kuz5
(Kuz5)
22 Listopad 2005 15:00
#2
W Dodaj/Usuń odinstaluj SpySheriff
Usuń: (wszystko oczywiście robisz w trybie awaryjnym )
Folder SpySheriff usuń ręcznie z dysku
Plik ibm00001.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:
C:\WINDOWS\SYSTEM* * ibm00001.exe**
następnie program będzie pytał o restart (oczywiście zgadzasz sie)
Dodatkowo POCZYTAJ o usuwaniu fałszywej tapety
Szopka
(Kramic)
22 Listopad 2005 17:20
#3
dziekuje ci kuz5!
Mam jednak dodatkowy problem. Linki jakie mi podajesz u mnie sie nie aktywuja. Otwiera sie okienko ale nie laduje.
Chcialabym uzyc pocket killbox. Czy moglbys mi poslac adres ktory nastepnie skopiowalabym do przegladarki?
Dzieki
Gutek
(Gutek)
22 Listopad 2005 17:48
#4
Szopka
(Kramic)
22 Listopad 2005 18:32
#5
Dziekuje. Mam juz pocket killboxa. Poczytalam tez na temat falszywych tapet. Niestety podczas pierwszej proby postapilam nie do konca zgodnie z porada i troche sie namieszalo. Teraz juz naprawde nie wiem jaki plik usunac!? Wciaz pojawia sie komunikat “program wykonal nieprawidlowa operacje i nastapi jego zamkniecie…”
Pomozcie. Przepraszam, ale naprawde staram sie jakos sie z tym uporac a poczatkujacy ze mnie “informatyk” :?
Przesylam log jaki hijack mi pokazuje:
Logfile of HijackThis v1.99.1 Scan saved at 19:26:19, on 05-11-22 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [irMon] IrMon.exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime O4 - HKLM…\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it O16 - DPF: BPHOnl - https://e-bank.bphpbk.pl/bph/portal/sta … BPHOnl.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056307.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
Czy mam wciaz tego spysheriffa? Okropny “facet”!
Gutek
(Gutek)
22 Listopad 2005 18:40
#6
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked
Daj LOG z Silent Runners
Szopka
(Kramic)
22 Listopad 2005 20:23
#7
usunelam te dwa wskazane przez ciebie wpisy. Chce podac ci log z silent runners nie moge go zaladowac. Wciaz ten sam problem. Prosze o adres, bo link u mnie nie dziala.
Okropnie dziekuje!
Gutek
(Gutek)
22 Listopad 2005 20:29
#8
Szopka
(Kramic)
22 Listopad 2005 20:58
#9
Niestety. We wszystkich opcjach pojawia sie link, na ktory musze kliknac byc program sie zaladowal. Otwiera mi sie wtedy nowe okno ale nie do konca. uffa…To tez kurcze problem.
Szopka
(Kramic)
22 Listopad 2005 22:11
#11
Dziekuje. Dostalam maila. Przesylam zatem log z silent runners:
“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “IrMon” = “IrMon.exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Exchange” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Windows Messaging\mlshext.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\olkfstub.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL” [“RealNetworks, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com ”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com ”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] BPS.Spyware.Adware.Remover(Default) = “{7306D133-DBED-4096-84A3-8B98B23F02B4}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BULLETPROOFSOFT.COM \BPS SPYWARE & ADWARE REMOVER\CONTEXTMENU.DLL” [“BulletProofSoft.com ”] WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] INFECTION WARNING! “shell=explorer.exe ibm00001.exe” [MS], [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “WTR” -> launches: “C:\PROGRAM FILES\BULLETPROOFSOFT.COM \WINTRACE REMOVER\53DF12C8” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
Złączono Posta : 22.11.2005 (Wto) 23:16
“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “IrMon” = “IrMon.exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “QuickTime Task” = ““C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime” [“Apple Computer, Inc.”] “avast! Web Scanner” = “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” [“ALWIL Software”] “ashMaiSv” = “C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe” [“ALWIL Software”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “avast!” = “C:\Program Files\Alwil Software\Avast4\ashServ.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID] -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX” ["("] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = “Google Toolbar Helper” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Exchange” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Windows Messaging\mlshext.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\olkfstub.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL” [“RealNetworks, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com ”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79300-84BE-11CE-9641-444553540000}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\wzshlext.dll” [null data] BPS Shredder Context Menu(Default) = “{51917337-5113-4EC2-9CB6-C6212D0EF3E9}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BPS DATA SHREDDER\CTXMENU.DLL” [“BulletProofSoft.com ”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {CLSID}\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] BPS.Spyware.Adware.Remover(Default) = “{7306D133-DBED-4096-84A3-8B98B23F02B4}” -> {CLSID}\InProcServer32(Default) = “C:\PROGRAM FILES\BULLETPROOFSOFT.COM \BPS SPYWARE & ADWARE REMOVER\CONTEXTMENU.DLL” [“BulletProofSoft.com ”] WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] INFECTION WARNING! “shell=explorer.exe ibm00001.exe” [MS], [null data] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “WTR” -> launches: “C:\PROGRAM FILES\BULLETPROOFSOFT.COM \WINTRACE REMOVER\53DF12C8” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = “&Google” [from CLSID] -> {CLSID}\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.fastweb.it [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon\Driver = “usbmon.dll” [MS] hpzs9x07\Driver = “hpzs9x07.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 16 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 44 seconds. ---------- (total run time: 95 seconds)
Obawiam sie ze poprzedni log byl niekompletny. Sorki…
Gutek
(Gutek)
22 Listopad 2005 22:18
#12
Zób tak bo jest:
zedytować musisz: Start>>>Uruchom>>> w okienku wpisz poleceniem sysedit i zedytuj ten wpis, jak się nie pokaże.
Mój komputer >>> Narzędzia >>> Opcje folderów >>> Widok
Zaznaczone Pokaż ukryte pliki i foldery + odznaczone Ukryj chronione pliki systemu operacyjnego…
Jak zedytować, w sekcji [boot] jest po shell = explorer.exe ibm00001.exe" [MS], usunąć stamtąd ibm00001.exe (ma zostać shell=explorer.exe)
Szopka
(Kramic)
22 Listopad 2005 22:28
#13
czy musze to robic w systemie awaryjnym?