Dodaj do ulubionych

jak usunac Startpage ?

18.08.04, 23:54
witam wszytkich mam mały problem poniewaz usuwałem wirusy i wszytkie sie
udało usunac albo za pomoca mks z onetu albo za pomoca rejestru ale nie umie
usunac startpage .Jesli ktos wie co nalezy zrobic to prosze o pomoc:)
Obserwuj wątek
        • masrerman Re: jak usunac Startpage ? 19.08.04, 11:11
          Logfile of HijackThis v1.97.7
          Scan saved at 11:10:45, on 04-08-19
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\SPOOL32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\SYSTEM\RPCSS.EXE
          C:\WINDOWS\SYSTEM\INTERNAT.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          D:\NOWY FOLDER\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          http://mai1333.mail333.com
          R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
          http://mai1333.mail333.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
          http://www.15666.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          http://www.15666.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          http://www.15666.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          http://www.15666.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          http://find4u.net/index.htm
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
          Settings,ProxyOverride = microweb
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          http://www.15666.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page =
          http://www.15666.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          http://www.15666.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
          http://aifind.info/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no
          file)
          O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
          C:\WINDOWS\SYSTEM\MSXMLPP.DLL
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\SYSTEM\MSDXM.OCX
          O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} -
          C:\WINDOWS\SRCHFST.DLL
          O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM
          FILES\ISTBAR\ISTBAR.DLL (file missing)
          O4 - HKLM\..\Run: [internat.exe] internat.exe
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
          C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
          O4 - HKLM\..\Run: [W1N32] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
          O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
          O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
          Optimizer\optimize.exe"
          O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
          O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
          O4 - HKLM\..\Run: [ebclsd] C:\WINDOWS\ebclsd.exe
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKCU\..\Run: [] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
          O4 - HKLM\..\RunOnce: [W1N32] c:\windows\system32\$WIN32$\WIN32SQL.vbs
          O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office\OSA9.EXE
          O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program
          Files\Windows Media Components\Tools\nsppthlp.exe
          O9 - Extra button: Related (HKLM)
          O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
          O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
          O9 - Extra button: SideFind (HKLM)
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
          http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
          http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup
          1.0.0.8.cab
          O16 - DPF: Yahoo! Checkers -
          http://download.games.yahoo.com/games/clients/y/kt3_x.cab
          O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} -
          http://engine.vogclub.com/activex/vogweb29.cab
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
          http://www.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
          http://megapanel.gem.pl/temp/netp/7732/6388/5217/4500/5_7732638852174500.ocx
          O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) -
          http://searchfst.com/update/searchfast.cab
          O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
          http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.ca
          b
          O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
          http://63.217.29.115/cax.cab
          O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
          http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-
          94901338C922/wmv9VCM.CAB
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          http://www.pandasoftware.es/activescan/as/asinst.cab
          O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
          its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
          O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
          http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
          O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) -
          http://spystream.babenet.com/cabs/videox.cab
          O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
          http://www.thepaymentcentre.com/build/vxiewer.cab
          O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
          http://www.whenusearch.com/WUInstSEWC.cab
          O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
          https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
          O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
          http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38197.7293634259
          O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
          http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
          O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} -
          http://bar.baidu.com/update/IESearch.cab
          O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów
          Onet.pl) - http://slimak.onet.pl/_m/konekt/OnetInstalator010.ocx

                • masrerman Re: jak usunac Startpage ? 19.08.04, 21:46
                  Logfile of HijackThis v1.97.7
                  Scan saved at 21:45:47, on 04-08-19
                  Platform: Windows 98 SE (Win9x 4.10.2222A)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\SYSTEM\KERNEL32.DLL
                  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                  C:\WINDOWS\SYSTEM\SPOOL32.EXE
                  C:\WINDOWS\SYSTEM\MPREXE.EXE
                  C:\WINDOWS\SYSTEM\MSTASK.EXE
                  C:\WINDOWS\SYSTEM\mmtask.tsk
                  C:\WINDOWS\EXPLORER.EXE
                  C:\WINDOWS\SYSTEM\RPCSS.EXE
                  C:\WINDOWS\SYSTEM\INTERNAT.EXE
                  C:\WINDOWS\TASKMON.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\SYSTEM\DDHELP.EXE
                  C:\WINDOWS\SYSTEM\WMIEXE.EXE
                  D:\NOWY FOLDER\HIJACKTHIS.EXE

