Bardzo prosze o sprawdzenie loga.
Witam jestem na forum pierwszy raz, prosze o sprawdzenie loga gdyz wydaje mi sie ze mam jakiegos virusa. Caly komputer sie wiesza moze wy cos poradzicie. A co do tej stronki ze sprawdzaniem loga nie bardzo jeszcze wiem jak sie z niej korzysta.
Logfile of HijackThis v1.99.1
Scan saved at 18:41:57, on 06–01–30
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {456334AF–A321–A274–C9CA–C452A9710492} – 321102.dll (file missing)
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O2 – BHO: (no name) – {3B740BA1–1F95–11DA–9EBD–000BB93DA09A} – C:\WINDOWS\SYSTEM\CALE.DLL (file missing)
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [HCLEAN32.EXE] C:\WINDOWS\SYSTEM\HCLEAN32.EXE
O4 – HKLM\..\Run: [nmdllw] runload32.exe
O4 – HKLM\..\Run: [321102] utsgmon.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 – HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 – HKLM\..\Run: [dmwhz.exe] C:\WINDOWS\SYSTEM\dmwhz.exe
O4 – HKLM\..\Run: [cshhq.exe] cshhq.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [IrMon] IrMon.exe
O4 – HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 – HKCU\..\Run: [SysEntry] slamm.exe
O4 – HKCU\..\Run: [backorif] ActionScr.exe
O4 – HKCU\..\Run: [SAPSTR] xwiz.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – Startup: Eurobarre.lnk = C:\System Volume Information\_restore{B05C1D8E–2F54–4D44–AF8C–8FFCE856E624}\RP11\A0013027.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {11212111–2121–1311–1141–115611111222} – ms–its:mhtml:file://d: oo.mht!http://195.95.218.83/users/sale/web/axe/x.chm::/update.exe
O18 – Filter: text/html – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
O18 – Filter: text/plain – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
Logfile of HijackThis v1.99.1
Scan saved at 18:41:57, on 06–01–30
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {456334AF–A321–A274–C9CA–C452A9710492} – 321102.dll (file missing)
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O2 – BHO: (no name) – {3B740BA1–1F95–11DA–9EBD–000BB93DA09A} – C:\WINDOWS\SYSTEM\CALE.DLL (file missing)
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [HCLEAN32.EXE] C:\WINDOWS\SYSTEM\HCLEAN32.EXE
O4 – HKLM\..\Run: [nmdllw] runload32.exe
O4 – HKLM\..\Run: [321102] utsgmon.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 – HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 – HKLM\..\Run: [dmwhz.exe] C:\WINDOWS\SYSTEM\dmwhz.exe
O4 – HKLM\..\Run: [cshhq.exe] cshhq.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [IrMon] IrMon.exe
O4 – HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 – HKCU\..\Run: [SysEntry] slamm.exe
O4 – HKCU\..\Run: [backorif] ActionScr.exe
O4 – HKCU\..\Run: [SAPSTR] xwiz.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – Startup: Eurobarre.lnk = C:\System Volume Information\_restore{B05C1D8E–2F54–4D44–AF8C–8FFCE856E624}\RP11\A0013027.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {11212111–2121–1311–1141–115611111222} – ms–its:mhtml:file://d: oo.mht!http://195.95.218.83/users/sale/web/axe/x.chm::/update.exe
O18 – Filter: text/html – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
O18 – Filter: text/plain – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
Odpowiedzi: 5
Nie jest. Miałeś uźyć programiku do usuwania sp.dll – uźyłeś ? W kluczu Run widać ten plik.krzysiu11:
Prosze jeszcz raz o sprawdzenie czy wszystko jest wporzadku.
Dziekuje za wszystkie porady juz mniej wiecej wiem jak sie poslugiwac tym programem, daje czystego loga, a co do tego drugiego systemu XP/Me to mam komputer podzielony na 2 systemy 98 i Xp. Prosze jeszcz raz o sprawdzenie czy wszystko jest wporzadku.
Logfile of HijackThis v1.99.1
Scan saved at 20:27:09, on 06–01–30
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: (no name) – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – (no file)
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [IrMon] IrMon.exe
O4 – HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 – HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
Logfile of HijackThis v1.99.1
Scan saved at 20:27:09, on 06–01–30
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: (no name) – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – (no file)
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [IrMon] IrMon.exe
O4 – HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 – HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
Żółty, z tgo co czytam autor tematu zauwaźył wcześniej przyklejony temat.
Być moźe, ale jak zobaczyłem, źe Autor tematu nie wie jak się posługiwać analizatorem to go do instrukcji skierowałem.
Krzysiu, masz nie 'jakiegos wirusa' a kupe wirusów.
Do usunięcia między innymi:
Eurobarre leźący w katalogu przywracania systemu to pod W98 pewna ciekawostka, masz/miałeś na dysku Windowsa XP/Me?
W FAq tego działu masz link do narzędzia usuwqającego se.dll – uźyj go.
Żółty, z tgo co czytam autor tematu zauwaźył wcześniej przyklejony temat.
Do usunięcia między innymi:
R3 – URLSearchHook: (no name) – {456334AF–A321–A274–C9CA–C452A9710492} – 321102.dll (file missing)
O2 – BHO: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O2 – BHO: (no name) – {3B740BA1–1F95–11DA–9EBD–000BB93DA09A} – C:\WINDOWS\SYSTEM\CALE.DLL (file missing)
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\SYSTEM\AGKVS.DLL (file missing)
O4 – HKLM\..\Run: [HCLEAN32.EXE] C:\WINDOWS\SYSTEM\HCLEAN32.EXE
O4 – HKLM\..\Run: [nmdllw] runload32.exe
O4 – HKLM\..\Run: [321102] utsgmon.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 – HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 – HKLM\..\Run: [dmwhz.exe] C:\WINDOWS\SYSTEM\dmwhz.exe
O4 – HKLM\..\Run: [cshhq.exe] cshhq.exe
O4 – HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 – HKCU\..\Run: [SysEntry] slamm.exe
O4 – HKCU\..\Run: [backorif] ActionScr.exe
O4 – HKCU\..\Run: [SAPSTR] xwiz.exe
O4 – Startup: Eurobarre.lnk = C:\System Volume Information\_restore{B05C1D8E–2F54–4D44–AF8C–8FFCE856E624}\RP11\A0013027.EXE
O16 – DPF: {11212111–2121–1311–1141–115611111222} – ms–its:mhtml:file://d: oo.mht!http://195.95.218.83/users/sale/web/axe/x.chm::/update.exe
O18 – Filter: text/html – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
O18 – Filter: text/plain – {3B740BA0–1F95–11DA–9EBD–000BD6710501} – C:\WINDOWS\SYSTEM\CALE.DLL
Eurobarre leźący w katalogu przywracania systemu to pod W98 pewna ciekawostka, masz/miałeś na dysku Windowsa XP/Me?
W FAq tego działu masz link do narzędzia usuwqającego se.dll – uźyj go.
Żółty, z tgo co czytam autor tematu zauwaźył wcześniej przyklejony temat.
W tym dziale jest przyklejona instrukcja do sprawdzania logów – skorzystaj z niej. Jak czegoś nie będziesz pewny to pisz. Wrzuć teź loga kontrolnego jak usuniesz wszystko.
Strona 1 / 1