Explorator windows przestał działać!


(Paula 1) #1
  1. Logfile of HijackThis v1.99.1

  2. Scan saved at 13:45:03, on 2008-04-26

  3. Platform: Unknown Windows (WinNT 6.00.1905 SP1)

  4. MSIE: Internet Explorer v7.00 (7.00.6001.18000)

5.

  1. Running processes:

  2. C:\Windows\system32\Dwm.exe

  3. C:\Windows\system32\taskeng.exe

  4. C:\Program Files\Windows Defender\MSASCui.exe

  5. C:\Windows\RtHDVCpl.exe

  6. C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

  7. C:\Program Files\ASUS\ATK Media\DMedia.exe

  8. C:\Windows\System32\ASUSTPE.exe

  9. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  10. C:\Windows\ASScrPro.exe

  11. C:\Program Files\GRISOFT\AVG7\avgcc.exe

  12. C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe

  13. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

  14. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

  15. C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

  16. C:\Windows\ehome\ehtray.exe

  17. C:\Program Files\Gadu-Gadu\gg.exe

  18. C:\Program Files\Skype\Phone\Skype.exe

  19. C:\Windows\ehome\ehmsas.exe

  20. C:\Windows\System32\mobsync.exe

  21. C:\Program Files\Windows Media Player\wmpnscfg.exe

  22. C:\Program Files\Skype\Plugin Manager\skypePM.exe

  23. C:\Windows\explorer.exe

  24. C:\Program Files\Mozilla Firefox\firefox.exe

  25. C:\Users\PAULINA\Desktop\HijackThis.exe

31.

  1. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  2. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://icoonet.com/file_list.php?adv=nmakem&p=1

  3. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

  4. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  5. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  6. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  7. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  8. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  9. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  10. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

  11. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

  12. O1 - Hosts: ::1 localhost

  13. O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

  14. O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

  15. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

  16. O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

  17. O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

  18. O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

  19. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

  20. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

  21. O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

  22. O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

  23. O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

  24. O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

  25. O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  26. O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe

  27. O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

  28. O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

  29. O4 - HKLM..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe

  30. O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  31. O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

  32. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

  33. O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

  34. O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

  35. O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized

  36. O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

  37. O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

  38. O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

  39. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

  40. O4 - HKLM..\Run: [Zshutdown] c:\Preload\patch\sysprep.cmd

  41. O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

  42. O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  43. O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

  44. O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

  45. O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

  46. O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

  47. O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  48. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000

  49. O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

  50. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

  51. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

  52. O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

  53. O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

  54. O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

  55. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

  56. O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

  57. O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

  58. O11 - Options group: [iNTERNATIONAL] International*

  59. O13 - Gopher Prefix:

  60. O17 - HKLM\System\CCS\Services\Tcpip..{B2CEF651-BBA9-40A1-A597-DA4E2F2E9DAA}: NameServer = 78.31.89.38

  61. O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

  62. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

  63. O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

  64. O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

  65. O20 - Winlogon Notify: pmkljhf - pmkljhf.dll (file missing)

  66. O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

  67. O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

  68. O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

  69. O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

  70. O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

  71. O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

  72. O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

  73. O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

  74. O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

  75. O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

  76. O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

  77. O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

  78. O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

  79. O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

  80. O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

  81. O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

  82. O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

  83. O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

115.

116.

Proszę o pomoc! !!

:frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning:


(huber2t) #2

fix w hijackthis

Pokaż log z Combofix


(Paula 1) #3

ok ale nie mam pojęcia jak się to robi czy mógłbyś mi wytłumaczyć jestem zielona

W dniu 26.04.2008 , o godzinie 14:08 został dopisany post przez anna715

ok już wykombinowałam proszę poczekać spróbóję


(huber2t) #4

włącz HijackThis >> Do a system scan only >> zaznacz w okienku podane wpisy >> klik na Fix checked


(Paula 1) #5

Czy to oto chodziło

ComboFix 08-04-24.1 - PAULINA 2008-04-26 14:14:42.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.390 [GMT 2:00]

Running from: C:\Users\PAULINA\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\FunWebProducts

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Windows\system32\f3PSSavr.scr

.

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))

.

