Log win 98

Scan saved at 12:01:57, on 05-04-20

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\SERVICES{E6B00D60-B114-11D9-9CCB-0050FCF2B59C}\SVCHOST.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\REALTEK\RTL8180\RTLWAKE.EXE

C:\PROGRAM FILES\COREL\GRAPHICS9\REGISTER\REMIND32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\NOWY FOLDER\GADU-GADU\GG.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\NOWY FOLDER\MIRC\MIRC.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

C:\WINDOWS\TEMP\RAR$EX00.403\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: (no name) - {50B88B6D-ABA7-11D9-9CCB-0050E975D097} - C:\WINDOWS\SYSTEM\GKND.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [internat.exe] internat.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd

O4 - HKLM…\Run: [CreateCD50] “C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe” -r

O4 - HKLM…\Run: [AdaptecDirectCD] “C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe”

O4 - HKLM…\Run: [service Host] C:\WINDOWS\SYSTEM\Services{E6B00D60-B114-11D9-9CCB-0050FCF2B59C}\SVCHOST.EXE

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\NOWY FOLDER\GADU-GADU\GG.EXE” /tray

O4 - Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe

O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O18 - Filter: text/html - {26C0F760-B12F-11D9-9CCB-0050EF9610D8} - C:\WINDOWS\SYSTEM\GKND.DLL

O18 - Filter: text/plain - {26C0F760-B12F-11D9-9CCB-0050EF9610D8} - C:\WINDOWS\SYSTEM\GKND.DLL

O21 - SSODL: jpKMgqIWXl - {123F12EA-B895-B840-44FF-57F452B58C47} - C:\WINDOWS\SYSTEM\TJDA.DLL

Witam prosilbym o pomoc… ad aware i spybot znajduja rozne swinstwa w stylu TIB czy CWS niby usuwa ale porbme dalej zostaje

Prosilbym o pomoc z gory bardzo dziekuje:D

:roll: wg mnie do usunięcia:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

O4 - HKLM…\Run: [service Host] C:\WINDOWS\SYSTEM\Services{E6B00D60-B114-11D9-9CCB-0050FCF2B59C}\SVCHOST.EXE

Daj potem dla pewności logasa.

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Usuń: (wszystko oczywiście robisz w trybie awaryjnym)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {50B88B6D-ABA7-11D9-9CCB-0050E975D097} - C:\WINDOWS\SYSTEM\ GKND.DLL

O4 - HKLM…\Run: [service Host] C:\WINDOWS\SYSTEM\Services\ {E6B00D60-B114-11D9-9CCB-0050FCF2B59C} \SVCHOST.EXE

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O18 - Filter: text/html - {26C0F760-B12F-11D9-9CCB-0050EF9610D8} - C:\WINDOWS\SYSTEM\GKND.DLL

O18 - Filter: text/plain - {26C0F760-B12F-11D9-9CCB-0050EF9610D8} - C:\WINDOWS\SYSTEM\GKND.DLL

O21 - SSODL: jpKMgqIWXl - {123F12EA-B895-B840-44FF-57F452B58C47} - C:\WINDOWS\SYSTEM\ TJDA.DLL

Pliki na czerwono usuwasz ręcznie z dysku