                  R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  http://mai1333.mail333.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
                  http://mai1333.mail333.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                  http://www.15666.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
                  http://www.15666.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                  http://www.15666.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                  http://www.15666.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                  Settings,ProxyOverride = microweb
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
                  http://www.15666.com
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  http://www.15666.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page =
                  http://www.15666.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  http://www.15666.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                  R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no
                  file)
                  O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
                  C:\WINDOWS\SYSTEM\MSXMLPP.DLL
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
                  Files\Spybot - Search & Destroy\SDHelper.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                  C:\WINDOWS\SYSTEM\MSDXM.OCX
                  O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} -
                  C:\WINDOWS\SRCHFST.DLL
                  O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM
                  FILES\ISTBAR\ISTBAR.DLL (file missing)
                  O4 - HKLM\..\Run: [internat.exe] internat.exe
                  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                  O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                  powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
                  C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                  O4 - HKLM\..\Run: [W1N32] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
                  O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
                  O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
                  Optimizer\optimize.exe"
                  O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
                  O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
                  O4 - HKLM\..\Run: [ebclsd] C:\WINDOWS\ebclsd.exe
                  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                  powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                  O4 - HKCU\..\Run: [] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
                  O4 - HKLM\..\RunOnce: [W1N32] c:\windows\system32\$WIN32$\WIN32SQL.vbs
                  O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                  Office\Office\OSA9.EXE
                  O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program
                  Files\Windows Media Components\Tools\nsppthlp.exe
                  O9 - Extra button: Related (HKLM)
                  O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
                  O9 - Extra button: SideFind (HKLM)
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
                  http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                  O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                  http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
                  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                  http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup
                  1.0.0.8.cab
                  O16 - DPF: Yahoo! Checkers -
                  http://download.games.yahoo.com/games/clients/y/kt3_x.cab
                  O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} -
                  http://engine.vogclub.com/activex/vogweb29.cab
                  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
                  http://www.apple.com/qtactivex/qtplugin.cab
                  O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
                  http://megapanel.gem.pl/temp/netp/7732/6388/5217/4500/5_7732638852174500.ocx
                  O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) -
                  http://searchfst.com/update/searchfast.cab
                  O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                  http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.ca
                  b
                  O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
                  http://63.217.29.115/cax.cab
                  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
                  http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-
                  94901338C922/wmv9VCM.CAB
                  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
                  http://www.pandasoftware.es/activescan/as/asinst.cab
                  O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
                  its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
                  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
                  http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                  O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) -
                  http://spystream.babenet.com/cabs/videox.cab
                  O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
                  http://www.thepaymentcentre.com/build/vxiewer.cab
                  O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
                  http://www.whenusearch.com/WUInstSEWC.cab
                  O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
                  https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
                  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
                  http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38197.7293634259
                  O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
                  http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
                  O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} -
                  http://bar.baidu.com/update/IESearch.cab
                  O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów
                  Onet.pl) - http://slimak.onet.pl/_m/konekt/OnetInstalator010.ocx

                  • Gość: piecyk gazowy Re: jak usunac Startpage ? IP: *.neoplus.adsl.tpnet.pl 19.08.04, 22:00
                    masrerman napisał:

                    > R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
                    www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                    > mai1333.mail333.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
                    > mai1333.mail333.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                    > www.15666.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
                    > www.15666.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                    > www.15666.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                    > www.15666.com
                    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                    > www.15666.com
                    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                    > Settings,ProxyOverride = microweb
                    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
                    > www.15666.com
                    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                    > www.15666.com
                    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page =
                    > www.15666.com
                    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                    > www.15666.com

                    > R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no
                    > file)
                    > O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
                    > C:\WINDOWS\SYSTEM\MSXMLPP.DLL

                    > O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} -
                    > C:\WINDOWS\SRCHFST.DLL
                    > O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM
                    > FILES\ISTBAR\ISTBAR.DLL (file missing)

                    > O4 - HKLM\..\Run: [W1N32] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
                    > O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
                    > O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
                    > Optimizer\optimize.exe"
                    > O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
                    > O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
                    > O4 - HKLM\..\Run: [ebclsd] C:\WINDOWS\ebclsd.exe