2008-04-26 11:37 . 2008-04-26 11:37

2008-04-24 21:49 . 2008-04-24 21:49

2008-04-24 20:51 . 2008-04-24 20:51

2008-04-24 20:46 . 2008-04-24 20:46

2008-04-24 20:43 . 2006-01-17 01:05 356,439 --a------ C:\Windows\System32\GDS32.DLL

2008-04-24 20:42 . 2008-04-24 20:42

2008-04-23 18:54 . 2008-04-23 18:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-04-21 19:40 . 2008-04-21 19:40

2008-04-21 19:38 . 2008-04-21 19:39 162 --a------ C:\htsetup.err

2008-04-21 19:34 . 2008-04-21 19:34

2008-04-21 19:34 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll

2008-04-21 19:34 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll

2008-04-21 19:29 . 1998-10-29 19:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-04-21 19:27 . 2008-04-21 19:27

2008-04-21 16:09 . 2008-04-21 16:09

2008-04-21 16:09 . 2008-04-21 16:09

2008-04-21 16:02 . 2008-04-21 16:02

2008-04-21 16:02 . 2008-04-21 16:02

2008-04-21 16:01 . 2008-04-21 16:02

2008-04-21 12:00 . 2008-04-21 12:00

2008-04-21 12:00 . 2008-04-21 12:00

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-20 22:57 . 2008-04-20 22:59

2008-04-20 22:35 . 2008-04-20 23:00

2008-04-20 22:35 . 2008-04-20 23:00

2008-04-20 22:34 . 2008-04-20 23:00

2008-04-20 22:31 . 2008-04-20 22:31

2008-04-20 13:50 . 2008-04-20 13:50

2008-04-20 13:50 . 2004-08-23 16:51 109,472 --a------ C:\Windows\System32\Sebran3_.ttf

2008-04-20 13:50 . 2003-11-12 22:38 31,732 --a------ C:\Windows\System32\SEBRS___.TTF

2008-04-20 13:49 . 2008-04-20 23:27

2008-04-20 13:49 . 2008-04-20 13:49

2008-04-19 20:49 . 2008-04-19 20:49

2008-04-19 19:49 . 2008-04-21 11:07

2008-04-19 18:21 . 2008-04-19 18:22

2008-04-19 12:19 . 2008-04-19 12:19

2008-04-19 12:19 . 2008-04-19 12:19

2008-04-19 12:09 . 2008-04-21 18:47

2008-04-19 12:01 . 2008-04-19 12:01

2008-04-19 11:58 . 2008-04-19 11:58

2008-04-19 11:58 . 2008-04-19 11:58

2008-04-19 11:54 . 2008-04-19 11:56

2008-04-19 11:52 . 2008-04-19 11:52

2008-04-19 11:52 . 2008-04-19 11:52 4,096 --a------ C:\Windows\d3dx.dat

2008-04-19 11:42 . 2008-04-19 11:48

2008-04-19 11:42 . 2008-04-19 11:42

2008-04-19 11:42 . 2008-04-19 11:42

2008-04-19 11:35 . 2008-04-19 11:40

2008-04-18 19:42 . 2008-04-18 19:42

2008-04-18 14:17 . 2008-01-19 07:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll

2008-04-18 14:15 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-04-18 14:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-04-18 14:13 . 2008-01-19 09:35 3,104,768 --a------ C:\Windows\System32\NlsData004b.dll

2008-04-18 14:12 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-04-18 14:11 . 2008-01-19 09:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll

2008-04-18 14:10 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-04-18 14:09 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-04-18 14:08 . 2008-01-19 09:32 1,370,624 --a------ C:\Windows\System32\Aurora.scr

2008-04-18 14:07 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr

2008-04-18 14:06 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-04-18 14:05 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-04-18 14:04 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe

2008-04-18 14:04 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc

2008-04-18 14:04 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc

2008-04-18 14:04 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs

2008-04-18 14:04 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml

2008-04-18 14:04 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

2008-04-18 14:02 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-04-18 14:00 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-04-18 14:00 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-04-18 13:58 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-04-18 13:58 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-04-18 13:54 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-04-18 13:53 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-04-18 13:53 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-04-18 13:53 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-04-16 14:20 . 2008-04-16 14:24

2008-04-16 10:16 . 2008-04-17 08:51

2008-04-16 10:16 . 2008-04-16 10:16

2008-04-15 19:02 . 2008-04-15 19:02

2008-04-09 09:54 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-09 09:54 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-09 09:54 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-09 09:54 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-09 09:54 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 09:54 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-09 09:54 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 09:54 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 09:54 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 09:54 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 09:52 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-09 09:52 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-09 09:52 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll

2008-04-09 09:44 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-04 09:19 . 2008-04-25 08:03

2008-04-02 11:40 . 2008-04-26 10:13

2008-04-02 11:40 . 2008-04-26 10:13

2008-04-01 22:11 . 2008-04-02 11:59

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:13 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL

2008-03-27 17:30 . 2008-03-27 17:30

2008-03-27 13:53 . 2008-03-27 22:54

2008-03-27 13:45 . 2008-03-27 13:46

2008-03-26 06:48 . 2008-03-26 06:48 766,464 --a------ C:\Windows\System32\drivers\athr.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-26 11:55 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Skype

2008-04-26 11:21 --------- d-----w C:\Users\PAULINA\AppData\Roaming\AVG7

2008-04-26 10:20 --------- d-----w C:\Users\PAULINA\AppData\Roaming\skypePM

2008-04-25 09:32 --------- d-----w C:\Program Files\Onet

2008-04-18 17:59 174 --sha-w C:\Program Files\desktop.ini

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Mail

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Journal

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Calendar

2008-04-18 17:49 --------- d-----w C:\Program Files\Windows Defender

2008-04-09 08:18 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-02 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-14 08:18 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-11 06:47 --------- d-----w C:\ProgramData\avg7

2008-03-10 12:59 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Grisoft

2008-03-10 12:58 --------- d-----w C:\ProgramData\Grisoft

2008-03-10 12:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 12:02 --------- d-----w C:\ProgramData\Symantec

2008-03-10 09:42 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Yahoo!

2008-03-10 09:42 --------- d-----w C:\ProgramData\Yahoo! Companion

2008-03-10 07:43 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Symantec

2008-03-10 07:13 --------- d-----w C:\Program Files\Yahoo!

2008-03-09 07:12 --------- d-----w C:\Program Files\Google

2008-03-08 20:48 --------- d-----w C:\Program Files\Common Files\AVSMedia

2008-03-08 20:48 --------- d-----w C:\Program Files\AVSMedia

2008-03-07 08:35 --------- d-----w C:\Program Files\CCleaner

2008-03-05 17:30 --------- d-----w C:\Program Files\Microsoft Works

2008-03-05 17:29 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-04 10:41 606,848 ----a-w C:\Windows\flashax.exe

2008-03-04 10:41 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr

2008-03-04 10:41 4,499,453 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe

2008-03-04 10:41 37,232 ----a-w C:\Windows\ASScrProlog.exe

2008-03-04 10:41 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe

2008-03-04 10:41 12,288 ----a-w C:\Windows\impborl.dll

2008-03-04 10:39 --------- d-----w C:\Program Files\ASUS

2008-03-04 10:38 --------- d-----w C:\Program Files\PowerForPhone

2008-03-04 10:34 --------- d-----w C:\Program Files\Atheros

2008-03-04 10:28 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-03-04 10:28 --------- d-----w C:\Program Files\Realtek

2008-03-03 15:03 --------- d-----w C:\Program Files\IVT Corporation

2008-03-02 09:43 --------- d-----w C:\Program Files\ReflexiveArcade

2008-03-01 16:12 --------- d-----w C:\Program Files\IrfanView

2008-02-29 15:22 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0

2008-02-28 17:00 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Ahead

2008-02-28 16:59 --------- d-----w C:\Program Files\Nero

2008-02-28 16:55 --------- d-----w C:\Program Files\Common Files\Ahead

2008-02-28 09:44 --------- d-----w C:\ProgramData\Nero

2008-02-28 09:44 --------- d-----w C:\Program Files\Common Files\Nero

2007-12-18 22:32 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-18 22:32 32 ----a-w C:\ProgramData\ezsid.dat

2002-07-01 14:13 243 --sha-w C:\Users\All Users\system16driver.dat

2002-07-01 14:13 243 --sha-w C:\ProgramData\system16driver.dat

2008-01-15 16:46 56 --sh--r C:\Windows\System32\056161BC33.sys

2008-01-15 16:46 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]

"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 01:06 106496]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 23:27 815104]

"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-04 12:41 37232]

"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-12-18 20:27 33136]

"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 16:40 260096]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 09:18 579584]

"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Zshutdown"="c:\Preload\patch\sysprep.cmd" []

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 14:43 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-03-10 14:43 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkljhf]

pmkljhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.scg726"= scg726.acm

"msacm.alf2cd"= alf2cd.acm

"vidc.dvsd"= mcdvd_32.dll

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{C8611F82-B79E-4FB0-9F64-CEA2D2044B76}C:\program files\ares\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{2E25BF5B-1296-49A2-B923-EA47DF7ED41B}C:\program files\ares\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

"{D7AC7096-1E09-42FE-9285-AB9E803915A3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{74A674FC-1A75-4CD5-A57A-B68D5BAFA7CE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{87DC96A7-5A5B-4E54-81C5-E8B07AB6C815}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{769447A7-9F11-4FD8-903D-32FF7DAB5716}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{1833DA69-D030-48C7-AAF8-F2594C9C40FB}C:\program files\gadu-gadu\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"UDP Query User{934348A6-6746-4728-9D15-D050CE1044E1}C:\program files\gadu-gadu\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"TCP Query User{BC91E0A8-C713-4E95-8438-E179A8E03E61}C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe"= UDP:C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe:mdnsresponder.exe

"UDP Query User{C29CCD79-9E23-4D24-AA03-934AD2BFA278}C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe"= TCP:C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe:mdnsresponder.exe

"TCP Query User{0528E0BA-1FC5-4F29-87D4-17E4874EA4E5}C:\program files\ares\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{77C64110-DDF4-47DB-9EAF-FB6D3647A40D}C:\program files\ares\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{1FC30BD5-A6AB-420C-B01D-7DEC6783FEF1}C:\windows\system32\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay

"UDP Query User{E1BA6768-93B3-44DB-A025-1CB4C6A5BE24}C:\windows\system32\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay

"TCP Query User{1FA61D59-AA86-4073-B227-8E414C9C67AE}C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe"= UDP:C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe:htruck2.exe

"UDP Query User{4C002540-79D3-4DB5-A4E7-17D5F42AE9E5}C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe"= TCP:C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe:htruck2.exe

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 01:05]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 06:48]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 17:04]

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 10:18]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 01:05]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]

R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]

S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 13:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-26 14:21:19

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\GRISOFT\AVG7\avgamsvr.exe

C:\PROGRA~1\GRISOFT\AVG7\avgupsvc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgrssvc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgemc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgrssvc.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Windows\System32\StkCSrv.exe

C:\Program Files\ATK Hotkey\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Windows\System32\conime.exe

C:\Program Files\GRISOFT\AVG7\avgcc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Completion time: 2008-04-26 14:26:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-26 12:25:56

Pre-Run: 25,619,623,936 bajtów wolnych

Post-Run: 30,152,544,256 bajt˘w wolnych

366 --- E O F --- 2008-04-25 09:30:12

W dniu 26.04.2008 , o godzinie 14:49 został dopisany post przez anna715

włączyłam program hijackthis i wykasowałam wszystko oprócz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

to mi się wyświetliło inaczej niż jest napisane

i co dalej mam robić


(huber2t) #6

Miałaś tylko to usunać co ci kazazałem a reszte miałaś zostawić w spokoju!


(Paula 1) #7

ok nie denerwuj się usunęłam to:

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000

O20 - Winlogon Notify: pmkljhf - pmkljhf.dll (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

a reszty nie mogę znałeźć przy włączeniu tego programu R0 R3 O2 inaczej pisze


(huber2t) #8

Dobrze, a już myślałem, zaraz ktoś sprawdzi log


(Paula 1) #9

dziękuję bardzo

W dniu 26.04.2008 , o godzinie 15:46 został dopisany post przez anna715

czy już wiadomo co dolega mojemu komputerowi wiem, że na pewno ja coś zmajstrowałam ale na prawdę dopiero się uczę i trochę powoli mi to idzie :frowning:

W dniu 26.04.2008 , o godzinie 17:06 został dopisany post przez anna715

co tam z moim logiem


(Leon$) #10

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

następnie nowy log Combofix

potem przeskanuj HijackThisem 2.02 http://forum.dobreprogramy.pl/viewtopic.php?f=16t=36654 i l og na forum

jaką masz Vistę 32 b czy 64 bity?

:slight_smile: