Błąd C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL


(Tom Kurowski) #1

pojawia mi się ten błąd i nie wiem co mam zrobić C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL


(Leon$) #2

Pobierz Combofix http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

potem przeskanuj HijackThis 2.02 daj log

kolejność skanowania jak podałem

:slight_smile:


(Tom Kurowski) #3

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:48:20, on 2009-02-13

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\tomasz\USTAWI~1\Temp\Katalog tymczasowy 3 dla HiJackThis.zip\HijackThis.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz na &Telefon - res://C:\Program Files\MTPlugin\MTSend.dll/Plugin

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip..{9C29793B-A188-44D6-B3E1-0ABFF614E1AC}: NameServer = 192.168.30.1,82.160.1.1

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--

End of file - 8088 bytes

-- Dodane 13.02.2009 (Pt) 16:34 --

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:33:46, on 2009-02-13

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip..{9C29793B-A188-44D6-B3E1-0ABFF614E1AC}: NameServer = 192.168.30.1,82.160.1.1

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--

End of file - 7486 bytes

:slight_smile:


(Leon$) #4

usuń HijackThisem >> Fix checked

czy ty nie rozumiesz co do ciebie pisze

gdzie log Combofixa?

[-X


(Tom Kurowski) #5

ComboFix 09-02-12.03 - tomasz 2009-02-13 17:00:36.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2047.1602 [GMT 1:00]

Uruchomiony z: c:\documents and settings\tomasz\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FunWebProducts

c:\program files\FunWebProducts\ScreenSaver\Cache\008B76E1.jpg

c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini

c:\program files\FunWebProducts\ScreenSaver\Images\008AAEFD.urr

c:\program files\FunWebProducts\ScreenSaver\Images\008B7635.urr

c:\program files\FunWebProducts\ScreenSaver\Images\008B91AC.dat

c:\program files\FunWebProducts\ScreenSaver\Images\101x135\008B91AC.jpg

c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst

c:\program files\FunWebProducts\Shared\002BD456.dat

c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.htmlx

c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html

c:\program files\Internet Explorer\msimg32.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Cache\000110C4

c:\program files\MyWebSearch\bar\Cache\0037E6E9.bin

c:\program files\MyWebSearch\bar\Cache\0037E90C.bin

c:\program files\MyWebSearch\bar\Cache\008AB585

c:\program files\MyWebSearch\bar\Cache\008ABE5F.bin

c:\program files\MyWebSearch\bar\Cache\008ABFD6.bin

c:\program files\MyWebSearch\bar\Cache\008AC12D.bin

c:\program files\MyWebSearch\bar\Cache\008AC302.bin

c:\program files\MyWebSearch\bar\Cache\files.ini

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\History\search3

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

c:\windows\system32\f3PSSavr.scr

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-13 do 2009-02-13 )))))))))))))))))))))))))))))))

.

2009-02-13 16:03 . 2009-02-13 16:03

2009-02-13 16:03 . 2009-02-13 16:03

2009-02-13 16:03 . 2009-02-13 16:03

2009-02-13 16:03 . 2009-02-13 16:03

2009-02-13 16:02 . 2008-12-06 22:40

2009-02-13 16:02 . 2009-02-13 16:09

2009-02-13 16:02 . 2008-12-06 21:50

2009-02-13 16:02 . 2009-02-13 16:18

2009-02-13 16:02 . 2009-02-13 16:18

2009-02-13 16:02 . 2008-12-06 22:40

2009-02-13 16:02 . 2009-02-13 16:13

2009-02-13 16:02 . 2009-02-13 16:02

2009-02-13 15:48 . 2009-02-13 15:48

2009-02-13 14:40 . 2009-02-13 14:40

2009-02-13 14:04 . 2009-02-13 14:05 15,600 --a------ c:\windows\gdrv.sys

2009-02-12 13:05 . 2009-02-12 13:05 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-07 16:40 . 2009-02-07 16:40

2009-02-07 16:40 . 2009-02-07 16:40

2009-02-07 16:36 . 2009-02-07 16:36

2009-02-07 16:36 . 2009-02-07 16:36

2009-02-07 16:34 . 2009-02-07 16:34

2009-02-01 08:19 . 2009-02-01 08:19

2009-02-01 08:15 . 2009-02-01 08:15

2009-02-01 08:15 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-02-01 08:15 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-02-01 08:14 . 2009-02-01 08:14

2009-02-01 08:14 . 2009-02-01 08:14

2009-02-01 08:13 . 2009-02-01 08:24

2009-02-01 08:13 . 2009-02-01 08:13

2009-02-01 08:05 . 2006-11-07 09:42 97,056 -ra------ c:\windows\system32\drivers\w200mdm.sys

2009-02-01 08:05 . 2006-11-07 09:42 88,560 -ra------ c:\windows\system32\drivers\w200mgmt.sys

2009-02-01 08:05 . 2006-11-07 09:42 86,368 -ra------ c:\windows\system32\drivers\w200obex.sys

2009-02-01 08:05 . 2006-11-07 09:42 61,504 -ra------ c:\windows\system32\drivers\w200bus.sys

2009-02-01 08:05 . 2006-11-07 09:42 9,328 -ra------ c:\windows\system32\drivers\w200mdfl.sys

2009-02-01 08:05 . 2006-11-07 09:42 6,208 -ra------ c:\windows\system32\drivers\w200cmnt.sys

2009-02-01 08:05 . 2006-11-07 09:42 6,208 -ra------ c:\windows\system32\drivers\w200cm.sys

2009-02-01 08:05 . 2006-11-07 09:42 5,840 -ra------ c:\windows\system32\drivers\w200whnt.sys

2009-02-01 08:05 . 2006-11-07 09:42 5,840 -ra------ c:\windows\system32\drivers\w200wh.sys

2009-02-01 08:00 . 2009-02-01 08:15

2009-02-01 08:00 . 2009-02-01 08:15

2009-02-01 07:57 . 2009-02-01 07:57

2009-02-01 07:54 . 2009-02-01 07:56

2009-02-01 07:54 . 2009-02-01 07:54

2009-02-01 07:52 . 2009-02-01 07:52

2009-02-01 07:52 . 2009-02-01 07:52

2009-02-01 07:52 . 2009-02-01 07:52

2009-02-01 07:52 . 2009-02-01 07:52

2009-02-01 07:52 . 2009-02-01 07:52

2009-02-01 07:51 . 2009-02-01 07:52

2009-02-01 07:50 . 2009-02-01 07:50 54,156 --ah----- c:\windows\QTFont.qfn

2009-02-01 07:50 . 2009-02-01 07:50 1,409 --a------ c:\windows\QTFont.for

2009-01-31 16:15 . 2009-01-31 16:15

2009-01-31 16:15 . 2009-02-13 16:56

2009-01-25 11:50 . 2009-01-25 11:50

2009-01-25 11:50 . 2009-01-25 11:50

2009-01-25 11:24 . 2009-01-25 11:26

2009-01-25 11:24 . 2009-01-29 17:58

2009-01-24 19:23 . 2009-01-24 19:23

2009-01-24 19:23 . 2009-01-24 19:23

2009-01-24 19:09 . 2009-01-24 19:14

2009-01-24 09:18 . 2009-01-24 09:18

2009-01-23 20:30 . 2009-01-24 19:02

2009-01-23 19:56 . 2009-01-24 19:03

2009-01-23 19:56 . 2009-01-23 19:56

2009-01-23 18:42 . 2009-01-23 19:56

2009-01-23 18:42 . 2009-01-23 18:42

2009-01-23 18:41 . 2009-01-23 18:41

2009-01-13 19:18 . 2009-01-13 19:18

2009-01-13 16:53 . 2009-01-13 16:53

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 07:01 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-25 11:56 --------- d-----w c:\program files\Electronic Arts

2009-01-22 14:20 --------- d-----w c:\program files\Death to Spies

2009-01-20 11:22 --------- d-----w c:\program files\Opera

2009-01-03 17:43 --------- d-----w c:\documents and settings\tomasz\Dane aplikacji\Ahead

2008-12-30 18:32 --------- d-----w c:\program files\Bosch

2008-12-27 18:09 --------- d-----w c:\program files\El Matador

2008-12-17 15:46 --------- d-----w c:\program files\PacMan Adventures 3D

2008-12-17 15:37 --------- d-----w c:\program files\TerraGame

2008-12-13 16:27 --------- d-----w c:\program files\MTPlugin

2008-12-13 14:50 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-04-08 1647912]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-13 29744]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\WINDOWS\system32\usmt\migwiz.exe"=

"c:\Program Files\Electronic Arts\EADM\Core.exe"=

"c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"=

"c:\Program Files\Bonjour\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2008-04-15 14336]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2009-02-01 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2009-02-01 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2009-02-01 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2009-02-01 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2009-02-01 86368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Zawartość folderu 'Zaplanowane zadania'

2009-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

  • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Wyślij obraz na &Telefon - c:\program files\MTPlugin\MTSend.dll/Plugin

TCP: {9C29793B-A188-44D6-B3E1-0ABFF614E1AC} = 192.168.30.1,82.160.1.1

FF - ProfilePath - c:\documents and settings\tomasz\Dane aplikacji\Mozilla\Firefox\Profiles\hgyp4q7t.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-13 17:03:25

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Czas ukończenia: 2009-02-13 17:04:57 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-02-13 16:04:55

Przed: 449 977 208 832 bajtów wolnych

Po: 456,542,814,208 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

295 --- E O F --- 2009-02-11 16:37:03

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:14, on 2009-02-13

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0.dll

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz na &Telefon - res://C:\Program Files\MTPlugin\MTSend.dll/Plugin

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip..{9C29793B-A188-44D6-B3E1-0ABFF614E1AC}: NameServer = 192.168.30.1,82.160.1.1

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7205 bytes


(Leon$) #6

Logi wyglądają na czyste

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile: