Log z HijackThis Luknijcie
Luknijcie na Log z HijackThis i powiedzcie co zrobic:
Logfile of HijackThis v1.99.1
Scan saved at 15:57:21, on 2005–06–07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\Wapster\AQQ\AQQ.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Klemens\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 17.145.117.11 d–ru–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 – Hosts: 17.145.117.11 www.kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky–labs.com
O1 – Hosts: 17.145.117.11 www.kaspersky–labs.com
O1 – Hosts: 82.146.42.123 lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.com
O1 – Hosts: 82.146.42.123 personal.barclays.co.uk
O1 – Hosts: 82.146.42.123 barclays.co.uk
O1 – Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.nwolb.com
O1 – Hosts: 82.146.42.123 nwolb.com
O1 – Hosts: 82.146.42.123 hsbc.co.uk
O1 – Hosts: 82.146.42.123 www.hsbc.co.uk
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – (no file)
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [cbidkhcd] C:\WINDOWS\cbidkhcd.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 – Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet4_85.dll' missing
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BFEF277A–A44A–4D56–BCA5–BEECB60EC975}: NameServer = 194.204.159.1,194.204.159.34
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[/url]
Logfile of HijackThis v1.99.1
Scan saved at 15:57:21, on 2005–06–07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\Wapster\AQQ\AQQ.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Klemens\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 17.145.117.11 d–ru–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 – Hosts: 17.145.117.11 www.kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky–labs.com
O1 – Hosts: 17.145.117.11 www.kaspersky–labs.com
O1 – Hosts: 82.146.42.123 lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.com
O1 – Hosts: 82.146.42.123 personal.barclays.co.uk
O1 – Hosts: 82.146.42.123 barclays.co.uk
O1 – Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.nwolb.com
O1 – Hosts: 82.146.42.123 nwolb.com
O1 – Hosts: 82.146.42.123 hsbc.co.uk
O1 – Hosts: 82.146.42.123 www.hsbc.co.uk
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – (no file)
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [cbidkhcd] C:\WINDOWS\cbidkhcd.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 – Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet4_85.dll' missing
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BFEF277A–A44A–4D56–BCA5–BEECB60EC975}: NameServer = 194.204.159.1,194.204.159.34
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[/url]
Odpowiedzi: 11
Dziex juź nie trzeba sprawdziłem sobie na stronie Hijacka !!! :D
Moźecie luknąć na mojego loga z Hijack This ???
Byłbym bardzo wdzięczny !! :wink:
Logfile of HijackThis v1.99.1
Scan saved at 15:16:43, on 2005–11–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wojtek\Moje dokumenty\Pobieralnia\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [rfagent] C:\Program Files\RFA\rfagent.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Byłbym bardzo wdzięczny !! :wink:
Logfile of HijackThis v1.99.1
Scan saved at 15:16:43, on 2005–11–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wojtek\Moje dokumenty\Pobieralnia\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [rfagent] C:\Program Files\RFA\rfagent.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A tak w ogole to co to za zwyczaj ?
Wstawisz sobie raz dziennie loga bez choćby słowa wyjasnienia i zadowolony.
Nastepnego w tej formie badz pewny juz nie sprawdze a do kosza poleci.
Wyłacz proces:
aliffof2.exe
Wywal:
Wstawisz sobie raz dziennie loga bez choćby słowa wyjasnienia i zadowolony.
Nastepnego w tej formie badz pewny juz nie sprawdze a do kosza poleci.
Wyłacz proces:
aliffof2.exe
Wywal:
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll (file missing)
O4 – HKLM\..\Run: [aliffof2] C:\WINDOWS\System32\aliffof2.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
Logfile of HijackThis v1.99.1
Scan saved at 22:20:27, on 2005–06–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\aliffof2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\Documents and Settings\Malcik\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [aliffof2] C:\WINDOWS\System32\aliffof2.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe" "+b1"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{DBE8A48B–729A–485E–8867–B919D1BC0C45}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
Scan saved at 22:20:27, on 2005–06–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\aliffof2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\Documents and Settings\Malcik\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [aliffof2] C:\WINDOWS\System32\aliffof2.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe" "+b1"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{DBE8A48B–729A–485E–8867–B919D1BC0C45}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
Odinstaluj Desktop Messengera bo to zupełnie zbędny bajer.
