Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prosze o sprawdzenie loga

    IP: *.internetdsl.tpnet.pl 14.07.05, 20:58
    Logfile of HijackThis v1.99.1
    Scan saved at 20:55:06, on 05-07-14
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\WINDOWS\SYSTEM\PAYTIME.EXE
    C:\SBPCI\CTMIX32.EXE
    C:\WINDOWS\SYSTEM\PAYTIME.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
    C:\PROGRAM FILES\GADU-GADU\GG.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    195.95.218.172/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    195.95.218.172/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    195.95.218.172/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    195.95.218.172/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    195.95.218.172/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    195.95.218.172/index.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = 192.168.4.1:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
    file)
    F1 - win.ini: run=pfsched
    O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
    O1 - Hosts: 127.0.0.3 x.full-tgp.net
    O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
    O1 - Hosts: 127.0.0.3 autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.awmdabest.com
    O1 - Hosts: 127.0.0.3 www.sexfiles.nu
    O1 - Hosts: 127.0.0.3 awmdabest.com
    O1 - Hosts: 127.0.0.3 sexfiles.nu
    O1 - Hosts: 127.0.0.3 allforadult.com
    O1 - Hosts: 127.0.0.3 www.allforadult.com
    O1 - Hosts: 127.0.0.3 www.iframe.biz
    O1 - Hosts: 127.0.0.3 iframe.biz
    O1 - Hosts: 127.0.0.3 www.newiframe.biz
    O1 - Hosts: 127.0.0.3 newiframe.biz
    O1 - Hosts: 127.0.0.3 www.vesbiz.biz
    O1 - Hosts: 127.0.0.3 vesbiz.biz
    O1 - Hosts: 127.0.0.3 www.pi..to.biz
    O1 - Hosts: 127.0.0.3 pi..to.biz
    O1 - Hosts: 127.0.0.3 www.aaasexypics.com
    O1 - Hosts: 127.0.0.3 aaasexypics.com
    O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
    O1 - Hosts: 127.0.0.3 virgin-tgp.net
    O1 - Hosts: 127.0.0.3 www.awmcash.biz
    O1 - Hosts: 127.0.0.3 awmcash.biz
    O1 - Hosts: 127.0.0.3 buldog-stats.com
    O1 - Hosts: 127.0.0.3 www.buldog-stats.com
    O1 - Hosts: 127.0.0.3 fregat.drocherway.com
    O1 - Hosts: 127.0.0.3 slutmania.biz
    O1 - Hosts: 127.0.0.3 www.slutmania.biz
    O1 - Hosts: 127.0.0.3 toolbarpartner.com
    O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
    O1 - Hosts: 127.0.0.3 www.megapornix.com
    O1 - Hosts: 127.0.0.3 megapornix.com
    O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
    O1 - Hosts: 127.0.0.3 sp2fucked.biz
    O1 - Hosts: 127.0.0.3 greg-tut.com
    O1 - Hosts: 127.0.0.3 www.greg-tut.com
    O1 - Hosts: 127.0.0.3 nylonsexy.com
    O1 - Hosts: 127.0.0.3 www.nylonsexy.com
    O1 - Hosts: 127.0.0.3 vparivalka.com
    O1 - Hosts: 127.0.0.3 www.vparivalka.com
    O1 - Hosts: 127.0.0.3 iframeprofit.com
    O1 - Hosts: 127.0.0.3 www.iframeprofit.com
    O1 - Hosts: 127.0.0.3 topsearch10.com
    O1 - Hosts: 127.0.0.3 www.topsearch10.com
    O1 - Hosts: 127.0.0.3 statscash.biz
    O1 - Hosts: 127.0.0.3 www.statscash.biz
    O1 - Hosts: 127.0.0.3 vxiframe.biz
    O1 - Hosts: 127.0.0.3 www.vxiframe.biz
    O1 - Hosts: 127.0.0.3 crazy-toolbar.com
    O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
    O1 - Hosts: 127.0.0.3 topcash.biz
    O1 - Hosts: 127.0.0.3 www.topcash.biz
    O1 - Hosts: 127.0.0.3 loadcash.biz
    O1 - Hosts: 127.0.0.3 www.loadcash.biz
    O1 - Hosts: 127.0.0.3 txiframe.biz
    O1 - Hosts: 127.0.0.3 www.txiframe.biz
    O1 - Hosts: 127.0.0.3 procounter.biz
    O1 - Hosts: 127.0.0.3 www.procounter.biz
    O1 - Hosts: 127.0.0.3 advadmin.biz
    O1 - Hosts: 127.0.0.3 www.advadmin.biz
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
    C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
    C:\WINDOWS\LOCALNRD.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ACROBAT3\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
    C:\WINDOWS\NEM220.DLL (file missing)
    O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} -
    C:\WINDOWS\DREXINIT.DLL
    O2 - BHO: (no name) - {0D9EC8A7-5D41-2C92-4376-2F801B03B4B2} -
    C:\WINDOWS\SYSTEM\GCXCY.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE run
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [olgjkp] C:\WINDOWS\olgjkp.exe
    O4 - HKLM\..\Run: [nk1snlu6] C:\WINDOWS\SYSTEM\nk1snlu6.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
    Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [PavProc] C:\Program Files\Common Files\Panda
    Software\PavShld\PavPrS9x.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
    O4 - HKCU\..\Run: [Skype] "C:\PROGRAM
    FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
    O4 - HKCU\..\Run: [Lpec] C:\Program Files\arbs\wscs.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Kbe] \ieycfg.exe
    O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
    O4 - Startup: FOLDER.HTT
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
    O4 - Global Startup: FOLDER.HTT
    O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRAM
    FILES\AVANT BROWSER\AddToADBlackList.htm
    O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
    C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
    O8 - Extra context menu item: Szukaj - C:\PROGRAM FILES\AVANT
    BROWSER\Search.htm
    O8 - Extra context menu item: Podświetl - C:\PROGRAM FILES\AVANT
    BROWSER\Highlight.htm
    O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
    C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Li
    Obserwuj wątek
      • Gość: ewaaaaaaa Re: prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 14.07.05, 21:02
        aha i jeszcze nie dam rady zmienić strony domowej, kiedyś miałam google ale
        teraz mi sie jakaś dziwna ustawiła sama i nie wiem jak to mam zmienić :(
      • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 14.07.05, 21:29
        Nie zmiescil sie caly log...

        Zaznaczasz w hijackthis te wpisy i tylko te!

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
        file)
        F1 - win.ini: run=pfsched
        O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
        O1 - Hosts: 127.0.0.3 x.full-tgp.net
        O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
        O1 - Hosts: 127.0.0.3 autoescrowpay.com
        O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
        O1 - Hosts: 127.0.0.3 www.awmdabest.com
        O1 - Hosts: 127.0.0.3 www.sexfiles.nu
        O1 - Hosts: 127.0.0.3 awmdabest.com
        O1 - Hosts: 127.0.0.3 sexfiles.nu
        O1 - Hosts: 127.0.0.3 allforadult.com
        O1 - Hosts: 127.0.0.3 www.allforadult.com
        O1 - Hosts: 127.0.0.3 www.iframe.biz
        O1 - Hosts: 127.0.0.3 iframe.biz
        O1 - Hosts: 127.0.0.3 www.newiframe.biz
        O1 - Hosts: 127.0.0.3 newiframe.biz
        O1 - Hosts: 127.0.0.3 www.vesbiz.biz
        O1 - Hosts: 127.0.0.3 vesbiz.biz
        O1 - Hosts: 127.0.0.3 www.pi..to.biz
        O1 - Hosts: 127.0.0.3 pi..to.biz
        O1 - Hosts: 127.0.0.3 www.aaasexypics.com
        O1 - Hosts: 127.0.0.3 aaasexypics.com
        O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
        O1 - Hosts: 127.0.0.3 virgin-tgp.net
        O1 - Hosts: 127.0.0.3 www.awmcash.biz
        O1 - Hosts: 127.0.0.3 awmcash.biz
        O1 - Hosts: 127.0.0.3 buldog-stats.com
        O1 - Hosts: 127.0.0.3 www.buldog-stats.com
        O1 - Hosts: 127.0.0.3 fregat.drocherway.com
        O1 - Hosts: 127.0.0.3 slutmania.biz
        O1 - Hosts: 127.0.0.3 www.slutmania.biz
        O1 - Hosts: 127.0.0.3 toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.megapornix.com
        O1 - Hosts: 127.0.0.3 megapornix.com
        O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
        O1 - Hosts: 127.0.0.3 sp2fucked.biz
        O1 - Hosts: 127.0.0.3 greg-tut.com
        O1 - Hosts: 127.0.0.3 www.greg-tut.com
        O1 - Hosts: 127.0.0.3 nylonsexy.com
        O1 - Hosts: 127.0.0.3 www.nylonsexy.com
        O1 - Hosts: 127.0.0.3 vparivalka.com
        O1 - Hosts: 127.0.0.3 www.vparivalka.com
        O1 - Hosts: 127.0.0.3 iframeprofit.com
        O1 - Hosts: 127.0.0.3 www.iframeprofit.com
        O1 - Hosts: 127.0.0.3 topsearch10.com
        O1 - Hosts: 127.0.0.3 www.topsearch10.com
        O1 - Hosts: 127.0.0.3 statscash.biz
        O1 - Hosts: 127.0.0.3 www.statscash.biz
        O1 - Hosts: 127.0.0.3 vxiframe.biz
        O1 - Hosts: 127.0.0.3 www.vxiframe.biz
        O1 - Hosts: 127.0.0.3 crazy-toolbar.com
        O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
        O1 - Hosts: 127.0.0.3 topcash.biz
        O1 - Hosts: 127.0.0.3 www.topcash.biz
        O1 - Hosts: 127.0.0.3 loadcash.biz
        O1 - Hosts: 127.0.0.3 www.loadcash.biz
        O1 - Hosts: 127.0.0.3 txiframe.biz
        O1 - Hosts: 127.0.0.3 www.txiframe.biz
        O1 - Hosts: 127.0.0.3 procounter.biz
        O1 - Hosts: 127.0.0.3 www.procounter.biz
        O1 - Hosts: 127.0.0.3 advadmin.biz
        O1 - Hosts: 127.0.0.3 www.advadmin.biz
        O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
        C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
        O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
        C:\WINDOWS\LOCALNRD.DLL (file missing)
        O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
        C:\WINDOWS\NEM220.DLL (file missing)
        O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} -
        C:\WINDOWS\DREXINIT.DLL
        O2 - BHO: (no name) - {0D9EC8A7-5D41-2C92-4376-2F801B03B4B2} -
        C:\WINDOWS\SYSTEM\GCXCY.DLL
        O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
        O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
        O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE run
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
        O4 - HKLM\..\Run: [olgjkp] C:\WINDOWS\olgjkp.exe
        O4 - HKLM\..\Run: [nk1snlu6] C:\WINDOWS\SYSTEM\nk1snlu6.exe
        O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
        O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
        O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
        O4 - HKCU\..\Run: [Lpec] C:\Program Files\arbs\wscs.exe
        O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
        O4 - HKCU\..\Run: [Kbe] \ieycfg.exe
        O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
        O4 - Startup: FOLDER.HTT
        O4 - Global Startup: FOLDER.HTT
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Li

