Do usunięcia w trybie awaryjnym:
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\zoehbs.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\blss\blss.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\t\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=104&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\t\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=104&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: FBarStart Class - {044D9F9F-0EE0-4E9B-B89B-5EBCA0F852CC} - C:\WINDOWS\System32\fsearchbar.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {19C4EA1F-23B1-43C2-9A69-9DA851594EF2} - C:\WINDOWS\System32\ifep.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\System32\WStart.dll
O2 - BHO: inetpaui - {9991567A-389B-2533-5B1B-0B09CE9E6F9B} - C:\WINDOWS\System32\inetpaui.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\System32\wer1316.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Fast Search - {85E517D1-1B6B-4662-AF6E-4B9738091DCC} - C:\WINDOWS\System32\fsearchbar.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O4 - HKLM…\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM…\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM…\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM…\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM…\Run: [tdfxsjlq] C:\WINDOWS\System32\zoehbs.exe
O4 - HKLM…\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM…\Run: [sp] rundll32 C:\DOCUME~1\t\USTAWI~1\Temp\se.dll,DllInstall
O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM…\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKLM…\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU…\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O9 - Extra button: Corel Network monitor worker - {3BC78D7F-7F51-49C8-B72F-D29A0C0312D2} - C:\Documents and Settings\t\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QRJ23D5F\null[1].exe (file missing)
O9 - Extra ‘Tools’ menuitem: Corel Network monitor worker - {3BC78D7F-7F51-49C8-B72F-D29A0C0312D2} - C:\Documents and Settings\t\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QRJ23D5F\null[1].exe (file missing)
O9 - Extra button: Corel Network monitor worker - {3BC78D7F-7F51-49C8-B72F-D29A0C0312D2} - C:\Documents and Settings\t\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QRJ23D5F\null[1].exe (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: Corel Network monitor worker - {3BC78D7F-7F51-49C8-B72F-D29A0C0312D2} - C:\Documents and Settings\t\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QRJ23D5F\null[1].exe (file missing) (HKCU)
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=104&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=104&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=104&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=104&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=104&q=
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares … cracks.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.0.8.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/303756.exe
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O18 - Filter: text/html - {9D43F899-F3DC-4412-A5C9-CD61A7494EDD} - C:\WINDOWS\System32\ifep.dll
O18 - Filter: text/plain - {9D43F899-F3DC-4412-A5C9-CD61A7494EDD} - C:\WINDOWS\System32\ifep.dll
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
Te wpisy usuwasz programem LSPFix
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer