Pomocy!!!180 Solutions, Web_Rebates

IP: 217.153.134.* 01.02.05, 16:37
Co to za syf mi się pojawił w Program Files?? Wvast wykrył jakiegoś wirusa ale go usunąłem, Kerio daje jakieś komunikaty o tym 180Solutions . Jak się tego pozyć. oto mój log:

Logfile of HijackThis v1.99.0
Scan saved at 16:32:10, on 2005-02-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.ex e
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched. exe
C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
C:\WINDOWS\system32\RUNDLL32.EX E
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Web_Rebates\WebRebates0.e xe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Web_Rebates\WebRebates1.e xe
c:\program files\180solutions\sais.exe
C:\Program Files\Opera7\Opera.exe
C:\Instalki\Ochrona\HijackThis. exe

R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-009027 1D075B} - C:\PROGRA~1\FlashGet\jccatch.dl l
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dl l
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A 3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched. exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,N vStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dl l,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.e xe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150 \scri1150a.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\flashget.e xe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\flashget.e xe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .rar: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104771103225
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Prime95 Service - Unknown - C:\Program Files\Prime95\prime95.exe (file missing)

    • netsec Re: Pomocy!!!180 Solutions, Web_Rebates 01.02.05, 16:45
      W trybie awaryjnym odinstaluj programy z tej listy:

      Neo Technology Search Engine
      Unistall 180 sertchAssistant
      Web Tools by Hotbar
      WebRebates(by TopReates.com)
      Windows Active
      Windovs AdControl
      Windows SR2.0
      Windows AdTools
      Windows ServeAd
      Internet Optimizer

      Nie instaluj shitu opisanego tu:
      www.searchengines.pl/phpbb203/index.php?showtopic=16318
      • Gość: gulke Re: Pomocy!!!180 Solutions, Web_Rebates IP: 217.153.134.* 01.02.05, 17:47
        jak uruchomić tryb awaryjny? wciskam F8 i jest wybór napędu do uruchomienia windowsa
      • Gość: gulke Re: Pomocy!!!180 Solutions, Web_Rebates IP: 217.153.134.* 01.02.05, 18:35
        udalo sie (wciskalem F8 nie w tym momencie)
        A więc tak
        W trybie awaryjnym w dodaj/usun programy z tej Twojej listy do usuniecia bylo tylko to unistall180 cos tam cos tam ,web_rebuces (czy cos takiego)i internet optimizer. Dalem na usun ale nie usunelo z tej listy programow (w przypadku 2 pierwszych programow byla informacja ze usuniete, w przypadku 3 nic nie nie dzialo jak wciskalem zmien/usun). Nastepnie wszedlem do program files i recznie usunalem foldery 180 Solutions i Internet Optimizer. Reszty z tej Twojej listy nie wiem gdzie szukac
        Oto moj nowy log:

        Logfile of HijackThis v1.99.0
        Scan saved at 18:30:02, on 2005-02-01
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.ex e
        C:\WINDOWS\system32\services.ex e
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\RunDll32.ex e
        C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched. exe
        C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
        C:\WINDOWS\system32\RUNDLL32.EX E
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
        C:\Program Files\Netropa\Onscreen Display\OSD.exe
        C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Kerio\Personal Firewall\persfw.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Instalki\Ochrona\HijackThis. exe

        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
        O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-009027 1D075B} - C:\PROGRA~1\FlashGet\jccatch.dl l
        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dl l
        O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
        O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A 3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
        O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched. exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,N vStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dl l,NvTaskbarInit
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
        O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.e xe"
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
        O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150 \scri1150a.htm
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\flashget.e xe
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} - C:\PROGRA~1\FlashGet\flashget.e xe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
        O12 - Plugin for .rar: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104771103225
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
        O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
        O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Kerio Personal Firewall - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
        O23 - Service: Prime95 Service - Unknown - C:\Program Files\Prime95\prime95.exe (file missing)

      • Gość: gulke Re: Pomocy!!!180 Solutions, Web_Rebates IP: 217.153.134.* 01.02.05, 20:03
        Sprawdzilem tym Microsoft Antispyware. Znalazł sporo tego szjasu. Wszystko usunąłem, sprawdziłem jeszcze raz i juz nie znalazł niczego.
        To nowy log:

        Logfile of HijackThis v1.99.0
        Scan saved at 19:58:01, on 2005-02-01
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.ex e
        C:\WINDOWS\system32\services.ex e
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\RunDll32.ex e
        C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched. exe
        C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
        C:\WINDOWS\system32\RUNDLL32.EX E
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
        C:\Program Files\Netropa\Onscreen Display\OSD.exe
        C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Kerio\Personal Firewall\persfw.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\SpeedFan\speedfan.exe
        C:\Program Files\Opera7\Opera.exe
        C:\Instalki\Ochrona\HijackThis. exe

        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
        R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
        R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
        O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
        O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
        O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A 3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
        O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched. exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,N vStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dl l,NvTaskbarInit
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
        O12 - Plugin for .rar: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104771103225
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
        O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
        O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Kerio Personal Firewall - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
        O23 - Service: Prime95 Service - Unknown - C:\Program Files\Prime95\prime95.exe (file missing)

        Z tego co się orientuję to nie wygląda on jeszcze dobrze?
        • netsec Re: Pomocy!!!180 Solutions, Web_Rebates 02.02.05, 11:08
          Ściągnij nowy CWShredder 2.0
          cwshredder.net/bin/CWShredder.exe
          Sprawdź czy masz włączoną zaporę Internetową we właściwościach Twojego
          połączenia do Internetu.

          Wyłącz przywracanie systemu:
          support.microsoft.com/default.aspx?scid=kb;pl;310405
          Uruchom komputer w trybie awaryjnym:
          support.microsoft.com/default.aspx?scid=KB;PL;315222

          Uwaga! Przy starcie do awaryjnego dostaniesz pytanie o wybór konta. NIE wybieraj
          konta Administratora tylko swoje własne imienne, bo na tym profilu jest syf. Po
          uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera.

          Uruchom ponownie HiJackThis wykonaj "Do a system SCAN only" i zaznacz
          (haczykiem)te pozycje:


          R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Bar =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Page =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
          www.couldnotfind.com/search_pag e.html?&account_id=1002535
          O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A 3F5686} -
          C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
          O23 - Service: Prime95 Service - Unknown - C:\Program Files\Prime95\prime95.exe
          (file missing)

          Po zaznaczeniu wykonaj FIX CHECKED i potwierdź TAK/OK.

          W Panel Sterowania => Opcje Internetowe usuń
          Tymczasowe pliki Internetowe (Wszystkie) i Cooki.

          Odinstaluj w Panelu sterowania Dodaj/Usuń programy wszystkie
          programy, co do których nie masz pewności, że Ci są potrzebne.

          Uruchom CWShredder i wykonaj Fix.

          Oczyść kosz.

          Uruchom komputer w normalny sposób i wklej nowy log z HiJack.

          Napisz czy wszystko ok.
          • Gość: gulke Re: Pomocy!!!180 Solutions, Web_Rebates IP: 217.153.134.* 02.02.05, 17:47
            zrobiłem wszystko jak napisałeś
            To nowy log:

            Logfile of HijackThis v1.99.0
            Scan saved at 17:46:55, on 2005-02-02
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.ex e
            C:\WINDOWS\system32\services.ex e
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\RunDll32.ex e
            C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched. exe
            C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
            C:\WINDOWS\system32\RUNDLL32.EX E
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
            C:\Program Files\Netropa\Onscreen Display\OSD.exe
            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
            C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\Program Files\Kerio\Personal Firewall\persfw.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Opera7\Opera.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Instalki\Ochrona\HijackThis. exe

            R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
            R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
            O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
            O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:\Program Files\SolidDocuments\SolidConve rterPDF\SCPDF\ExploreExtPDF.dll
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
            O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched. exe" -osboot
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ash Disp.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,N vStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dl l,NvTaskbarInit
            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFI CE11\EXCEL.EXE/3000
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\R EFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
            O12 - Plugin for .rar: C:\Program Files\Opera7\PLUGINS\NPFgc1.dll
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104771103225
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
            O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
            O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: Kerio Personal Firewall - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

            Teraz dobrze?
            • m.gregor Jak dla mnie czysto n/t 02.02.05, 18:03

            • netsec Re: Pomocy!!!180 Solutions, Web_Rebates 03.02.05, 09:42
              Log wygląda czysto.
              Czy w dodaj usuń programy dalej pozostały pozycje z tymi programami 180 itd. ?
              Czy teraz Microsoft Antispyware nie znajduje już nic?
              • Gość: gulke Re: Pomocy!!!180 Solutions, Web_Rebates IP: 217.153.134.* 03.02.05, 19:39
                microsoft antispyware nic nie wykrywa
                w dodaj/usun moje podejrzenie budzi jedynie program YourSiteBar, nie wiem co to jest i nie da sie tego odistalowac
                pozdrawiam
                • netsec Re: Pomocy!!!180 Solutions, Web_Rebates 04.02.05, 13:30
                  Ściągnij RegCleaner 80.53.91.142/netsec/tools/regcleaner.zip
                  i odezwij się wieczorem na GG.
    • Gość: mariosk2 Re: Pomocy!!!180 Solutions, Web_Rebates IP: *.netcontrol.pl 05.02.05, 09:49
      Spróbuj zainstalować jv16 Power Tools, ja tym u siebie załatwiłem
      tą sprawe.
      A tak nawiasem jest to prawdopodobnie jakis search bar (trojan).

      mam madzieje że ten program zadziała.

      pozdrawiam.
      • netsec Re: Pomocy!!!180 Solutions, Web_Rebates 05.02.05, 10:23
        To jest wyłacznie pozostałość po search bar w Dodaj/Usuń programy, reszta
        została usunięta wcześnie. RegCleaner potrzebny jest do wyczyszczenia tej
        pozostałości, która nie ma wpływu na nic, a jedynie śmieci.
Pełna wersja