mialem podobny problem i tu pomogli mi go rozwiazac zerknij tam http://www.centrumxp.pl/forum/viewtopic.php?t=26445

MaN!Ak:

Format dysku i po problemie 8)

Ten w okularach to pewnie dla tego ze smuta przysadziles
Zapamietaj ze jezeli nie masz nic konstruktywnego do przekazania to rece trzymaj jak najdalej od klawiatury
Takie swiatle rady to jak mowia "o kant doopy rozbic mozesz"

Format dysku i po problemie 8)

Jasne ze znajdzie :lol: :lol: Tylko po co usuwac bedzie
Tez to mam :lol: i jakos mi nie wadzi
To zwykla pozostalosc po zrzucie pamieci i wystarczy zaptaszkowac w HJT i sfixowac
Zwykla kosmetyka

Umiesz urzywac funkcji ZMIEŃ ??

ABBYY Community Agent
Tez zes kurna nie trafił

A z tego ładują ci się chyba stronki:
O4 – HKLM..Run: [ABBYY Community Agent] C:PROGRA~1SPRINT~1.0OFSprintCAgent.exe
Teź bym to wywalił.

W twoim screnie widze wpis –
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k

1. Uruchom "msconfig"
2. Przejdź do opcji "uruchamianie"
3. Odchacz "dumprep 0 –k"
4. Zrestartuj komputer
5. Po ponownym uruchomieniu uruchom "regedit"
wpisz w szukaj "dumprep 0 –k" i to co ci wykryje usuń
6. na koniec przeszukaj pliki w wyszukwarce plików i folderów i teź wywal wszystki pliki które znajdzie.
7. restart kompa i powinno wszystko być w porządku.
Miałem to samo i mi pomogło.
Po restarcie moźesz dla upewnienia sprawdzić w msconfig czy program ten jest odchaczony – jeśli tak to ok.

artur42:

Uruchom – msconfig
Odchacz w "uruchamianiu" – dumprep 0 –k
zrestartuj kompa
po restarcie przeskanuj rejestr i pliki i wywal wszystkie pliki i klucze z tą nazwą – "dumprep 0 –k"

Czy mógłbyś rozwinąć tę sugestię ?
Pominę sposób wyłaczenia zrzutu pamięci – którego z resztą nie podałeś – bo do tego się "dumprep..." odnosi, ale wydaje mi się, źe usiłujesz skutek za przyczynę brać i stąd moja prośba o wyjasnienie.

Uruchom – msconfig
Odchacz w "uruchamianiu" – dumprep 0 –k
zrestartuj kompa
po restarcie przeskanuj rejestr i pliki i wywal wszystkie pliki i klucze z tą nazwą – "dumprep 0 –k"

Sprawdzic co Ci siedzi w msconfig w zakladce autostart. Jesli nic nadzwyczajnego, uruchom naprawe lub nakladke systemu z plyty.

Oka tak zrobie!!
Ale nadal mam bład o tytule " Winlogen.exe" tak jak w obrazku na samej gorze :(
Co z tym zrobic??

Odszukaj w takim razie w rejestrze ta biblioteke –> F3 i syellstyle.dll i usun wszystkie odwolania. Wyszukaj ja na dysku i usun (pokaz pliki ukryte i systemowe).

Zrobilam tak jak kazaliscie!!
Usunolem te co mi kazaliscie!!
teraz przy starcie systemu jest tak jak na obrazku :

"Podczas próby uruchomienia C:/windows/system32/syellstyle.dll, UMonitor wystąpił błąd wyjątku.

Co z ttym zrobic??

PS. nadal otwieraja sie jakies dziwne strony www w przeglądarce Internet Explorer :(

nie to jest skopiowane ze strony analizującej usuń tylko ten proces co pisze koło nieho albo pod nim Nasty.

O to chodzi ze terminator nic nie napisal. Skopiowal.

Usun:

O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – Global Startup: RtlWake.lnk = ?
O15 – Trusted Zone: *.crazywinnings.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.windupdates.com
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c18.cab

...jak i te pliki .exe z dysku.

Ale nie bardzo rozumiem co Terminator napisal :/
Czyli wszytsko mam usunąc??
Bo nie rozumiem :(

C:WINDOWSSystem32smss.exe
Safe. running process. (smss.exe)
Systemprozess – Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und lschen.

C:WINDOWSsystem32winlogon.exe
Safe. running process. (winlogon.exe)
Systemprozess – Windows Login Routine

C:WINDOWSsystem32services.exe
Safe. running process. (services.exe)
Systemprozess – Verwaltet die Systemdienste.

C:WINDOWSsystem32lsass.exe
Safe. running process. (lsass.exe)
Systemprozess

C:WINDOWSsystem32svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.

C:WINDOWSSystem32svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.

C:Program FilesTGTSoftStyleXPStyleXPService.exe
Safe. running process. (StyleXPService.exe)


C:WINDOWSsystem32logonui.exe
Safe. running process. (logonui.exe)


C:WINDOWSsystem32spoolsv.exe
Safe. running process. (spoolsv.exe)
Systemprozess

C:WINDOWSExplorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess fr Desktop und Taskleiste.

