Witam. Po usunięciu zainfekowanego pliku przy uruchamianiu komputera zaczął wskakiwać komunikat "Wystąpił błąd podczas ładowania:

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL". Poniżej wklejam loga z HijackThis. Proszę o pomoc, o można z tym zrobić ?

Logfile of HijackThis v1.99.1

Scan saved at 17:32:11, on 2008-10-07

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\DOCUME~1\hgh\USTAWI~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\winamp toolbar\WinampTbServer.exe

C:\DOCUME~1\hgh\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot

O4 - HKLM…\Run: [OpwareSE4] “C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe”

O4 - HKLM…\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton AntiVirus\osCheck.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm022YYPL

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://mks.com.pl

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … .0.1.1.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

fix w hiajckthis

Podaj log z Combofix

log z combofixa

ComboFix 08-10-06.08 - hgh 2008-10-07 18:22:47.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.582 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\hgh\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\ScreenSaver\Images\000E057A.urr

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\m3plugin.zip

C:\Program Files\MyWebSearch\bar\1.bin\m3plugin\m3plugin.dll

C:\Program Files\MyWebSearch\bar\1.bin\m3plugin\readme.txt

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\mwsbar.zip

C:\Program Files\MyWebSearch\bar\1.bin\mwsbar\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\mwsbar\readme.txt

C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon.#xe

C:\Program Files\MyWebSearch\bar\1.bin\mwsoestb.#ll

C:\Program Files\MyWebSearch\bar\1.bin\mwssvc.#xe

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Cache\00016349

C:\Program Files\MyWebSearch\bar\Cache\00016EB3

C:\Program Files\MyWebSearch\bar\Cache\0001701A.bin

C:\Program Files\MyWebSearch\bar\Cache\0001727B.bin

C:\Program Files\MyWebSearch\bar\Cache\000173C3.bin

C:\Program Files\MyWebSearch\bar\Cache\0001751B.bin

C:\Program Files\MyWebSearch\bar\Cache\00017683.bin

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search3

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\Thumbs.db

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\mwssrcas.#ll

C:\WINDOWS\system32\Desktop_.ini

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Pliki utworzone od 2008-09-07 do 2008-10-07 )))))))))))))))))))))))))))))))

.

2008-10-06 15:21 . 2008-10-06 15:21

2008-10-06 15:09 . 2008-10-06 15:09

2008-10-06 15:03 . 2008-10-06 15:03

2008-10-06 12:17 . 2008-10-06 12:17

2008-10-06 12:17 . 2008-10-06 12:36

2008-10-06 12:17 . 2008-10-06 12:41

2008-10-06 12:17 . 2008-10-06 12:30

2008-10-06 12:17 . 2008-10-06 12:36 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-10-06 12:17 . 2008-10-06 12:36 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-10-06 12:17 . 2008-10-06 12:36 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-10-06 12:17 . 2008-10-06 12:36 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-10-06 12:16 . 2008-10-07 15:44

2008-10-06 12:15 . 2008-10-06 12:15 57,891,752 --a------ C:[MRF504]_Generic_PL_OEM90_12780634_for_dobreprogramy_pl.exe

2008-10-06 11:19 . 2008-10-06 14:22 0 --a------ C:\log.tmp

2008-10-05 19:32 . 2008-10-05 19:32

2008-10-05 19:30 . 2008-10-05 19:30

2008-10-05 19:27 . 2008-10-06 11:04

2008-10-05 19:27 . 2008-10-05 19:27

2008-10-05 19:25 . 2008-10-05 19:25

2008-10-05 15:57 . 2008-10-05 15:57 861 --a------ C:\WINDOWS\VPlayer.INI

2008-10-05 15:57 . 2008-10-05 15:57 45 --a------ C:\WINDOWS\VplayerINI.vpl

2008-10-05 15:52 . 2008-10-05 15:52

2008-10-04 09:35 . 2008-10-04 09:36

2008-10-01 08:37 . 2008-10-01 08:37

2008-09-30 21:00 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-30 21:00 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-30 19:38 . 2008-10-01 08:39

2008-09-30 19:38 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-30 17:31 . 2008-10-07 18:26

2008-09-30 17:00 . 2008-10-07 18:24

2008-09-30 16:49 . 2008-09-30 16:49

2008-09-30 16:33 . 2008-09-30 16:33

2008-09-30 16:33 . 2008-09-30 16:33

2008-09-30 16:33 . 2008-09-30 16:33

2008-09-30 16:33 . 2008-09-30 16:33

2008-09-30 16:33 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-09-30 16:33 . 2008-04-14 00:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-09-30 16:33 . 2008-09-30 16:33 412 --a------ C:\WINDOWS\MAXLINK.INI

