1. Logfile of HijackThis v1.99.1

2. Scan saved at 13:45:03, on 2008-04-26

3. Platform: Unknown Windows (WinNT 6.00.1905 SP1)

4. MSIE: Internet Explorer v7.00 (7.00.6001.18000)

6. Running processes:

7. C:\Windows\system32\Dwm.exe

8. C:\Windows\system32\taskeng.exe

9. C:\Program Files\Windows Defender\MSASCui.exe

10. C:\Windows\RtHDVCpl.exe

11. C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

12. C:\Program Files\ASUS\ATK Media\DMedia.exe

13. C:\Windows\System32\ASUSTPE.exe

14. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

15. C:\Windows\ASScrPro.exe

16. C:\Program Files\GRISOFT\AVG7\avgcc.exe

17. C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe

18. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

19. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

20. C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

21. C:\Windows\ehome\ehtray.exe

22. C:\Program Files\Gadu-Gadu\gg.exe

23. C:\Program Files\Skype\Phone\Skype.exe

24. C:\Windows\ehome\ehmsas.exe

25. C:\Windows\System32\mobsync.exe

26. C:\Program Files\Windows Media Player\wmpnscfg.exe

27. C:\Program Files\Skype\Plugin Manager\skypePM.exe

28. C:\Windows\explorer.exe

29. C:\Program Files\Mozilla Firefox\firefox.exe

30. C:\Users\PAULINA\Desktop\HijackThis.exe

32. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

33. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://icoonet.com/file_list.php?adv=nmakem&p=1

34. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

35. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

36. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

37. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

38. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

39. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

40. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

41. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

42. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

43. O1 - Hosts: ::1 localhost

44. O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

45. O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

46. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

47. O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

48. O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

49. O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

50. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

51. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

52. O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

53. O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

54. O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

55. O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

56. O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

57. O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

58. O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

59. O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

60. O4 - HKLM…\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe

61. O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

62. O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

63. O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

64. O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

65. O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

66. O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe” /minimized

67. O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=0

68. O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

69. O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

70. O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

71. O4 - HKLM…\Run: [Zshutdown] c:\Preload\patch\sysprep.cmd

72. O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

73. O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

74. O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

75. O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

76. O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

77. O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

78. O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

79. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZCfox000

80. O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

81. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

82. O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

83. O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

84. O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

85. O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

86. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

87. O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

88. O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

89. O11 - Options group: [iNTERNATIONAL] International*

90. O13 - Gopher Prefix:

91. O17 - HKLM\System\CCS\Services\Tcpip…{B2CEF651-BBA9-40A1-A597-DA4E2F2E9DAA}: NameServer = 78.31.89.38

92. O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

93. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

94. O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

95. O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

96. O20 - Winlogon Notify: pmkljhf - pmkljhf.dll (file missing)

97. O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

98. O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

99. O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

100. O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

101. O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

102. O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

103. O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

104. O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

105. O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

106. O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

107. O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

108. O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

109. O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

110. O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

111. O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

112. O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

113. O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

114. O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Proszę o pomoc!

fix w hijackthis

Pokaż log z Combofix

ok ale nie mam pojęcia jak się to robi czy mógłbyś mi wytłumaczyć jestem zielona

W dniu 26.04.2008 , o godzinie 14:08 został dopisany post przez anna715

ok już wykombinowałam proszę poczekać spróbóję

włącz HijackThis >> Do a system scan only >> zaznacz w okienku podane wpisy >> klik na Fix checked

Czy to oto chodziło

ComboFix 08-04-24.1 - PAULINA 2008-04-26 14:14:42.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.390 [GMT 2:00]

Running from: C:\Users\PAULINA\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\FunWebProducts

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Windows\system32\f3PSSavr.scr

.

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))

.

2008-04-26 11:37 . 2008-04-26 11:37

2008-04-24 21:49 . 2008-04-24 21:49

2008-04-24 20:51 . 2008-04-24 20:51

2008-04-24 20:46 . 2008-04-24 20:46

2008-04-24 20:43 . 2006-01-17 01:05 356,439 --a------ C:\Windows\System32\GDS32.DLL

2008-04-24 20:42 . 2008-04-24 20:42

2008-04-23 18:54 . 2008-04-23 18:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-04-21 19:40 . 2008-04-21 19:40

2008-04-21 19:38 . 2008-04-21 19:39 162 --a------ C:\htsetup.err

2008-04-21 19:34 . 2008-04-21 19:34

2008-04-21 19:34 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll

2008-04-21 19:34 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll

2008-04-21 19:29 . 1998-10-29 19:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-04-21 19:27 . 2008-04-21 19:27

