b. prosze o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 14.04.05, 20:51
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.couldnotfind.com/search_page.html?&account_id=136299
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.couldnotfind.com/search_page.html?&account_id=136299
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.couldnotfind.com/search_page.html?&account_id=136299
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
www.searchforit.com/searchbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} -
C:\WINDOWS\System32\replaceSearch.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program
Files\SideFind\sfbho.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
F:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} -
C:\WINDOWS\System32\SYSsfitb.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program
Files\ISTbar\istbar.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
F:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] D:\MYSZKA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [wvijub] C:\WINDOWS\wvijub.exe
O4 - HKLM\..\Run: [rxrdgzf] C:\WINDOWS\System32\nnlwwtgq.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program
Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows
AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinampAgent] D:\winamp 5\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [kjahkr] C:\WINDOWS\kjahkr.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.6.1.0\Hbinst.exe /Upgrade
O4 - HKCU\..\Run: [Komunikator] D:\tlen\tlen.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GADU GADU\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
800-840\dslmon.exe
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - F:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
F:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra b
    • Gość: Kolobos Re: b. prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 14.04.05, 20:54
      Wkleja sie caly log od poczatku do konca, a w tym nie ma ani poczatku, ani tez
      konca, jak sie nie miesci w jednym poscie to wklej reszte w drugim.
    • m.gregor Re: b. prosze o sprawdzenie loga 14.04.05, 20:55
      A reszte zjadl pies tak? ;-)

      1.) Zainstaluj program antywirusowy
      2.) Zainstaluj AdAware, zaktualizuj i przeskanuj nim system
      3.) Potem zrob tak jak powiedziano tutaj:
      republika.pl/mgregor
    • neder Re: b. prosze o sprawdzenie loga 14.04.05, 21:20
      start w awaryjny
      ręcznie usuwasz:
      1. poprzez dodaj/usuń programy
      - Windows Ad Tools
      - ISTbar
      - Windows Syncro Ad
      - Windows Ad Control
      - Internet Optimizer
      - BullsEyeNetwork
      - DR_S
      - SideFind\
      - MyWay
      - P2P Networking
      - ErrorGuard\
      - Hotbary - wszystkie + wszystkie SearchBar i searchAssistant
      jeśli któregoś z tych programów tam nie będzie - zapisz których i podaj potem
      tutaj, sprawdź je jeszcze w folderze Program Files (upewnij się, że masz
      włączoną opcję pokazywania ukrytych folderów - Narzedzia> opcje folderów> widok)

      Z folderu Windows usuwasz:
      - wvijub.exe
      - conscorr.exe
      - 180ax.exe
      - kjahkr.exe
      - SYSsfit.exe


      Z folderu Windows/ System32 usuwasz:
      - SYSsfitb.dll
      - replaceSearch.dll
      - nnlwwtgq.exe
      - systime.exe


      Uruchamiasz, zaznaczasz "do a system scan only", i haczykujesz (po lewej)

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > www.couldnotfind.com/search_page.html?&account_id=136299
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > www.couldnotfind.com/search_page.html?&account_id=136299
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 213.159.117.134/index.php
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      > www.searchforit.com/searchbar
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      > www.searchforit.com/searchbar
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 213.159.117.134/index.php
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > www.couldnotfind.com/search_page.html?&account_id=136299
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > www.searchforit.com/searchbar
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      > www.searchforit.com/searchbar
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
      > 213.159.117.134/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 213.159.117.134/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      > file)
      > O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
      > C:\WINDOWS\nem220.dll (file missing)
      > O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
      > C:\WINDOWS\localNRD.dll (file missing)
      > O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no
      file
      > )
      > O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
      > Files\MyWay\myBar\1.bin\MYBAR.DLL
      > O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
      > Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
      > O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} -
      > C:\WINDOWS\System32\SYSsfitb.dll
      > O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program
      > Files\ISTbar\istbar.dll (file missing)
      > O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
      > Networking.exe /AUTOSTART
      > O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
      > SyncroAd\SyncroAd.exe
      > O4 - HKLM\..\Run: [wvijub] C:\WINDOWS\wvijub.exe
      > O4 - HKLM\..\Run: [rxrdgzf] C:\WINDOWS\System32\nnlwwtgq.exe
      > O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
      > O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows
      > AdTools\WinAdTools.exe
      > O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
      > AdControl\WinAdCtl.exe
      > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      > O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
      > O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      > Optimizer\optimize.exe"
      > O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
      > O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
      > Network\bin\bargains.exe
      > O4 - HKLM\..\Run: [autoclk] autoclk.exe
      > O4 - HKLM\..\Run: [adiras] adiras.exe
      > O4 - HKLM\..\Run: [kjahkr] C:\WINDOWS\kjahkr.exe
      > O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
      > O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.6.1.0
      \Hbinst.exe /Upgr
      > ade
      > O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
      > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe

      Fix checked - robisz to oczywiście w awaryjnym


      Uwagi:
      1. LUDZIE!!! CO WY ROBICIE, ŻE MACIE TAKIE SYFY???? Masz chyba wszystkie śmieci
      jakie mogły sie znaleźć w necie...
      2. w związku z tym, że tyle tu smieci - to log cały się nie zmieścił
      3. usuń na razie to co podałam może nastepny będzie cały
      4. nie ucinaj górnej części loga - tam są running processes, a u Ciebie będzie
      tam widać wszystkie syfy które umieściły się w folderach systemowych - tu może
      wszystkich teraz nie być.


      zresetuj komputer i wklej nowego loga





      • neder poprawka 14.04.05, 21:22
        juz się koledzy zajęli ;p a ja niechcący wcisnęłam to do usunięcia
        > O4 - HKLM\..\Run: [adiras] adiras.exe


        sorry, ale się pogubiłam...
        • Gość: kasia tym razem cały log... IP: *.local.pl / *.internetdsl.tpnet.pl 15.04.05, 10:31
          sorki, ale chyba coś ucieło.....prosze looknijcie jeszcze raz na to..z góry
          dziękuję:)




          Logfile of HijackThis v1.98.2
          Scan saved at 20:44:16, on 2005-04-14
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\SOUNDMAN.EXE
          C:\PROGRA~1\NORTON~1\navapw32.exe
          C:\Program Files\D-Tools\daemon.exe
          D:\MYSZKA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
          C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
          C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
          C:\windows\180ax.exe
          D:\winamp 5\Winamp\winampa.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\ErrorGuard\ErrorGuard.Exe
          C:\Program Files\Hotbar\bin\4.6.1.0\Hbinst.exe
          D:\tlen\tlen.exe
          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          C:\WINDOWS\System32\drivers\CDAC11BA.EXE
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\wuauclt.exe
          F:\Kaś alias Kaźmirz Ryjec\osiołek\eMule\emule.exe
          D:\GADU GADU\Gadu-Gadu\gg.exe
          C:\Program Files\Microsoft Office\Office\WINWORD.EXE
          C:\Documents and Settings\Julia\Pulpit\roboczy\antywiry\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          213.159.117.134/index.php
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          www.couldnotfind.com/search_page.html?&account_id=136299
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          www.couldnotfind.com/search_page.html?&account_id=136299
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.interia.pl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          213.159.117.134/index.php
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          www.searchforit.com/searchbar
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          www.searchforit.com/searchbar
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          213.159.117.134/index.php
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          www.couldnotfind.com/search_page.html?&account_id=136299
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          www.searchforit.com/searchbar
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          www.searchforit.com/searchbar
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          213.159.117.134/index.php
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
          213.159.117.134/index.php
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          213.159.117.134/index.php
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
          R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
          C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
          O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
          C:\WINDOWS\nem220.dll (file missing)
          O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
          C:\WINDOWS\localNRD.dll (file missing)
          O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
          O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
          Files\MyWay\myBar\1.bin\MYBAR.DLL
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} -
          C:\WINDOWS\System32\replaceSearch.dll
          O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
          C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
          O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program
          Files\SideFind\sfbho.dll (file missing)
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
          F:\PROGRA~1\FLASHGET\jccatch.dll
          O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
          Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
          Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
          C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
          Files\MyWay\myBar\1.bin\MYBAR.DLL
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
          Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
          O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} -
          C:\WINDOWS\System32\SYSsfitb.dll
          O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program
          Files\ISTbar\istbar.dll (file missing)
          O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
          F:\PROGRA~1\FLASHGET\fgiebar.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
          O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
          -lang 1033
          O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
          Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
          O4 - HKLM\..\Run: [EM_EXEC] D:\MYSZKA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
          Files\Java\j2re1.4.2_05\bin\jusched.exe
          O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
          Networking.exe /AUTOSTART
          O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
          O4 - HKLM\..\Run: [wvijub] C:\WINDOWS\wvijub.exe
          O4 - HKLM\..\Run: [rxrdgzf] C:\WINDOWS\System32\nnlwwtgq.exe
          O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
          O4 - HKLM\..\Run: [WeatherOnTray] C:\Program
          Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
          O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
          O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
          AdControl\WinAdCtl.exe
          O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
          O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
          O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
          Optimizer\optimize.exe"
          O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
          O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
          Network\bin\bargains.exe
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
          Shared\Security Center
          • neder Re: tym razem cały log... 15.04.05, 10:40
            jest za długi - nie zmieścił się znowu...:( doklej resztę.
            • Gość: kasia log c.d. IP: *.local.pl / *.internetdsl.tpnet.pl 15.04.05, 15:14
              doklejam reszte...prosze pomożcie!

