Spyware

[Gość: Zed]

Proszę o sprawdzenie mojego loga z hijackthis. Mam jakiegoś spyware.

Logfile of HijackThis v1.99.1
Scan saved at 18:19:54, on 2005-05-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\CMD32.EXE
C:\PROGRAM FILES\ENERGYPLUGIN\ENERGYPLUGIN.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\STAR DOWNLOADER\STARDOWN.EXE
C:\WINDOWS\DANE APLIKACJI\ACTE.EXE
C:\INPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1
\STARDO~1\SDIEINT.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: ohb Class - {4D568F0F-8AC9-40AB-88B7-415134C78777} -
C:\WINDOWS\SYSTEM\WINB2S32.DLL (file missing)
O2 - BHO: (no name) - {332F9593-DC3A-45FA-9AE5-A72CC6FBD9FE} -
C:\WINDOWS\SYSTEM\OFLFP.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {45F9AEAF-3F40-47B9-3D85-67837ABDFA9F} -
C:\WINDOWS\SYSTEM\DPPA.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} -
C:\WINDOWS\SYSTEM\WINB2S32.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate
Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE run
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe
internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real
Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program
Files\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Dzieńdobry!] C:\PROGRAM FILES\VSD SOFTWARE\DZIEńDOBRY!
\DZIENDOBRY.EXE /auto
O4 - HKCU\..\Run: [Star Downloader Free] C:\PROGRAM FILES\STAR
DOWNLOADER\STARDOWN.EXE
O4 - HKCU\..\Run: [Ancw] C:\WINDOWS\Dane aplikacji\acte.exe
O4 - HKCU\..\Run: [Vkdmwq] \inpp.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM
FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button:

[Gość: Kolobos]

Odwiedz www.windowsupdate.com i sciagnij najnowsza wersje Internet Explorera i
inne poprawki.

Przeskanuj tym:
cwshredder.net/bin/CWShredder.exe

Nie zmiescil sie caly log, a z tego co jest to usun to:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: ohb Class - {4D568F0F-8AC9-40AB-88B7-415134C78777} -
C:\WINDOWS\SYSTEM\WINB2S32.DLL (file missing)
O2 - BHO: (no name) - {332F9593-DC3A-45FA-9AE5-A72CC6FBD9FE} -
C:\WINDOWS\SYSTEM\OFLFP.DLL
O2 - BHO: (no name) - {45F9AEAF-3F40-47B9-3D85-67837ABDFA9F} -
C:\WINDOWS\SYSTEM\DPPA.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL (file missing)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} -
C:\WINDOWS\SYSTEM\WINB2S32.DLL (file missing)
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE run
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe
internat.dll,LoadKeyboardProfile

Tego nie znam ale EnergyPlugin to taki adware, wiec nie wiem czy to tez to samo:
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe
Jak wiesz co to jest to zostaw, jak nie to wywal/odinstaluj.

O4 - HKCU\..\Run: [Ancw] C:\WINDOWS\Dane aplikacji\acte.exe
O4 - HKCU\..\Run: [Vkdmwq] \inpp.exe

I Fix Checked, nastepnie sciagasz:
www.downloads.subratam.org/KillBox.zip
Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
reset odpowiadaj nie i tak zrob z tymi plikami:

C:\INPP.EXE
C:\WINDOWS\Dane aplikacji\acte.exe
C:\WINDOWS\SYSTEM\DPPA.DLL
C:\WINDOWS\SYSTEM\OFLFP.DLL
C:\WINDOWS\SYSTEM\cmd32.exe
C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE

Po wszystkim reset i wklej nowy log z hijackthis.

[Gość: Zed]

Logfile of HijackThis v1.99.1
Scan saved at 18:55:14, on 2005-05-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\STAR DOWNLOADER\STARDOWN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate
Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real
Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Dzieńdobry!] C:\PROGRAM FILES\VSD SOFTWARE\DZIEńDOBRY!
\DZIENDOBRY.EXE /auto
O4 - HKCU\..\Run: [Star Downloader Free] C:\PROGRAM FILES\STAR
DOWNLOADER\STARDOWN.EXE
O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\RunServices: [Dzieńdobry!] C:\PROGRAM FILES\VSD
SOFTWARE\DZIEńDOBRY!\DZIENDOBRY.EXE /auto
O4 - HKCU\..\RunServices: [Star Downloader Free] C:\PROGRAM FILES\STAR
DOWNLOADER\STARDOWN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM
FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=4116
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) -
www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
deposito.hostance.net/dialer/1044446.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
<a href="

[Gość: Kolobos]

No i gdzie masz aktualizacje? Napisalem, zebys zainstalowal!
Log wyglada jeszcze gorzej, do tego znowu sie nie zmiescil...

[Gość: Zed]

[Gość: Kolobos]

Wiec mam rozumiec, ze nie umiesz wejsc na www.windowsupdate.com i sciagnac
aktualizacji do Internet Explorera?
Do tego ciagle log sie nie miesci, a Ty zamiast dokleic to co brakuje to
wklejasz to samo i dalej brakuje konca.
Zainstaluj sobie jave sun'a zamiast MS -> www.java.com
Z tego co widze masz chyba dwa dowlnoad menadzery FlashGet i StarDownloader po
co Ci dwa?

Usun to w hijackthis:

O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=4116
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
akamai.downloadv3.com/binaries/IA/netslv32_EN.cab

I wklej wreszcie caly log, bo tak to sobie mozesz i sto razy wklejac.

Uzyj tez tego:
www.searchengines.pl/phpbb203/index.php?
s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459

[Gość: Zed]

To juz cały a gdy ściągam aktualizacje to pokazuje sie błąd
Logfile of HijackThis v1.99.1
Scan saved at 22:28:13, on 2005-05-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE
C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\STAR DOWNLOADER\STARDOWN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = onet.pl/
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate
Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real
Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Dzieńdobry!] C:\PROGRAM FILES\VSD SOFTWARE\DZIEńDOBRY!
\DZIENDOBRY.EXE /auto
O4 - HKCU\..\Run: [Star Downloader Free] C:\PROGRAM FILES\STAR
DOWNLOADER\STARDOWN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM
FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) -
www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
deposito.hostance.net/dialer/1044446.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c282.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
www.supersfondi.org/generale.exe

[Gość: Kolobos]

Jaki blad?

W hijackthis usun to:

O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
Te dwa sie pewnie nie skasuje w hijackthis.

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) -
www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
deposito.hostance.net/dialer/1044446.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c282.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
www.supersfondi.org/generale.exe