Kto mi sprawdzi loga?
Logfile of HijackThis v1.99.1
Scan saved at 13:38:43, on 2005–06–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Program Files\Common Files\CMEII\CMESys.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\GMT\GMT.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\rundll32.exe
D:\Documents and Settings\dorota i iwona\Pulpit\Tlen.pl\tlen.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Registry Cleaner Trial\RegClean.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
D:\Program Files\Kazaa\Kazaa.exe
C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\Rar$EX00.625\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 – REG:win.ini: run=hpfsched
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: Need2Find Bar BHO – {4D1C4E81–A32A–416b–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 – BHO: (no name) – {66196E5D–8783–422E–83E4–AA47F1A07F20} – D:\WINDOWS\System32\aioc.dll
O2 – BHO: Starware – {CA356D79–679B–4b4c–8E49–5AF97014F4C1} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – D:\WINDOWS\System32\msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Need2Find Bar – {4D1C4E89–A32A–416B–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 – Toolbar: Starware – {D49E9D35–254C–4c6a–9D17–95018D228FF5} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O3 – Toolbar: RX Toolbar – {25D8BACF–3DE2–4B48–AE22–D659B8D835B0} – D:\Program Files\RXToolBar\RXToolBar.dll
O4 – HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe –s
O4 – HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [sp] rundll32 D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunOnce: [BullguardoptIn] D:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 – Startup: OpenOffice.org 1.1.4.lnk = D:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 – Global Startup: Action Manager 32.lnk = D:\Program Files\ScannerU\AM32.exe
O4 – Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 – Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 – Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 – DPF: {88D758A3–D33B–45FD–91E3–67749B4057FA} (Sinstaller Class) – http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 – Filter: text/html – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
O18 – Filter: text/plain – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Firebird Guardian – DefaultInstance (FirebirdGuardianDefaultInstance) – The Firebird Project – D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 – Service: Firebird Server – DefaultInstance (FirebirdServerDefaultInstance) – The Firebird Project – D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
Scan saved at 13:38:43, on 2005–06–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Program Files\Common Files\CMEII\CMESys.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\GMT\GMT.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\rundll32.exe
D:\Documents and Settings\dorota i iwona\Pulpit\Tlen.pl\tlen.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Registry Cleaner Trial\RegClean.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
D:\Program Files\Kazaa\Kazaa.exe
C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\Rar$EX00.625\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F3 – REG:win.ini: run=hpfsched
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: Need2Find Bar BHO – {4D1C4E81–A32A–416b–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 – BHO: (no name) – {66196E5D–8783–422E–83E4–AA47F1A07F20} – D:\WINDOWS\System32\aioc.dll
O2 – BHO: Starware – {CA356D79–679B–4b4c–8E49–5AF97014F4C1} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – D:\WINDOWS\System32\msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Need2Find Bar – {4D1C4E89–A32A–416B–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 – Toolbar: Starware – {D49E9D35–254C–4c6a–9D17–95018D228FF5} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O3 – Toolbar: RX Toolbar – {25D8BACF–3DE2–4B48–AE22–D659B8D835B0} – D:\Program Files\RXToolBar\RXToolBar.dll
O4 – HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe –s
O4 – HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [sp] rundll32 D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunOnce: [BullguardoptIn] D:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 – Startup: OpenOffice.org 1.1.4.lnk = D:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 – Global Startup: Action Manager 32.lnk = D:\Program Files\ScannerU\AM32.exe
O4 – Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 – Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 – Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O12 – Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 – DPF: {88D758A3–D33B–45FD–91E3–67749B4057FA} (Sinstaller Class) – http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 – Filter: text/html – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
O18 – Filter: text/plain – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Firebird Guardian – DefaultInstance (FirebirdGuardianDefaultInstance) – The Firebird Project – D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 – Service: Firebird Server – DefaultInstance (FirebirdServerDefaultInstance) – The Firebird Project – D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
Odpowiedzi: 1
Wyłącz przywracanie systemu wg TEGO opisu
Zakoncz procesy:
P2P Networking.exe
CMESys.exe
mwsoemon.exe
GMT.exe
asm.exe
bargains.exe
Points Manager.exe
adm4005.exe
Sciagnij usuwacza sp.dll i uruchom
http://forum.centrumxp.pl/viewtopic.php?t=33138
FIX oraz usun z dysku wyboldowane pliki/katalogi:
Oproznij doszczetnie wszystki Tempy.
Za te wszystkie niespodzianki podziekuj Kazie, która w zamian oczywiscie wywalasz chociaź lepiej by było jakbys tego dziadostwa w ogóle nie instalował.
Zakoncz procesy:
P2P Networking.exe
CMESys.exe
mwsoemon.exe
GMT.exe
asm.exe
bargains.exe
Points Manager.exe
adm4005.exe
Sciagnij usuwacza sp.dll i uruchom
http://forum.centrumxp.pl/viewtopic.php?t=33138
FIX oraz usun z dysku wyboldowane pliki/katalogi:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 – URLSearchHook: (no name) – _{00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
Recznie usuń ciąg _{00A6FAF6–072E–44cf–8957–5838F569A31D} w rejestrze w kluczu HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – D:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: Need2Find Bar BHO – {4D1C4E81–A32A–416b–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 – BHO: (no name) – {66196E5D–8783–422E–83E4–AA47F1A07F20} – D:\WINDOWS\System32\aioc.dll
O2 – BHO: Starware – {CA356D79–679B–4b4c–8E49–5AF97014F4C1} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – D:\WINDOWS\System32\msbe.dll
O3 – Toolbar: Need2Find Bar – {4D1C4E89–A32A–416B–BCDB–33B3EF3617D3} – D:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 – Toolbar: Starware – {D49E9D35–254C–4c6a–9D17–95018D228FF5} – D:\Program Files\Starware\bin\Starware.dll (file missing)
O3 – Toolbar: RX Toolbar – {25D8BACF–3DE2–4B48–AE22–D659B8D835B0} – D:\Program Files\RXToolBar\RXToolBar.dll
O4 – HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe –s
O4 – HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] D:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [sp] rundll32 D:\DOCUME~1\DOROTA~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\RunOnce: [BullguardoptIn] D:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 – Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 – Global Startup: MyWebSearch Email Plugin.lnk = D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 – DPF: {88D758A3–D33B–45FD–91E3–67749B4057FA} (Sinstaller Class) – http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O18 – Filter: text/html – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
O18 – Filter: text/plain – {4B489322–664B–48EA–8674–A50081292E78} – D:\WINDOWS\System32\aioc.dll
Oproznij doszczetnie wszystki Tempy.
Za te wszystkie niespodzianki podziekuj Kazie, która w zamian oczywiscie wywalasz chociaź lepiej by było jakbys tego dziadostwa w ogóle nie instalował.
Strona 1 / 1