                    > O4 - HKCU\..\Run: [] regedit -s c:\windows\system32\$WIN32$\WIN32SQL.cer
                    > O4 - HKLM\..\RunOnce: [W1N32] c:\windows\system32\$WIN32$\WIN32SQL.vbs

                    > O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program
                    > Files\Windows Media Components\Tools\nsppthlp.exe

                    > O9 - Extra button: Related (HKLM)
                    > O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                    > O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
                    > O9 - Extra button: SideFind (HKLM)

                    > O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                    >
                    ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetu
                    > p
                    > 1.0.0.8.cab

                    Tego powyżej nie jestem pewien. Nie wiem co to, kojarzysz coś?

                    > O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} -
                    > engine.vogclub.com/activex/vogweb29.cab

                    Jw.

                    > megapanel.gem.pl/temp/netp/7732/6388/5217/4500/5_7732638852174500.ocx
                    > O16 - DPF: {A0EB6CA1-B26C-475D-A342-9257C5420A0D} (SFUtility Class) -

                    To chyba jest jakieś tam badanie sieci . Jeśli zainstalowane nieświadomie,
                    wywal.

                    > searchfst.com/update/searchfast.cab
                    > O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                    >
                    us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.c
                    > a
                    > b
                    > O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
                    > 63.217.29.115/cax.cab

                    > O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
                    > its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe

                    > O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) -
                    > spystream.babenet.com/cabs/videox.cab

                    > O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
                    > www.thepaymentcentre.com/build/vxiewer.cab

                    Jw. - nie jestem pewien.

                    > O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
                    > www.whenusearch.com/WUInstSEWC.cab

                    Jw.

                    > O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
                    > www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
                    > O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} -
                    > bar.baidu.com/update/IESearch.cab


                    Aaaaaaaaaaaaale syfu!!! ;-DDD

                    Zanacz wszystko co zostawiłem, i wciśnij Fix Checked... Jak chcesz, możesz
                    jeszcze raz wkleić loga z HT. Tu jest nowsza wersja:
                    tomcoyote.org/hjt/hijackthis.zip z tym że tylko kliknij na linku PRAWYM
                    przyciskiem myszy i wybierz "Zapisz element docelowy jako.

                    A jak poznać? Intuicja, zwracanie uwagi na to co się instaluje (tzn. jak
                    wygląda autostrat po instalacji danego programu, albo np. po dziwnym zachowaniu
                    przeglądarki) + oczywiście Gooogle.com ! ;-)
                    • masrerman Re: jak usunac Startpage ? 19.08.04, 23:19
                      jak cos na gadu jestem zawsze niewidoczny:) i apropo jelsi zoribłem tamto cos
                      jeszcze powinienem bo jak pusciłem tamte 2 skanery to one w 3 i troche błedów
                      wykryły;/ i dlateog bym chciał na gadu pogadac:) bo by bylo duzo szybcjej:)
                                    • Gość: masrerman Re: jak usunac Startpage ? IP: 62.233.185.* 20.08.04, 21:16
                                      Logfile of HijackThis v1.97.7
                                      Scan saved at 21:12:16, on 04-08-20
                                      Platform: Windows 98 SE (Win9x 4.10.2222A)
                                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                      Running processes:
                                      C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                      C:\WINDOWS\SYSTEM\MPREXE.EXE
                                      C:\WINDOWS\SYSTEM\mmtask.tsk
                                      C:\WINDOWS\EXPLORER.EXE
                                      C:\WINDOWS\SYSTEM\RPCSS.EXE
                                      C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                      C:\WINDOWS\SYSTEM\DDHELP.EXE
                                      D:\NOWY FOLDER\HIJACKTHIS.EXE

