ZA wolny


(Maartin 14) #1

1.Od 2 dni mam problem z kompem zrobil sie strasznie wolny:(Nawet teraz jak pisze tom wiadomosc on mi sie zaciol :frowning: Gdy wchodze na swoj profil w xp dane laduja sie ze 3 min:(Strony laduja sie dwa razy wolniej niz 2 dni temu:( same przykrosci:(.

2.Mam podejrzenia co do tego a niewiem co to jest.

<a href=


(boczi) #2

MediaPass to spyware.

Wklej loga z Hijacka. http://www.hijackthis.prv.pl


(Maartin 14) #3

Nie kapuje??


(boczi) #4

:smiley:

艢ci膮gnij program Hijackthis 1.99.1. Odpal go, naci艣nij "Do a system scan and save a logfile". Wszystko, co wygeneruje program, te wpisy, kopiujesz i wklejasz na forum!

http://www.hijackthis.prv.pl


(Maartin 14) #5

Podasz mi linka ?? bo na tej stronie merjin nie moge tego znalezc


(boczi) #6

Troch臋 samodzielno艣ci.

http://216.180.233.162/~merijn/files/HijackThis.exe

Ten link by艂 na stronie g艂贸wnej Merijn.org.


(Maartin 14) #7

Prad mi zgasl :smiley:

Hijack

Logfile of HijackThis v1.99.1

Scan saved at 20:46:19, on 2005-05-01

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program Files\Media Pass\MediaPassK.exe

C:\Program Files\Media Pass\MediaPass.exe

C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\eDonkey2000\edonkey2000.exe

C:\WINDOWS\System32\lexpps.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\javaw.exe

C:\Program Files\Avant Browser\avant.exe

C:\Documents and Settings\Marcin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gadu-gadu.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 艁膮cza

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - _{3FEFA96D-5D9F-4673-B0B0-49980A13899F} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {478BF0C1-4052-4584-0445-3F36599CFDC1} - (no file)

O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\System32\mpegcore.dll

O2 - BHO: (no name) - {62ED8461-61FF-602C-AC7B-1C9433EA8AC6} - (no file)

O2 - BHO: (no name) - {8F658446-4CE9-4FE3-9FFA-C3BE54027144} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe

O4 - HKLM..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKCU..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - HKCU..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm119YYPL

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Otw贸rz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Pod艣wietl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT! http://toolbarpartner.com//adverts//test3//ddfs.chm::/frame.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c6.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2959123265

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{C8883BC2-916B-4C65-B329-8AF74A9B3689}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe


(boczi) #8

Wszystkie czynno艣ci robisz w trybie awaryjnym z wy艂. przywracaniem systemu.

Dok艂adne info:

Cytaty z http://www.searchengines.pl/phpbb203/in ... ic=12510#1 .

Kasacja r臋czna: ca艂ego folderu (pogrubiony)

C:\Program Files\ Media Pass

Wpisy z poziom膮 kreseczk膮:

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

   	R3 - URLSearchHook: (no name) - _{3FEFA96D-5D9F-4673-B0B0-49980A13899F} - (no file)

Spos贸b ich usuwania:

Kasacja w Hijacku:

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {478BF0C1-4052-4584-0445-3F36599CFDC1} - (no file)

   	O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\System32\mpegcore.dll

   	O2 - BHO: (no name) - {62ED8461-61FF-602C-AC7B-1C9433EA8AC6} - (no file)

   	O2 - BHO: (no name) - {8F658446-4CE9-4FE3-9FFA-C3BE54027144} - (no file)

   	O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)



   	O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

 	O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe

O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

   	O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://toolbarpartner.com//adverts//test3//ddfs .chm::/frame.exe

   	O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab

   	O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial Setup1.0.0.8-2.cab

   	O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx

Nast臋pnie: Te wpisy usuwasz programem LSP-FIX - http://www.cexx.org/lspfix.htm

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

Nast臋pnie: Wpisy

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 67.19.185.246 (HKLM)

usuwasz programem KillTrusted 0.6 - http://www.searchengines.pl/phpbb203/in ... opic=26221

PS Masz zarejstrowan膮 wersj臋 DAP'a?

Zr贸b wszystko, co napisa艂em. Potem wklej loga ponownie.


(Maartin 14) #9

Ale to skomplikowane:DA ten spywar jakis grozny jest??

mam dap'a


(boczi) #10

Ale zarejestrowanego - czytaj: kupionego czy nie?

Niewa偶ne teraz.

Teraz r贸b wszystko wg instrukcji.


(Maartin 14) #11

Nie moge sciagnac tamtych programow:D


(Qbek50) #12

Kill Trusted:

http://www.searchengines.pl/phpbb203/in ... ost&id=459

http://www.cexx.org/lspfix.htm


(Maartin 14) #13

Ale woam pisze wlasnie z trybu awaryjnego i powiedzcie mi jak sie obsluguje LSPiX


(Musg) #14

Odpal LSP-Fix zaznacz "I know what I'm doing" nast臋pnie w okienku Keep zaznacz plik kt贸ry chcesz usun膮膰 i za pomoc膮 strza艂ki (>>) przenie艣 go do okienka Remover i kliknij Finish

tylko sam nie wywalaj --podaj na forum te wpisy po lewej stronie :smiley:


(Maartin 14) #15

mswock

winrnr

newdonet6_38dll

rsvpsp

ktory usunac


(Musg) #16

(Maartin 14) #17

Logfile of HijackThis v1.99.1

Scan saved at 13:21:36, on 2005-05-02

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\javaw.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program Files\Avant Browser\avant.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Upgrader.exe

C:\Documents and Settings\Marcin\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gadu-gadu.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 艁膮cza

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - _{3FEFA96D-5D9F-4673-B0B0-49980A13899F} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {478BF0C1-4052-4584-0445-3F36599CFDC1} - (no file)

O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\System32\mpegcore.dll

O2 - BHO: (no name) - {62ED8461-61FF-602C-AC7B-1C9433EA8AC6} - (no file)

O2 - BHO: (no name) - {8F658446-4CE9-4FE3-9FFA-C3BE54027144} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe

O4 - HKLM..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKCU..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - HKCU..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm119YYPL

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Otw贸rz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Pod艣wietl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT! http://toolbarpartner.com//adverts//test3//ddfs.chm::/frame.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c6.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2959123265

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{C8883BC2-916B-4C65-B329-8AF74A9B3689}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe


(Musg) #18

jeszcze leci:

boczi da艂 ci info jak masz to zrobic:

fixuj:

recznie ciachnij:MediaPassK.exe

recznie:Ares.exe" -h

pamietaj wylaczone przywracanie xp i tryb awaryjny

a o dapie juz nie wspomne i jesgo spyware

do roboty :smiley:


(Maartin 14) #19

O jeja:D


(Maartin 14) #20

Mam znow problem mam usunac te media pask ale jak wchodze w program files tam nie ma tego folderu