        I naciskasz Fix Checked, nastepnie reset i po resecie kasujesz z dysku te pliki:

        C:\WINDOWS\DREXINIT.DLL
        C:\WINDOWS\SYSTEM\GCXCY.DLL
        C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe
        C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe <- caly katalog media access
        C:\WINDOWS\TEMP\SAHAGENT-CDT1004.EXE
        C:\Program Files\Internet Optimizer\optimize.exe <- caly katalog optimizera
        c:\temp\salm.exe
        C:\WINDOWS\olgjkp.exe
        C:\WINDOWS\SYSTEM\nk1snlu6.exe
        C:\WINDOWS\nmmst.exe
        C:\WINDOWS\SYSTEM\paytime.exe
        C:\Program Files\arbs\wscs.exe <- caly katalog arbs
        C:\winstall.exe
        ieycfg.exe tego poszukaj
        C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe

        I na koniec wklej nowy log.
      • Gość: ewkaaaaaaa Re: prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 14.07.05, 22:27
        Logfile of HijackThis v1.99.1
        Scan saved at 22:26:55, on 05-07-14
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2614.3500)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\SYSTEM\PAYTIME.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = 192.168.4.1:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ACROBAT3\READER\ACTIVEX\ACROIEHELPER.OCX
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
        O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
        Antivirus 2004\APVXDWIN.EXE" /s
        O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
        O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
        O4 - HKLM\..\RunServices: [PavProc] C:\Program Files\Common Files\Panda
        Software\PavShld\PavPrS9x.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - HKCU\..\Run: [Skype] "C:\PROGRAM
        FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
        O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
        O4 - Startup: FOLDER.HTT
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
        O4 - Global Startup: FOLDER.HTT
        O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRAM
        FILES\AVANT BROWSER\AddToADBlackList.htm
        O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
        C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
        O8 - Extra context menu item: Szukaj - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
        O8 - Extra context menu item: Podświetl - C:\PROGRAM FILES\AVANT
        BROWSER\Highlight.htm
        O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
        C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.searchbarcash.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.searchbarcash.com (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
        O15 - Trusted Zone: *.slotch.com (HKLM)
        O15 - Trusted Zone: *.flingstone.com (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.blazefind.com (HKLM)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 195.95.218.173
        O15 - Trusted IP range: 195.95.218.173 (HKLM)
        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        public.windupdates.com/get_file.php?bt=ie&p=968ab1eeb819842c25473460af5e00799c0f22a19a5978724d1573a80add050f758ba1e9
        672431a381df706381eecba5b414a8ddc37f:fba3f53be3eaba4eb5bbfc8828e4f747
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
        www.popcap.com/games/popcaploader_v6.cab
        O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
        www.cult3d.com/download/cult.cab
        O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c8.cab
        O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
        Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
        O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-
        its:mhtml:file://C:osuch.mht!http://195.95.218.173/dl/adv588/x.chm::/load.exe
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.4.1,192.168.10.1




        kilku plikow sie nie dalo usunąc albo ich nie odnalazlam (tych co mi podales)
        wielkie dzieki za wszystko

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji