oniek
23 Styczeń 2007 15:13
#1
Skanjue mksem i znajduje “Trojan.Dowloader.Agent.bet” ktory utworzyl mase plikow w roznych katalogach typu “fsadga.t” antyvir usuwa wszystkie ale po restarcie jest to samo. Nod32 znajduje inne wirusy, ale problemu nie rozwiązuje. Prosze o pomoc…
Logfile of HijackThis v1.99.1 Scan saved at 16:03:44, on 2007-01-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ComArch\ComarchSmartCard\CardServer.exe C:\program files\Interbase\bin\ibguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Aladdin\NetHASP LM\NHSRVW32.EXE C:\WINDOWS\system32\PDFSaver.exe C:\program files\Interbase\bin\ibserver.exe C:\Program Files\ESET\nod32.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\ESET\nod32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\user\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetaksiegowego.infor.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Startup: RaiffeisenSerwer.lnk = Mccrbpl\MCCWIN\PRG\ZBASE32.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NetHASP License Manager.lnk = C:\Program Files\Aladdin\NetHASP LM\NHSRVW32.EXE O4 - Global Startup: Symfonia® PDF.lnk = C:\WINDOWS\system32\PDFSaver.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Casa 3rdPty - jHelp - http://europe.citidirect-eb.citicorp.co … sahelp.cab O16 - DPF: Casa 3rdPty - Misc - http://europe.citidirect-eb.citicorp.co … hrdpty.cab O16 - DPF: Casa 3rdPty - Swing 1 - http://citidirect-eb.citicorp.com :/cabs/casaswing1.cab O16 - DPF: Casa 3rdPty - Swing 2 - http://citidirect-eb.citicorp.com :/cabs/casaswing2.cab O16 - DPF: Casa Access Profile - http://citidirect-eb.citicorp.com/cabs/ … fmaint.cab O16 - DPF: Casa Audit - http://citidirect-eb.citicorp.com/cabs/casaaudit.cab O16 - DPF: Casa AWT - http://citidirect-eb.citicorp.com/cabs/casaawt.cab O16 - DPF: Casa Broadcast - http://citidirect-eb.citicorp.com/cabs/casabrdcast.cab O16 - DPF: Casa BTR - http://citidirect-eb.citicorp.com/cabs/casabtr.cab O16 - DPF: Casa Cab Verifier - http://citidirect-eb.citicorp.com/cabs/ … rifier.cab O16 - DPF: Casa Code Pages - http://europe.citidirect-eb.citicorp.co … depage.cab O16 - DPF: Casa Default - http://citidirect-eb.citicorp.com/cabs/casadefault.cab O16 - DPF: Casa File Delivery - http://citidirect-eb.citicorp.com/cabs/ … livery.cab O16 - DPF: Casa Flow Maint - http://europe.citidirect-eb.citicorp.co … wmaint.cab O16 - DPF: Casa Framework - http://europe.citidirect-eb.citicorp.co … mework.cab O16 - DPF: Casa Framework Validators - http://europe.citidirect-eb.citicorp.co … dators.cab O16 - DPF: Casa IBM XML Parser - http://citidirect-eb.citicorp.com :/cabs/casaxml.cab O16 - DPF: Casa Images - http://europe.citidirect-eb.citicorp.co … images.cab O16 - DPF: Casa Infrastructure - http://europe.citidirect-eb.citicorp.co … sainfr.cab O16 - DPF: Casa Language pl_PL - http://europe.citidirect-eb.citicorp.co … _pl_pl.cab O16 - DPF: Casa Libraries - http://europe.citidirect-eb.citicorp.co … salibs.cab O16 - DPF: Casa List Manager - http://europe.citidirect-eb.citicorp.co … istmgr.cab O16 - DPF: Casa Misc - http://europe.citidirect-eb.citicorp.co … samisc.cab O16 - DPF: Casa Payments Banamex - http://europe.citidirect-eb.citicorp.co … anamex.cab O16 - DPF: Casa Payments Common - http://europe.citidirect-eb.citicorp.co … tscomm.cab O16 - DPF: Casa Payments Detail - http://europe.citidirect-eb.citicorp.co … mtsdtl.cab O16 - DPF: Casa Payments Libraries - http://europe.citidirect-eb.citicorp.co … tslibs.cab O16 - DPF: Casa Payments Misc - http://europe.citidirect-eb.citicorp.co … tsmisc.cab O16 - DPF: Casa Pref Mgr - http://europe.citidirect-eb.citicorp.co … refmgr.cab O16 - DPF: Casa Report - http://europe.citidirect-eb.citicorp.co … report.cab O16 - DPF: Casa User Maint - http://europe.citidirect-eb.citicorp.co … rmaint.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} (SignActivX Control) - https://www.pekaobiznes24.pl/static/com … ActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx.com.pl O17 - HKLM\Software…\Telephony: DomainName = xxx.com.pl O17 - HKLM\System\CCS\Services\Tcpip…{9B3A6700-7503-4FB7-8F63-4CE9912AF318}: NameServer = 192.168.1.4,194.204.163.242 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx.com.pl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxx.com.pl O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: ComarchCardServer - Unknown owner - C:\Program Files\ComArch\ComarchSmartCard\CardServer.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\program files\Interbase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\program files\Interbase\bin\ibserver.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
adam9870
23 Styczeń 2007 16:04
#2
Sam zamaskowałeś domeny w logu? Jeśli tak to wszystko jest OK.
Masz dwa programy antyvirusowe - MKS’a oraz NOD’a. Proponuję jednego usunąć.
Pozamykaj porty robakom. W tym celu użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Pobierz program AVG Anti-Spyware SilentRunners
oniek
23 Styczeń 2007 18:59
#3
Tak, domene zamaskowowalem.
Dwa anty wiry dlatego ze mks sobie nie radzil.
Rano zastosuje sie do Twoich wskazowek i przesle info…
Problemem dla mnie jest tylko to, ze szkodniki “rozsialy” sie po dyskach sieciowyc. ale to juz problem na odzielny wątek. mam nadzieje ze doprowadze to jakoś do ładu. Dzieki za pomoc, rano przesle raporcik.
Złączono Posty : 24.01.2007 (Sro) 9:39
Wiec zrobilem tak jak mowiles i o to wynik:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{BD88A479-9623-4897-8546-BC62B9628F44}” = “SPTHandler” -> {HKLM…CLSID} = “SPTHandler” \InProcServer32(Default) = “C:\Program Files\Spyware Terminator\sptcontmenu.dll” [“Crawler.com ”] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SPTContMenu(Default) = “{BD88A479-9623-4897-8546-BC62B9628F44}” -> {HKLM…CLSID} = “SPTHandler” \InProcServer32(Default) = “C:\Program Files\Spyware Terminator\sptcontmenu.dll” [“Crawler.com ”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\g_michalska\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “g_michalska” & “All Users” startup folders: ------------------------------------------------------------- C:\Documents and Settings\g_michalska\Menu Start\Programy\Autostart “RaiffeisenSerwer” -> shortcut to: “M:\Mccrbpl\MCCWIN\PRG\ZBASE32.EXE” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “NetHASP License Manager” -> shortcut to: “C:\Program Files\Aladdin\NetHASP LM\NHSRVW32.EXE” [“Aladdin Knowledge Systems.”] “Symfonia® PDF” -> shortcut to: “C:\WINDOWS\system32\PDFSaver.exe” [“Tracker Software Products”] Enabled Scheduled Tasks: ------------------------ “MkSUpdate” -> launches: “C:\Program Files\MKS\bin\mks_upd.exe Task” [“MkS Sp. z o. o.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, “C:\Program Files\MKS\Bin\NetMonSV.exe” [“ArcaBit sp. z o.o.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] ComarchCardServer, ComarchCardServer, ““C:\Program Files\ComArch\ComarchSmartCard\CardServer.exe”” [null data] InterBase Guardian, InterBaseGuardian, “C:\program files\Interbase\bin\ibguard.exe” [“Inprise Corporation”] InterBase Server, InterBaseServer, “C:\program files\Interbase\bin\ibserver.exe” [“Inprise Corporation”]
i jak to widzicie?
Joan
24 Styczeń 2007 18:19
#4
Wywal wszystko, co Ewido znalazło.
Otwórz notatnik i wklej w nim to:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
oniek
27 Styczeń 2007 11:54
#5
a do czego służy ten klucz?
adam9870
27 Styczeń 2007 12:18
#6
W BootExecute ustawia się rzeczy egzekwowane przy starcie systemu. Czasami coś tam niepotrzebnego się zrobi i FIX.REG podany przez Joan spowoduje tego naprawienie - przywrócenie domyślnej wartości - autocheck autochk *
