cool web search co to jest???!!!
Od paru dni nie mogę zmienić mojej strony startowej http://81.222.131.49/index.php na źadną inną. Poza tym jak wpisuję w google lub na yahoo jakies hasło do wyszukania to pojawia mi sie stos stron zupełnie nie dotyczące tego hasła, musze klikać na szukanie zaawansowane i dopiero wstedy wyszukuje mi się to czego chce. Jak mam się pozbyc tej strony startowej i co zrobić zebym mogla na google szukać normalnie haseł bo moźan normalnie oszaleć.
bardzo proszę o szybką pomoc.
z góry dziękuję. :cry:
bardzo proszę o szybką pomoc.
z góry dziękuję. :cry:
Odpowiedzi: 12
Dziękuje barzo juz wszystko wrociło do normy :lol:
alma18:
WIĘKSZOŚĆ TYCH PLIKOW MAM W FOLDERZE "SYSTEM32" I W "COMMON FILES" TO NIE LEPIEJ BYLOBY USUNĄĆ TE FOLDERY??
Nie krzycz.... (duźe litery oznaczają krzyk)
Oj nie, nie, nie te katalogi zostaw w spokoju.
Usun tylko pojedyncze pliki.
Katalogi ktore mozesz usunać w całosci masz zanaczone
Update: Poczekaj chwile po kliknieciu w wyślij, pewnie kikasz kilka razy i stad piszesz trzy posty pod sabą o tej samej tresci.
WIĘKSZOŚĆ TYCH PLIKOW MAM W FOLDERZE "SYSTEM32" I W "COMMON FILES" TO NIE LEPIEJ BYLOBY USUNĄĆ TE FOLDERY??
Nie krzycz.... (duźe litery oznaczają krzyk)
Oj nie, nie, nie te katalogi zostaw w spokoju.
Usun tylko pojedyncze pliki.
Katalogi ktore mozesz usunać w całosci masz zanaczone
Update: Poczekaj chwile po kliknieciu w wyślij, pewnie kikasz kilka razy i stad piszesz trzy posty pod sabą o tej samej tresci.
WIĘKSZOŚĆ TYCH PLIKOW MAM W FOLDERZE "SYSTEM32" I W "COMMON FILES" TO NIE LEPIEJ BYLOBY USUNĄĆ TE FOLDERY??
gdzie mam szukać tyych plikow??!
No na dysku oczywiscie. Lokalizacje masz w logu.
Pogrubione pozycje usuwasz >> zaznaczasz i Shift + Delete
Zaznacz sobie jeszcze pokazywanie plików systemowych i ukrytych.
TUTAJ masz nawet opis ze screenami, przywracanie rowniez
gdzie mam szukać tyych plikow??!
Wyłacz przywracanie
Uruchom system w trybie awaryjnym
Pozbadz sie wyboldowanych plików/katalogów z dysku:
Gdyby Trusted wracały zastosuj program Kill Trusted
Haxdoor.D:
Wklaep w szukajke na forum "drct16.dll", znajdziesz o nim wiecej informacji
Odpalasz wiersz poleceń (cmd)
Wpisujesz: net stop NeoDLL32
Teraz w Hijacku: Config >> Misc Tools >> Delete an NT service, wpisujesz w okno NeoDLL32
Resetujesz system i pozbywasz sie pliku i wpisu
Tak na koniec to wszystko co masz "zawdzieczasz":
Moze to Cie do zastanowienia zmusi.
Uruchom system w trybie awaryjnym
Pozbadz sie wyboldowanych plików/katalogów z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
O2 – BHO: (no name) – {016235BE–59D4–4CEB–ADD5–E2378282A1D9} – C:\Program Files\CxtPls\cxtpls.dll
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – (no file)
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O3 – Toolbar: ISTbar – {FAA356E4–D317–42a6–AB41–A3021C6E7D52} – C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 – Toolbar: (no name) – {339BB23F–A864–48C0–A59F–29EA915965EC} – (no file)
O4 – HKLM\..\Run: [NeoDLL32] neodll32.exe
O4 – HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xs5j3mT] fintmled.exe
O4 – HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SVCHOST.EXE
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 – HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 – HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 – HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SECURITY.EXE
O4 – HKLM\..\RunServices: [NeoDLL32] neodll32.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 – HKCU\..\Run: [NeoDLL32] neodll32.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\RunOnce: [NeoDLL32] neodll32.exe
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {0C0FE6E8–385C–218E–F1DE–703A3AF47D3F} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {149CC3CF–5051–2FBC–390D–628B38F99388} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c18.cab
O16 – DPF: {217FC3B4–F4C2–6781–C608–519B443B9B3C} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {4CB87A2A–3214–5E0A–D71D–5D0802C15C90} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {5359F35F–8E41–6D6B–0EBF–5FC55590FE59} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {56B1F8A4–8916–2E36–BFFB–0A226DB86114} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {64FF394A–AD02–0B15–929E–45330B4A9414} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {7CA4E8DF–BC71–786B–9E4E–29057E0ABEA6} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
018 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – (no file)
Gdyby Trusted wracały zastosuj program Kill Trusted
Haxdoor.D:
O20 – Winlogon Notify: drct16 – C:\WINDOWS\SYSTEM32\drct16.dll
Wklaep w szukajke na forum "drct16.dll", znajdziesz o nim wiecej informacji
O23 – Service: NeoDLL32 – Unknown owner – C:\WINDOWS\System32\neodll32.exe" –netsvcs (file missing)
Odpalasz wiersz poleceń (cmd)
Wpisujesz: net stop NeoDLL32
Teraz w Hijacku: Config >> Misc Tools >> Delete an NT service, wpisujesz w okno NeoDLL32
Resetujesz system i pozbywasz sie pliku i wpisu
Tak na koniec to wszystko co masz "zawdzieczasz":
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
Moze to Cie do zastanowienia zmusi.
