Jak usunąć Trojan Horse z pliku C:WINDOWSsystem32ptnpfko.exe na Windows XP?

SO XP. Norton wykrywa, że jest wirusek, ale nie może go usunąć. Ad-aware nic nie wykrył a MKS wykrył inne bagcyle, ale tego pliku w którym znajduje się Trojan Horse nie był w stanie przeskanować.
C:\WINDOWS\system32\ptnpfko.exe --- W takim plickzu znajduje się ten wirusek. Czy ktoś mógłby mnie poratować ?

Wklej log z hijackthis:
http://www.spychecker.com/program/hijackthis.html
(do a system scan and save a logfile)

Jak masz XP to odrazu przeskanuj tym:
http://download.microsoft.com/download/8/1/5/...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

Logfile of HijackThis v1.99.1
Scan saved at 20:41:28, on 2005-06-24
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\ptnpfko.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\optmouse.exe
C:\WINDOWS\System32\bootpd.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\bootpd.exe
C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
D:\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Magda\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Magda\USTAWI~1\Temp\dinizunafop.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - C:\WINDOWS\KB290333.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\System32\optmouse.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [sobsjl] c:\windows\system32\ptnpfko.exe r
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe" /tray
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello\PicasaCapture.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebpr...ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B46EBFF6-297F-4EE0-850E-A1B85BF38D83}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Smietnik...

Przeskanuj MicrosoftAntiSpyware do, ktorego link Ci juz podalem i usun wszystko co znajdzie.

Odinstaluj nortona i mksa i zainstaluj:
http://www.avast.com/eng/avast_4_home.html

Uzyj tego w trybie awaryjnym:
http://free.of.pl/k/kolobos/nailfix.zip

W hijackthis usun te wpisy:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Magda\USTAWI~1\Temp\dinizunafop.dll (file missing)
O2 - BHO: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - C:\WINDOWS\KB290333.dll
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [sobsjl] c:\windows\system32\ptnpfko.exe r
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebpr...ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Po resecie usun te pliki z dysku:

C:\WINDOWS\KB290333.dll
C:\WINDOWS\System32\scrsvc.exe
C:\WINDOWS\System32\tibs3.exe
c:\windows\system32\ptnpfko.exe r
C:\WINDOWS\System32\bootpd.exe
C::\Program Files\MyWebSearch\ <- caly katalog

Jakby cos nie chcialo sie skasowac to uzyj:
http://www.downloads.subratam.org/KillBox.zip
zaznacz delete on reboot.

Na koniec uruchom regedit przejdz do:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
i usun tam:
_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
_{08C06D61-F1F3-4799-86F8-BE1A89362C85} -

Po wszystkim wklej nowy log z hijackthis.

Ok rpoblem rozwiązany
Dzięki za pomoc