C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
Safe. running process. (atiptaxx.exe)
ATI Desktop Control Panel from ATI Technologies

C:Program FilesQuickTimeqttask.exe
Safe. running process. (qttask.exe)
Part of QuickTime

C:Program FilesiTunesiTunesHelper.exe
Safe. running process. (iTunesHelper.exe)
Not dangerous, but unnecessary.

C:PROGRA~1ALWILS~1Avast4ashDisp.exe
Safe. running process. (ashDisp.exe)


C:PROGRA~1SPRINT~1.0OFSprintCAgent.exe
Safe. running process. (CAgent.exe)
Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all–in–one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software Not dangerous, but unnecessary.

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
Safe. running process. (aswUpdSv.exe)


C:WINDOWSSystem32ctfmon.exe
Safe. running process. (ctfmon.exe)


C:Program FilesTGTSoftStyleXPStyleXP.exe
Safe. running process. (StyleXP.exe)
Tool um Windows schner zu gestalten.

C:Program FilesGetRightgetright.exe
Safe. running process. (getright.exe)


C:WINDOWSSystem32Ati2evxx.exe
Safe. running process. (Ati2evxx.exe)
ATI2evxx.exe is related to ATI Technologies Inc. hardware.

C:Program FilesRealtekRtl8180RtlWake.exe
Safe. running process. (RtlWake.exe)


C:Program FilesGadu–Gadugg.exe
Safe. running process. (gg.exe)
Polish language Instant Messaging client Not dangerous, but unnecessary.

C:Program FilesGetRightgetright.exe
Safe. running process. (getright.exe)


C:Program FilesAlwil SoftwareAvast4ashServ.exe
Safe. running process. (ashServ.exe)
Avast Antivirus–Scanner

C:PROGRA~1INCRED~1inIMApp.exe
Safe. running process. (IMApp.exe)
Incredi Mail

C:WINDOWSSystem32CTsvcCDA.exe
Safe. running process. (CTsvcCDA.exe)
Creative Soundkarte

C:WINDOWSSystem32GEARSEC.EXE
Safe. running process. (GEARSEC.EXE)


C:WINDOWSSystem32svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.

C:WINDOWSSystem32MsPMSPSv.exe
Safe. running process. (MsPMSPSv.exe)
Helper service installed by Windows Media Player 7.

C:Program FilesiPodiniPodService.exe
Safe. running process. (iPodService.exe)


C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
Safe. running process. (ashMaiSv.exe)


C:WINDOWSsystem32 undll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.

C:Documents and SettingsKarolPulpitielHijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.wp.pl/', delete it.
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://wpad.lukman.pl/wpad.pac
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://wpad.lukman.pl/wpad.pac', delete it.
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
Safe.
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888–423F–11D2–876E–00A0C9082467] – Result: 8E718888–423F–11D2–876E–00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
Safe. The entered application ATIPTA was identified: AtiPTA. Hit rate: 78 % (result)
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
Safe. The entered application UpdReg was identified: UpdReg. Hit rate: 76 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
Safe. The entered application Jet Detection was identified: Jet Detection. Hit rate: 94 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
Safe. The entered application QuickTime Task was identified: QuickTime Task. Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
Safe. The entered application iTunesHelper was identified: iTunesHelper. Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
Safe. The entered application avast! was identified: avast!. Hit rate: 99 % (result)
O4 – HKLM..Run: [ABBYY Community Agent] C:PROGRA~1SPRINT~1.0OFSprintCAgent.exe
Safe. The entered application ABBYY Community Agent was identified: ABBYY Community Agent. Hit rate: 62 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [IncrediMail] C:PROGRA~1INCRED~1inIncMail.exe /c
Safe. The entered application IncrediMail was identified: Incredimail. Hit rate: 76 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [CleanIt] C:Program FilesCleanItcleanit.exe
Unknown The entered application CleanIt was identified: None. Hit rate: 8 % (result) Unknown application.
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
Safe. The entered application KernelFaultCheck was identified: KernelFaultCheck. Hit rate: 49 % (result) Not dangerous, but unnecessary.
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
Nasty The entered application SysTime was identified: SysTime. Hit rate: 99 % (result) Must be fixed!
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
Nasty The entered application Windows ControlAd was identified: Windows ControlAd. Hit rate: 99 % (result) Must be fixed!
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
Safe. The entered application CTFMON.EXE was identified: ctfmon. Hit rate: 44 % (result)
O4 – HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
Safe. The entered application STYLEXP was identified: STYLEXP. Hit rate: 99 % (result)
O4 – HKCU..Run: [Gadu–Gadu] C:Program FilesGadu–Gadugg.exe /tray
Safe. The entered application Gadu–Gadu was identified: Gadu–Gadu. Hit rate: 91 % (result) Not dangerous, but unnecessary.
O4 – Startup: Action Manager 32.lnk = C:Program FilesScannerUAM32.exe
Safe. The entered application 'Action Manager 32.lnk (AM32.exe)' was identified: 'Action Manager 32 (am32.exe)'. Hit rate: 81 % (result) Not dangerous, but unnecessary.
O4 – Startup: Gadu–Gadu.lnk = C:Program FilesGadu–Gadugg.exe
Safe. The entered application 'Gadu–Gadu.lnk (gg.exe)' was identified: 'Gadu–Gadu (gg.exe )'. Hit rate: 82 % (result) Not dangerous, but unnecessary.
O4 – Global Startup: GetRight – Tray Icon.lnk = C:Program FilesGetRightgetright.exe
Safe. The entered application 'GetRight – Tray Icon.lnk (getright.exe)' was identified: 'GetRight Tray Icon (GETRIGHT.EXE)'. Hit rate: 46 % (result) Not dangerous, but unnecessary.
O4 – Global Startup: RtlWake.lnk = ?
Unknown The entered application 'RtlWake.lnk (?)' was identified: 'Kein ()'. Hit rate: 12 % (result) Unknown application.
The entry is unnecessary and can be fixed.
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
Safe. The entry &Add animation to IncrediMail Style Box has been identified as safe. If the entry '&Add animation to IncrediMail Style Box ' is not needed anymore, it should be fixed.
O8 – Extra context menu item: Download with GetRight – C:Program FilesGetRightGRdownload.htm
Safe. The entry Download with GetRight has been identified as safe. If the entry 'Download with GetRight ' is not needed anymore, it should be fixed.
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
Safe. The entry E&ksport do programu Microsoft Excel has been identified as safe. If the entry 'E&ksport do programu Microsoft Excel ' is not needed anymore, it should be fixed.
O8 – Extra context menu item: Open with GetRight Browser – C:Program FilesGetRightGRbrowse.htm
Safe. The entry Open with GetRight Browser has been identified as safe. If the entry 'Open with GetRight Browser ' is not needed anymore, it should be fixed.
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
Safe. The entry has been identified as safe. If the entry '' is not needed anymore, it should be fixed.
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
O9 – Extra button: Wyslij SMS'a – {215940F1–E7E0–4801–BEE3–44D045534106} – C:Program FilesCommon Filesmoje.js
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed. To be fixed if the entry 'Wyslij SMS'a ' is unknown.
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed. To be fixed if the entry 'Badanie ' is unknown.
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow–Plugins have the following extension *.ofb.
O15 – Trusted Zone: *.crazywinnings.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 – Trusted Zone: *.iframedollars.biz
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 – Trusted Zone: *.skoobidoo.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 – Trusted Zone: *.windupdates.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/12119/CTSUEng.cab
Safe. This entry has been identified as safe.
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c18.cab
Nasty This entry is possibly nasty. Should be fixed.
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
Safe. This entry has been identified as safe.
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_ site.cab?1098250402093
Safe. This entry has been identified as safe.
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) –
Possibly nasty Unknown ActiveX–Objects, or ActiveX–Objects from unknown sites should always be fixed. If the name of the ActiveX–Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
Safe. This entry has been identified as safe.
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
Safe. This entry has been identified as safe.
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/12119/CTPID.cab
Safe. This entry has been identified as safe.

Oto log z HijackThis :

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32logonui.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesiTunesiTunesHelper.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1SPRINT~1.0OFSprintCAgent.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesTGTSoftStyleXPStyleXP.exe
C:Program FilesGetRightgetright.exe
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesRealtekRtl8180RtlWake.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesGetRightgetright.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1INCRED~1inIMApp.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:WINDOWSSystem32GEARSEC.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesiPodiniPodService.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32 undll32.exe
C:Documents and SettingsKarolPulpitielHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://wpad.lukman.pl/wpad.pac
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ABBYY Community Agent] C:PROGRA~1SPRINT~1.0OFSprintCAgent.exe
O4 – HKLM..Run: [IncrediMail] C:PROGRA~1INCRED~1inIncMail.exe /c
O4 – HKLM..Run: [CleanIt] C:Program FilesCleanItcleanit.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
O4 – HKCU..Run: [Gadu–Gadu] C:Program FilesGadu–Gadugg.exe /tray
O4 – Startup: Action Manager 32.lnk = C:Program FilesScannerUAM32.exe
O4 – Startup: Gadu–Gadu.lnk = C:Program FilesGadu–Gadugg.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:Program FilesGetRightgetright.exe
O4 – Global Startup: RtlWake.lnk = ?
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
O8 – Extra context menu item: Download with GetRight – C:Program FilesGetRightGRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – C:Program FilesGetRightGRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Wyslij SMS'a – {215940F1–E7E0–4801–BEE3–44D045534106} – C:Program FilesCommon Filesmoje.js
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.crazywinnings.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.windupdates.com
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c18.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098250402093
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) –
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/su/ocx/12119/CTPID.cab

Co mam z Tad Wywalić?? POMOCY

Zapodaj log z HijackThis
Ponadto wpisz w szukajke: Pamieć nie moźe być "read"
Przeczytaj propozycje co do rozwiazania przywolane przez innych userów