Begin2Search.com Bar

[Gość: gerdzia1]

pojawil mi sie taki pasek w IE i nie mam pojecia jak go usunac:( dla
ulatwienia wklejam loga z HJ. dzieki za wszelka pomoc!!!:D

Logfile of HijackThis v1.98.2
Scan saved at 00:05:15, on 2005-01-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\D KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIco n.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jus ched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??rss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Applications\Residence.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\jurek\Pulpit\Antywiry i łaty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Interne t Explorer,SearchURL =
www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar =
www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.kurnik.pl/
R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page_bak =
www.onet.pl/
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A8 9362C85} - (no
file)
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73B D81ABC} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134 C78777} - C:\WINDOWS\System32
\winb2s32.dll
O2 - BHO: (no name) - {62AA115F-BA1C-7BB7-8003-64550D F32843} -
C:\WINDOWS\System32\dwqniwih.dl l
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5 CA8DEF} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D2 12C107} -
C:\WINDOWS\System32\winb2s32.dl l
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIco n.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\yvsprrc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winrfl32.ex e
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [slvchost] slvchost32.exe
O4 - HKLM\..\Run: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.e xe
O4 - HKLM\..\Run: [Local Service] rundll.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe
O4 - HKLM\..\RunServices: [Local Service] rundll.exe
O4 - HKLM\..\RunServices: [slvchost] slvchost32.exe
O4 - HKLM\..\RunServices: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKCU\..\Run: [Wnso] C:\Documents and Settings\jurek\Dane
aplikacji\teos.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Jjrkna] C:\WINDOWS\System32\??rss.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} - (no
file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - (no file)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC 39B807} -
C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa00 3c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8 E6BAD6} -
public.windupdates.com/get_file.php?bt=ie&p=7ab4384e4c2dcd3727316e528413e2e0d830f4671e171ba4121526139dac8afa9e6d06
971f2066680f6011b1f10b43f66060d 0e435ca59b920d5895a93b532a3a2:7 642dd223d2d6a0e8
8e964761dcadf1f
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BE EAFD4F} -
advnt01.com/dialer/russia.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097669261967
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994B A2CEBE} (Installer Class) -
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608 E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665 414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainCon

[Gość: piecyk gazowy]

Cały się nie zmieścił... Zaznacz poniższe pozycje i wciśnij Fix Checked:

R1 - HKCU\Software\Microsoft\Interne t Explorer,SearchURL =
www.popupsearches.com/sidesearc h.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar =
www.popupsearches.com/sidesearc h.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
www.popupsearches.com/sidesearc h.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.kurnik.pl/
R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
www.popupsearches.com/sidesearc h.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
www.popupsearches.com/sidesearc h.html

R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Window Title = Neostrada
TP

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A8 9362C85} - (no
file)

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73B D81ABC} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134 C78777} - C:\WINDOWS\System32
\winb2s32.dll
O2 - BHO: (no name) - {62AA115F-BA1C-7BB7-8003-64550D F32843} -
C:\WINDOWS\System32\dwqniwih.dl l
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5 CA8DEF} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D2 12C107} -
C:\WINDOWS\System32\winb2s32.dl l
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\yvsprrc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winrfl32.ex e

O4 - HKLM\..\Run: [slvchost] slvchost32.exe
O4 - HKLM\..\Run: [Norton AntiVirus Sys] NAVsys32.exe

O4 - HKLM\..\Run: [Local Service] rundll.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe
O4 - HKLM\..\RunServices: [Local Service] rundll.exe
O4 - HKLM\..\RunServices: [slvchost] slvchost32.exe
O4 - HKLM\..\RunServices: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKCU\..\Run: [Wnso] C:\Documents and Settings\jurek\Dane
aplikacji\teos.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Jjrkna] C:\WINDOWS\System32\??rss.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} - (no
file)

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC 39B807} -
C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa00 3c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: v3cab - searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8 E6BAD6} -
public.windupdates.com/get_file .php?
bt=ie&p=7ab4384e4c2dcd3727316e5 28413e2e0d830f4671e171ba4121526 139dac8afa9e6d06
971f2066680f6011b1f10b43f66060d 0e435ca59b920d5895a93b532a3a2:7 642dd223d2d6a0e8
8e964761dcadf1f
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BE EAFD4F} -
advnt01.com/dialer/russia.CAB

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994B A2CEBE} (Installer Class) -
www.ysbweb.com/ist/softwares/v4 .0/ysb_regular.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665 414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicket sInstaller.cab

Wklej nowego loga.

[Gość: gerdzia1]

Wielkie dzieki za pomoc!!! Nie wiem, co bym bez Ciebie zrobila:D wywala
wszystko i wklejam nowego loga...

[Gość: gerdzia1]

Logfile of HijackThis v1.98.2
Scan saved at 19:35:39, on 2005-01-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\D KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIco n.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jus ched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??rss.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package
Applications\Residence.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\jurek\Pulpit\Antywiry i łaty\HijackThis.exe

R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Search_UR L =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Page =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page_bak =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIco n.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.e xe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097669261967
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608 E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{30DA3456-47C1-445D-9A01-D44 37446D606}:
NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{6C79D015-E36F-45D9-BE52-711 906B521BD}:
NameServer = 194.204.159.1,194.204.152.34
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290 B5B738} - (no
file)

teraz widze, ze sie zmiescil caly log:) juz pomoglo, bo nie ma tego paska ani
zadnej strony startowej:DDD

[Gość: piecyk gazowy]

Włącz zaporę: www.microsoft.com/poland/security/articles/use_icf.mspx

Do wyrzucenia:

> R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
> www.microsoft.com/isapi/redir.d ll?prd=ie&pver=6&ar=msnhome
> R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Search_UR L =
> www.microsoft.com/isapi/redir.d ll?prd=ie&ar=iesearch
> R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Page =
> www.microsoft.com/isapi/redir.d ll?prd=ie&ar=iesearch
> R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
> www.microsoft.com/isapi/redir.d ll?prd={SUB_PRD}&clcid={SUB_CLS ID}&pver=
{SUB_PVER}&ar=home

> O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290 B5B738} - (no
> file)

[Gość: gerdzia1]

Jeszcze raz dzieki i milego wieczoru:) Mam wlaczona zapore, ale jak widac nic
nie daje:( nie ma jak IE...niestety nie moge zainstalowac innej przegladary, bo
to komp rodzicow, a oni sa niereformowalni, jak to rodzice:)

[Gość: piecyk gazowy]

Zainstaluj SP 2. Link masz w wątku z FAQ (jest link w nagłówku forum).

[Gość: piecyk gazowy]

Gość portalu: piecyk gazowy napisał(a):

> Link masz w wątku z FAQ (jest link w nagłówku forum).

Chyba się muszę zapisać a jakiś kurs języka polskiego... ;-/