                                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
                                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                                      \SPYBOT~1\SDHELPER.DLL
                                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                      C:\WINDOWS\SYSTEM\MSDXM.OCX
                                      O4 - HKLM\..\Run: [internat.exe] internat.exe
                                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
                                      C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
                                      O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                                      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                                      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                                      powrprof.dll,LoadCurrentPwrScheme
                                      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                      O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                      powrprof.dll,LoadCurrentPwrScheme
                                      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                      Office\Office\OSA9.EXE
                                      O9 - Extra button: Related (HKLM)
                                      O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                                      O9 - Extra button: SideFind (HKLM)
                                      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                                      ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
                                      O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} -
                                      engine.vogclub.com/activex/vogweb29.cab
                                      O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                                      us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
                                      O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
                                      63.217.29.115/cax.cab
                                      O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
                                      its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
                                      O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) -
                                      spystream.babenet.com/cabs/videox.cab
                                      O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
                                      www.thepaymentcentre.com/build/vxiewer.cab
                                      O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
                                      www.whenusearch.com/WUInstSEWC.cab
                                      O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
                                      www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
                                      O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} -
                                      bar.baidu.com/update/IESearch.cab
                                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
                                      download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                                      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                                      bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
                                      O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
                                      v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38197.7293634259
                                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
                                      www.apple.com/qtactivex/qtplugin.cab
                                      O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
                                      download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
                                      O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
                                      megapanel.gem.pl/temp/netp/7732/6388/5217/4500/5_7732638852174500.ocx
                                      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
                                      www.pandasoftware.es/activescan/as/asinst.cab
                                      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
                                      download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                                      O16 - DPF: Yahoo! Checkers -
                                      download.games.yahoo.com/games/clients/y/kt3_x.cab
                                      O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
                                      poczta.wp.pl/autoryzacja/mailcfg2.ocx
                                      O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów
                                      Onet.pl) - slimak.onet.pl/_m/konekt/OnetInstalator010.ocx

                                      hehe oby tera było dobrze ups wirus dalej siediz i nie moge go wywalic;/
                                      • Gość: piecyk gazowy Re: jak usunac Startpage ? IP: *.neoplus.adsl.tpnet.pl 20.08.04, 21:27
                                        Gość portalu: masrerman napisał(a):

                                        > O9 - Extra button: Related (HKLM)
                                        > O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                                        > O9 - Extra button: SideFind (HKLM)
                                        > O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                                        >
                                        ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8
                                        .cab
                                        > O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} -
                                        > engine.vogclub.com/activex/vogweb29.cab
                                        > O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                                        > us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
                                        > O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
                                        > 63.217.29.115/cax.cab
                                        > O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-
                                        > its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
                                        > O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) -
                                        > spystream.babenet.com/cabs/videox.cab
                                        > O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
                                        > www.thepaymentcentre.com/build/vxiewer.cab
                                        > O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
                                        > www.whenusearch.com/WUInstSEWC.cab
                                        > O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
                                        > www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
                                        > O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} -
                                        > bar.baidu.com/update/IESearch.cab

                                        > O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
                                        > download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-
                                        94901338C922/wmv9VCM.CAB
                                        > O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
                                        > megapanel.gem.pl/temp/netp/7732/6388/5217/4500/5_7732638852174500.ocx
                                        > O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
                                        Class)

                                        Zaznacz to co powyżej i wciśnij Fix Checked.

                                        > hehe oby tera było dobrze ups wirus dalej siediz i nie moge go wywalic;/

                                        Zrestartuj system, przeskanuj antywirusem, jeśli jeszcze gdzieś coś siedzi, daj
                                        znać.
                                        • Gość: masrerman Re: jak usunac Startpage ? IP: 62.233.185.* 20.08.04, 21:46
                                          Logfile of HijackThis v1.97.7
                                          Scan saved at 21:45:12, on 04-08-20
                                          Platform: Windows 98 SE (Win9x 4.10.2222A)
                                          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                          Running processes:
                                          C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                          C:\WINDOWS\SYSTEM\MPREXE.EXE
                                          C:\WINDOWS\SYSTEM\mmtask.tsk
                                          C:\WINDOWS\SYSTEM\MSTASK.EXE
                                          C:\WINDOWS\EXPLORER.EXE
                                          C:\WINDOWS\SYSTEM\RPCSS.EXE
                                          C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                          C:\WINDOWS\SYSTEM\DDHELP.EXE
                                          C:\WINDOWS\TASKMON.EXE
                                          C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                          C:\WINDOWS\SYSTEM\PSTORES.EXE
                                          D:\NOWY FOLDER\HIJACKTHIS.EXE

                                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
                                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                          O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
                                          C:\WINDOWS\SYSTEM\MSXMLPP.DLL
                                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                          C:\WINDOWS\SYSTEM\MSDXM.OCX
                                          O4 - HKLM\..\Run: [internat.exe] internat.exe
                                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
                                          C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
                                          O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                                          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                                          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                                          powrprof.dll,LoadCurrentPwrScheme
                                          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                          powrprof.dll,LoadCurrentPwrScheme
                                          O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                          Office\Office\OSA9.EXE
                                          O9 - Extra button: Related (HKLM)
                                          O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                                          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
                                          download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                                          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                                          bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
                                          O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
                                          v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38197.7293634259
                                          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
                                          www.apple.com/qtactivex/qtplugin.cab
                                          O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
                                          download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                                          O16 - DPF: Yahoo! Checkers -
                                          download.games.yahoo.com/games/clients/y/kt3_x.cab
                                          O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
                                          poczta.wp.pl/autoryzacja/mailcfg2.ocx
                                          O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów
                                          Onet.pl) - slimak.onet.pl/_m/konekt/OnetInstalator010.ocx

                                          niestaty dalej jest i nie moge go wywalic a mam pytanie poniewaz w tym katalogu
                                          co mam hijackthisa zrobiło sie kilka plików . trzeba je usunac??
                                          • Gość: piecyk gazowy Re: jak usunac Startpage ? IP: *.neoplus.adsl.tpnet.pl 20.08.04, 22:05
                                            Gość portalu: masrerman napisał(a):

                                            Jeszcze to przeoczyłem:

                                            > O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
                                            > C:\WINDOWS\SYSTEM\MSXMLPP.DLL

                                            A to w sumie też jakieś takie, na dwoje babka wróżyła, możesz usunąć:

                                            > O16 - DPF: Yahoo! Checkers -
                                            > download.games.yahoo.com/games/clients/y/kt3_x.cab


                                            > co mam hijackthisa zrobiło sie kilka plików . trzeba je usunac??

                                            To są kopie zapasowe (z ich pomocą przywraca się wpisy), na razie zostaw.
                                            • Gość: masrerman Re: jak usunac Startpage ? IP: 62.233.185.* 20.08.04, 22:19
                                              i dalej nici wirus jest w tym samym pliku a moze by wszytko usunac;) co by sie
                                              stąło Logfile of HijackThis v1.97.7
                                              Scan saved at 22:19:11, on 04-08-20
                                              Platform: Windows 98 SE (Win9x 4.10.2222A)
                                              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                              Running processes:
                                              C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                              C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                              C:\WINDOWS\SYSTEM\MPREXE.EXE
                                              C:\WINDOWS\SYSTEM\mmtask.tsk
                                              C:\WINDOWS\SYSTEM\MSTASK.EXE
                                              C:\WINDOWS\EXPLORER.EXE
                                              C:\WINDOWS\SYSTEM\RPCSS.EXE
                                              C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                              C:\WINDOWS\SYSTEM\DDHELP.EXE
                                              C:\WINDOWS\TASKMON.EXE
                                              C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                              C:\WINDOWS\SYSTEM\PSTORES.EXE
                                              C:\PROGRAM FILES\GADU-GADU\GG.EXE
                                              D:\NOWY FOLDER\HIJACKTHIS.EXE

                                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
                                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                              C:\WINDOWS\SYSTEM\MSDXM.OCX
                                              O4 - HKLM\..\Run: [internat.exe] internat.exe
                                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
                                              C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
                                              O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                                              O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                              O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                                              O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                                              powrprof.dll,LoadCurrentPwrScheme
                                              O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                              O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                              O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                              O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                              powrprof.dll,LoadCurrentPwrScheme
                                              O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                              Office\Office\OSA9.EXE
                                              O9 - Extra button: Related (HKLM)
                                              O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
                                              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
                                              download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                                              O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                                              bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
                                              O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
                                              v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38197.7293634259
                                              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
                                              www.apple.com/qtactivex/qtplugin.cab
                                              O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
                                              download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                                              O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
                                              poczta.wp.pl/autoryzacja/mailcfg2.ocx
                                              O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów
                                              Onet.pl) - slimak.onet.pl/_m/konekt/OnetInstalator010.ocx

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka