Log do sprawdzenia... mozna?
witam,
prosilbym o sprawdzenie loga, sa problemy z kompem...
z gory dziekuje...
Logfile of HijackThis v1.97.7
Scan saved at 07:53:24, on 2005–01–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesCommon FilesSymantec SharedccSetMgr.exe
E:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32spoolsv.exe
E:Program FilesWinampwinampa.exe
E:Program FilesCommon FilesSymantec SharedccApp.exe
E:Program FilesCommon FilesRealUpdate_OBevntsvc.exe
E:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe
E:WINDOWSSystem32qttask.exe
E:Program FilesMessengermsmsgs.exe
E:Program FilesTlen.pl len.exe
E:Program FilesGadu–Gadugg.exe
E:Program FilesInterVideoCommonBinWinCinemaMgr.exe
E:Program FilesSpamPalspampal.exe
E:WINDOWSSystem32 undll32.exe
E:WINDOWSSystem32devldr32.exe
E:WINDOWSSystem32 vsvc32.exe
E:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
E:WINDOWSSystem32wuauclt.exe
E:Program FilesNorton AntiVirus avapsvc.exe
E:Program FilesNorton AntiVirusSAVScan.exe
E:Program FilesInternet Exploreriexplore.exe
E:hijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://clgci.dll/index.html#96676
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://E:WINDOWSsystem32clgci.dll/sp.html#96676
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F1 – win.ini: run=E:WINDOWSinet10055services.exe
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – E:WINDOWSinet100551.02.05.dll (file missing)
O2 – BHO: (no name) – {9D082529–6DF8–47BA–9610–7BDD5F6E9B6B} – E:WINDOWSSystem32aihmefb.dll (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: (no name) – {DE3BEBDB–AEE7–4277–8B6E–4EEFFA9508AE} – E:WINDOWSSystem32 utuba.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – E:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – E:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinampAgent] E:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [atltf32.exe] E:WINDOWSsystem32atltf32.exe
O4 – HKLM..Run: [javaup.exe] E:WINDOWSsystem32javaup.exe
O4 – HKLM..Run: [ccApp] "E:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [TkBellExe] E:Program FilesCommon FilesRealUpdate_OBevntsvc.exe –osboot
O4 – HKLM..Run: [WinPatrol] "E:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe"
O4 – HKLM..Run: [SSC_UserPrompt] E:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [QuickTime Task] "E:WINDOWSSystem32qttask.exe" –atboottime
O4 – HKLM..Run: [xp_system] E:WINDOWSinet10055services.exe
O4 – HKLM..Run: [MKS_MENU] E:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ControlPanel] E:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKCU..Run: [MSMSGS] "E:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Komunikator] E:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
O4 – HKCU..Run: [Gadu–Gadu] "E:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [xp_system] E:WINDOWSinet10055services.exe
O4 – Startup: SpamPal.lnk = E:Program FilesSpamPalspampal.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = E:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 – Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {037B3D58–D14A–4C41–BDFD–BD779B0B97BA} (vxiewer control) – http://www.thepaymentcentre.com/build/vxiewer.cab
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN_XP.cab
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerzioxgvta.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://c: osuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {13112111–1224–1141–1451–111111113533} – file://c: empsetup1.exe
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {50AD557E–3426–41FD–AFDD–2AF39BB1C387} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38171.3426851852
O16 – DPF: {AA14C86B–DA22–4811–8186–BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) – http://www.spincam.com/360video/plugins/iVideoViewer3_0.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
O17 – HKLMSystemCS1ServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
O17 – HKLMSystemCS2ServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
prosilbym o sprawdzenie loga, sa problemy z kompem...
z gory dziekuje...
