Spy ware => nieumiem nic zrobić.
Witam.
Mam problem z Spy Ware.
Otuź prubowałem zrobić Fix przez HiJackjThis, bez skutku (poniźej zamieszczam log) jak i Spy Bot: S&D
takźe anty wirus i CWSharder (?) teź bez skutku, wyłanczałem z autostartu, usuwałem dane pliki z Systemu awaryjnengo, teź bez skutku, i usuwałem plik z SpyWare tz. programu PS GUARD.
Zawsze jak usune mam spokuj, ale samo się przywraca ( :/ ) Zmienione mam strone główną, i popupy się pokazują, a takźe tapeta :/
Logfile of HijackThis v1.99.1
Scan saved at 14:24:21, on 2005–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\popuper.exe
F:\gamma\gamma.exe
D:\WINDOWS\System32\intmonp.exe
D:\WINDOWS\System32\intmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Łukasz\Moje dokumenty\Downloads\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
F2 – REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – D:\WINDOWS\System32\hpF7E9.tmp
O4 – HKLM\..\Run: [PSGuard] D:\Program Files\PSGuard\PSGuard.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 – Winlogon Notify: style32 – D:\WINDOWS\q611248_disk.dll (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
i po fixie
Logfile of HijackThis v1.99.1
Scan saved at 14:25:08, on 2005–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\popuper.exe
F:\gamma\gamma.exe
D:\WINDOWS\System32\intmonp.exe
D:\WINDOWS\System32\intmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Łukasz\Moje dokumenty\Downloads\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
O2 – BHO: (no name) – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – D:\WINDOWS\System32\hpF7E9.tmp
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
Mam problem z Spy Ware.
Otuź prubowałem zrobić Fix przez HiJackjThis, bez skutku (poniźej zamieszczam log) jak i Spy Bot: S&D
takźe anty wirus i CWSharder (?) teź bez skutku, wyłanczałem z autostartu, usuwałem dane pliki z Systemu awaryjnengo, teź bez skutku, i usuwałem plik z SpyWare tz. programu PS GUARD.
Zawsze jak usune mam spokuj, ale samo się przywraca ( :/ ) Zmienione mam strone główną, i popupy się pokazują, a takźe tapeta :/
Logfile of HijackThis v1.99.1
Scan saved at 14:24:21, on 2005–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\popuper.exe
F:\gamma\gamma.exe
D:\WINDOWS\System32\intmonp.exe
D:\WINDOWS\System32\intmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Łukasz\Moje dokumenty\Downloads\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
F2 – REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – D:\WINDOWS\System32\hpF7E9.tmp
O4 – HKLM\..\Run: [PSGuard] D:\Program Files\PSGuard\PSGuard.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [zSPGuard] d:\program files\pjw\spguard\spguard.exe /s /r
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 – Winlogon Notify: style32 – D:\WINDOWS\q611248_disk.dll (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
i po fixie
Logfile of HijackThis v1.99.1
Scan saved at 14:25:08, on 2005–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\popuper.exe
F:\gamma\gamma.exe
D:\WINDOWS\System32\intmonp.exe
D:\WINDOWS\System32\intmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Łukasz\Moje dokumenty\Downloads\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
O2 – BHO: (no name) – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – D:\WINDOWS\System32\hpF7E9.tmp
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 5
Wielkie Dzięki.
Juź wszystko ok.
Jeszcze raz dziękuje !
Juź wszystko ok.
Jeszcze raz dziękuje !
Silent pokazał to co miał pokazać + ukrytego Stydlera.
– Otwórz notatnik i wklej do niego:
– Zapisujez to z rozszerzeniem reg i dodajesz do rejestru.
– Sciągasz sobie program Killbox i w pole wklejasz: D:\WINDOWS\q163895_disk.dll i kaźesz usuwać po resecie systemu.
P.S. Nim teź moźesz sobie pomóc przy usuwaniu innych plików z dysku.
– Przywracanie oczywiscie wyłączone.
– Otwórz notatnik i wklej do niego:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"notepad.exe"=–
"paint.exe"=–
"winlogon.exe"=–
"notepad2.exe"=–
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSGuard"=–
[–HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B212D577–05B7–4963–911E–4A8588160DFA}]
[–HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B212D577–05B7–4963–911E–4A8588160DFA}"=–
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[–HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2]
[–HKEY_CLASSES_ROOT\CLSID\{B212D577–05B7–4963–911E–4A8588160DFA}
– Zapisujez to z rozszerzeniem reg i dodajesz do rejestru.
– Sciągasz sobie program Killbox i w pole wklejasz: D:\WINDOWS\q163895_disk.dll i kaźesz usuwać po resecie systemu.
P.S. Nim teź moźesz sobie pomóc przy usuwaniu innych plików z dysku.
– Przywracanie oczywiscie wyłączone.
aaaaaaaaaaaaa...
i najwaźnejsze.
log z tego programu w .vbs :)
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"notepad.exe" = "msmsgs.exe" [null data]
"paint.exe" = "shnlog.exe" [null data]
"winlogon.exe" = "msole32.exe" [null data]
"notepad2.exe" = "popuper.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PSGuard" = "D:\Program Files\PSGuard\PSGuard.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B212D577–05B7–4963–911E–4A8588160DFA}\(Default) = "D:\WINDOWS\q163895_disk.dll" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\q163895_disk.dll" [null data]
{FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA}\(Default) = "HP Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hpD31F.tmp" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{B212D577–05B7–4963–911E–4A8588160DFA}" = "style 2"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\q163895_disk.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "Explorer.exe, msmsgs.exe" [MS], [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! style32\DLLName = "D:\WINDOWS\q163895_disk.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "Łukasz" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\Łukasz\Menu Start\Programy\Autostart
"Skrót do gamma" –> shortcut to: "F:\gamma\gamma.exe" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 94 seconds, including 11 seconds for message boxes)
i najwaźnejsze.
log z tego programu w .vbs :)
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"notepad.exe" = "msmsgs.exe" [null data]
"paint.exe" = "shnlog.exe" [null data]
"winlogon.exe" = "msole32.exe" [null data]
"notepad2.exe" = "popuper.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PSGuard" = "D:\Program Files\PSGuard\PSGuard.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B212D577–05B7–4963–911E–4A8588160DFA}\(Default) = "D:\WINDOWS\q163895_disk.dll" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\q163895_disk.dll" [null data]
{FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA}\(Default) = "HP Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hpD31F.tmp" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{B212D577–05B7–4963–911E–4A8588160DFA}" = "style 2"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\q163895_disk.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "Explorer.exe, msmsgs.exe" [MS], [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! style32\DLLName = "D:\WINDOWS\q163895_disk.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "Łukasz" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\Łukasz\Menu Start\Programy\Autostart
"Skrót do gamma" –> shortcut to: "F:\gamma\gamma.exe" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 94 seconds, including 11 seconds for message boxes)
Przepraszam źe nieodpowiadałem.
Niestety bez skutku :/
Podczas uruchamiania sie systemu często spotykam wlanczajace, i wylaczajace sie odrazu procesy jakieś o rozszerzeniu .so lub .sh .
Podejrzewam źe to one przywracaja pliki, a nie podany plik poprzednika.
Pliki które siedza caly czas w procesach byly usuwane.
gamma.exe spoko prgram, i sam instalowalem :P
Proszę jeszcze raz o pomoc.
To jest spyware doskonałe :>
Niestety bez skutku :/
Podczas uruchamiania sie systemu często spotykam wlanczajace, i wylaczajace sie odrazu procesy jakieś o rozszerzeniu .so lub .sh .
Podejrzewam źe to one przywracaja pliki, a nie podany plik poprzednika.
Pliki które siedza caly czas w procesach byly usuwane.
gamma.exe spoko prgram, i sam instalowalem :P
Proszę jeszcze raz o pomoc.
To jest spyware doskonałe :>
Nic dziewnego, badziew siedzi uruchomiony w procesach:
shnlog.exe
popuper.exe
intmonp.exe
intmon.exe
W logu oprócz powracajacych stron startowych i wyszukiwarek masz jeszcze prawdopodobnego regeneratora:
D:\WINDOWS\System32\hpF7E9.tmp
gamma.exe – sam instalowałeś ? Niby program do sterowania jasnością obrazu etc.
Usuń to wszystko z dysku i pokaz jeszcze log z Silent Runners
shnlog.exe
popuper.exe
intmonp.exe
intmon.exe
W logu oprócz powracajacych stron startowych i wyszukiwarek masz jeszcze prawdopodobnego regeneratora:
D:\WINDOWS\System32\hpF7E9.tmp
gamma.exe – sam instalowałeś ? Niby program do sterowania jasnością obrazu etc.
Usuń to wszystko z dysku i pokaz jeszcze log z Silent Runners
Strona 1 / 1