Witam - problem polega na niemozliwosci usuniecia folderu MyWebSearch

log wyglada tak

Logfile of HijackThis v1.99.1

Scan saved at 17:16:25, on 2008-07-29

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Seagate\Sync\SeaSyncServices.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\WOJTEK\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAShCut.exe

O4 - HKLM…\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”

O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless

O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”

O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=0

O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM…\Run: [stxTrayMenu] “C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm490YYPL

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … .0.1.0.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 6498034318

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Daj log z -----> ComboFix.

Pierwsze wejdź do Dodaj/usuń programy i odinstaluj MyWebSearch.

Daj log z -----> ComboFix

ComboFix 08-07-28.6 - WOJTEK 2008-07-29 17:50:07.1 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2391 [GMT 2:00]

Running from: C:\Documents and Settings\WOJTEK\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\WINDOWS\system32\f3PSSavr.scr

F:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))

.

2008-07-29 16:04 . 2008-07-29 16:04

2008-07-29 10:31 . 2008-07-29 10:31

2008-07-29 10:31 . 2008-07-29 10:31

2008-07-29 09:18 . 2008-07-29 09:18

2008-07-28 18:57 . 2008-07-28 18:57

2008-07-28 17:17 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-28 17:17 . 2008-07-28 17:17 421 --a------ C:\WINDOWS\ODBC.INI

2008-07-28 17:11 . 2008-07-28 17:11

2008-07-28 17:11 . 2008-07-28 17:11

2008-07-28 00:18 . 2008-07-28 00:18

2008-07-26 15:48 . 2008-07-29 14:15 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-07-26 15:44 . 2008-07-26 15:44

2008-07-25 17:58 . 2008-07-25 17:58

2008-07-25 17:58 . 2008-07-25 17:58

2008-07-25 17:57 . 2008-07-25 17:57

2008-07-25 16:40 . 2008-07-25 16:40

2008-07-23 13:34 . 2008-07-23 13:34

2008-07-23 12:43 . 2008-07-23 12:43

2008-07-23 11:54 . 2008-07-23 11:54

2008-07-23 11:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-23 11:53 . 2008-07-23 11:53

2008-07-23 11:52 . 2008-07-23 11:52

2008-07-23 11:46 . 2008-07-23 11:46

2008-07-23 11:46 . 2008-07-23 11:46

2008-07-23 11:46 . 2008-07-23 11:46

2008-07-22 18:26 . 2008-07-22 18:26 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-07-22 18:26 . 2008-07-22 18:26 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-07-21 17:43 . 2008-07-21 17:43

2008-07-21 17:43 . 2008-07-21 17:43

2008-07-21 17:43 . 2006-04-14 18:25 8,448 --a------ C:\WINDOWS\system32\drivers\GF0003.sys

2008-07-21 17:14 . 2008-07-21 17:14

2008-07-21 16:59 . 2008-07-26 14:34 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-21 15:57 . 2008-07-21 15:57

2008-07-21 15:56 . 2008-07-21 15:56

2008-07-21 14:30 . 2008-07-21 14:30

2008-07-20 19:03 . 2008-07-20 19:03

2008-07-20 19:03 . 2008-07-21 12:13 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-07-20 18:28 . 2008-07-20 18:28

2008-07-20 18:17 . 2008-07-20 18:17

2008-07-20 17:56 . 2008-07-20 17:56

2008-07-20 17:55 . 2008-07-20 17:55

2008-07-20 17:51 . 2008-07-26 15:14 10 --a------ C:\WINDOWS\popcinfo.dat

2008-07-20 17:39 . 2008-07-20 17:39

2008-07-20 15:54 . 2008-07-20 15:54 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-07-20 14:56 . 2008-07-20 14:56