2008-09-30 16:32 . 2008-09-30 16:32

2008-09-30 16:29 . 2008-09-30 16:29

2008-09-30 16:29 . 2008-09-30 16:29

2008-09-30 16:29 . 2008-09-30 16:29

2008-09-30 16:29 . 2006-11-10 04:00 1,314,816 --a------ C:\WINDOWS\system32\CNCC140.DLL

2008-09-30 16:29 . 2006-12-25 22:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8R.DLL

2008-09-30 16:29 . 2006-05-26 03:54 135,168 --a------ C:\WINDOWS\system32\CNCL140.DLL

2008-09-30 16:29 . 2006-06-29 07:29 106,496 --a------ C:\WINDOWS\system32\cnco140.dll

2008-09-30 16:29 . 2006-11-10 03:59 57,344 --a------ C:\WINDOWS\system32\CNCI140.DLL

2008-09-30 16:28 . 2008-09-30 16:34

2008-09-30 16:27 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-09-30 16:27 . 2008-04-14 00:17 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-09-30 15:39 . 2008-09-30 15:39

2008-09-30 15:29 . 2008-09-30 15:29

2008-09-30 15:29 . 2008-09-30 15:29

2008-09-30 15:28 . 2008-09-30 16:52

2008-09-30 15:28 . 2008-09-30 15:33

2008-09-30 15:18 . 2008-09-30 15:18

2008-09-30 14:56 . 2008-09-30 14:56

2008-09-30 14:56 . 2008-09-30 14:56

2008-09-30 14:55 . 2008-10-01 18:31

2008-09-30 14:55 . 2008-10-04 10:54

2008-09-30 14:55 . 2008-09-30 14:59

2008-09-30 14:53 . 2008-09-30 20:57

2008-09-30 14:53 . 2008-09-30 20:57

2008-09-28 19:45 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-09-28 19:45 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys

2008-09-28 19:45 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-09-28 19:45 . 2008-04-14 00:15 10,368 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-09-24 20:38 . 2008-09-24 20:38

2008-09-24 11:20 . 2008-10-06 20:39 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-16 04:58 . 2008-09-16 04:59

2008-09-15 23:32 . 2008-09-15 23:32

2008-09-15 23:31 . 2008-09-15 23:31

2008-09-15 23:31 . 2008-09-15 23:31

2008-09-15 23:27 . 2008-09-15 23:27

2008-09-15 23:27 . 2008-09-15 23:31

2008-09-15 23:27 . 2008-09-15 23:27

2008-09-15 23:26 . 2008-09-15 23:26 13,646 --a------ C:\WINDOWS\system32\wpa.bak

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-06 07:34 --------- d-----w C:\Program Files\Atheros

2008-09-30 14:33 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-16 03:24 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-09-16 03:16 --------- d-----w C:\Documents and Settings\hgh\Dane aplikacji\InstallShield

2008-09-16 03:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Atheros

2008-09-16 03:13 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-09-16 03:13 --------- d-----w C:\Program Files\Realtek

2008-09-16 03:10 --------- d-----w C:\Program Files\Intel

2008-09-16 03:02 --------- d-----w C:\Program Files\microsoft frontpage

2008-09-16 03:01 --------- d-----w C:\Program Files\Usługi online

2008-07-25 07:36 524,288 ----a-w C:\WINDOWS\system32\divxsm.exe

2008-07-25 07:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 07:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 15:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-15 15360]

“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-07-18 451872]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 153136]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2008-04-14 1695232]

“eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-10-26 142104]

“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-10-26 162584]

“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-10-26 138008]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]

“SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]

“OpwareSE4”=“C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 79400]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 51048]

“osCheck”=“C:\Program Files\Norton AntiVirus\osCheck.exe” [2007-08-24 714608]

“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-15 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-09-30 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\WINDOWS\system32\mmc.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

Zawartość folderu ‘Zaplanowane zadania’

2008-10-06 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - hgh.job

• C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

.

• • • • USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe

.

------- Skan uzupełniający -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/

O8 -: Search - http://edits.mywebsearch.com/toolbaredi … xdm022YYPL

O8 -: Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-07 18:26:07

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\DOCUME~1\hgh\USTAWI~1\temp\RtkBtMnt.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Czas ukończenia: 2008-10-07 18:27:13 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-10-07 16:27:08

Przed: 74 156 707 840 bajtów wolnych

Po: 74,855,264,256 bajtów wolnych

290 — E O F — 2008-10-01 06:39:10

W logu nic nie widzę

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!