Natrętyny Backdoor , komp się resetuje

Bardock · 20 Kwiecień 2007 11:53

Mam problem taki jak w temacie.Co bym nie kliknął (mam do wyboru usuń etc.) to PeCe po chwili się resetuje.Jak się pozbyć tego świństwa?Mam Av G Data.

Joan · 20 Kwiecień 2007 11:53

zobacz > http://www.error.xp.pl/

Bardock · 20 Kwiecień 2007 12:01

Ja mam inaczej z tym wirkiem.podczas uruchamiania pc wyskakuje mi taki komunikat i jak klikne np. usun to za 3 sekundy reset http://www.fotosik.pl/pokaz_obrazek/pel … 19765.html

Joan · 20 Kwiecień 2007 12:26

A może logi z Hijacka i SilentRunners wkleisz? :roll:

Bardock · 20 Kwiecień 2007 12:55

HJT

Logfile of HijackThis v1.99.1 Scan saved at 14:45:46, on 2007-04-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Ad Muncher\AdMunch.exe E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\Snikers_4.1_Setup.exe E:\Program Files\Gadu-Gadu\gg.exe E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\cfosspeed.exe E:\Program Files\D-Link AirPlus\AIRPLUS.EXE E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe E:\Program Files\cFosSpeed\spd.exe E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\K-Meleon\k-meleon.exe E:\Documents and Settings\Bartek SZEF\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [1qaw3edr5] E:\WINDOWS\system32\Snikers_4.1_Setup.exe O4 - HKLM…\Run: [upchviib] E:\fbsundvl.bat O4 - HKLM…\Run: [kwjjkyqo] E:\dbrtyvcn.bat O4 - HKLM…\Run: [Ad Muncher] “E:\Program Files\Ad Muncher\AdMunch.exe” /bt O4 - HKLM…\Run: [AVKTray] “E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe” O4 - HKCU…\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [1qaw3edr5] E:\WINDOWS\system32\Snikers_4.1_Setup.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: cfosspeed.exe O4 - Global Startup: D-Link AirPlus.lnk = E:\Program Files\D-Link AirPlus\AIRPLUS.EXE O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_frame O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_image O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b … nu_ie_link O8 - Extra context menu item: Don’t filter page with Ad Muncher - http://www.admuncher.com/request_will_b … ie_exclude O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b … _ie_report O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{8EFD6B86-DDD6-44E9-B38D-D0AA4CC94173}: NameServer = 194.204.152.34,194.204.159.1 O20 - Winlogon Notify: WRNotifier - E:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVKProxy - G DATA Software AG - E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

SR

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “E:\WINDOWS\system32\ctfmon.exe” [MS] “1qaw3edr5” = “E:\WINDOWS\system32\Snikers_4.1_Setup.exe” [null data] “Gadu-Gadu” = ““E:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “1qaw3edr5” = “E:\WINDOWS\system32\Snikers_4.1_Setup.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “1qaw3edr5” = “E:\WINDOWS\system32\Snikers_4.1_Setup.exe” [null data] “upchviib” = “E:\fbsundvl.bat” [null data] “kwjjkyqo” = “E:\dbrtyvcn.bat” [null data] “Ad Muncher” = ““E:\Program Files\Ad Muncher\AdMunch.exe” /bt” [null data] “AVKTray” = ““E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe”” [“G DATA Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch” -> {HKLM…CLSID} = “FGCatchUrl” \InProcServer32(Default) = “E:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashGet GetFlash Class” \InProcServer32(Default) = “E:\Program Files\FlashGet\getflash.dll” [“www.flashget.com”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “E:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}” = “Wyślij na Fotosik.pl” -> {HKLM…CLSID} = “Wyślij na Fotosik.pl” \InProcServer32(Default) = “E:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL” [null data] “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” = “AQQ File Transfer Shell Extension” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL” [file not found] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AQQFileTransfer(Default) = “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL” [file not found] AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “E:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] {D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}(Default) = “{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}” -> {HKLM…CLSID} = “Wyślij na Fotosik.pl” \InProcServer32(Default) = “E:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “E:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll” [empty string] SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] Default executables: -------------------- HKLM\Software\Classes.bat(Default) = (value not set) HKLM\Software\Classes.com(Default) = (value not set) HKLM\Software\Classes.pif(Default) = (value not set) HKLM\Software\Classes.scr(Default) = (value not set) <> HKLM\Software\Classes\scrfile\shell\open\command(Default) = “”%1" %*" [file not found] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “E:\Documents and Settings\Bartek SZEF\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “E:\WINDOWS\system32\logon.scr” [MS] Startup items in “Bartek SZEF” & “All Users” startup folders: ------------------------------------------------------------- E:\Documents and Settings\All Users\Menu Start\Programy\Autostart <> “cfosspeed.exe” [“cFos Software GmbH”] “D-Link AirPlus” -> shortcut to: “E:\Program Files\D-Link AirPlus\AIRPLUS.EXE” [“D-Link”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{44226DFF-747E-4EDC-B30C-78752E50CD0C}(Default) = “&ATI TV” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “E:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL” [“ATI Technologies Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {44226DFF-747E-4EDC-B30C-78752E50CD0C}\ “ButtonText” = “ATI TV” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “E:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “E:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVK Service, AVKService, “E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe” [“G DATA Software AG”] AVKProxy, AVKProxy, ““E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe”” [“G DATA Software AG”] cFosSpeed System Service, cFosSpeedS, ““E:\Program Files\cFosSpeed\spd.exe” -service” [“cFos Software GmbH”] Strażnik AVK, AVKWCtl, “E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe” [empty string] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ““E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe”” [“Webroot Software, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 272 seconds, including 9 seconds for message boxes)

