HijackThis cos mi wlazlo, pomocy!

IP: *.aster.pl / *.aster.pl 20.12.04, 12:01
Dodam że w awaryjnym Hijackiek nie da się tego wywalić, moze ktos ma pomysł..
oczywiscie mam programy zabezpieczenia itp...

Logfile of HijackThis v1.98.2
Scan saved at 09:35:37, on 2004-12-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINNT\System\MSMSGSVC.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\wincmd\WINCMD32.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Kurier Poczty\thunderbird.exe
C:\TMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-
finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-
finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://www.aster.pl/aster.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 212.106.162.125:443
R3 - Default URLSearchHook is missing
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
C:\WINNT\dpe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/houseca
ll/xscan53.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

    • Gość: piecyk gazowy Re: HijackThis cos mi wlazlo, pomocy! IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 12:57
      Ściągnij najnowszą wersję
      spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
      i jeszcze raz wklej loga (sekcję "Runnig processes" możesz pominąć).
      • Gość: niespokojny juz daje,dzieki.... IP: *.aster.pl / *.aster.pl 20.12.04, 15:53
        Scan saved at 15:53:28, on 2004-12-20
        Platform: Windows 2000 SP4 (WinNT 5.00.2195)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINNT\System32\smss.exe
        C:\WINNT\system32\csrss.exe
        C:\WINNT\system32\winlogon.exe
        C:\WINNT\system32\services.exe
        C:\WINNT\system32\lsass.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\System32\nvsvc32.exe
        C:\WINNT\system32\regsvc.exe
        C:\WINNT\system32\MSTask.exe
        C:\WINNT\system32\stisvc.exe
        C:\WINNT\system32\ZONELABS\vsmon.exe
        C:\WINNT\System32\WBEM\WinMgmt.exe
        C:\WINNT\System32\mspmspsv.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\Explorer.EXE
        C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINNT\system32\internat.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINNT\System\MSMSGSVC.exe
        C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\wincmd\WINCMD32.EXE
        C:\WINNT\system32\taskmgr.exe
        C:\Program Files\SlimBrowser\sbrowser.exe
        C:\Program Files\Kurier Poczty\thunderbird.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\eMule\emule.exe
        C:\Program Files\GetRight\getright.exe
        C:\Program Files\GetRight\getright.exe
        C:\TMP\HijackThis2.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
        about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-
        finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-
        finder.cc/search/ (obfuscated)
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        http://default.home
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-
        finder.cc/search/ (obfuscated)
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-
        finder.cc/search/ (obfuscated)
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        http://default.home
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-
        finder.cc/search/ (obfuscated)
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        http://www.e-finder.cc/search/ (obfuscated)
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-
        finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        http://www.e-finder.cc/search/ (obfuscated)
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,AutoConfigURL = http://www.aster.pl/aster.pac
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = 212.106.162.125:443
        R3 - Default URLSearchHook is missing
        O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
        C:\WINNT\dpe.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINNT\System32\msdxm.ocx
        O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
        O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
        Shared\CreateCD\CreateCD50.exe" -r
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5
        \DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
        Polska\wpkontakt\wpkontakt.exe -autostart
        O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
        Labs\ZoneAlarm\zlclient.exe"
        O4 - HKCU\..\Run: [internat.exe] internat.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
        Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
        quiet
        O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
        O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
        Sweeper\SpySweeper.exe" /0
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
        Files\GetRight\getright.exe
        O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
        D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
        O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
        D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
        O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
        D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
        O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
        D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
        http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall
        /xscan53.cab
        O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
        http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
        (MsnMessengerSetupDownloadControl Class) -
        http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
        http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
        O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
        Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
        O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil
        Software\Avast4\aswUpdSv.exe
        O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common
        Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe
        O23 - Service: Digimation Protection Server - Digimation, Inc. - C:\3DSMAX~1
        \DIGIPSRV.EXE
        O23 - Service: Usługa administracyjna Menedżera dysków logicznych - VERITAS
        Software Corp. - C:\WINNT\Syst
        • Gość: piecyk gazowy Re: juz daje,dzieki.... IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 16:44
          Wszystko nie weszło... Pomiń sekcję "running processes" i wklej jeszcze raz, a
          ja jak wrócę od dentysty, zerknę i powiem, co wyrzucić. ;-)
          • Gość: spokojniejszy... Re: juz daje,dzieki.... IP: *.aster.pl / *.aster.pl 20.12.04, 16:48
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
            about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
            finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
            finder.cc/search/ (obfuscated)
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            default.home
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            about:blank
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
            about:blank
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
            finder.cc/search/ (obfuscated)
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
            finder.cc/search/ (obfuscated)
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            default.home
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
            finder.cc/search/ (obfuscated)
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            www.e-finder.cc/search/ (obfuscated)
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
            finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
            www.e-finder.cc/search/ (obfuscated)
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,AutoConfigURL = www.aster.pl/aster.pac
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyServer = 212.106.162.125:443
            R3 - Default URLSearchHook is missing
            O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
            C:\WINNT\dpe.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINNT\System32\msdxm.ocx
            O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
            C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
            O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
            Shared\CreateCD\CreateCD50.exe" -r
            O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5
            \DirectCD\DirectCD.exe"
            O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
            Polska\wpkontakt\wpkontakt.exe -autostart
            O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
            Labs\ZoneAlarm\zlclient.exe"
            O4 - HKCU\..\Run: [internat.exe] internat.exe
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
            Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
            quiet
            O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
            O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
            Sweeper\SpySweeper.exe" /0
            O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
            Files\GetRight\getright.exe
            O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
            D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
            O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
            D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
            O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
            D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
            O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
            D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
            O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
            a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
            67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
            (MsnMessengerSetupDownloadControl Class) -
            messenger.msn.com/download/MsnMessengerSetupDownloader.cab
            O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
            us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
            O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
            Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
            O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil
            Software\Avast4\aswUpdSv.exe
            O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common
            Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
            Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
            Software\Avast4\ashMaiSv.exe
            O23 - Service: Digimation Protection Server - Digimation, Inc. - C:\3DSMAX~1
            \DIGIPSRV.EXE
            O23 - Service: Usługa administracyjna Menedżera dysków logicznych - VERITAS
            Software Corp. - C:\WINNT\System32\dmadmin.exe
            O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common
            Files\Macromedia Shared\Service\Macromedia Licensing.exe
            O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
            C:\WINNT\System32\nvsvc32.exe
            O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %
            ProgramFiles%\WinPcap\rpcapd.exe (file missing)
            O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32
            \ZONELABS\vsmon.exe