              O4 - HKLM\..\Run: [WinampAgent] D:\winamp 5\Winamp\winampa.exe
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
              Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
              -atboottime
              O4 - HKLM\..\Run: [autoclk] autoclk.exe
              O4 - HKLM\..\Run: [adiras] adiras.exe
              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
              O4 - HKLM\..\Run: [kjahkr] C:\WINDOWS\kjahkr.exe
              O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
              O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.6.1.0\Hbinst.exe /Upgrade
              O4 - HKCU\..\Run: [Komunikator] D:\tlen\tlen.exe
              O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
              O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
              O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
              O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GADU GADU\Gadu-Gadu\gg.exe" /tray
              O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
              800-840\dslmon.exe
              O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - F:\Program
              Files\FlashGet\jc_link.htm
              O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
              F:\Program Files\FlashGet\jc_all.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\WINDOWS\System32\msjava.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console -
              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
              O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
              C:\Program Files\SideFind\sidefind.dll (file missing)
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              C:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links -
              {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
              O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
              F:\PROGRA~1\FLASHGET\flashget.exe
              O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
              - F:\PROGRA~1\FLASHGET\flashget.exe
              O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
              O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O15 - Trusted Zone: *.blazefind.com
              O15 - Trusted Zone: *.clickspring.net
              O15 - Trusted Zone: *.crazywinnings.com
              O15 - Trusted Zone: *.flingstone.com
              O15 - Trusted Zone: *.mt-download.com
              O15 - Trusted Zone: *.my-internet.info
              O15 - Trusted Zone: *.searchbarcash.com
              O15 - Trusted Zone: *.searchmiracle.com
              O15 - Trusted Zone: *.skoobidoo.com
              O15 - Trusted Zone: *.slotch.com
              O15 - Trusted Zone: *.topconverting.com
              O15 - Trusted Zone: *.windupdates.com
              O15 - Trusted Zone: *.xxxtoolbar.com
              O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
              www.thepaymentcentre.com/build/vbiewer.cab
              O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
              public.windupdates.com/get_file.php?bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781
              O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
              O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
              www.errorguard.com/installation/Install.cab
              O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
              www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
              O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
              static.topconverting.com/activex/loader2.ocx
              O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
              217.173.193.218/activex/AxisCamControl.cab
              O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} -
              www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
              O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
              skaner.mks.com.pl/SkanerOnline.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{7B10BF21-EA31-44BD-98EE-45D1F5B800E8}:
              NameServer = 194.204.152.34,194.204.159.1
              O17 - HKLM\System\CCS\Services\Tcpip\..\{F46C78F5-82F1-47FA-B217-A56B796A8C2C}:
              NameServer = 194.204.152.34 217.98.63.164
              • neder Re: log c.d. 15.04.05, 16:01
                Start do trybu awaryjnego (za www.searchengines.pl/phpbb203/index.php?
                showtopic=12510#5 )

                Jak zastartować do trybu awaryjnego?

                Są dwie metody:

                1. Przez klawisz F8 (lub F5):

                W momencie kiedy komputer się resetuje i ma jeszcze czarny ekran klikamy
                nieustannie i bardzo szybko w klawisz F8. Na starszych kompach ta metoda może
                się nie sprawdzić gdyż klawisz F8 może być wyłączony lub może być przypisany
                inny. Np. jeśli komuś po kliknięciu w F8 wyskoczy wybór urządzenia bootującego
                to znaczy, że u niego klawiszem dzięki, któremu przechodzi się w tryb awaryjny
                prawdopodobnie jest F5. Problem z metodą F8 polega na strzelaniu w ten klawisz
                WE WŁAŚCIWYM MOMENCIE: na czarnym ekranie ale nie za wcześnie (inaczej wystąpi
                błąd klawiatury) i nie za późno (inaczej załaduje się Windows w trybie
                Normalnym).