2008-04-21 16:09 . 2008-04-21 16:09

2008-04-21 16:09 . 2008-04-21 16:09

2008-04-21 16:02 . 2008-04-21 16:02

2008-04-21 16:02 . 2008-04-21 16:02

2008-04-21 16:01 . 2008-04-21 16:02

2008-04-21 12:00 . 2008-04-21 12:00

2008-04-21 12:00 . 2008-04-21 12:00

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-20 22:57 . 2008-04-20 22:59

2008-04-20 22:35 . 2008-04-20 23:00

2008-04-20 22:35 . 2008-04-20 23:00

2008-04-20 22:34 . 2008-04-20 23:00

2008-04-20 22:31 . 2008-04-20 22:31

2008-04-20 13:50 . 2008-04-20 13:50

2008-04-20 13:50 . 2004-08-23 16:51 109,472 --a------ C:\Windows\System32\Sebran3_.ttf

2008-04-20 13:50 . 2003-11-12 22:38 31,732 --a------ C:\Windows\System32\SEBRS___.TTF

2008-04-20 13:49 . 2008-04-20 23:27

2008-04-20 13:49 . 2008-04-20 13:49

2008-04-19 20:49 . 2008-04-19 20:49

2008-04-19 19:49 . 2008-04-21 11:07

2008-04-19 18:21 . 2008-04-19 18:22

2008-04-19 12:19 . 2008-04-19 12:19

2008-04-19 12:19 . 2008-04-19 12:19

2008-04-19 12:09 . 2008-04-21 18:47

2008-04-19 12:01 . 2008-04-19 12:01

2008-04-19 11:58 . 2008-04-19 11:58

2008-04-19 11:58 . 2008-04-19 11:58

2008-04-19 11:54 . 2008-04-19 11:56

2008-04-19 11:52 . 2008-04-19 11:52

2008-04-19 11:52 . 2008-04-19 11:52 4,096 --a------ C:\Windows\d3dx.dat

2008-04-19 11:42 . 2008-04-19 11:48

2008-04-19 11:42 . 2008-04-19 11:42

2008-04-19 11:42 . 2008-04-19 11:42

2008-04-19 11:35 . 2008-04-19 11:40

2008-04-18 19:42 . 2008-04-18 19:42

2008-04-18 14:17 . 2008-01-19 07:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll

2008-04-18 14:15 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-04-18 14:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-04-18 14:13 . 2008-01-19 09:35 3,104,768 --a------ C:\Windows\System32\NlsData004b.dll

2008-04-18 14:12 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-04-18 14:11 . 2008-01-19 09:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll

2008-04-18 14:10 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-04-18 14:09 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-04-18 14:08 . 2008-01-19 09:32 1,370,624 --a------ C:\Windows\System32\Aurora.scr

2008-04-18 14:07 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr

2008-04-18 14:06 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-04-18 14:05 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-04-18 14:04 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe

2008-04-18 14:04 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc

2008-04-18 14:04 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc

2008-04-18 14:04 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs

2008-04-18 14:04 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml

2008-04-18 14:04 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

2008-04-18 14:02 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-04-18 14:00 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-04-18 14:00 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-04-18 13:58 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-04-18 13:58 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-04-18 13:54 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-04-18 13:53 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-04-18 13:53 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-04-18 13:53 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-04-16 14:20 . 2008-04-16 14:24

2008-04-16 10:16 . 2008-04-17 08:51

2008-04-16 10:16 . 2008-04-16 10:16

2008-04-15 19:02 . 2008-04-15 19:02

2008-04-09 09:54 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-09 09:54 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-09 09:54 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-09 09:54 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-09 09:54 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 09:54 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-09 09:54 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 09:54 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 09:54 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 09:54 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 09:52 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-09 09:52 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-09 09:52 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll

2008-04-09 09:44 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-04 09:19 . 2008-04-25 08:03

2008-04-02 11:40 . 2008-04-26 10:13

2008-04-02 11:40 . 2008-04-26 10:13

2008-04-01 22:11 . 2008-04-02 11:59

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:22 . 2008-04-01 21:22

2008-04-01 21:13 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL

2008-03-27 17:30 . 2008-03-27 17:30

2008-03-27 13:53 . 2008-03-27 22:54

2008-03-27 13:45 . 2008-03-27 13:46

2008-03-26 06:48 . 2008-03-26 06:48 766,464 --a------ C:\Windows\System32\drivers\athr.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-26 11:55 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Skype

2008-04-26 11:21 --------- d-----w C:\Users\PAULINA\AppData\Roaming\AVG7

2008-04-26 10:20 --------- d-----w C:\Users\PAULINA\AppData\Roaming\skypePM

2008-04-25 09:32 --------- d-----w C:\Program Files\Onet

2008-04-18 17:59 174 --sha-w C:\Program Files\desktop.ini

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Mail

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Journal

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-18 17:50 --------- d-----w C:\Program Files\Windows Calendar

2008-04-18 17:49 --------- d-----w C:\Program Files\Windows Defender

2008-04-09 08:18 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-02 10:24 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-14 08:18 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-11 06:47 --------- d-----w C:\ProgramData\avg7

2008-03-10 12:59 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Grisoft

2008-03-10 12:58 --------- d-----w C:\ProgramData\Grisoft

2008-03-10 12:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 12:02 --------- d-----w C:\ProgramData\Symantec

2008-03-10 09:42 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Yahoo!

2008-03-10 09:42 --------- d-----w C:\ProgramData\Yahoo! Companion

2008-03-10 07:43 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Symantec

2008-03-10 07:13 --------- d-----w C:\Program Files\Yahoo!

2008-03-09 07:12 --------- d-----w C:\Program Files\Google

2008-03-08 20:48 --------- d-----w C:\Program Files\Common Files\AVSMedia

2008-03-08 20:48 --------- d-----w C:\Program Files\AVSMedia

2008-03-07 08:35 --------- d-----w C:\Program Files\CCleaner

2008-03-05 17:30 --------- d-----w C:\Program Files\Microsoft Works

2008-03-05 17:29 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-04 10:41 606,848 ----a-w C:\Windows\flashax.exe

2008-03-04 10:41 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr

2008-03-04 10:41 4,499,453 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe

2008-03-04 10:41 37,232 ----a-w C:\Windows\ASScrProlog.exe

2008-03-04 10:41 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe

2008-03-04 10:41 12,288 ----a-w C:\Windows\impborl.dll

2008-03-04 10:39 --------- d-----w C:\Program Files\ASUS

2008-03-04 10:38 --------- d-----w C:\Program Files\PowerForPhone

2008-03-04 10:34 --------- d-----w C:\Program Files\Atheros

2008-03-04 10:28 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-03-04 10:28 --------- d-----w C:\Program Files\Realtek

2008-03-03 15:03 --------- d-----w C:\Program Files\IVT Corporation

2008-03-02 09:43 --------- d-----w C:\Program Files\ReflexiveArcade

2008-03-01 16:12 --------- d-----w C:\Program Files\IrfanView

2008-02-29 15:22 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0

2008-02-28 17:00 --------- d-----w C:\Users\PAULINA\AppData\Roaming\Ahead

2008-02-28 16:59 --------- d-----w C:\Program Files\Nero

2008-02-28 16:55 --------- d-----w C:\Program Files\Common Files\Ahead

2008-02-28 09:44 --------- d-----w C:\ProgramData\Nero

2008-02-28 09:44 --------- d-----w C:\Program Files\Common Files\Nero

2007-12-18 22:32 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-18 22:32 32 ----a-w C:\ProgramData\ezsid.dat

2002-07-01 14:13 243 --sha-w C:\Users\All Users\system16driver.dat

2002-07-01 14:13 243 --sha-w C:\ProgramData\system16driver.dat

2008-01-15 16:46 56 --sh–r C:\Windows\System32\056161BC33.sys

2008-01-15 16:46 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 09:33 1233920]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 09:33 125952]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 18:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2008-01-19 09:38 1008184]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 11:31 630784]

“ATKMEDIA”=“C:\Program Files\ASUS\ATK Media\DMEDIA.EXE” [2006-11-02 18:27 61440]

“ASUSTPE”=“C:\Windows\system32\ASUSTPE.exe” [2006-12-13 01:06 106496]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-11-22 23:27 815104]

“ASUS Camera ScreenSaver”=“C:\Windows\ASScrProlog.exe” [2008-03-04 12:41 37232]

“ASUS Screen Saver Protector”=“C:\Windows\ASScrPro.exe” [2007-12-18 20:27 33136]

“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 16:40 260096]

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-17 09:18 579584]

“!AVG Anti-Spyware”=“C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

“My Web Search Bar Search Scope Monitor”=“C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“Zshutdown”=“c:\Preload\patch\sysprep.cmd” []

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-03-10 14:43 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-03-10 14:43 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkljhf]

pmkljhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.scg726”= scg726.acm

“msacm.alf2cd”= alf2cd.acm

“vidc.dvsd”= mcdvd_32.dll

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“TCP Query User{C8611F82-B79E-4FB0-9F64-CEA2D2044B76}C:\program files\ares\ares.exe”= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

“UDP Query User{2E25BF5B-1296-49A2-B923-EA47DF7ED41B}C:\program files\ares\ares.exe”= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

“{D7AC7096-1E09-42FE-9285-AB9E803915A3}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{74A674FC-1A75-4CD5-A57A-B68D5BAFA7CE}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“TCP Query User{87DC96A7-5A5B-4E54-81C5-E8B07AB6C815}C:\program files\skype\phone\skype.exe”= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

“UDP Query User{769447A7-9F11-4FD8-903D-32FF7DAB5716}C:\program files\skype\phone\skype.exe”= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

“TCP Query User{1833DA69-D030-48C7-AAF8-F2594C9C40FB}C:\program files\gadu-gadu\gg.exe”= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“UDP Query User{934348A6-6746-4728-9D15-D050CE1044E1}C:\program files\gadu-gadu\gg.exe”= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“TCP Query User{BC91E0A8-C713-4E95-8438-E179A8E03E61}C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe”= UDP:C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe:mdnsresponder.exe

“UDP Query User{C29CCD79-9E23-4D24-AA03-934AD2BFA278}C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe”= TCP:C:\users\paulina\appdata\roaming\thinstall\apcs3e\4000005700003i\mdnsresponder.exe:mdnsresponder.exe

“TCP Query User{0528E0BA-1FC5-4F29-87D4-17E4874EA4E5}C:\program files\ares\ares.exe”= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

“UDP Query User{77C64110-DDF4-47DB-9EAF-FB6D3647A40D}C:\program files\ares\ares.exe”= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

“TCP Query User{1FC30BD5-A6AB-420C-B01D-7DEC6783FEF1}C:\windows\system32\dplaysvr.exe”= UDP:C:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay

“UDP Query User{E1BA6768-93B3-44DB-A025-1CB4C6A5BE24}C:\windows\system32\dplaysvr.exe”= TCP:C:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay

“TCP Query User{1FA61D59-AA86-4073-B227-8E414C9C67AE}C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe”= UDP:C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe:htruck2.exe

“UDP Query User{4C002540-79D3-4DB5-A4E7-17D5F42AE9E5}C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe”= TCP:C:\users\paulina\desktop\hurd.truck.2-myth\htruck2.exe:htruck2.exe

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 01:05]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 06:48]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 17:04]

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 10:18]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 01:05]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]

R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]

S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 13:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-26 14:21:19

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\GRISOFT\AVG7\avgamsvr.exe

C:\PROGRA~1\GRISOFT\AVG7\avgupsvc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgrssvc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgemc.exe

C:\PROGRA~1\GRISOFT\AVG7\avgrssvc.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Windows\System32\StkCSrv.exe

C:\Program Files\ATK Hotkey\HControl.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Windows\System32\conime.exe

C:\Program Files\GRISOFT\AVG7\avgcc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Completion time: 2008-04-26 14:26:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-26 12:25:56

Pre-Run: 25,619,623,936 bajtów wolnych

Post-Run: 30,152,544,256 bajt˘w wolnych

366 — E O F — 2008-04-25 09:30:12

W dniu 26.04.2008 , o godzinie 14:49 został dopisany post przez anna715

włączyłam program hijackthis i wykasowałam wszystko oprócz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

to mi się wyświetliło inaczej niż jest napisane

i co dalej mam robić

Miałaś tylko to usunać co ci kazazałem a reszte miałaś zostawić w spokoju!

ok nie denerwuj się usunęłam to:

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=0

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZCfox000

O20 - Winlogon Notify: pmkljhf - pmkljhf.dll (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

a reszty nie mogę znałeźć przy włączeniu tego programu R0 R3 O2 inaczej pisze

Dobrze, a już myślałem, zaraz ktoś sprawdzi log

dziękuję bardzo

W dniu 26.04.2008 , o godzinie 15:46 został dopisany post przez anna715

czy już wiadomo co dolega mojemu komputerowi wiem, że na pewno ja coś zmajstrowałam ale na prawdę dopiero się uczę i trochę powoli mi to idzie

W dniu 26.04.2008 , o godzinie 17:06 został dopisany post przez anna715

co tam z moim logiem

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

następnie nowy log Combofix

potem przeskanuj HijackThisem 2.02 http://forum.dobreprogramy.pl/viewtopic.php?f=16t=36654 i l og na forum

jaką masz Vistę 32 b czy 64 bity?