Prosz o analize loga
Byłem u kumpla bo mu się coś dzieje z kompem no i wklejam loga: Co mam wywalić i gdzie tego szukać :?:
Logfile of HijackThis v1.99.1
Scan saved at 21:43:50, on 2005–09–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Folwarczny\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz127.0.0.1 downloads1.kaspersky–labs.com
O2 – BHO: SmartPops Class – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – C:\Program Files\Recommended Hotfix – 421701D\v15\RH.DLL (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\System32\appwiy.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125602000882
O16 – DPF: {EB6AFDAB–E16D–430B–A5EE–0408A12289DC} – http://download.mediacharger.com/swimsuitnetwork.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O20 – Winlogon Notify: msctl32.dll – C:\WINDOWS\System32\msctl32.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\jbbocabc.dll
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ffhefcha.dll
Dodam źe na pulpicie na środku pokazuje się zdjęcie a na nim pisze:Spyware Infection duźymi czerwonymi literami a pod tym jeszcze jakiś tekst po angielsku
Logfile of HijackThis v1.99.1
Scan saved at 21:43:50, on 2005–09–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Folwarczny\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz127.0.0.1 downloads1.kaspersky–labs.com
O2 – BHO: SmartPops Class – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – C:\Program Files\Recommended Hotfix – 421701D\v15\RH.DLL (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\System32\appwiy.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125602000882
O16 – DPF: {EB6AFDAB–E16D–430B–A5EE–0408A12289DC} – http://download.mediacharger.com/swimsuitnetwork.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O20 – Winlogon Notify: msctl32.dll – C:\WINDOWS\System32\msctl32.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\jbbocabc.dll
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ffhefcha.dll
Dodam źe na pulpicie na środku pokazuje się zdjęcie a na nim pisze:Spyware Infection duźymi czerwonymi literami a pod tym jeszcze jakiś tekst po angielsku
Odpowiedzi: 6
W porządku w logu
Dobra wielkie dzięki kom juź działa tak jakk powinien :) Tylko jest jeszcze jeden problem od jakiegoś czasu komputer się nie wyłącza Wyskakuje Trwa zamykanie systemu Windows i tak zostaje ;/
–––––––––––––––––––
A zeby nie zakładać nowego tematu to looknijcie naloga(z innego kompa) czy wszystko jest dobrze – tak tylko profilaktycznie ;)
Logfile of HijackThis v1.99.1
Scan saved at 14:19:57, on 2005–11–13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Communicator\Communicator.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Communicator\CommunicatorServer.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
\Adam\c\Documents and Settings\Folwarczny\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Windows Communicator.lnk = C:\Program Files\Windows Communicator\Communicator.exe
O4 – Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: MySql – Unknown owner – c:\usr/MYSQL/bin/mysqld.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Windows Communicator server (WinComServer) – Radek Tiny Software – C:\Program Files\Windows Communicator\CommunicatorServer.exe
–––––––––––––––––––
A zeby nie zakładać nowego tematu to looknijcie naloga(z innego kompa) czy wszystko jest dobrze – tak tylko profilaktycznie ;)
Logfile of HijackThis v1.99.1
Scan saved at 14:19:57, on 2005–11–13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Communicator\Communicator.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Communicator\CommunicatorServer.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
\Adam\c\Documents and Settings\Folwarczny\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Windows Communicator.lnk = C:\Program Files\Windows Communicator\Communicator.exe
O4 – Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: MySql – Unknown owner – c:\usr/MYSQL/bin/mysqld.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Windows Communicator server (WinComServer) – Radek Tiny Software – C:\Program Files\Windows Communicator\CommunicatorServer.exe
Wyłacz przywracanie systemu
Zakończ proces:
mdms.exe
Usuń:
Wrzuć sobie do forumowej wyszukiwarki hasło "Shell" i zaznacz do szukania dział bezpieczenstwo. Nie dalej jak wczoraj podawałem w którym kluczz trzeba tą wartosć zaedytowac i do jakiej postaci.
Tak samo z "wallpaper" – pozwoli to odblokowac tapetę.
Poszukaj na dysku i usun plik winacpi.dll
Jakby się nie poprawiło dorzuć jeszcze aktualne logi z Hijacka i Silent Runners.
Zakończ proces:
mdms.exe
Usuń:
O2 – BHO: (no name) – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – (no file)
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – (no file)
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O16 – DPF: {EB6AFDAB–E16D–430B–A5EE–0408A12289DC} – http://download.mediacharger.com/swimsuitnetwork.cab
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – (no file)
F2 – REG:system.ini: Shell=
Wrzuć sobie do forumowej wyszukiwarki hasło "Shell" i zaznacz do szukania dział bezpieczenstwo. Nie dalej jak wczoraj podawałem w którym kluczz trzeba tą wartosć zaedytowac i do jakiej postaci.
Tak samo z "wallpaper" – pozwoli to odblokowac tapetę.
Poszukaj na dysku i usun plik winacpi.dll
Jakby się nie poprawiło dorzuć jeszcze aktualne logi z Hijacka i Silent Runners.
No to jest lepiej ale jeszcze nie tak jak powinno być:
Log wygląda tera:
Logfile of HijackThis v1.99.1
Scan saved at 12:19:33, on 2005–09–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=
O2 – BHO: (no name) – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125602000882
O16 – DPF: {EB6AFDAB–E16D–430B–A5EE–0408A12289DC} – http://download.mediacharger.com/swimsuitnetwork.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – (no file)
I co chwile z pulpitu znika wszystku(łącznie z paskiem strat) na moment i pozniej powraca ekran Przywróć pulpit Active desktop
A i na środku pupitu dalej pojawia się coś takiego:
i nie mozna wybrac innego tła na pulpit ;/
Log wygląda tera:
Logfile of HijackThis v1.99.1
Scan saved at 12:19:33, on 2005–09–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=
O2 – BHO: (no name) – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125602000882
O16 – DPF: {EB6AFDAB–E16D–430B–A5EE–0408A12289DC} – http://download.mediacharger.com/swimsuitnetwork.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{04DE9A8A–AD66–47F0–AA4F–A150DE7BB217}: NameServer = 194.204.159.1,194.204.152.34
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – (no file)
I co chwile z pulpitu znika wszystku(łącznie z paskiem strat) na moment i pozniej powraca ekran Przywróć pulpit Active desktop
A i na środku pupitu dalej pojawia się coś takiego:
i nie mozna wybrac innego tła na pulpit ;/
Wejścia z searchmyrequest równieź znikają.
msctl32.dll to śmieć.
msctl32.dll to śmieć.
usuwasz:
A tego nie jestem pewien:
Dalej robiesz tak:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: SmartPops Class – {0421701D–CF13–4E70–ADF0–45A953E7CB8B} – C:\Program Files\Recommended Hotfix – 421701D\v15\RH.DLL (file missing)
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\System32\appwiy.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\jbbocabc.dll
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ffhefcha.dll
A tego nie jestem pewien:
O20 – Winlogon Notify: msctl32.dll – C:\WINDOWS\System32\msctl32.dll
Dalej robiesz tak:
Bobi:
Otwierasz notatnikem plik hosts z C:\WINDOWS\system32\drivers\etc
Ctrl+H, Znajdź: 127.0.0.5, Zamień: 127.0.0.1, Zamień wszystko, Ctrl+S i Alt+F4.
Strona 1 / 1