                2. Przez narzędzie systemowe MSCONFIG.
                Start >>> Uruchom >>> msconfig >>> w zakładce BOOT.INI zaznacz /SAFEBOOT
                (potem, żeby uruchomić komputer w trybie normalnym musisz tę opcję odznaczyć)

                Robisz teraz to co napisałam ci już wcześniej, bo wygląda na to, że tego nie
                zrobiłaś, a więc:
                ręcznie usuwasz:
                1. poprzez dodaj/usuń programy
                - Windows Ad Tools
                - ISTbar
                - Windows Syncro Ad
                - Windows Ad Control
                - Internet Optimizer
                - BullsEyeNetwork
                - DR_S
                - SideFind\
                - MyWay
                - P2P Networking
                - ErrorGuard\
                - Hotbary - wszystkie + wszystkie SearchBar i searchAssistant
                jeśli któregoś z tych programów tam nie będzie - zapisz których i podaj potem
                tutaj, sprawdź je jeszcze w folderze Program Files (upewnij się, że masz
                włączoną opcję pokazywania ukrytych folderów - Narzedzia> opcje folderów> widok)

                Z folderu Windows usuwasz:
                - wvijub.exe
                - conscorr.exe
                - 180ax.exe
                - kjahkr.exe
                - SYSsfit.exe


                Z folderu Windows/ System32 usuwasz:
                - SYSsfitb.dll
                - replaceSearch.dll
                - nnlwwtgq.exe
                - systime.exe

                Uruchamiasz HijackThis, wybierasz "do a system scan only" i zaznaczasz
                (haczykiem po lewej stronie)
                > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                > 213.159.117.134/index.php
                > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                > www.couldnotfind.com/search_page.html?&account_id=136299
                > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
                > www.couldnotfind.com/search_page.html?&account_id=136299
                > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                > 213.159.117.134/index.php
                > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                > www.searchforit.com/searchbar
                > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
                > www.searchforit.com/searchbar
                > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                > 213.159.117.134/index.php
                > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                > www.couldnotfind.com/search_page.html?&account_id=136299
                > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                > www.searchforit.com/searchbar
                > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                > www.searchforit.com/searchbar
                > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                > 213.159.117.134/index.php
                > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
                > 213.159.117.134/index.php
                > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                > 213.159.117.134/index.php
                > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
                > file)
                > O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
                > C:\WINDOWS\nem220.dll (file missing)
                > O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
                > C:\WINDOWS\localNRD.dll (file missing)
                > O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no
                file
                > )
                > O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
                > Files\MyWay\myBar\1.bin\MYBAR.DLL
                > O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
                > Files\Hotbar\bin\4.5.3.0\HbHostIE.dll
                > O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} -
                > C:\WINDOWS\System32\SYSsfitb.dll
                > O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program
                > Files\ISTbar\istbar.dll (file missing)
                > O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
                > Networking.exe /AUTOSTART
                > O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
                > SyncroAd\SyncroAd.exe
                > O4 - HKLM\..\Run: [wvijub] C:\WINDOWS\wvijub.exe
                > O4 - HKLM\..\Run: [rxrdgzf] C:\WINDOWS\System32\nnlwwtgq.exe
                > O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
                > O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows
                > AdTools\WinAdTools.exe
                > O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
                > AdControl\WinAdCtl.exe
                > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
                > O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
                > O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
                > Optimizer\optimize.exe"
                > O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
                > O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
                > Network\bin\bargains.exe
                > O4 - HKLM\..\Run: [autoclk] autoclk.exe
                > O4 - HKLM\..\Run: [adiras] adiras.exe
                > O4 - HKLM\..\Run: [kjahkr] C:\WINDOWS\kjahkr.exe
                > O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
                > O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.6.1.0
                \Hbinst.exe /Upgr
                > ade
                > O4 - HKCU\..\Run: [SYSsfit] C:\WINDOWS\SYSsfit.exe
                > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
                > O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
                > C:\Program Files\SideFind\sidefind.dll (file missing)
                > O15 - Trusted Zone: *.blazefind.com
                > O15 - Trusted Zone: *.clickspring.net
                > O15 - Trusted Zone: *.crazywinnings.com
                > O15 - Trusted Zone: *.flingstone.com
                > O15 - Trusted Zone: *.mt-download.com
                > O15 - Trusted Zone: *.my-internet.info
                > O15 - Trusted Zone: *.searchbarcash.com
                > O15 - Trusted Zone: *.searchmiracle.com
                > O15 - Trusted Zone: *.skoobidoo.com
                > O15 - Trusted Zone: *.slotch.com
                > O15 - Trusted Zone: *.topconverting.com
                > O15 - Trusted Zone: *.windupdates.com
                > O15 - Trusted Zone: *.xxxtoolbar.com
                > O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
                > www.thepaymentcentre.com/build/vbiewer.cab
                > O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
                > www.errorguard.com/installation/Install.cab
                > O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
                > www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
                > O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} -
                > www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab

                Wybierasz FixChecked

                Restart i wklejasz nowego loga.







                • neder znowu;/ 15.04.05, 16:02
                  znowu wwaliłam Ci to
                  > O4 - HKLM\..\Run: [adiras] adiras.exe -> tego wpisu nie usuwasz w HJ

                  sorry:)
Pełna wersja