EL NINO:

Wieksi upierliwcy byli i tez nie wkurzyli...

Jansowic, kurna :wink:
Masz cierpliwość EL :wink:

corning:

Dzięki wielkie za pomoc i mam nadzieję, źe swoją upierdliowścią nie wkurzyłem co niektórch adminów :wink:

Ni ma za co. Wieksi upierliwcy byli i tez nie wkurzyli :wink: .

EL NINO:

...na stronie macierzystej begin2search mozna znalezc rowniez uninstalera – http://www.begin2search.com/toolbar–d.html

i to właśnie pomogło mi rozwiązać problem (chyba), nigdy w źyciu nie wpadłbym na to, źe dostawca syfu rozdaje antidotum :?



Dzięki wielkie za pomoc i mam nadzieję, źe swoją upierdliowścią nie wkurzyłem co niektórch adminów :wink:


Pozdrawiam

Nie ogladalem zalacznika, bo ...nie sciagam .doc

W necie mozna znalezc w ciagu kilku chwil miedzy innymi takie rozwiazania:
– usunac z rejestru
HKEY_CLASSES_ROOTclsid{52fe5233–367c–4efb–bdd7–0be4d212c107}
HKEY_LOCAL_MACHINEsoftwaremicrosoftinternet explorer oolbar{52fe5233–367c–4efb–bdd7–0be4d212c107}

W innym miejscu pisza o usunieciu:
– plikow z dysku jesli sa takie
winb2s33.dll
winb2s32.dll
AdPop.dll
winb2s32.dll
II22.exe
killinternetpops.ico
kill all spyware2123.ico
ke612.ico
download–music–now.ico
creditcard12.ico
kxp312.ico
creditcard12.lnk
download–music–now.lnk
ke612.lnk
kill all spyware2123.lnk
kxp312.lnk
Install.cab
Install.cab

– oraz z rejstru
winb2s.omoc.1
winb2s.omoc
winb2s.cmod.1
winb2s.cmod
winb2s.amo.1
winb2s.amo
winb2s.ohb.1
winb2s.ohb
winb2s.momo.1
winb2s.momo
winb2s.iiittt.1
winb2s.iiittt
winb2s.dbi.1
winb2s.dbi
{52FE5233–367C–4EFB–BDD7–0BE4D212C107}
{07E9CDF4–20D2–46B1–B681–663968F527CE}
{7C5E5671–7A1D–4AE8–91F0–496ADF2825F7}
{4D568F0F–8AC9–40AB–88B7–415134C78777}
{09C14745–90FD–42D1–9276–4924D7DBC274}
{A8BB1898–24FA–4957–A12D–015A1A45E65C}
{BC622BEB–F0CD–4A14–B134–6B4CE442DAB1}
{081DE2F6–927B–4AA9–88C1–F531C9387383}
winb2s.omoc.1
winb2s.omoc
winb2s.cmod.1
winb2s.cmod
winb2s.amo.1
winb2s.amo
winb2s.ohb.1
winb2s.ohb
winb2s.momo.1
winb2s.momo
winb2s.iiittt.1
winb2s.iiittt
winb2s.dbi.1
winb2s.dbi
{52FE5233–367C–4EFB–BDD7–0BE4D212C107}
{07E9CDF4–20D2–46B1–B681–663968F527CE}
{7C5E5671–7A1D–4AE8–91F0–496ADF2825F7}
{4D568F0F–8AC9–40AB–88B7–415134C78777}
{09C14745–90FD–42D1–9276–4924D7DBC274}
{A8BB1898–24FA–4957–A12D–015A1A45E65C}
{BC622BEB–F0CD–4A14–B134–6B4CE442DAB1}
{081DE2F6–927B–4AA9–88C1–F531C9387383}
{4D568F0F–8AC9–40AB–88B7–415134C78777}
%systemdir%winb2s32.dll
Ad Pop
{07E9CDF4–20D2–46B1–B681–663968F527CE}
{FE1A240F–B247–4E06–A600–30E28F5AF3A0}

Ponadto na stronie macierzystej begin2search mozna znalezc rowniez uninstalera – http://www.begin2search.com/toolbar–d.html

1. Mimo źe usuwam z rejestru wszystkie powiązania z begin2search.com to i tak po restarcie pojawiają się ponownie.

2. Za kaźdym restarcie pojawia się taki wpis z SPYBOTAa (patrz rys.)

3. Jako ciekawostka, chciałem zainstalować toolbar z Netsprinta (wg mnie bardzo dobrze blokuje okienka pop)to "coś" go blokuje ? W momencie gdy ma się zainstalowąć informuje o zamknięciu siec Web.