Skoś te wszystkie wpisy z 018
Chyba zostao obcięte
Napraw to >> FIX CHECKED
Przytnij dodatkowo autostart bo masz w nim kupe zbędnych programów.
Skoś te wszystkie wpisy z 018
O4 – HKLM\..\Run: [ScanRegistry] C:\W
Chyba zostao obcięte
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
Napraw to >> FIX CHECKED
Przytnij dodatkowo autostart bo masz w nim kupe zbędnych programów.
Logfile of HijackThis v1.99.1
Scan saved at 12:49:51, on 2005–06–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\WDVRCtrl.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 – HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 – HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 – HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\W
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [MMTray] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
O4 – HKLM\..\Run: [mmtray2k] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
O4 – HKLM\..\Run: [mmtraylsi] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 – Global Startup: Hapi.lnk = C:\Program Files\Hapi\Hapi.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BFEF277A–A44A–4D56–BCA5–BEECB60EC975}: NameServer = 194.204.159.1,194.204.159.34
O18 – Protocol: bw+0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw+0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwfile–8876480 – {9462A756–7B47–47BC–8C80–C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol–8876480.dll
O18 – Protocol: bwg0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwg0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: offline–8876480 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 12:49:51, on 2005–06–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\WDVRCtrl.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SoundMan] soundman.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 – HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 – HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 – HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\W
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [MMTray] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
O4 – HKLM\..\Run: [mmtray2k] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
O4 – HKLM\..\Run: [mmtraylsi] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
O4 – HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 – Global Startup: Hapi.lnk = C:\Program Files\Hapi\Hapi.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BFEF277A–A44A–4D56–BCA5–BEECB60EC975}: NameServer = 194.204.159.1,194.204.159.34
O18 – Protocol: bw+0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw+0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwfile–8876480 – {9462A756–7B47–47BC–8C80–C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol–8876480.dll
O18 – Protocol: bwg0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwg0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0s – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: offline–8876480 – {A70C875A–317D–449F–B141–222A59A53BB5} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Panda Antispam Server Service (PASSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Pozbądz się:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://offsearch.cc/search.php?v=4&aff=2892
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://offsearch.cc/index.php?v=4&aff=2892
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
O9 – Extra button: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 81.222.131.59
O15 – Trusted IP range: 81.222.131.59 (HKLM)
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
Logfile of HijackThis v1.99.1
Scan saved at 10:06:55, on 05–06–09
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
G:\WINDOWS\SYSTEM\KERNEL32.DLL
G:\WINDOWS\SYSTEM\MSGSRV32.EXE
G:\WINDOWS\SYSTEM\MPREXE.EXE
G:\WINDOWS\SYSTEM\mmtask.tsk
G:\WINDOWS\EXPLORER.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\AUDEVICEMGR.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\CONNMNGMNTBOX.EXE
G:\PROGRAM FILES\INTUWAVE\SHARED\PRODUCT\MROUTERRUNTIME.EXE
F:\MATEUSZ\GG_\GG.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\CAPMAN.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\ELOGERR.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\BROADCASTPROXY.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\SCRFS.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\MOBILE PHONE MONITOR\EPMWORKER.EXE
G:\WINDOWS\SYSTEM\DDHELP.EXE
G:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
G:\WINDOWS\SYSTEM\PSTORES.EXE
G:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
G:\PROGRAM FILES\DAP\DAP.EXE
G:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://offsearch.cc/search.php?v=4&aff=2892
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://offsearch.cc/index.php?v=4&aff=2892
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – G:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – G:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [NetWatcherPro] G:\PROGRAM FILES\NETWATCHERPRO\NETWATCHERPRO.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\MATEUSZ\GG_\GG.EXE" /tray