Logfile of HijackThis v1.99.1
Scan saved at 18:37:05, on 2005–05–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=hpfsched
O2 – BHO: (no name) – {016235BE–59D4–4CEB–ADD5–E2378282A1D9} – C:\Program Files\CxtPls\cxtpls.dll
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – (no file)
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: ISTbar – {FAA356E4–D317–42a6–AB41–A3021C6E7D52} – C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 – Toolbar: (no name) – {339BB23F–A864–48C0–A59F–29EA915965EC} – (no file)
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeoDLL32] neodll32.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xs5j3mT] fintmled.exe
O4 – HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SVCHOST.EXE
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 – HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 – HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 – HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SECURITY.EXE
O4 – HKLM\..\RunServices: [NeoDLL32] neodll32.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 – HKCU\..\Run: [NeoDLL32] neodll32.exe
O4 – HKCU\..\Run: [Komunikator] C:\Documents and Settings\Dorota i Iwona\Moje dokumenty\programy\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 – HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 – HKCU\..\RunOnce: [NeoDLL32] neodll32.exe
O4 – Startup: Rainlendar.lnk = C:\Documents and Settings\Ania\Pulpit\Rainlendar.exe
O4 – Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = D:\Programs\MFIndexer.exe
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {0C0FE6E8–385C–218E–F1DE–703A3AF47D3F} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {149CC3CF–5051–2FBC–390D–628B38F99388} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c18.cab
O16 – DPF: {217FC3B4–F4C2–6781–C608–519B443B9B3C} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {3DA5D23B–EFE1–4181–ADB7–7D457567AACA} (TGOnlineCtrl Class) – http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {4CB87A2A–3214–5E0A–D71D–5D0802C15C90} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {5359F35F–8E41–6D6B–0EBF–5FC55590FE59} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {56B1F8A4–8916–2E36–BFFB–0A226DB86114} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {64FF394A–AD02–0B15–929E–45330B4A9414} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {7CA4E8DF–BC71–786B–9E4E–29057E0ABEA6} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – (no file)
O20 – Winlogon Notify: drct16 – C:\WINDOWS\SYSTEM32\drct16.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Firebird Guardian – DefaultInstance (FirebirdGuardianDefaultInstance) – The Firebird Project – C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 – Service: Firebird Server – DefaultInstance (FirebirdServerDefaultInstance) – The Firebird Project – C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 – Service: NeoDLL32 – Unknown owner – C:\WINDOWS\System32\neodll32.exe" –netsvcs (file missing)
Scan saved at 18:37:05, on 2005–05–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=hpfsched
O2 – BHO: (no name) – {016235BE–59D4–4CEB–ADD5–E2378282A1D9} – C:\Program Files\CxtPls\cxtpls.dll
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – (no file)
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: ISTbar – {FAA356E4–D317–42a6–AB41–A3021C6E7D52} – C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 – Toolbar: (no name) – {339BB23F–A864–48C0–A59F–29EA915965EC} – (no file)
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeoDLL32] neodll32.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xs5j3mT] fintmled.exe
O4 – HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SVCHOST.EXE
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 – HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 – HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 – HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{39B15E4D–5174–4610–AE33–5199F25DA46B}\SECURITY.EXE
O4 – HKLM\..\RunServices: [NeoDLL32] neodll32.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 – HKCU\..\Run: [NeoDLL32] neodll32.exe
O4 – HKCU\..\Run: [Komunikator] C:\Documents and Settings\Dorota i Iwona\Moje dokumenty\programy\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 – HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 – HKCU\..\RunOnce: [NeoDLL32] neodll32.exe
O4 – Startup: Rainlendar.lnk = C:\Documents and Settings\Ania\Pulpit\Rainlendar.exe
O4 – Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = D:\Programs\MFIndexer.exe
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {0C0FE6E8–385C–218E–F1DE–703A3AF47D3F} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {149CC3CF–5051–2FBC–390D–628B38F99388} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c18.cab
O16 – DPF: {217FC3B4–F4C2–6781–C608–519B443B9B3C} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {3DA5D23B–EFE1–4181–ADB7–7D457567AACA} (TGOnlineCtrl Class) – http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {4CB87A2A–3214–5E0A–D71D–5D0802C15C90} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {5359F35F–8E41–6D6B–0EBF–5FC55590FE59} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {56B1F8A4–8916–2E36–BFFB–0A226DB86114} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {64FF394A–AD02–0B15–929E–45330B4A9414} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {7CA4E8DF–BC71–786B–9E4E–29057E0ABEA6} – http://69.31.82.26/1/rdgNL10.exe
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – (no file)
O20 – Winlogon Notify: drct16 – C:\WINDOWS\SYSTEM32\drct16.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Firebird Guardian – DefaultInstance (FirebirdGuardianDefaultInstance) – The Firebird Project – C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 – Service: Firebird Server – DefaultInstance (FirebirdServerDefaultInstance) – The Firebird Project – C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 – Service: NeoDLL32 – Unknown owner – C:\WINDOWS\System32\neodll32.exe" –netsvcs (file missing)
http://forum.centrumxp.pl/viewtopic.php?t=15750&highlight=cool+web+search
wklej loga z hijack this.zobacz przyklejony topic
juź to robiłam i pojawił się komunikat ze nie znaleziono cool web search a mimo to dalej to jest
Sciagnij http://cwshredder.net/bin/CWShredder.exe i przeskanuj (przy wylaczonym IE)
Strona 1 / 1