Podsumowując:
Spybot i Adware nie widzą szpiegów, pozbyłem się toolbara begin2serch z przegladarki IE (bynajmniej wizualnie), ale to świństwo nadal siedzi w rejestrze, i nie mam zielonego pojęcia co je tak cholernie broni ?

Pozdrawiam i liczę na wyrozumiałość.
Norbert

Nie usuwaj
O4 – HKLM..Run: [nwiz] nwiz.exe /install

Wyszukaj jeszcze w rejestrze jakiekolwiek odwolania do wymienionych przez Ciebie plikow jak i begin2search.com
Zerknij do msconfig.
Pozbadz sie rowniez related.htm

witam ponownie !

Wpadam w szał (komp.praca)

Ale pokolei, Log wygląda następująco:


Logfile of HijackThis v1.98.2
Scan saved at 09:14:05, on 04–09–21
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSRTVSCN95.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSDEFWATCH.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSVPTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:PROGRAM FILESSPYBOT – SEARCH & DESTROYTEATIMER.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:NARZęDZIAHIJACKHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.begin2search.com/googlesidesearch.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.deitermann.pl/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 6.0 CEREADERACTIVEXACROIEHELPER.DLL
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:PROGRA~1FLASHFXPIEFLASH.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHELPER.DLL
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – (no file)
O2 – BHO: (no name) – {4D568F0F–8AC9–40AB–88B7–415134C78777} – (no file)
O3 – Toolbar: Begin2Search.com Bar – {52FE5233–367C–4EFB–BDD7–0BE4D212C107} – C:WINDOWSSYSTEMWINB2S32.DLL (file missing)
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [mdac_runonce] C:WINDOWSSYSTEM unonce.exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [jbohfbhips] C:WINDOWSSYSTEMqioldaja.exe
O4 – HKLM..Run: [CONSCORR] C:WINDOWSCONSCORR.exe
O4 – HKLM..Run: [Welcome] C:WINDOWSwelcome.exe
O4 – HKLM..RunServices: [rtvscn95] C:PROGRA~1SYMANT~1SYMANT~1 tvscn95.exe
O4 – HKLM..RunServices: [defwatch] C:PROGRA~1SYMANT~1SYMANT~1defwatch.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [TClockEx] C:PROGRAM FILESTCLOCKEXTCLOCKEX.EXE
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU..Run: [SpybotSD TeaTimer] C:PROGRAM FILESSPYBOT – SEARCH & DESTROYTeaTimer.exe
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download with Star Downloader – C:PROGRAM FILESSTAR DOWNLOADERsdie.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: START_PAGE_URL=http://www.idg.pl
O15 – Trusted Zone: http://*.crm–deitermann
O15 – Trusted Zone: http://crm.deitermann.pl


i mimo źe to fix–uje:

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.begin2search.com/googlesidesearch.html
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – (no file)
O2 – BHO: (no name) – {4D568F0F–8AC9–40AB–88B7–415134C78777} – (no file)
O3 – Toolbar: Begin2Search.com Bar – {52FE5233–367C–4EFB–BDD7–0BE4D212C107} – C:WINDOWSSYSTEMWINB2S32.DLL (file missing
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [jbohfbhips] C:WINDOWSSYSTEMqioldaja.exe
O4 – HKLM..Run: [CONSCORR] C:WINDOWSCONSCORR.exe
O4 – HKLM..Run: [Welcome] C:WINDOWSwelcome.exe

a następnie próbuję znaleść w celu usunięcia pilków (przy czym przy pierwszym fiksowaniu usunęłem te pliki):
conscorr
qioldaja
winb2s32
i bez skutku.

Mimo źe w/w plików "nie ma" po kaźdym restarcie SPYBOT wyświetla informacje, źe to cholerstwo chce się załadować.

