Prosze o sprawdzenie loga

Szopka · 22 Listopad 2005 12:25

Logfile of HijackThis v1.99.1 Scan saved at 12:47:25, on 05-11-22 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\GADU-GADU\GG.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [irMon] IrMon.exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [shell] “C:\WINDOWS\SYSTEM\ibm00001.exe” O4 - HKCU…\Run: [spySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it O16 - DPF: BPHOnl - https://e-bank.bphpbk.pl/bph/portal/sta … BPHOnl.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056307.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab Pomozcie. Dostalam na gg link do zdjecia. Niestety otworzylam. Pojawil sie spyware Sheriff. Avast nie radzi sobie z usunieciem trojana. Informuje mnie o nim i na tym koniec…Co robic?

kuz5 · 22 Listopad 2005 15:00

W Dodaj/Usuń odinstaluj SpySheriff

Usuń: (wszystko oczywiście robisz w trybie awaryjnym )

Folder SpySheriff usuń ręcznie z dysku

Plik ibm00001.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:\WINDOWS\SYSTEM** ibm00001.exe**

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

Dodatkowo POCZYTAJ o usuwaniu fałszywej tapety

Szopka · 22 Listopad 2005 17:20

dziekuje ci kuz5!

Mam jednak dodatkowy problem. Linki jakie mi podajesz u mnie sie nie aktywuja. Otwiera sie okienko ale nie laduje.

Chcialabym uzyc pocket killbox. Czy moglbys mi poslac adres ktory nastepnie skopiowalabym do przegladarki?

Dzieki

Gutek · 22 Listopad 2005 17:48

http://www.downloads.subratam.org/KillBox.zip pobierz

http://www.searchengines.pl/phpbb203/in … t&p=175003 poczytaj

Szopka · 22 Listopad 2005 18:32

Dziekuje. Mam juz pocket killboxa. Poczytalam tez na temat falszywych tapet. Niestety podczas pierwszej proby postapilam nie do konca zgodnie z porada i troche sie namieszalo. Teraz juz naprawde nie wiem jaki plik usunac!? Wciaz pojawia sie komunikat “program wykonal nieprawidlowa operacje i nastapi jego zamkniecie…”

Pomozcie. Przepraszam, ale naprawde staram sie jakos sie z tym uporac a poczatkujacy ze mnie “informatyk” :?

Przesylam log jaki hijack mi pokazuje:

Logfile of HijackThis v1.99.1 Scan saved at 19:26:19, on 05-11-22 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [irMon] IrMon.exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it O16 - DPF: BPHOnl - https://e-bank.bphpbk.pl/bph/portal/sta … BPHOnl.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056307.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

Czy mam wciaz tego spysheriffa? Okropny “facet”!

Gutek · 22 Listopad 2005 18:40

Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked

Daj LOG z Silent Runners

Szopka · 22 Listopad 2005 20:23

usunelam te dwa wskazane przez ciebie wpisy. Chce podac ci log z silent runners nie moge go zaladowac. Wciaz ten sam problem. Prosze o adres, bo link u mnie nie dziala.

Okropnie dziekuje!

Gutek · 22 Listopad 2005 20:29

http://www.silentrunners.org/

Złączono Posta : 22.11.2005 (Wto) 21:30

http://www.silentrunners.org/

a jak będzie jakiś problem zobacz http://www.searchengines.pl/phpbb203/in … opic=15989

Szopka · 22 Listopad 2005 20:58

Niestety. We wszystkich opcjach pojawia sie link, na ktory musze kliknac byc program sie zaladowal. Otwiera mi sie wtedy nowe okno ale nie do konca. uffa…To tez kurcze problem.

Gutek · 22 Listopad 2005 21:13

Ok na m-eila wyślę

Szopka · 22 Listopad 2005 22:11

Dziekuje. Dostalam maila. Przesylam zatem log z silent runners:

“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “IrMon” = “IrMon.exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Exchange” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Windows Messaging\mlshext.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\olkfstub.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL” [“RealNetworks, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] BPS.Spyware.Adware.Remover(Default) = “{7306D133-DBED-4096-84A3-8B98B23F02B4}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BULLETPROOFSOFT.COM\BPS SPYWARE & ADWARE REMOVER\CONTEXTMENU.DLL” [“BulletProofSoft.com”] WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] INFECTION WARNING! “shell=explorer.exe ibm00001.exe” [MS], [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “WTR” -> launches: “C:\PROGRAM FILES\BULLETPROOFSOFT.COM\WINTRACE REMOVER\53DF12C8” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

Złączono Posta : 22.11.2005 (Wto) 23:16

“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “IrMon” = “IrMon.exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Exchange” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Windows Messaging\mlshext.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\olkfstub.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL” [“RealNetworks, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] BPS.Spyware.Adware.Remover(Default) = “{7306D133-DBED-4096-84A3-8B98B23F02B4}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BULLETPROOFSOFT.COM\BPS SPYWARE & ADWARE REMOVER\CONTEXTMENU.DLL” [“BulletProofSoft.com”] WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] INFECTION WARNING! “shell=explorer.exe ibm00001.exe” [MS], [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “WTR” -> launches: “C:\PROGRAM FILES\BULLETPROOFSOFT.COM\WINTRACE REMOVER\53DF12C8” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.fastweb.it [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon\Driver = “usbmon.dll” [MS] hpzs9x07\Driver = “hpzs9x07.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 16 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 44 seconds. ---------- (total run time: 95 seconds)

Obawiam sie ze poprzedni log byl niekompletny. Sorki…

Gutek · 22 Listopad 2005 22:18

Zób tak bo jest:

zedytować musisz: Start>>>Uruchom>>> w okienku wpisz poleceniem sysedit i zedytuj ten wpis, jak się nie pokaże.

Mój komputer >>> Narzędzia >>> Opcje folderów >>> Widok

Zaznaczone Pokaż ukryte pliki i foldery + odznaczone Ukryj chronione pliki systemu operacyjnego…

Jak zedytować, w sekcji [boot] jest po shell = explorer.exe ibm00001.exe" [MS], usunąć stamtąd ibm00001.exe (ma zostać shell=explorer.exe)

Szopka · 22 Listopad 2005 22:28

czy musze to robic w systemie awaryjnym?

Gutek · 22 Listopad 2005 22:42

Nie po tym restart kompa

Szopka · 23 Listopad 2005 12:12

GUTEK JESTES WIELKI!

Jeszcze raz dzieki!