O4 – Startup: Phone Connection Monitor.lnk = G:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 – Extra context menu item: &Download with &DAP – G:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – G:\PROGRA~1\DAP\dapextie2.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – G:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – G:\WINDOWS\web\related.htm
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – G:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 81.222.131.59
O15 – Trusted IP range: 81.222.131.59 (HKLM)
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
Scan saved at 10:06:55, on 05–06–09
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
G:\WINDOWS\SYSTEM\KERNEL32.DLL
G:\WINDOWS\SYSTEM\MSGSRV32.EXE
G:\WINDOWS\SYSTEM\MPREXE.EXE
G:\WINDOWS\SYSTEM\mmtask.tsk
G:\WINDOWS\EXPLORER.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\AUDEVICEMGR.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\CONNMNGMNTBOX.EXE
G:\PROGRAM FILES\INTUWAVE\SHARED\PRODUCT\MROUTERRUNTIME.EXE
F:\MATEUSZ\GG_\GG.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\CAPMAN.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\ELOGERR.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\BROADCASTPROXY.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\CONNECTIVITY PACK\SCRFS.EXE
G:\PROGRAM FILES\SONY ERICSSON\MOBILE\MOBILE PHONE MONITOR\EPMWORKER.EXE
G:\WINDOWS\SYSTEM\DDHELP.EXE
G:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
G:\WINDOWS\SYSTEM\PSTORES.EXE
G:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
G:\PROGRAM FILES\DAP\DAP.EXE
G:\WINDOWS\PULPIT\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://offsearch.cc/search.php?v=4&aff=2892
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://offsearch.cc/index.php?v=4&aff=2892
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – G:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – G:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [NetWatcherPro] G:\PROGRAM FILES\NETWATCHERPRO\NETWATCHERPRO.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "F:\MATEUSZ\GG_\GG.EXE" /tray
O4 – Startup: Phone Connection Monitor.lnk = G:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 – Extra context menu item: &Download with &DAP – G:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – G:\PROGRA~1\DAP\dapextie2.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – G:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – G:\WINDOWS\web\related.htm
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – G:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {4996E560–D448–11D9–864D–008048159334} – (no file) (HKCU)
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 81.222.131.59
O15 – Trusted IP range: 81.222.131.59 (HKLM)
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
**Mis**:
LSP–Fix z Kad mam to wziasc??
Z internetu, pierwszy link z googli po wpisaniu "LSP–FIX" – http://www.cexx.org/lspfix.htm
Takie to trudne było ?
Co do uźycia samego programu to wielokrotnie to opisywałem na forum przy okazji New.Net
Linków nie podam tym razem – poszukaj.
LSP–Fix z Kad mam to wziasc??
Z samego początku to standardowo wyłączasz przywracanie systemu.
Start >> Uruchom >> regedit
Usuwasz wskazany ciąg w kluczu HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
Wskazany katalog usuwasz z dysku, ale najpierw sciągasz narzędzie LSP–FIX i przy jego pomocy ciachasz pliki New.Net z Winsock\LSP.
FIX oraz usuwasz pogrubiony plik z dysku:
Coraz bardziej przekonuje się, ze to od Pandy – zostaw.
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
Start >> Uruchom >> regedit
Usuwasz wskazany ciąg w kluczu HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
O10 – Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet4_85.dll' missing
Wskazany katalog usuwasz z dysku, ale najpierw sciągasz narzędzie LSP–FIX i przy jego pomocy ciachasz pliki New.Net z Winsock\LSP.
FIX oraz usuwasz pogrubiony plik z dysku:
O1 – Hosts: 17.145.117.11 d–ru–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–ru–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–2h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–eu–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1f.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 d–us–1h.kaspersky–labs.com
O1 – Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 – Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 – Hosts: 17.145.117.11 www.kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky.ru
O1 – Hosts: 17.145.117.11 kaspersky–labs.com
O1 – Hosts: 17.145.117.11 www.kaspersky–labs.com
O1 – Hosts: 82.146.42.123 lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 – Hosts: 82.146.42.123 www.lloydstsb.com
O1 – Hosts: 82.146.42.123 personal.barclays.co.uk
O1 – Hosts: 82.146.42.123 barclays.co.uk
O1 – Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.barclays.co.uk
O1 – Hosts: 82.146.42.123 www.nwolb.com
O1 – Hosts: 82.146.42.123 nwolb.com
O1 – Hosts: 82.146.42.123 hsbc.co.uk
O1 – Hosts: 82.146.42.123 www.hsbc.co.uk
O3 – Toolbar: (no name) – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – (no file)
O4 – HKLM\..\Run: [cbidkhcd] C:\WINDOWS\cbidkhcd.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
Coraz bardziej przekonuje się, ze to od Pandy – zostaw.
Strona 1 / 1