W którym momencie robię błąd, co powinienem zmienić(usunąć).

Nawet zrobiłem juź ponownie setupcore z Win98, ale to nie przyniosło skutków.


Pozdrawiam i proszę o pomoc.

Norbert

Zobacz czy tego toolbar`a nie ma w Dodaj/usuń programy oraz w X:WINDOWSDownloaded Program Files.
Spybot – S&D nie sklasyfikował go bo nie stanowi zagroźenia.

"crm" program firmowy

Pozbadz sie z loga i dysku WINB2S32.DLL
Co za kontrolki sciagales z http://crm.deitermann.pl ?

po przeskanowaniu SPYPOTem wyświetlił się komunikat:

"Gratulacje, nie ma szpiega" dziwne ?!? co on nie widzi tego cholernego toolbaru ?? :(

System prawie wyczyszczony, tylko nie umiem poradzić sobie z usunięciem toolbaru (patrz załącznik)

fix wygląda następująco:
Logfile of HijackThis v1.98.2
Scan saved at 15:29:01, on 04–09–17
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSRTVSCN95.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSDEFWATCH.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSVPTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:NARZęDZIAHIJACKHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.begin2search.com/googlesidesearch.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.deitermann.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – C:PROGRA~1STARDO~1SDIEINT.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 6.0 CEREADERACTIVEXACROIEHELPER.DLL
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:PROGRA~1FLASHFXPIEFLASH.DLL
O2 – BHO: ohb Class – {4D568F0F–8AC9–40AB–88B7–415134C78777} – C:WINDOWSSYSTEMWINB2S32.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Begin2Search.com Bar – {52FE5233–367C–4EFB–BDD7–0BE4D212C107} – C:WINDOWSSYSTEMWINB2S32.DLL
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [mdac_runonce] C:WINDOWSSYSTEM unonce.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [rtvscn95] C:PROGRA~1SYMANT~1SYMANT~1 tvscn95.exe
O4 – HKLM..RunServices: [defwatch] C:PROGRA~1SYMANT~1SYMANT~1defwatch.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [TClockEx] C:PROGRAM FILESTCLOCKEXTCLOCKEX.EXE
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download with Star Downloader – C:PROGRAM FILESSTAR DOWNLOADERsdie.htm
O15 – Trusted Zone: http://*.crm–deitermann
O15 – Trusted Zone: http://crm.deitermann.pl
O16 – DPF: {F37F9B3B–F573–46E1–950B–DAEA4EFF3137} (TetaMNU Control) – file://E:Instalka KontrolekCommonFilesKontrolkiTETA_TOOLBAR.CAB
O16 – DPF: {37F025E7–2BD0–46EF–AFEB–9943DD449473} (TetaMenuNT.MenuNT) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MENU.CAB
O16 – DPF: {30017305–8196–4839–B134–6E999E6DD298} (TETA_Zakladki_new.TabStrip) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_ZKL_new.CAB
O16 – DPF: {02DFC51A–A414–4454–9B45–1F30E018746A} (ActiveXCtrl.TETAChart) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETAChart.cab
O16 – DPF: {48E59293–9880–11CF–9754–00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/SaveAs.CAB
O16 – DPF: {7F68A2DA–CEA3–4AC3–897C–FA0FE6F2E5F1} (RSPLUS Control) – http://crm.deitermann.pl/teta_crm/crm/_ScriptLibrary/RSPLUS.cab
O16 – DPF: {1E1221D4–4181–45A6–BAAE–F55B4BD5DDB5} (Project1.Ipaq) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/IPAQ.cab
O16 – DPF: {1F0A4BFB–735B–4791–825E–9F3E0B81BFBA} (Project1.TetaCommonDialog) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaCommonDlg.CAB
O16 – DPF: {F59AF8C4–BA71–41C0–9A57–7324DAE8BEB7} (TetaComm.Comm) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaComm.CAB
O16 – DPF: {948B12F5–96A8–496C–93DE–00BCB9EFDFE1} (MailClient.MailClientControl) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MailClient.cab
O16 – DPF: {0E1C7634–644E–4BA9–8261–BEB5D090A7D0} (TetaCombo.FlatCombo) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_main_objects.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab


Pozdrawiam Norbert

Witam ponownie i dziękuję za pomoc, ale jeszcze jakieś dziadostwo siedzi w rejestrze, i samo fix–owanie nie pomaga. Proszę o anlizę:
Logfile of HijackThis v1.98.2
Scan saved at 09:01:15, on 04–09–17
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSRTVSCN95.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSDEFWATCH.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSVPTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:NARZęDZIAHIJACKHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.begin2search.com/googlesidesearch.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.deitermann.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – C:PROGRA~1STARDO~1SDIEINT.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 6.0 CEREADERACTIVEXACROIEHELPER.DLL
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:PROGRA~1FLASHFXPIEFLASH.DLL
O2 – BHO: ohb – {4D568F0F–8AC9–40AB–88B7–415134C78777} – C:WINDOWSSYSTEMWINB2S32.DLL
O2 – BHO: MxTargetObj Class – {0000607D–D204–42C7–8E46–216055BF9918} – C:WINDOWSMXTARGET.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHELPER.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Begin2Search.com Bar – {52FE5233–367C–4EFB–BDD7–0BE4D212C107} – C:WINDOWSSYSTEMWINB2S32.DLL
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [mdac_runonce] C:WINDOWSSYSTEM unonce.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [rtvscn95] C:PROGRA~1SYMANT~1SYMANT~1 tvscn95.exe
O4 – HKLM..RunServices: [defwatch] C:PROGRA~1SYMANT~1SYMANT~1defwatch.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [TClockEx] C:PROGRAM FILESTCLOCKEXTCLOCKEX.EXE
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download with Star Downloader – C:PROGRAM FILESSTAR DOWNLOADERsdie.htm
O15 – Trusted Zone: http://*.crm–deitermann
O15 – Trusted Zone: http://crm.deitermann.pl
O16 – DPF: {F37F9B3B–F573–46E1–950B–DAEA4EFF3137} (TetaMNU Control) – file://E:Instalka KontrolekCommonFilesKontrolkiTETA_TOOLBAR.CAB
O16 – DPF: {37F025E7–2BD0–46EF–AFEB–9943DD449473} (TetaMenuNT.MenuNT) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MENU.CAB
O16 – DPF: {30017305–8196–4839–B134–6E999E6DD298} (TETA_Zakladki_new.TabStrip) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_ZKL_new.CAB
O16 – DPF: {02DFC51A–A414–4454–9B45–1F30E018746A} (ActiveXCtrl.TETAChart) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETAChart.cab
O16 – DPF: {48E59293–9880–11CF–9754–00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/SaveAs.CAB
O16 – DPF: {7F68A2DA–CEA3–4AC3–897C–FA0FE6F2E5F1} (RSPLUS Control) – http://crm.deitermann.pl/teta_crm/crm/_ScriptLibrary/RSPLUS.cab
O16 – DPF: {1E1221D4–4181–45A6–BAAE–F55B4BD5DDB5} (Project1.Ipaq) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/IPAQ.cab
O16 – DPF: {1F0A4BFB–735B–4791–825E–9F3E0B81BFBA} (Project1.TetaCommonDialog) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaCommonDlg.CAB
O16 – DPF: {F59AF8C4–BA71–41C0–9A57–7324DAE8BEB7} (TetaComm.Comm) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaComm.CAB
O16 – DPF: {948B12F5–96A8–496C–93DE–00BCB9EFDFE1} (MailClient.MailClientControl) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MailClient.cab
O16 – DPF: {0E1C7634–644E–4BA9–8261–BEB5D090A7D0} (TetaCombo.FlatCombo) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_main_objects.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab

Pozdrawiam Norbert

Nie zartuje – http://www.soft32.com/download_19014.html

Nie zartuje – http://www.soft32.com/download_19014.html

EL NINO:

wagonus:

CwShredder teź usunąłem

CWSredder to program a miales go sciagnac i przeskanowac nim system :wink: .

Co Ty to piszesz, źartujesz sobie ?? czy co ?? to był tylko taki wpis w rejestrze wiec powiedz....

