Cholerstwo search for:about blank, oto log

[charade]

Witam wszystkich, jestem pierwszy raz na forum i już z poważnym problemem.
Owo cholerstwo nie dało się usunąć ani ad-aware, ani aware away, ani żadnym
programem antywirusowym. Wklejam log, pięknie się uśmiecham i bardzo proszę o
diagnozę :)

log

[charade]

Logfile of HijackThis v1.97.7
Scan saved at 17:57:24, on 05-03-09
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = w3cache2.icm.edu.pl:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {8CC49EEC-8E89-11D9-8FE0-000199BFF4B6} -
C:\WINDOWS\SYSTEM\LBPP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {70AA7362-0A16-11D4-877B-008048C4AC6F} (MainControl Class) -
www.mks.com.pl/files/webscan/WebScan.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38417.2951273148
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} -
www.surfsecret.com/inst/PEInstaller.exe
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} -
www.globalphon.com/dialer/russia.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = gory.pl

[kolobos1]

Sciagnij najnowsza wersje hijackthis i wklej nowy log, ale przed tym przeskanuj
system SpyBot S&D i Cws Shredder ten ostatni z tego co pamietam usuwa
Auto:blanc :-)
Oba programy znajdziesz na google, jak i najnowszy hijackthis:
www.google.pl/search?sourceid=navclient&hl=pl&ie=UTF-8&oe=UTF-8&q=hijackthis

[Gość: M16]

To about blank mialem ja i prawie wszyscy moji koledzy. co to wogole jest za gó***?

[anluka]

ten sam problem w żaden sposób nie moge tego usunąć prosze o instrukcje
Logfile of HijackThis v1.99.1
Scan saved at 13:21:56, on 05-03-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {74C168D3-8FC2-11D9-8EB1-00007ED77D0A} -
C:\WINDOWS\SYSTEM\LFLA.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/3/mailcfg.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O18 - Filter: text/html - {7A8F55B4-9152-11D9-8EB1-000001EB99E5} -
C:\WINDOWS\SYSTEM\LFLA.DLL
O18 - Filter: text/plain - {7A8F55B4-9152-11D9-8EB1-000001EB99E5} -
C:\WINDOWS\SYSTEM\LFLA.DLL

[kolobos1]

Sciagnij sobie CWS Shredder:
www.intermute.com/spysubtract/cwshredder_download.html
Zamknij wszystkie okna przegladarki, a nastepnie uruchom CWS Shredder i
nacisnij Fix.

Co do loga to usun przy pomocy hijackthis te wpisy:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/sp.html
O2 - BHO: (no name) - {74C168D3-8FC2-11D9-8EB1-00007ED77D0A} -
C:\WINDOWS\SYSTEM\LFLA.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O18 - Filter: text/html - {7A8F55B4-9152-11D9-8EB1-000001EB99E5} -
C:\WINDOWS\SYSTEM\LFLA.DLL
O18 - Filter: text/plain - {7A8F55B4-9152-11D9-8EB1-000001EB99E5} -
C:\WINDOWS\SYSTEM\LFLA.DLL

I nacisnij Fix Checked, a nastepnie zresetuj komputer zrob nowy log i go tu
wklej.

[anluka]

Logfile of HijackThis v1.99.1
Scan saved at 14:37:00, on 05-03-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/3/mailcfg.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab

[anluka]

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
nie daje sie usunąć, okno dalej sie wyświetla a w misconfig siedzi plik sp :(

[kolobos1]

Co do tego:
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
To zrob tak, podczas startu systemu nacisnij F8 i wybierz tylko wiersz polecen,
nastepnie wpisz:
del C:\WINDOWS\TEMP\SE.DLL
i usun ten plik, a nastepnie wpisz win.exe i uruchom windows przejdz do
C:\WINDOWS\TEMP\ i usun wszystkie pliki jakie tam sa.


O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing <-
to mozesz usunac tym programem -> cexx.org/lspfix.zip
Pamietaj zeby usunac tylko ten jeden plik (apptoport.dll)

[anluka]

Dzięki za sugestie,chwilowo byłem nieobecny narazie usunełem to g. w trybie
awaryjnym
Logfile of HijackThis v1.99.1
Scan saved at 19:03:19, on 05-03-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/3/mailcfg.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
z rejestru i autostartu i narazie sie nie pokazuje.

[kolobos1]

No to zostalo tylko to:
O10 - Broken Internet access because of LSP provider 'c:\program
files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing

Zobacz czy moze da sie go odinstalowac z dodaj-usun, a jezeli nie to jeszcze
raz LSPFix i SpyBot S&D, moze ktorys to usunie.

Na stronie tego programu jest napisane, ze sie da:
Un-installation
Run the install program again, and choose Remove. Or open the Control Panel
folder and double-click the Add/Remove Programs icon. Select "BPSSR" from the
list, then click the Add/Remove button. Follow the instructions that appear on
the screen.

Ale czy usunie to tez tego LSP, tego nie wiem.

[anluka]

spyware & adware remover; miałem zainstalowany taki program ,jak dotąd nic sie nie
pojawie .Zainstalowalem firefoxa może bedzie lepiej dzielać chociarz na moim starym
kompie wolno chodzi .Jeszcze raz dzięki za rady.

[anluka]

btw. chociaż przez ż chyba.

[charade]

Nie dało się usunąć tego syfu, ale komputer i tak poszedł pod format:c, bo
musiał ;)

Dzięki jednakże za pomoc !