2008-07-20 14:48 . 2008-07-20 14:48

2008-07-20 14:47 . 2008-07-20 14:47

2008-07-20 14:47 . 2008-07-20 14:47

2008-07-20 14:47 . 2008-07-20 14:47

2008-07-20 14:27 . 2008-07-20 14:27

2008-07-20 14:27 . 2008-07-20 14:27

2008-07-20 14:23 . 2008-07-20 14:23

2008-07-20 14:21 . 2008-07-20 14:21

2008-07-20 14:20 . 2008-07-20 14:20

2008-07-20 14:20 . 2008-07-20 14:20

2008-07-20 14:20 . 2008-07-20 14:20

2008-07-20 14:19 . 2008-07-20 14:19

2008-07-20 14:17 . 2008-07-20 14:17

2008-07-20 14:16 . 2008-07-20 14:16

2008-07-20 14:15 . 2008-07-20 14:15

2008-07-20 14:15 . 2008-07-20 14:15

2008-07-20 14:06 . 2008-07-20 14:06

2008-07-20 13:37 . 2008-07-20 13:37

2008-07-20 13:37 . 2008-07-20 13:37 24 --a------ C:\WINDOWS\wsd.ini

2008-07-20 13:27 . 2008-07-20 13:27

2008-07-20 13:26 . 2008-07-20 13:26

2008-07-20 13:24 . 2008-07-20 13:24

2008-07-20 13:24 . 2008-07-20 13:24

2008-07-20 13:23 . 2008-07-20 14:55 984 --a------ C:\WINDOWS\unins001.dat

2008-07-20 13:21 . 2008-07-20 13:21

2008-07-20 13:21 . 2008-07-20 13:21

2008-07-20 13:05 . 2008-07-20 13:05

2008-07-20 13:04 . 2008-07-20 13:04

2008-07-20 13:02 . 2008-07-20 13:02

2008-07-20 13:02 . 2008-07-20 13:02

2008-07-20 13:01 . 2008-07-20 13:01

2008-07-20 13:00 . 2008-07-20 13:00

2008-07-20 13:00 . 2008-05-04 12:28 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-20 13:00 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-20 13:00 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-20 12:57 . 2008-07-20 12:57

2008-07-20 12:54 . 2008-07-20 12:54

2008-07-20 12:54 . 2008-07-20 12:54

2008-07-20 12:53 . 2008-07-20 12:53

2008-07-20 12:53 . 2008-07-20 12:53

2008-07-20 12:52 . 2008-07-20 12:52

2008-07-20 12:52 . 2008-07-20 12:52

2008-07-20 12:14 . 2008-07-20 12:14 0 --a------ C:\WINDOWS\WinHDM.INI

2008-07-20 11:57 . 2008-07-20 11:57

2008-07-20 11:57 . 2004-09-03 11:53 3,870,720 --a------ C:\WINDOWS\system32\qt-mt323.dll

2008-07-20 11:57 . 2002-01-05 16:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-07-20 11:57 . 2002-01-05 15:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-07-20 11:57 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-07-20 11:57 . 2005-04-27 11:03 120,995 --a------ C:\WINDOWS\system32\drivers\Uim_IM.sys

2008-07-20 11:57 . 2005-04-29 02:05 26,672 --a------ C:\WINDOWS\system32\drivers\UimBus.sys

2008-07-20 11:57 . 2003-10-07 18:08 6,656 --a------ C:\WINDOWS\system32\WnASPI32.dll

2008-07-20 11:57 . 2005-04-29 02:06 6,160 --a------ C:\WINDOWS\system32\drivers\UimFIO.sys

2008-07-20 11:56 . 2008-07-26 15:42 2,104 --a------ C:\WINDOWS\unins000.dat

2008-07-20 00:51 . 2008-07-20 00:51 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-19 23:46 . 2008-04-23 09:20 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-07-19 23:46 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-07-19 23:46 . 2007-03-08 07:11 1,036,288 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-07-19 23:46 . 2008-04-23 09:20 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-07-19 23:46 . 2008-04-23 09:20 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-07-19 23:46 . 2008-04-23 09:20 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-07-19 23:46 . 2008-04-23 09:20 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-07-19 23:46 . 2008-04-23 09:20 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-07-19 23:46 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-07-19 23:23 . 2008-07-19 23:23

2008-07-19 23:23 . 2008-07-19 23:23

2008-07-19 23:23 . 2008-07-19 23:23

2008-07-19 22:52 . 2008-07-19 22:52

2008-07-19 22:51 . 2008-07-19 22:51

2008-07-19 22:51 . 2008-07-19 22:51

2008-07-19 22:41 . 2008-07-19 22:41

2008-07-19 22:41 . 2008-07-19 22:41

2008-07-19 22:41 . 2008-07-19 22:41

2008-07-19 22:41 . 2008-07-19 22:41

2008-07-19 22:39 . 2008-07-19 22:39

2008-07-19 22:34 . 2008-07-19 22:34

2008-07-19 22:31 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-07-19 22:31 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys

2008-07-19 22:31 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2008-07-19 22:31 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys

2008-07-19 22:31 . 2004-08-03 22:29 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-23 11:11 63 ----a-w C:\Program Files\path6.ini

2008-07-19 16:56 --------- d-----w C:\Program Files\Toshiba

2008-07-19 16:52 --------- d-----w C:\Program Files\Wireless Console 2

2008-07-19 16:41 --------- d-----w C:\Program Files\Intel

2008-07-19 16:40 --------- d-----w C:\Program Files\Realtek

2008-07-19 16:39 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-19 16:34 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-19 16:13 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-19 16:12 --------- d-----w C:\Program Files\Usługi online

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:48 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:48 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll

2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll

2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:12 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-11-21 17:51 7335936]

“HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2006-02-23 06:40 106496]

“Wireless Console 2”=“C:\Program Files\Wireless Console 2\wcourier.exe” [2005-10-17 17:09 987136]

“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2006-04-14 11:51 667718]

“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2006-04-14 11:52 602182]

“EOUApp”=“C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” [2006-04-14 11:56 569413]

“Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2006-03-06 17:13 86016]

“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-07-26 04:59 1235736]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 09:25 1828136]

“StxTrayMenu”=“C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe” [2007-01-18 13:20 190008]

“Skrót do strony właściwości High Definition Audio”=“HDAShCut.exe” [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

“SMSERIAL”=“sm56hlpr.exe” [2005-05-27 01:12 544768 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]

C:\Documents and Settings\WOJTEK\Menu Start\Programy\Autostart\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-20 14:27:05 3444008]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=avgrsstx.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\AVG\AVG8\avgupd.exe”=

“C:\Program Files\AVG\AVG8\avgemc.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“C:\Program Files\AVG\AVG8\avgnsx.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

“C:\Program Files\IncrediMail\bin\IncMail.exe”=

“C:\Program Files\IncrediMail\bin\ImApp.exe”=

“C:\Program Files\IncrediMail\bin\ImpCnt.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“20511:TCP”= 20511:TCP:BitComet 20511 TCP

“20511:UDP”= 20511:UDP:BitComet 20511 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-21 12:13]

R0 Axvdev;Axvdev;C:\WINDOWS\system32\drivers\Axvdev.sys [2002-10-09 22:20]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-26 04:59]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-26 04:59]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 04:59]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-21 12:13]

R2 GF0003;GASIA GF0003 Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0003.sys [2006-04-14 18:25]

R2 Seagate Sync Service;Seagate Sync Service;C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 13:20]

R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]

R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\Autorun.exe /run

\Shell\Shell00\Command - F:\Autorun.exe /run

\Shell\Shell01\Command - F:\Autorun.exe /action

\Shell\Shell02\Command - F:\Autorun.exe /uninstall

.

Contents of the ‘Scheduled Tasks’ folder

2008-07-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E482FC2-A726-451B-B3D3-1A66F5999026}.job

• C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]

2008-07-29 C:\WINDOWS\Tasks\MP Scheduled Scan.job

• C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

• • • • ORPHANS REMOVED - - - -

HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://google.pl/

R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O8 -: Download with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 -: Download all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 -: Download all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 -: Search - http://edits.mywebsearch.com/toolbaredi … xdm490YYPL

O8 -: Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 17:53:22

Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE

C:\PROGRAM FILES\NERO\NERO8\INCD\INCDSRV.EXE

C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE

C:\PROGRAM FILES\AVG\AVG8\AVGNSX.EXE

C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE

C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

.

**************************************************************************

.

Completion time: 2008-07-29 17:54:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-29 15:54:54

Pre-Run: 11,801,034,752 bajtów wolnych

Post-Run: 11,739,693,056 bajt˘w wolnych

304 — E O F — 2008-07-25 13:01:43

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Poza tym ok

wszystko juz OK - ComboFix zalatwil sprawe

dzieki