Uruchom PC w trybie awaryjnym :
Fix :

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:WINDOWSSYSTEMSearchBar.htm
R3 – URLSearchHook: (no name) – {20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – C:WINDOWSTV MEDIATVMBHO.DLL
O2 – BHO: (no name) – {3CA1130C–961C–25E0–8753–60550DA82D4D} – C:WINDOWSSYSTEMNWSNOACK.DLL
O2 – BHO: (no name) – {000020DD–C72E–4113–AF77–DD56626C6C42} – (no file)
O2 – BHO: (no name) – {79C201D0–A248–F5F7–F034–4C8C93E2FA24} – C:WINDOWSRospdvbv.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSYSTEMMSBE.DLL
O2 – BHO: NLS UrlCatcher Class – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSYSTEMNVMS.DLL
O2 – BHO: CB UrlCatcher Class – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSYSTEMMSCB.DLL
O3 – Toolbar: Search – {A481903E–4DB5–7FF1–05A7–756B52B18AC6} – C:WINDOWSRospdvbv.dll
O4 – HKLM..Run: [aqetlgfdwjip] C:WINDOWSSYSTEMqioldaja.exe
O4 – HKLM..Run: [ALCHEM] C:WINDOWSALCHEM.exe
O4 – HKLM..Run: [WebRebates0] "C:PROGRAM FILESWEB_REBATESWebRebates0.exe"
O4 – HKLM..Run: [TV Media] C:WINDOWSTV MEDIATvm.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKCU..Run: [Zxuhe] C:WINDOWSSYSTEMoliuz.exe
O4 – HKCU..Run: [TV Media] C:WINDOWSTV MEDIATvm.exe

Zakończ procesy w Task`u :

OPTIMIZE.EXE
QIOLDAJA.EXE
OLIUZ.EXE
WEBREBATES1.EXE
WEBREBATES0.EXE
ALCHEM.exe
Tvm.exe
bargains.exe
oliuz.exe

Wyszukaj zaznaczając ukryte i usuń :

OPTIMIZE.EXE
QIOLDAJA.EXE
OLIUZ.EXE
WEBREBATES1.EXE
WEBREBATES0.EXE
ALCHEM.exe
Tvm.exe
bargains.exe
oliuz.exe
SearchBar.htm
TVMBHO.DLL
NWSNOACK.DLL
Rospdvbv.dll
MSBE.DLL
NVMS.DLL
MSCB.DLL

Witam !

Podpinam się pod czyjś temat, ale tylko po to aby go nie dublować.

Ogromna prośba po powrocie z urlopu zastałem komputer w opłakanym stanie, uprzejmie proszę o anlizę loga, a wraz z nią doradztwo co usunąć

ogfile of HijackThis v1.98.2
Scan saved at 13:33:46, on 04–09–16
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSRTVSCN95.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSDEFWATCH.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESSYMANTEC_CLIENT_SECURITYSYMANTEC ANTIVIRUSVPTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:WINDOWSSYSTEMQTTASK.EXE
C:PROGRAM FILESINTERNET OPTIMIZEROPTIMIZE.EXE
C:WINDOWSSYSTEMQIOLDAJA.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMOLIUZ.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESWEB_REBATESWEBREBATES1.EXE
C:PROGRAM FILESWEB_REBATESWEBREBATES0.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:NARZęDZIAHIJACKHIJACKTHIS.EXE

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:WINDOWSSYSTEMSearchBar.htm
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.deitermann.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – C:WINDOWSTV MEDIATVMBHO.DLL
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – C:PROGRA~1STARDO~1SDIEINT.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 6.0 CEREADERACTIVEXACROIEHELPER.DLL
O2 – BHO: (no name) – {3CA1130C–961C–25E0–8753–60550DA82D4D} – C:WINDOWSSYSTEMNWSNOACK.DLL
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:PROGRA~1FLASHFXPIEFLASH.DLL
O2 – BHO: (no name) – {000020DD–C72E–4113–AF77–DD56626C6C42} – (no file)
O2 – BHO: (no name) – {79C201D0–A248–F5F7–F034–4C8C93E2FA24} – C:WINDOWSRospdvbv.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSYSTEMMSBE.DLL
O2 – BHO: NLS UrlCatcher Class – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSYSTEMNVMS.DLL
O2 – BHO: CB UrlCatcher Class – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSYSTEMMSCB.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: Search – {A481903E–4DB5–7FF1–05A7–756B52B18AC6} – C:WINDOWSRospdvbv.dll
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [mdac_runonce] C:WINDOWSSYSTEM unonce.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" –atboottime
O4 – HKLM..Run: [aqetlgfdwjip] C:WINDOWSSYSTEMqioldaja.exe
O4 – HKLM..Run: [ALCHEM] C:WINDOWSALCHEM.exe
O4 – HKLM..Run: [WebRebates0] "C:PROGRAM FILESWEB_REBATESWebRebates0.exe"
O4 – HKLM..Run: [TV Media] C:WINDOWSTV MEDIATvm.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM..RunServices: [rtvscn95] C:PROGRA~1SYMANT~1SYMANT~1 tvscn95.exe
O4 – HKLM..RunServices: [defwatch] C:PROGRA~1SYMANT~1SYMANT~1defwatch.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [TClockEx] C:PROGRAM FILESTCLOCKEXTCLOCKEX.EXE
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU..Run: [Zxuhe] C:WINDOWSSYSTEMoliuz.exe
O4 – HKCU..Run: [TV Media] C:WINDOWSTV MEDIATvm.exe
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download with Star Downloader – C:PROGRAM FILESSTAR DOWNLOADERsdie.htm
O15 – Trusted Zone: http://*.crm–deitermann
O15 – Trusted Zone: http://crm.deitermann.pl
O16 – DPF: {F37F9B3B–F573–46E1–950B–DAEA4EFF3137} (TetaMNU Control) – file://E:Instalka KontrolekCommonFilesKontrolkiTETA_TOOLBAR.CAB
O16 – DPF: {37F025E7–2BD0–46EF–AFEB–9943DD449473} (TetaMenuNT.MenuNT) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MENU.CAB
O16 – DPF: {30017305–8196–4839–B134–6E999E6DD298} (TETA_Zakladki_new.TabStrip) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_ZKL_new.CAB
O16 – DPF: {02DFC51A–A414–4454–9B45–1F30E018746A} (ActiveXCtrl.TETAChart) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETAChart.cab
O16 – DPF: {48E59293–9880–11CF–9754–00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/SaveAs.CAB
O16 – DPF: {7F68A2DA–CEA3–4AC3–897C–FA0FE6F2E5F1} (RSPLUS Control) – http://crm.deitermann.pl/teta_crm/crm/_ScriptLibrary/RSPLUS.cab
O16 – DPF: {1E1221D4–4181–45A6–BAAE–F55B4BD5DDB5} (Project1.Ipaq) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/IPAQ.cab
O16 – DPF: {1F0A4BFB–735B–4791–825E–9F3E0B81BFBA} (Project1.TetaCommonDialog) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaCommonDlg.CAB
O16 – DPF: {F59AF8C4–BA71–41C0–9A57–7324DAE8BEB7} (TetaComm.Comm) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TetaComm.CAB
O16 – DPF: {948B12F5–96A8–496C–93DE–00BCB9EFDFE1} (MailClient.MailClientControl) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_MailClient.cab
O16 – DPF: {0E1C7634–644E–4BA9–8261–BEB5D090A7D0} (TetaCombo.FlatCombo) – http://crm.deitermann.pl/teta_crm/CommonFiles/Kontrolki/TETA_main_objects.cab

pozdrawima i dziekuję za wyrozumiałość

wagonus:

CwShredder teź usunąłem

CWSredder to program a miales go sciagnac i przeskanowac nim system :wink: .

EL NINO:

Ivaho:

Ja sie niczego "zlego" nie dopatruje.

Pora do lekarza :wink: .

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3159
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchcentral.cc/index.php?v=4&aff=3159
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file:// C:Program FilesInternet Explorergdxenhtd.exe

Rozejrzyj sie na dysku za plikiem gdxenhtd.exe. Cholera wie co to jest.
+ CwShredder

El Nino miałem plik gdxenhtd.exe oczywiście usunąłem go i wpis w rejestrze CwShredder teź usunąłem dzięki wielki za analizę pozdrawiam :)