adam9870 · 20 Kwiecień 2007 16:08

Ściągnij program KillBox, zaznacz Delete on reboot , w polu full path of file wklej ścieżki:

E:\WINDOWS\system32\Snikers_4.1_Setup.exe

E:\fbsundvl.bat

E:\dbrtyvcn.bat

Po wklejeniu każdej ścieżki z osobna kliknij na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgódź się na restart.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT jeśli będą.

Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.

Zobacz - Naprawianie uszkodzonych rozszerzeń oraz ewentualnie Program: System Repair Engineer (SREng).

Po wykonaniu wklej nowe logi.

Bardock · 20 Kwiecień 2007 21:13

http://wklej.org/id/07559bcac0

http://wklej.org/id/fdb4d925d0

Gutek · 20 Kwiecień 2007 21:56

jeszcze raz przeczytaj

odznacz w msconfig

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Bardock · 20 Kwiecień 2007 22:02

Dobrze , a co dokładniej mam się dowiedzieć?

Gutek · 20 Kwiecień 2007 22:09

poczytaj o UnHookExec.inf

Bardock · 21 Kwiecień 2007 06:34

1.Poczytałem

2.w msconfig nie ma takiego wpisu

3.Jak się czyści rejestr?(nie chcę niczego popsuć)

4.Sorry za brak wiedzy w tych tematach.

adam9870 · 21 Kwiecień 2007 09:36

ad. 1

W takim razie zastosuj program System Repair Engineer (SREng).

ad. 2

Wykonaj nowy log w HijackThis i sprawdź czy widnieje w nim ten wpis, a jeśli tak to go usuń poprzez HJT.

ad. 3

Proszę, instrukcja czyszczenia rejestru w programie jv16 PowerTools:

http://forum.dobreprogramy.pl/viewtopic … 108#427108

Bardock · 21 Kwiecień 2007 10:21

Logfile of HijackThis v1.99.1

Scan saved at 12:14:31, on 2007-04-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Ad Muncher\AdMunch.exe

E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Gadu-Gadu\gg.exe

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\cfosspeed.exe

E:\Program Files\D-Link AirPlus\AIRPLUS.EXE

E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe

E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe

E:\Program Files\cFosSpeed\spd.exe

E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\Bartek SZEF\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [Ad Muncher] "E:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [AVKTray] "E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: cfosspeed.exe

O4 - Global Startup: D-Link AirPlus.lnk = E:\Program Files\D-Link AirPlus\AIRPLUS.EXE

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=803448E9&id=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=803448E9&id=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=803448E9&id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=803448E9&id=menu_ie_exclude

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=803448E9&id=menu_ie_report

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8EFD6B86-DDD6-44E9-B38D-D0AA4CC94173}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: WRNotifier - E:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVKProxy - G DATA Software AG - E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Ad Muncher" = ""E:\Program Files\Ad Muncher\AdMunch.exe" /bt" [null data]

"AVKTray" = ""E:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe"" ["G DATA Software"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

  -> {HKLM...CLSID} = "FGCatchUrl"

                   \InProcServer32\(Default) = "E:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FlashGet GetFlash Class"

                   \InProcServer32\(Default) = "E:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}" = "Wyślij na Fotosik.pl"

  -> {HKLM...CLSID} = "Wyślij na Fotosik.pl"

