Pomocy. Wirusy!!! shnlog csrss intmonp i takie tam inne
Joł
Jest taka sprawa z wirusami. Otóz nie dają mi spokouje od 2 tygodni. DAje loga z hijacka i proszę o pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 18:37:16, on 2005–11–14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\popuper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\intmonp.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\intmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Upgrader.exe
C:\Documents and Settings\Michał\Moje dokumenty\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{86514291–E79C–7A18–8025–A94199019A23} – (no file)
F2 – REG:system.ini: Shell=explorer.exe , msmsgs.exe
O1 – Hosts: localhost 127.0.0.1
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\system32\hpE7.tmp
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\zuerr.dll (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 – HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [Ukuzlxl] C:\Program Files\Erdy\Pryzwv.exe
O4 – HKLM\..\Run: [startman] stuffmon.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [hclean32.exe] C:\WINDOWS\system32\hclean32.exe
O4 – HKLM\..\Run: [dmkmt.exe] C:\WINDOWS\system32\dmkmt.exe
O4 – HKLM\..\Run: [barint] media64.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [WareOut] C:\Program Files\WareOut\WareOut.exe
O4 – HKCU\..\Run: [lpt] corrida.exe
O4 – HKCU\..\Run: [Dest068] ___.exe
O4 – HKCU\..\Run: [Bogobot] bingo9.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDT/ie/bridge–c282.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_24.cab
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_38.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2B0F86A4–B189–4ECB–90A7–8F3D557C0382}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: style32 – C:\WINDOWS\
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Jest taka sprawa z wirusami. Otóz nie dają mi spokouje od 2 tygodni. DAje loga z hijacka i proszę o pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 18:37:16, on 2005–11–14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\popuper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\intmonp.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\intmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Upgrader.exe
C:\Documents and Settings\Michał\Moje dokumenty\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{86514291–E79C–7A18–8025–A94199019A23} – (no file)
F2 – REG:system.ini: Shell=explorer.exe , msmsgs.exe
O1 – Hosts: localhost 127.0.0.1
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\system32\hpE7.tmp
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\zuerr.dll (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 – HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [Ukuzlxl] C:\Program Files\Erdy\Pryzwv.exe
O4 – HKLM\..\Run: [startman] stuffmon.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [hclean32.exe] C:\WINDOWS\system32\hclean32.exe
O4 – HKLM\..\Run: [dmkmt.exe] C:\WINDOWS\system32\dmkmt.exe
O4 – HKLM\..\Run: [barint] media64.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [WareOut] C:\Program Files\WareOut\WareOut.exe
O4 – HKCU\..\Run: [lpt] corrida.exe
O4 – HKCU\..\Run: [Dest068] ___.exe
O4 – HKCU\..\Run: [Bogobot] bingo9.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDT/ie/bridge–c282.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_24.cab
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_38.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2B0F86A4–B189–4ECB–90A7–8F3D557C0382}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: style32 – C:\WINDOWS\
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Odpowiedzi: 5
Otwierasz rejestr i w kluczu:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
zmieniasz wartosc wpisu Shell. Ma byc "explorer.exe".
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
zmieniasz wartosc wpisu Shell. Ma byc "explorer.exe".
El Nino sory ale pozwól mi jedą rzecz się zapytać bo tam tego nie znalazłem:
Jak zmnienić:
jak zmienić tą wartość???? w hicjacku ją znalazlem ale nie wiem jak to zrobic
Jak zmnienić:
Kod:
F2 – REG:system.ini: Shell=explorer.exe , msmsgs.exe
Masz zmienic wartosc na explorer.exe
jak zmienić tą wartość???? w hicjacku ją znalazlem ale nie wiem jak to zrobic
http://forum.centrumxp.pl/viewtopic.php?t=33140 w pkt 3 opisane. Jestes poczatkujacy, czytaj to co poprzyklejane w dzialach. Zawsze na cos ciekawego trafisz.
Sory ale nobem jestem ale jak i gdzie usunąć:
R3 – URLSearchHook: (no name) – _{86514291–E79C–7A18–8025–A94199019A23} – (no file)
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\system32\hpE7.tmp
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\zuerr.dll (file missing)
O4 – HKLM\..\Run: [Ukuzlxl] C:\Program Files\Erdy\Pryzwv.exe
O4 – HKLM\..\Run: [startman] stuffmon.exe
O4 – HKLM\..\Run: [dmkmt.exe] C:\WINDOWS\system32\dmkmt.exe
O4 – HKLM\..\Run: [barint] media64.exe
O4 – HKCU\..\Run: [lpt] corrida.exe
O4 – HKCU\..\Run: [Dest068] ___.exe
O4 – HKCU\..\Run: [Bogobot] bingo9.exe
O20 – Winlogon Notify: style32 – C:\WINDOWS\
!Majkel!:
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\popuper.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\intmon.exe
R3 – URLSearchHook: (no name) – _{86514291–E79C–7A18–8025–A94199019A23} – (no file)
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\system32\hpE7.tmp
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – C:\WINDOWS\system32\zuerr.dll (file missing)
O4 – HKLM\..\Run: [Ukuzlxl] C:\Program Files\Erdy\Pryzwv.exe
O4 – HKLM\..\Run: [startman] stuffmon.exe
O4 – HKLM\..\Run: [dmkmt.exe] C:\WINDOWS\system32\dmkmt.exe
O4 – HKLM\..\Run: [barint] media64.exe
O4 – HKCU\..\Run: [lpt] corrida.exe
O4 – HKCU\..\Run: [Dest068] ___.exe
O4 – HKCU\..\Run: [Bogobot] bingo9.exe
O20 – Winlogon Notify: style32 – C:\WINDOWS\
Do wywałki
F2 – REG:system.ini: Shell=explorer.exe , msmsgs.exe
Masz zmienic wartosc na explorer.exe
Strona 1 / 1