Luis456
6 Sierpień 2007 08:15
#1
Zauwazyłem ze juz pewien czas mam jakies dziwne lagi w grze oraz duzo programow szpiegujacych a takze czasem hakerskich nie wiem jak sie tego pozbyc i zwalczyc te problemy uzywam kasperskiego ale czy pomoze.
A tu dodaje logi.
Logfile of HijackThis v1.99.1 Scan saved at 10:12:32, on 2007-08-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.016\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{9861C5BF-2BBC-41B1-A8B2-584B85A79975}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
Monczkin
6 Sierpień 2007 08:23
#2
sdar
6 Sierpień 2007 08:23
#3
Proszę zastosować się do zaleceń zawartych w TYM temacie. W przeciwnym wypadku temat zostanie usunięty.
adam9870
6 Sierpień 2007 09:00
#4
Czy sam instalowałeś AskTBar? Jeśli nie to folder zaznaczony na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy HijackThis.
Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.
Pobierz program HoverIP Traceroute po zaznaczeniu opcji Perform reverse lookup sprawdź czy na którymś etapie występują tzw. lagi.
Od jak dawna zauważyłeś lagowanie?
Przeskanuj system skanerem on-line dostępnym na stronie http://www.ewido.net/de/onlinescan/ i wklej tu raport ze skanowania.
Drobna kosmetyka:
Panel sterowania => Java Plug-in => Update => odznacz opcję Check for updates automatically.
Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.
W opcjach komunikatorów możesz wyłączyć uruchamianie przy starcie systemu jeśli nie jest są potrzebne.
Start => programy => autostart => kasacja z prawokliku.
Jeśli nie używasz Messenger’a to go usuń: start => uruchom => wpisz polecenie:
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
Luis456
6 Sierpień 2007 10:33
#5
z drobna kosmetyka zrobilem to co pisales ale nie wiem jak usunac ten program z dysku w trybie awaryjnym.A i jeszcze nie wiem w tym HoverIP jak sprawdzic te lagi dalem tak:Traceroute=>Perform Reverse Lookup=>start
i wyskoczyl mi moj adres ip i jakies 0 min i cos DONE! a i ttl 128 nie wiem czy to dobrze.
a tu daje skan:
adam9870
6 Sierpień 2007 10:44
#6
Uruchom system w trybie awaryjnym
Przejdź do katalogu Program Files znajdującego się bezpośrednio na partycji C.
Kliknij prawym klawiszem myszki na folder AskTBar, wybierz opcję Usuń i potwierdź usunięcie.
By uruchomić system w trybie awaryjnym należy wcisnąć klawisz F5 bądź F8 gdy komputer będzie wyłączony, włączyć komputer, gdy pojawi się ekran wyboru systemu puścić wciśnięty wcześniej klawisz i za pomocą strzałek na klawiaturze wybrać pozycję Tryb awaryjny i wcisnąć klawisz Enter.
Zrobiłeś dobrze, teraz tylko wykonaj screena, umieść go w serwisie typu fotosik.pl i tu zlinkuj do niego bądź wstaw go w postaci miniaturki.
Jeśli będziesz miał jakieś problemy z wykonaniem screena, zapoznaj się z tym tematem:
http://forum.dobreprogramy.pl/viewtopic.php?t=46412
Luis456:
a tu daje skan
Ewido znalazł jedynie całkowicie niegroźne ciasteczka. Możesz je usunąć jednak po tym będziesz musiał ustawiać ponownie takie rzeczy jak autologowanie na forach internetowych etc.
Luis456
6 Sierpień 2007 11:39
#7
wszystko zrobione teraz daje link do screena.Mam jeszcze pytanko czy kaspersky bedzie dobrze chronil moj komputer i go nie zamulal czy raczej zmienic go na cos innego.
http://www.fotosik.pl/pokaz_obrazek/6bf … 3cf61.html
adam9870
6 Sierpień 2007 12:24
#8
adam9870
6 Sierpień 2007 15:32
#10
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Po wykonaniu wklej nowy log z Silenta.
Luis456
6 Sierpień 2007 17:34
#11
Ok zrobiłem tylko przy zapisywaniu tego z notatnika przy potwierdzaniu cos mi wyskakiwalo to nie wiem czy tak miało byc.
Log:
“Silent Runners.vbs”, revision R51, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “LogitechVideoTray” = “C:\Program Files\Logitech\Video\LogiTray.exe” [“Labtec Inc.”] “LogitechVideoRepair” = “C:\Program Files\Logitech\Video\ISStart.exe” [“Labtec Inc.”] “AVP” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] {9CB65201-89C4-402c-BA80-02D8C59F9B1D}(Default) = “Ask Search Assistant BHO” -> {HKLM…CLSID} = “Ask Search Assistant BHO” \InProcServer32(Default) = “C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL” [file not found] {FE063DB1-4EC0-403e-8DD8-394C54984B2C}(Default) = “Ask Toolbar BHO” -> {HKLM…CLSID} = “Ask Toolbar BHO” \InProcServer32(Default) = “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Statystyki ochrony WWW” -> {HKLM…CLSID} = “Statystyki ochrony WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Labtec Pictures” -> {HKLM…CLSID} = “My Labtec Pictures” \InProcServer32(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll” [“Labtec Inc.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] “{FE063DB9-4EC0-403E-8DD8-394C54984B2C}” -> {HKLM…CLSID} = “Ask Toolbar” \InProcServer32(Default) = “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] “{FE063DB9-4EC0-403E-8DD8-394C54984B2C}” = (no title provided) -> {HKLM…CLSID} = “Ask Toolbar” \InProcServer32(Default) = “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” [file not found] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}(Default) = “Ask PopSwatter” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Statystyki ochrony WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Statystyki ochrony WWW” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{9CB65206-89C4-402c-BA80-02D8C59F9B1D}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL” [file not found] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “Tabs” = “C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar\tabwelcome.html” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- (launch time: 2007-08-06 19:30:58) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 68 seconds, including 8 seconds for message boxes)
adam9870
6 Sierpień 2007 18:29
#12
Wszystkie wpisy, które uwzględniłem do usunięcia w podanym wcześniej pliku FIX.BAT istnieją nadal, więc czeka Cię ręczna edycja rejestru.
Start -> uruchom -> wpisz regedit i kliknij OK -> przejdź do klucza:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
i skasuj klucz {9CB65201-89C4-402c-BA80-02D8C59F9B1D} oraz {FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Przejdź do klucza:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
i skasuj wartość {FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Przejdź do klucza:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
i skasuj wartość {FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Przejdź do klucza:
HKLM\Software\Classes\CLSID
i skasuj klucz {72FE8681-0BFA-471B-9B2A-B37ED68DD09E}
Na koniec przejdź do klucza:
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
i skasuj wartość {9CB65206-89C4-402c-BA80-02D8C59F9B1D}
-> zamknij Edytor rejestru i uruchom komputer ponownie.
HKLM - HKEY_LOCAL_MACHINE
HKCU - HKEY_CURRENT_USER
Po wykonaniu wklej nowy log z Silenta.
Luis456
7 Sierpień 2007 08:19
#13
Nistety chyba nie ma albo nie moge znalesc tych kluczy wedytorze sa tam tylko HKEY wchodzac w nie nie ma HKCU i HKLM i nie wiem czy nie ma ich tam wogole czy trzeba inaczej szukac.
jessica
7 Sierpień 2007 08:43
#14
Nie wierzę, by nie było tych kluczy!
@Adam9870 w swoim poście podał Ci na dole postu pełne nazwy tych “Key”.
np.: rozwiń ten klucz, klikająć w (+):
(+)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
>>zaznacz: {9CB65201-89C4-402c-BA80-02D8C59F9B1D}>>prawoklik>>usuń
I podobnie postępujesz z innymi podanymi przez @Adam9870 .
Jeśli jakiejś wartości nie ma, to popatrz w prawe okienko.
.
Luis456
7 Sierpień 2007 09:03
#15
Dobra zrobiłem tak jak pisałes a ten plik zapisany z notatnika ten FIX moge usunac czy go zostawic?
Log:
“Silent Runners.vbs”, revision R51, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “LogitechVideoTray” = “C:\Program Files\Logitech\Video\LogiTray.exe” [“Labtec Inc.”] “LogitechVideoRepair” = “C:\Program Files\Logitech\Video\ISStart.exe” [“Labtec Inc.”] “AVP” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Statystyki ochrony WWW” -> {HKLM…CLSID} = “Statystyki ochrony WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Labtec Pictures” -> {HKLM…CLSID} = “My Labtec Pictures” \InProcServer32(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll” [“Labtec Inc.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt Class” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“COWON America”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] “{FE063DB9-4EC0-403E-8DD8-394C54984B2C}” -> {HKLM…CLSID} = “Ask Toolbar” \InProcServer32(Default) = “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MEGAUPLOAD”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Statystyki ochrony WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Statystyki ochrony WWW” Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “Tabs” = “C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar\tabwelcome.html” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- (launch time: 2007-08-07 10:59:35) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 61 seconds, including 6 seconds for message boxes)
jessica
7 Sierpień 2007 09:13
#16
Zostało jeszcze to:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
i w okienku po prawej usuń wartość {FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Ten plik Notatnika możesz usunąć - jest już niepotrzebny.
.
Luis456
7 Sierpień 2007 12:59
#17
wszystko zrobione mam nadzieje ze teraz bedzie lepiej i mam jeszcze pytanko czy zostac przy kasperskim czy moze go zmienic?
jessica
7 Sierpień 2007 13:06
#18
Nie widzę potrzeby zmieniania na inny Antivirus.
.
http://forum.dobreprogramy.pl/viewtopic.php?t=46412