            • Gość: piecyk gazowy Re: juz daje,dzieki.... IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 18:03
              Do wyrzucenia (z gwiazdką wpisy poprawne, ale według mnie zbędne - decyzja
              należy do Ciebie):

              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
              > about:blank
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
              > finder.cc/search/ (obfuscated)
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
              > finder.cc/search/ (obfuscated)
              > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              > default.home
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              > about:blank
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
              > about:blank
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
              > finder.cc/search/ (obfuscated)
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
              > finder.cc/search/ (obfuscated)
              > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              > default.home
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
              > finder.cc/search/ (obfuscated)
              > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              > www.e-finder.cc/search/ (obfuscated)
              > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
              > finder.cc/search/ (obfuscated)
              > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
              > www.e-finder.cc/search/ (obfuscated)
              > R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
              > www.e-finder.cc/search/ (obfuscated)

              > R3 - Default URLSearchHook is missing
              > O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
              > C:\WINNT\dpe.dll

              > O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
              > C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll

              *> O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
              *> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
              > atboottime

              > O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
              > O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
              > Sweeper\SpySweeper.exe" /0
              *> O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
              > Files\Adobe\Calibration\Adobe Gamma Loader.exe
              *> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
              > Files\Adobe\Calibration\Adobe Gamma Loader.exe
              *> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              > Office\Office\OSA9.EXE

              I nie znalazłem niczego tam, gdzie się spodziewałem. ;-)

              Najlepiej usuwaj w trybie awaryjnym (choć w większości przypadków nie jest to
              istotne).
              • Gość: piecyk gazowy SpySweepera nie usuwaj - pomyłka IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 18:05
                Tego nie usuwaj:

                > > O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
                > > Sweeper\SpySweeper.exe" /0
                • Gość: jescze nie spokojn Re: SpySweepera nie usuwaj - pomyłka IP: *.aster.pl / *.aster.pl 20.12.04, 19:05
                  > O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
                  > C:\WINNT\dpe.dll Ale jak to wywale, bo to chyba problem... to i tak to to
                  spowrotem wraca jak bumerang, w tym problem, w awaryjnym tez si nie da
                  wywalic,tzn da sie tylko odradza sie jak fenixs...i tak w kółko...
                  • Gość: piecyk gazowy Re: SpySweepera nie usuwaj - pomyłka IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 20:35
                    Wywalasz tylko to, czy wszystko co Ci podałem?
                    • Gość: spoko Re: SpySweepera nie usuwaj - pomyłka IP: *.aster.pl / *.aster.pl 20.12.04, 22:02
                      wszystko,ale to nie działa na dll... tego w tym caly myk!
                      • Gość: piecyk gazowy Re: SpySweepera nie usuwaj - pomyłka IP: *.tpnet.pl / *.tpnet.pl 20.12.04, 22:19
                        Ciekawe. A wklej nowego loga.
                        • Gość: nie spoko po wywaleniu... IP: *.aster.pl / *.aster.pl 21.12.04, 08:45
                          po wywaleniu wszystkiego Tak to wyglada oczywiście dll sie nie da pisze ze go
                          jakis proces uzywa,w awaryjnym tez....


                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
                          about:blank
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
                          finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
                          finder.cc/search/ (obfuscated)
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                          default.home
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          about:blank
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
                          about:blank
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
                          finder.cc/search/ (obfuscated)
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.e-
                          finder.cc/search/ (obfuscated)
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                          default.home
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
                          finder.cc/search/ (obfuscated)
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          www.e-finder.cc/search/ (obfuscated)
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-
                          finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                          www.e-finder.cc/search/ (obfuscated)
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                          Settings,AutoConfigURL = www.aster.pl/aster.pac
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                          Settings,ProxyServer = 212.106.162.125:443
                          R3 - Default URLSearchHook is missing
                          O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
                          C:\WINNT\dpe.dll
                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                          C:\WINNT\System32\msdxm.ocx
                          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec
                          Shared\CreateCD\CreateCD50.exe" -r
                          O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5
                          \DirectCD\DirectCD.exe"
                          O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                          atboottime
                          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                          O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
                          Polska\wpkontakt\wpkontakt.exe -autostart
                          O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
                          Labs\ZoneAlarm\zlclient.exe"
                          O4 - HKCU\..\Run: [internat.exe] internat.exe
                          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
                          Messenger\MsnMsgr.Exe" /background
                          O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
                          quiet
                          O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
                          Sweeper\SpySweeper.exe" /0
                          O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
                          O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                          Files\Adobe\Calibration\Adobe Gamma Loader.exe
                          O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
                          Files\GetRight\getright.exe
                          O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
                          D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
                          O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
                          D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX
                          O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5-
                          D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
                          O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5-
                          D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU)
                          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
                          a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
                          O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
                          67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
                          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
                          (MsnMessengerSetupDownloadControl Class) -
                          messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                          O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
                          us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
                          O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
                          Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
                          O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil
                          Software\Avast4\aswUpdSv.exe
                          O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common
                          Files\Autodesk Shared\Service\AdskScSrv.exe
                          O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
                          Software\Avast4\ashServ.exe
                          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
                          Software\Avast4\ashMaiSv.exe
                          O23 - Service: Digimation Protection Server - Digimation, Inc. - C:\3DSMAX~1
                          \DIGIPSRV.EXE
                          O23 - Service: Usługa administracyjna Menedżera dysków logicznych - VERITAS
                          Software Corp. - C:\WINNT\System32\dmadmin.exe
                          O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common
                          Files\Macromedia Shared\Service\Macromedia Licensing.exe
                          O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
                          C:\WINNT\System32\nvsvc32.exe
                          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %
                          ProgramFiles%\WinPcap\rpcapd.exe (file missing)
                          O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32
                          \ZONELABS\vsmon.exe


Pełna wersja