Logfile of HijackThis v1.97.7
Scan saved at 07:53:24, on 2005–01–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:Program FilesCommon FilesSymantec SharedccSetMgr.exe
E:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
E:WINDOWSExplorer.EXE
E:WINDOWSsystem32spoolsv.exe
E:Program FilesWinampwinampa.exe
E:Program FilesCommon FilesSymantec SharedccApp.exe
E:Program FilesCommon FilesRealUpdate_OBevntsvc.exe
E:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe
E:WINDOWSSystem32qttask.exe
E:Program FilesMessengermsmsgs.exe
E:Program FilesTlen.pl len.exe
E:Program FilesGadu–Gadugg.exe
E:Program FilesInterVideoCommonBinWinCinemaMgr.exe
E:Program FilesSpamPalspampal.exe
E:WINDOWSSystem32 undll32.exe
E:WINDOWSSystem32devldr32.exe
E:WINDOWSSystem32 vsvc32.exe
E:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
E:WINDOWSSystem32wuauclt.exe
E:Program FilesNorton AntiVirus avapsvc.exe
E:Program FilesNorton AntiVirusSAVScan.exe
E:Program FilesInternet Exploreriexplore.exe
E:hijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://clgci.dll/index.html#96676
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://E:WINDOWSsystem32clgci.dll/sp.html#96676
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F1 – win.ini: run=E:WINDOWSinet10055services.exe
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – E:WINDOWSinet100551.02.05.dll (file missing)
O2 – BHO: (no name) – {9D082529–6DF8–47BA–9610–7BDD5F6E9B6B} – E:WINDOWSSystem32aihmefb.dll (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: (no name) – {DE3BEBDB–AEE7–4277–8B6E–4EEFFA9508AE} – E:WINDOWSSystem32 utuba.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – E:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – E:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinampAgent] E:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [atltf32.exe] E:WINDOWSsystem32atltf32.exe
O4 – HKLM..Run: [javaup.exe] E:WINDOWSsystem32javaup.exe
O4 – HKLM..Run: [ccApp] "E:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [TkBellExe] E:Program FilesCommon FilesRealUpdate_OBevntsvc.exe –osboot
O4 – HKLM..Run: [WinPatrol] "E:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe"
O4 – HKLM..Run: [SSC_UserPrompt] E:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [QuickTime Task] "E:WINDOWSSystem32qttask.exe" –atboottime
O4 – HKLM..Run: [xp_system] E:WINDOWSinet10055services.exe
O4 – HKLM..Run: [MKS_MENU] E:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ControlPanel] E:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKCU..Run: [MSMSGS] "E:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Komunikator] E:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
O4 – HKCU..Run: [Gadu–Gadu] "E:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [xp_system] E:WINDOWSinet10055services.exe
O4 – Startup: SpamPal.lnk = E:Program FilesSpamPalspampal.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = E:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 – Global Startup: Microsoft Office.lnk = E:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {037B3D58–D14A–4C41–BDFD–BD779B0B97BA} (vxiewer control) – http://www.thepaymentcentre.com/build/vxiewer.cab
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN_XP.cab
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerzioxgvta.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://c: osuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {13112111–1224–1141–1451–111111113533} – file://c: empsetup1.exe
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {50AD557E–3426–41FD–AFDD–2AF39BB1C387} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38171.3426851852
O16 – DPF: {AA14C86B–DA22–4811–8186–BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) – http://www.spincam.com/360video/plugins/iVideoViewer3_0.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
O17 – HKLMSystemCS1ServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
O17 – HKLMSystemCS2ServicesTcpip..{3666D2F5–7EB8–4030–8456–23AC37D1C23B}: NameServer = 192.168.253.1,192.204.159.1
Odpowiedzi: 2
Zaznaczasz i usuwasz:
Wylaczasz proces services.exe uruchomiony orzez uzytkownika a nie przez SYSTEM i usuwasz z dysku plik E:WINDOWSinet10055services.exe
Ponadto usuwasz jesli jeszcze beda:
E:WINDOWSsystem32atltf32.exe
E:WINDOWSsystem32javaup.exe
E:WINDOWSSystem32cmd32.exe
internat.dll
p2esocks_1020.dll
C:Program FilesInternet Explorerzioxgvta.exe
O wyczyszczeniu tempow chyba nie musze pisac.
Sciagales sam te pliki .cab ?
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {50AD557E–3426–41FD–AFDD–2AF39BB1C387} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN_XP.cab
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://clgci.dll/index.html#96676
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://E:WINDOWSsystem32clgci.dll/sp.html#96676
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://E:DOCUME~1WIELKA~1USTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
F1 – win.ini: run=E:WINDOWSinet10055services.exe
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – E:WINDOWSinet100551.02.05.dll (file missing)
O2 – BHO: (no name) – {9D082529–6DF8–47BA–9610–7BDD5F6E9B6B} – E:WINDOWSSystem32aihmefb.dll (file missing)
O2 – BHO: (no name) – {DE3BEBDB–AEE7–4277–8B6E–4EEFFA9508AE} – E:WINDOWSSystem32 utuba.dll (file missing)
O4 – HKLM..Run: [atltf32.exe] E:WINDOWSsystem32atltf32.exe
O4 – HKLM..Run: [javaup.exe] E:WINDOWSsystem32javaup.exe
O4 – HKLM..Run: [xp_system] E:WINDOWSinet10055services.exe
O4 – HKLM..Run: [ControlPanel] E:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
O4 – HKCU..Run: [xp_system] E:WINDOWSinet10055services.exe
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O16 – DPF: {037B3D58–D14A–4C41–BDFD–BD779B0B97BA} (vxiewer control) – http://www.thepaymentcentre.com/build/vxiewer.cab
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerzioxgvta.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://c: osuch.mht!http://66.230.167.185/z/aw/chm/cool.chm::/cool.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {13112111–1224–1141–1451–111111113533} – file://c: empsetup1.exe
Wylaczasz proces services.exe uruchomiony orzez uzytkownika a nie przez SYSTEM i usuwasz z dysku plik E:WINDOWSinet10055services.exe
Ponadto usuwasz jesli jeszcze beda:
E:WINDOWSsystem32atltf32.exe
E:WINDOWSsystem32javaup.exe
E:WINDOWSSystem32cmd32.exe
internat.dll
p2esocks_1020.dll
C:Program FilesInternet Explorerzioxgvta.exe
O wyczyszczeniu tempow chyba nie musze pisac.
Sciagales sam te pliki .cab ?
O16 – DPF: {469C7080–8EC8–43A6–AD97–45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {50AD557E–3426–41FD–AFDD–2AF39BB1C387} – http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 – DPF: {0594AF7E–573B–40DF–8165–E47AB2EAEFE8} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN_XP.cab
nie chcę namieszać, bo najlepiej się na tym nie zma.. ale komputer masz zasyfiony na pewno ;) szczególnie IE.. natychmiast zainstaluj np. Operę i nie uźywaj tego ścierwa IE :)
1) nie ten dział
2) dlaczego uźywasz tlena i gg jednocześnie? nie lepiej tylko tlena?
3) wyłącz autostart Messengera.. do niczego się nie przydaje ;) chyba źe go uźywasz :)
Juź drugi raz widzę Twoją "światłą" poradę typu zmień program – poprzednia była w temacie z gg związanym.
Nie masz niczego konkretnego do napisania to ..... głosu nie zabieraj.
Rebe
1) nie ten dział
2) dlaczego uźywasz tlena i gg jednocześnie? nie lepiej tylko tlena?
3) wyłącz autostart Messengera.. do niczego się nie przydaje ;) chyba źe go uźywasz :)
Juź drugi raz widzę Twoją "światłą" poradę typu zmień program – poprzednia była w temacie z gg związanym.
Nie masz niczego konkretnego do napisania to ..... głosu nie zabieraj.
Rebe
Strona 1 / 1