:18 . 2008-03-16 13:18	<DIR>	d--------	C:\Program Files\MarBit
2008-03-16 09:47 . 2008-03-17 11:51	<DIR>	d--------	C:\Documents and Settings\Tomek\.jpi_cache
2008-03-16 09:47 . 2008-03-16 09:47	<DIR>	d--------	C:\Documents and Settings\Tomek\.java
2008-03-16 03:05 . 2008-03-16 03:05	<DIR>	d--------	C:\Program Files\<a href="http://www.download.net.pl/105/K-Lite-Codec-Pack/">K-Lite Codec Pack</a>
2008-03-16 02:42 . 2008-04-02 23:20	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-03-16 02:24 . 2008-03-16 11:17	<DIR>	d--------	C:\Documents and Settings\Tomek\Dane aplikacji\Ahead
2008-03-16 02:22 . 2008-03-16 02:22	<DIR>	d--------	C:\Program Files\Nero
2008-03-16 02:22 . 2008-03-16 02:25	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2008-03-16 02:06 . 2003-05-30 10:00	1,962,496	--a------	C:\WINDOWS\system32\quartz.dll
2008-03-13 16:05 . 2002-08-29 02:32	21,760	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 12:47	---------	d-----w	C:\Program Files\neostrada tp
2008-04-04 14:56	---------	d-----w	C:\Program Files\Gadu-Gadu
2008-03-29 12:14	---------	d-----w	C:\Program Files\Kaspersky Lab
2008-03-11 23:36	---------	d-----w	C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu
2008-03-11 23:20	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-03-11 23:15	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-11 23:15	---------	d-----w	C:\Program Files\ZTE ZXDSL 852
2008-03-11 23:15	---------	d-----w	C:\Program Files\Java
2008-03-11 22:59	---------	d-----w	C:\Documents and Settings\Tomek\Dane aplikacji\ATI
2008-03-11 22:56	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-03-11 22:56	---------	d-----w	C:\Program Files\ATI Technologies
2008-03-11 22:50	---------	d-----w	C:\Program Files\Realtek Sound Manager
2008-03-11 22:50	---------	d-----w	C:\Program Files\AvRack
2008-03-11 22:49	---------	d-----w	C:\Program Files\AMD
2008-03-11 22:35	558,142	----a-w	C:\WINDOWS\java\Packages\J5ZPJ7DV.ZIP
2008-03-11 22:35	155,995	----a-w	C:\WINDOWS\java\Packages\CIEZRLZJ.ZIP
2008-03-11 22:35	---------	d-----w	C:\Program Files\microsoft frontpage
2008-03-11 22:34	---------	d-----w	C:\Program Files\Usługi online
2008-03-05 15:03	479,752	----a-w	C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03	238,088	----a-w	C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56	3,786,760	----a-w	C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 14:56	1,420,824	----a-w	C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-05 14:50	80,896	----a-w	C:\WINDOWS\system32\dxdllreg.exe
2008-02-08 17:37	219,664	----a-w	C:\WINDOWS\system32\klogon.dll
2008-02-08 17:35	23,604	----a-w	C:\WINDOWS\system32\drivers\klopp.dat
2008-02-05 22:07	462,864	----a-w	C:\WINDOWS\system32\d3dx10_37.dll
2008-01-10 12:16	159,839	----a-w	C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15	755,027	----a-w	C:\WINDOWS\system32\xvidcore.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-29 00:00 13312]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2004-06-11 05:15 83968]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 22:05 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 01:33 32768]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 19:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-29 00:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys [2003-08-12 16:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys [2006-05-25 17:28]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 14:47:34
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-04-05 14:50:06 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-05 12:49:57
Pre-Run: 2,853,707,776 bajtów wolnych
Post-Run: 2,843,586,560 bajt˘w wolnych

ComboFix usunął, co miał usunąć, i teraz log jest czysty.
Ale nie wiem, czy to poprawi sytuację z Twoim problemem...

ordynat