proszę o sprawdzenie

**Posty:** 10 · przez **mopek** 02 Mar 2006, 20:17

problem z kolejnym komputerem - myślałem, że adawere sobie poradził ale... była chwila spokoju i niestety - powrocil problem wyskakujących okien reklamowych

oto log:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 17:59:48, on 06-03-02 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\FBGUARD.EXE C:\WINDOWS\SYSTEM\ELITEILO32.EXE C:\WINDOWS\ETB\POKAPOKA79.EXE C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\FBSERVER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\PULPIT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sitesearchcentral.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sitesearchcentral.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bee.updated.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sitesearchcentral.com/sp2.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -a O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\nerocheck.exe /i O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEILO32.EXE O4 - HKLM\..\Run: [System service79] C:\WINDOWS\ETB\POKAPOKA79.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.2/g_bin/eng/slots90_2_0_0_19.cab O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} (GINTHOUSAND Class) - http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.48.49/g_bin/eng/slots80_2_0_0_19.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.2/g_bin/eng/slots70_2_0_0_19.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_18.cab O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://gryonline.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/eng/boards_2_0_0_6.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

**Posty:** 1620 · przez **mafia435** 02 Mar 2006, 21:09

Usuwasz ręcznie:
C:\WINDOWS\SYSTEM\ELITEILO32.EXE
C:\WINDOWS\ETB\POKAPOKA79.EXE

Kod: Zaznacz wszystko: R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEILO32.EXE O4 - HKLM\..\Run: [System service79] C:\WINDOWS\ETB\POKAPOKA79.EXE

**Posty:** 10 · przez **mopek** 03 Mar 2006, 03:12

instrukcja wykonana

tylko po przeskanowaniu post factum Ad-Awarem pokazal 12 critical objects Ebates MoneyMaker - oto log:

Kod: Zaznacz wszystko: Ad-Aware SE Build 1.06r1 Logfile Created on:3 marca 2006 00:53:16 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R93 22.02.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker(TAC index:4):12 total references MRU List(TAC index:0):7 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 06-03-03 00:53:16 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4279202477 Threads : 4 Priority : High FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : System operacyjny Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : Składnik jądra Win32 InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294919733 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : System operacyjny Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : 32-bitowy Serwer wiadomości VxD systemu Windows InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294947205 Threads : 2 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : MPREXE.EXE #:4 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294967141 Threads : 1 Priority : Normal FileVersion : 4.03.1998 ProductVersion : 4.03.1998 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-1998 OriginalFilename : mmtask.tsk #:5 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294961953 Threads : 4 Priority : Normal FileVersion : 4.72.3110.1 ProductVersion : 4.72.3110.1 ProductName : System operacyjny Microsoft(R) Windows NT(R) CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : EXPLORER.EXE #:6 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294855505 Threads : 2 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : System operacyjny Microsoft(R) Windows(R) CompanyName : Microsoft Corporation FileDescription : Aplikacja zasobnika systemowego InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : SYSTRAY.EXE #:7 [FBGUARD.EXE] FilePath : C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\ ProcessID : 4294876813 Threads : 2 Priority : Normal FileVersion : WI-V1.5.0.4306 ProductVersion : 1.5.0.4306 ProductName : Firebird SQL Server CompanyName : The Firebird Project FileDescription : Firebird SQL Server InternalName : Firebird LegalCopyright : All Copyright (c) retained by individual contributors - original code Copyright (c) 2000 Inprise Corporation Comments : This product created by The Firebird Project - All Copyright (c) retained by the individual contributors - original code Copyright (c) 2000 Inprise Corporation and predecessors. #:8 [FBSERVER.EXE] FilePath : C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\ ProcessID : 4294776077 Threads : 3 Priority : Normal FileVersion : WI-V1.5.0.4306 ProductVersion : 1.5.0.4306 ProductName : Firebird SQL Server CompanyName : The Firebird Project FileDescription : Firebird SQL Server InternalName : Firebird LegalCopyright : All Copyright (c) retained by individual contributors - original code Copyright (c) 2000 Inprise Corporation Comments : This product created by The Firebird Project - All Copyright (c) retained by the individual contributors - original code Copyright (c) 2000 Inprise Corporation and predecessors. #:9 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294789601 Threads : 3 Priority : Normal FileVersion : 5.00.1755.1 ProductVersion : 5.00.1755.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : wmiexe.exe #:10 [FIREFOX.EXE] FilePath : C:\PROGRAM FILES\MOZILLA FIREFOX\ ProcessID : 4294942193 Threads : 5 Priority : Normal #:11 [AD-AWARE.EXE] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\ ProcessID : 4294743801 Threads : 2 Priority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : "AC" Rootkey : HKEY_USERS Object : .DEFAULT\software\lq Value : AC Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\SYSTEM »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\TEMP\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\nico mak computing\winzip\filemenu Description : winzip recently used archives Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AD Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AC Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AM Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AT Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : U Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : I Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AT2 Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AM2 Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : TR Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : country Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 11 Objects found so far: 19 00:55:02 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:45.950 Objects scanned:42334 Objects identified:12 Objects ignored:0 New critical objects:12

i od razu zapodaje hijackthisa:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 01:00:01, on 06-03-03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\FBGUARD.EXE C:\PROGRAM FILES\FIREBIRD\FIREBIRD_1_5\BIN\FBSERVER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE C:\WINDOWS\PULPIT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sitesearchcentral.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sitesearchcentral.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bee.updated.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sitesearchcentral.com/sp2.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -a O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\nerocheck.exe /i O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.2/g_bin/eng/slots90_2_0_0_19.cab O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} (GINTHOUSAND Class) - http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.48.49/g_bin/eng/slots80_2_0_0_19.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.2/g_bin/eng/slots70_2_0_0_19.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_18.cab O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://gryonline.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/eng/boards_2_0_0_6.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

przez **Tom@szek** 03 Mar 2006, 12:24

Jeśli to nie są strony startowe - usuwasz.
A gdzie masz antywira ?????

Bez tego się nie pokazuj z następnym logiem.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sitesearchcentral.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bee.updated.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sitesearchcentral.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080

Autor postu otrzymał pochwałę

**Posty:** 1620 · przez **mafia435** 03 Mar 2006, 12:28

Tom@szek napisał(a):Bez tego się nie pokazuj z następnym logiem

zainstaluj sobie choćby avasta czy inne darmowe jak niemasz dostepu do czegoś lepszego. Bo wiry będą wchodzić jak do otwartego domu na oscież.

Autor postu otrzymał pochwałę

**Posty:** 10 · przez **mopek** 05 Mar 2006, 22:29

dzięki - avast zainstalowany

proszę o sprawdzenie

proszę o sprawdzenie

Kto jest na forum