                   \InProcServer32\(Default) = "E:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]

"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "E:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [file not found]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "E:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [file not found]

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {HKLM...CLSID} = "AVK9ContextMenue"

                   \InProcServer32\(Default) = "E:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}\(Default) = "{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}"

  -> {HKLM...CLSID} = "Wyślij na Fotosik.pl"

                   \InProcServer32\(Default) = "E:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {HKLM...CLSID} = "AVK9ContextMenue"

                   \InProcServer32\(Default) = "E:\Program Files\G DATA\AntiVirus 2007\AVK\ShellExt.dll" [empty string]

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "E:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]



Default executables:

--------------------


HKLM\Software\Classes\.bat\(Default) = (value not set)


HKLM\Software\Classes\.com\(Default) = (value not set)


HKLM\Software\Classes\.pif\(Default) = (value not set)


HKLM\Software\Classes\.scr\(Default) = (value not set)

<> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "E:\Documents and Settings\Bartek SZEF\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "E:\WINDOWS\system32\logon.scr" [MS]



Startup items in "Bartek SZEF" & "All Users" startup folders:

-------------------------------------------------------------


E:\Documents and Settings\All Users\Menu Start\Programy\Autostart

<> "cfosspeed.exe" ["cFos Software GmbH"]

"D-Link AirPlus" -> shortcut to: "E:\Program Files\D-Link AirPlus\AIRPLUS.EXE" ["D-Link"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{44226DFF-747E-4EDC-B30C-78752E50CD0C}\(Default) = "&ATI TV"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "E:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL" ["ATI Technologies Inc."]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]


{44226DFF-747E-4EDC-B30C-78752E50CD0C}\

"ButtonText" = "ATI TV"


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "E:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVK Service, AVKService, "E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe" ["G DATA Software AG"]

AVKProxy, AVKProxy, ""E:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"]

cFosSpeed System Service, cFosSpeedS, ""E:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]

Strażnik AVK, AVKWCtl, "E:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe" [empty string]

Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 158 seconds, including 5 seconds for message boxes)

OK , co mam kliknąć w tym programie?

qrczak13 · 21 Kwiecień 2007 18:09

Ściągnij i wypakuj UnHookExec.inf. Po wypakowaniu prawym na to co się wypakowało i instaluj. Nic się nie pokaże bo to nie jest żadna instalacja.

Kosmetyka:

Jeśli nie korzystasz z zaawansowanych usług tekstowych to je wyłącz:

Start > panel sterowania > opcje regionalne > języki > szczegóły > zaawansowane > zaptasz wyłącz zaawansowane usługi tekstowe.

Jeżeli nie musi startować z systemem to odptasz w komunikatorze uruchamianie przy starcie.

Jak nie używasz Messenger’a to możesz go usunąć > start > uruchom > wpisz polecenie >

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Naciskasz to co jest w czarnym kwadracie > reszta wg instrukcji.

Bardock · 21 Kwiecień 2007 18:36

1.Nie chodzilo mi o UnHookExec.inf tylko o System Repair Engineer…

2.Co to jest ,zaawansowane usługi tekstowe’’?

3.Chcę żeby GG startowało z systemem.

4.Dać nowe logi?

qrczak13 · 21 Kwiecień 2007 18:47

Działanie podobne, poczytaj tu, drugi screen.

http://www.searchengines.pl/phpbb203/lofiversion/index.php/t87545.html

http://support.microsoft.com/kb/282599/pl

http://support.microsoft.com/kb/306993/pl

To nie odznaczaj.
Nie trzeba, te są ok.

Bardock · 21 Kwiecień 2007 18:54

Zrobiłem to czyszczenie rejestru , ale program wyświetla komunikat ,Pracuję , chwileczkę’’ który dochodzi do końca i zatrzymuje się w miejscu.Co jest grane?Jest tak od kilku minut.

EDIT: zeskanowałem 2 raz i już wszystko gra.Tym samym wykonałem wszystkie operacje.Co dalej?

qrczak13 · 21 Kwiecień 2007 19:22

Logi są ok. Czy jeszcze coś się dzieje?

Bardock · 21 Kwiecień 2007 19:29

Nie ma w trayu ikony połączenia internetowego i czasem podczas włączania systemu wyskakuje (przed pokazaniem się okna ZAPRASZAMY) jakieś małe okienko i chińskie znaki (tak z 5) i trzeba kliknąć OK.Nie mogę też usunąć tego wira , najwyżej co to dać do kwarantanny.