Problem z ibm00005.exe
Witam. Mam problem z takim trojanem ibm00005.exe.kiedy uruchamiałam kompa pojawiał mi się czysty pulpit bez źadnych ikonek... teraz po tym jak usunęłam ten 00005 z procesów uruchamiania to pojawiają się ikonki ale i komunikat, źe system nie moźe znaleźć tego pliku. Nie zabardzo się znam na tym, bo neta mam od miesiąca i mogę sie tylko domyślić, źe coś mi się przyszfędało.Mam teraz Nortona a wcześniej miałam AntiVir i to on usunął mi tego 0005.Zupełnie nie mam pomysłu co z tym zrobić.Czy ktoś moźe mi pomóc.Dziękuje.Rosinka.
Odpowiedzi: 7
Mozesz juz wlaczyc przywracanie systemu, ale usun jeszcze dwa wpisy O9 z "related.htm".
Zrobilam jak kazałeś i teraz jest tak:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
D:\programy\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\programy\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KAVPersonal50] "D:\programy\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu gadu\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS1\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS2\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O23 – Service: kavsvc – Kaspersky Lab – D:\programy\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – D:\programy\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
nie wiem czy dobrze i czy teraz mogę juź włączyc przywracanie systemu??
Dzięki
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
D:\programy\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\programy\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KAVPersonal50] "D:\programy\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu gadu\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS1\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS2\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O23 – Service: kavsvc – Kaspersky Lab – D:\programy\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – D:\programy\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
nie wiem czy dobrze i czy teraz mogę juź włączyc przywracanie systemu??
Dzięki
Juź wiem sorki
Ja wiem, źe moźe jestem ciemna ale jak się wyłącza to przywracanie systemu :oops:
Dalej moge Ci napisac ze ten ibm to najmniejszy pikuś, w systemie masz bardziej szkodliwe robactwo.
Wyłącz przywracanie, w procesach zakończ:
MediaGateway.exe
zango.exe
Wyróźnione niźej poliki/katalogi usun z dysku, wpisy zaznacz i fix:
Wyłącz przywracanie, w procesach zakończ:
MediaGateway.exe
zango.exe
Wyróźnione niźej poliki/katalogi usun z dysku, wpisy zaznacz i fix:
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O2 – BHO: Zango Search Assistant Helper – {56F1D444–11BF–4879–A12B–79CF0177F038} – c:\program files\zango\zangohook.dll
O3 – Toolbar: Zango Toolbar – {EA0D26BD–9029–431A–86E0–83152D67828A} – C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 – HKLM\..\Run: [Microsoft tool] C:\WINDOWS\System32\mstool.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 – HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 – HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 – HKLM\..\Run: [xwhuh] C:\WINDOWS\xwhuh.exe
O16 – DPF: {FC67BB52–AAB6–4282–9D51–2DAFFE73AFD0} – http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
Takie cos mi się pojawiło i co dalej??
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
D:\programy\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MediaGateway\MediaGateway.exe
C:\program files\zango\zango.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\programy\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O2 – BHO: Zango Search Assistant Helper – {56F1D444–11BF–4879–A12B–79CF0177F038} – c:\program files\zango\zangohook.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Zango Toolbar – {EA0D26BD–9029–431A–86E0–83152D67828A} – C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Microsoft tool] C:\WINDOWS\System32\mstool.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 – HKLM\..\Run: [KAVPersonal50] "D:\programy\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 – HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 – HKLM\..\Run: [xwhuh] C:\WINDOWS\xwhuh.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu gadu\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {FC67BB52–AAB6–4282–9D51–2DAFFE73AFD0} – http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS1\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS2\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O23 – Service: kavsvc – Kaspersky Lab – D:\programy\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – D:\programy\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
D:\programy\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MediaGateway\MediaGateway.exe
C:\program files\zango\zango.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
D:\programy\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\programy\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O2 – BHO: Zango Search Assistant Helper – {56F1D444–11BF–4879–A12B–79CF0177F038} – c:\program files\zango\zangohook.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Zango Toolbar – {EA0D26BD–9029–431A–86E0–83152D67828A} – C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Microsoft tool] C:\WINDOWS\System32\mstool.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 – HKLM\..\Run: [KAVPersonal50] "D:\programy\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 – HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 – HKLM\..\Run: [xwhuh] C:\WINDOWS\xwhuh.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu gadu\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {FC67BB52–AAB6–4282–9D51–2DAFFE73AFD0} – http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS1\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O17 – HKLM\System\CS2\Services\Tcpip\..\{888E7D86–34DB–43F4–97AF–82AA35F01815}: NameServer = 212.160.141.3,212.160.141.4
O23 – Service: kavsvc – Kaspersky Lab – D:\programy\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – D:\programy\Personal Firewall 4\kpf4ss.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Sciągnij sobie Hijack This, uruchom i usun w nim wpisy gdzie wystepuje ibm00005.
Strona 1 / 1