Proszę o sprawdzenie loga


(Moira6) #1

Problem polega na tym, że przy uruchamianiu systemu pojawia się alert, że brakuje pliku ibm00001.exe - przy czym plik ten zarażony był trojanem i rzeczywiście nie ma go już :wink: Wykasowałam też ręcznie wpisy z rejestru wiążące się z tym programem (bodajże sysvcs.exe - nie pamiętam nazwy dokładnie) Niestety nie wiem co jeszcze jest źle...

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe

O8 - Extra context menu item: Download using FlashGet - D:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - D:\PROGRAM FILES\FLASHGET\jc_all.htm

O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O15 - Trusted Zone: http://skaner.mks.com.pl

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Z góry dziękuję za wszelką pomoc :slight_smile:


(Qbek50) #2

to nie jest cały log - wklej też górną część


(Moira6) #3

Sorry, teraz jest już wszystko :slight_smile:

Logfile of HijackThis v1.99.0

Scan saved at 17:10:29, on 05-11-12

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE

D:\PROGRAM FILES\RALINK\RT2500 WIRELESS LAN CARD\INSTALLER\WIN9X\RACONFIG2500.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

D:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

D:\PROGRAM FILES\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe

O8 - Extra context menu item: Download using FlashGet - D:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - D:\PROGRAM FILES\FLASHGET\jc_all.htm

O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O15 - Trusted Zone: http://skaner.mks.com.pl

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Złączono Posta : 12.11.2005 (Sob) 17:22

Aha...zapomniałam jeszcze dodać, że mam jakieś głupie szpiegi, ale tego to tu chyba nie widać i z nimi to pewnie inaczej będę musiała sobie radzić :evil:

Złączono Posta : 12.11.2005 (Sob) 18:20

Ponieważ wciąż wyskakuje mi to samo okienko szukałam pliku imb00001.exe no i go znalazłam poprzez hijack'a (startuplist)


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=explorer.exe ibm00001.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv


Tylko nie wiem co z tym dalej zrobić?? :?

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Kuz5) #4

Po pierwsze wklej loga z najnowszej wersji :arrow: HijackThis 1.99.1


(Moira6) #5
Logfile of HijackThis v1.99.1

Scan saved at 22:36:01, on 05-11-24

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

D:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE

D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

D:\PROGRAM FILES\RALINK\RT2500 WIRELESS LAN CARD\INSTALLER\WIN9X\RACONFIG2500.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

D:\PROGRAM FILES\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe

O8 - Extra context menu item: Download using FlashGet - D:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - D:\PROGRAM FILES\FLASHGET\jc_all.htm

O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O15 - Trusted Zone: http://skaner.mks.com.pl

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4624/mcfscan.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Przesyłam jeszcze raz (tym razem uaktualnionego) loga. Wcześniejsze wirusy już nie istnieją, nadal jednak coś się psuję..Jeśli mogę, proszę rzućcie okiem co się tu może dziać. TIA :slight_smile:


(Gutek) #6

w trybie awaryjnym oczyść z tego pliku kompa

Proszę o LOG z Silent Runners


(Moira6) #7

Melduję, że plik usunięty :wink: A oto rzeczony log (mam nadzieję, że nic nie zepsułam i poprawnie go zrobiłam :P):

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows 98

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]

"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]

"SystemTray" = "SysTray.Exe" [MS]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"avast! Web Scanner" = "D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]

"RemoteControl" = ""D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"Zone Labs Client" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"SpySweeper" = ""D:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}

"SchedulingAgent" = "mstask.exe" [MS]

"avast!" = "D:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

"TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = "IeCatch2 Class" [from CLSID]

-> {CLSID}\InProcServer32(Default) = "D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL" ["Amaze Soft"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {CLSID}\InProcServer32(Default) = "D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"

-> {CLSID}\InProcServer32(Default) = "D:\Program Files\Microsoft Office\Office\soa800.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32(Default) = "D:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {CLSID}\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"

-> {CLSID}\InProcServer32(Default) = "D:\Program Files\Ahead\nero\neroshx.dll" ["Ahead Software AG"]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "D:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {CLSID}\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "D:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {CLSID}\InProcServer32(Default) = "D:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {CLSID}\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

SpySweeper(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {CLSID}\InProcServer32(Default) = "D:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL" ["Webroot Software, Inc."]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"

Startup items in "Startup" & "All Users...Startup" folders:


C:\WINDOWS\Menu Start\Programy\Autostart

"RaConfig2500" -> shortcut to: "D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe -s" ["Ralink Technology, Corp."]

Enabled Scheduled Tasks:


"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1

C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4

C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6

Toolbars, Explorer Bars, Extensions:


Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "D:\PROGRAM FILES\FLASHGET\JETCAR.EXE" ["Amaze Soft"]

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]

Miscellaneous IE Hijack Points


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

XDC6 LanguageMonitor\Driver = "XDC6LNGM.DLL" ["Xerox Corporation "]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 22 seconds, including 2 seconds for message boxes)


(Gutek) #8

no to musisz

  1. AWARYJNY.

  2. Start >>> Uruchom >>> cmd >>> zostawić okno otworzone na wierzchu

  3. Alt+Ctr+Del i zabić explorer.exe

  4. W linii komend cmd wpisać:

DEL C:\WINDOWS\HotbarWP.bmp

A w kluczu:

HKEY_CURRENT_USER\Control Panel\Desktop

Podwójny klik na wartość Wallpaper i usunąć ścieżkę C:\WINDOWS\HotbarWP.bmp


(Moira6) #9

Jest tylko jeden mały problem...ja nie mam takiej ścieżki, więc jak mam ją usunąć? A tapetę mam rzeczywiście ustawioną, ale to jest tapeta programu ACDSee..


(Gutek) #10

C:\WINDOWS\HotbarWP.bmp pewnei masz ukryty ten plik

Opcje folderów >>> Widok

Zaznaczone Pokaż ukryte pliki i foldery + odznaczone Ukryj chronione pliki systemu operacyjnego...