Prosze o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

prosze o sprawdzenie loga

Logfile of HijackThis v1.99.1

Scan saved at 15:36:05, on 2005-04-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\System32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Program Files\Winamp\winampa.exe

D:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\Program Files\Ahead\InCD\InCD.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\WINDOWS\System32\RunDll32.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

D:\Program Files\Messenger\msmsgs.exe

D:\WINDOWS\System32\tcpsvcs.exe

D:\WINDOWS\System32\snmp.exe

C:\PROGRA~1\GADU-G~1\gg.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\D-Link AirPlus\AirPlus.exe

D:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe

D:\Program Files\Wirtualna Polska\System syntezy mowy\synteza_DDE_klient.exe

D:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

D:\PROGRA~1\INCRED~1\bin\IMApp.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\Program Files\Avant Browser\avant.exe

D:\WINDOWS\explorer.exe

D:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe

D:\programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - D:\WINDOWS\DOWNLO~1\ipreg32.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - D:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - D:\WINDOWS\System32\DSMANA~1.DLL

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - D:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: SuperBar - {E092058D-1B70-4FC1-9993-CFC53225DD04} - D:\Program Files_SUPERBAR_SUPERBAR.dll (file missing)

O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [QuickTime Task] “D:\WINDOWS\System32\qttask.exe” -atboottime

O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [CloneCDTray] “D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s

O4 - HKLM…\Run: [soundMan] soundman.exe

O4 - HKLM…\Run: [sCANINICIO] “D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe”

O4 - HKLM…\Run: [APVXDWIN] “D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE” /s

O4 - HKLM…\Run: [Hotbar] D:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

O4 - HKLM…\Run: [qphlhjga] D:\WINDOWS\System32\czhrqlul.exe

O4 - HKLM…\Run: [farmmext] D:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [iEtweak 2 Download Folder Guard] D:\Program Files\IEtweak 2\iedown.exe

O4 - HKCU…\Run: [incrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Rozmowa.lnk = D:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe

O4 - Startup: UniSpiker-2.6.lnk = D:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZZ

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - D:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - D:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony… - D:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - D:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Szukaj - D:\Program Files\Avant Browser\Search.htm

O9 - Extra button: Bromas y chistes - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - http://www.accesoplugin.com/prom/a_brom … er=3&t=new (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra ‘Tools’ menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Antivirus - {4358161B-A4B8-498E-8019-3DAB50DFD578} - http://www.accesoplugin.com/prom/a_viru … er=3&t=new (file missing)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: Microsoft® JavaScript® Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx

O9 - Extra ‘Tools’ menuitem: JavaScript Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: Download Software - {C8950078-94A4-4C32-BB9C-4666357965AF} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView2\Ebay\Ebay.htm

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://D:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx (HKCU)

O9 - Extra ‘Tools’ menuitem: JavaScript Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx (HKCU)

O10 - Broken Internet access because of LSP provider ‘xfire_lsp_9028.dll’ missing

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht! http://82.179.166.145/x15.chm::/trs15.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62479 … e-c112.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= … lcid=0x409

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.8-2.cab

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/P … cional.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hot … hotbar.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.51.123.131/activex/AxisCamControl.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://wrosystem.um.wroc.pl/kamera/wg_webeye.cab

O16 - DPF: {B3E9D47F-1A47-4E3B-9145-14B4DCC4B08F} (CDesktopStreamControl Object) - http://system.livechat.pl/operator/DesktopStream.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se … loader.cab

O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab

O18 - Filter: text/html - {241CB53D-0397-4E57-BF60-2FA986C56FFA} - D:\Documents and Settings\ewa\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.26.dat

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

O23 - Service: RadClock - Unknown owner - D:\WINDOWS\system32\RadClock.exe (file missing)

O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe

dzieja mi sie dziwne rzeczy duzo zaistalowanych programów mi nie działa a jak chce je usunać deinstalacja nie działa :evil:

często sa problemy z wył. poprawnie komputera poniewaz nie odpowiada mam windowsa XP i wyskakuje błąd zwiazany z “MediaAccK”

również mam pozmieniane aplikacje na jakies nieznane i pewnie tez dlatego programy sie nie otwieraja :evil:

prosze o pomoc dodam ze skanowalam juz go panda i ad-aware skan robie bardzo czesto

Prosze o pomoc co sie moglo mi tu porobić :cry:

#2

Zaczekaj na specjalistów od logów.

Jak już wyczyścisz komputer zainstaluj koniecznie:

:arrow: Windows XP PL Service Pack 2

#3

ok zaczekam ale slyszalam ze sp2 jest takies sobie duzo osob mi go odradzalo

#4

Usuń:

Ten wpis usuniesz edytorem rejestru Registrar Lite

Wpis 010 usuniesz programem LSPFix

Odpal program i napisz jakie pliki znajdują sie w oknie Keep a ja ci powiemy jaki i jak usunąć plik.

W Dodaj/Usuń odinstaluj Media Access nastepnie usun wpis

O4 - HKLM…\Run: [Media Access] D:\Program Files\ Media Access \MediaAccK.exe

Pliki na czerwono usuń ręcznie z dysku

Na koniec daj nowego loga

#5

Ale to szczegół chcę wszem i wobec zakomunikowac jak będziecie montować i korzystać z Kazaa tak będzie! !!

#6

a wiec w keep mialam coś takiego:

nwprovau.dll protokół trasportowy zgodny z NWLink IPX/SPX/NetBIOS

mswsock.dll TCP/IP

winrnr.dll NTDS

rsvpsp.dll (Protocl handler)

Logfile of HijackThis v1.99.1

Scan saved at 19:56:03, on 2005-04-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\System32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Ahead\InCD\InCDsrv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

D:\WINDOWS\System32\tcpsvcs.exe

D:\WINDOWS\System32\snmp.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Winamp\winampa.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\GADU-G~1\gg.exe

D:\PROGRA~1\INCRED~1\bin\IMApp.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\D-Link AirPlus\AirPlus.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

D:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\program files\DC++\DCPlusPlus.exe

D:\Program Files\Avant Browser\avant.exe

D:\Program Files\Registrar Lite\rl.exe

D:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: UniSpiker-2.6.lnk = D:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - D:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - D:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - D:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - D:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Szukaj - D:\Program Files\Avant Browser\Search.htm

O9 - Extra button: Bromas y chistes - {068C36CF-483E-4CA8-A7F2-10EFFDA49C45} - http://www.accesoplugin.com/prom/a_bromas2/?l=Programasespecial&ver=3&t=new (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: Antivirus - {4358161B-A4B8-498E-8019-3DAB50DFD578} - http://www.accesoplugin.com/prom/a_virus2/?l=Programasespecial&ver=3&t=new (file missing)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: Microsoft® JavaScript® Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx

O9 - Extra 'Tools' menuitem: JavaScript Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx

O9 - Extra button: Download Software - {C8950078-94A4-4C32-BB9C-4666357965AF} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView2\Ebay\Ebay.htm

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://D:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {914E006F-758D-40FA-8406-CE5518B7FCD4} - D:\WINDOWS\System32\Comdlg32.ocx (HKCU)

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/Bridge-c112.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.51.123.131/activex/AxisCamControl.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://wrosystem.um.wroc.pl/kamera/wg_webeye.cab

O16 - DPF: {B3E9D47F-1A47-4E3B-9145-14B4DCC4B08F} (CDesktopStreamControl Object) - http://system.livechat.pl/operator/DesktopStream.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab

O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab

O18 - Filter: text/html - {241CB53D-0397-4E57-BF60-2FA986C56FFA} - D:\Documents and Settings\ewa\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.26.dat

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

O23 - Service: RadClock - Unknown owner - D:\WINDOWS\system32\RadClock.exe (file missing)

O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe

to co mi sie udalo usunac usunelam

czekam na dalsze instrukcje :smiley:

nie jestem tylko pewna czy Media Access juz calkowicie usunelam

a co mozna zrobic by ponaprawialo to wszystko??

bo tak jak pisala wiele programow mi przestalo dzialac bo nie moze odczytac nie ktorych aplikacji

#7

Poszukaj pliku: remove_me.dll i usuń :stuck_out_tongue:

wpisy skasuj hijackiem w trybie awaryjnym :stuck_out_tongue:

#8

A czy zna ktoś moze jakis dobry program by otwierał “uruchamiał”

rózne rodzaje aplikacji :frowning:

#9

A dokładniej? :roll:

Nie ma programu do wszystkiego.

Przydatna może okazać się strona http://www.filext.com

#10

tzn. porobiło mi sie tu cos dziwnego bylo wszystko ok.chodzilo spoko ale od jakis 2 tyg pliki nie ktore zmienily wyglad i pisze ze aplikacja za pomoca ktorej otwiera jest nieznana podam kilka takich koncowek

dbd , inx , hdr , boot , ex , bin , cnt , gid , rsc , exp , CNT , lib

i jeszcze inne a na tej stronie dokladniej gdzie moge cos przydatnego poszukac poniewaz to jest po angielsku a nie znam angielskiego wiec jesli mozna o dokladny link :oops:

chyba juz nikt niewie jak mi pomoc :frowning:

cos czuje ze format bedzie mnie czekal :frowning:

inaczej nie pozbede sie problemu bo mimo ze pousowalam wszystko co mi kazaliscie programy dalej niechodza mimo ponownego zainstalowania :cry: