nowy log
Logfile of HijackThis v1.99.0
Scan saved at 21:45:10, on 2005–04–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Winamp\Winampa.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\Juk.exe
C:\WINDOWS\System32\Services\{084442CF–DD93–43CE–8777–47D2E86896BF}\SVCHOST.EXE
c:\124841.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gadu–Gadu\gg.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
c:\124841.exe
C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
D:\SpywareGuard\sgmain.exe
D:\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\test\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = "%1" /S
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: SpywareGuard Download Protection – {4A368E80–174F–4872–96B5–0B27DDD11DB2} – D:\SpywareGuard\dlprotect.dll
O2 – BHO: (no name) – {4FC95EDD–4796–4966–9049–29649C80111D} – (no file)
O2 – BHO: (no name) – {A99E1618–98EC–98F3–7B56–50D9B27636B8} – C:\DOCUME~1\test\DANEAP~1\ONCECL~1\Inforef.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [WinampAgent] "D:\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [RealJukeboxSystray] D:\RealJukebox\tsystray.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [Bib City Info Window] C:\Documents and Settings\All Users\Dane aplikacji\Soft drv bib city\Forkkind.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Pei] C:\WINDOWS\System32\Juk.exe
O4 – HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\test\USTAWI~1\Temp\keep.exe
O4 – HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{084442CF–DD93–43CE–8777–47D2E86896BF}\SVCHOST.EXE
O4 – HKLM\..\Run: [Ukl] C:\WINDOWS\System32\Oqk.exe
O4 – HKLM\..\Run: [Jlt] C:\WINDOWS\System32\Mou.exe
O4 – HKLM\..\Run: [Htt] C:\WINDOWS\System32\Nsr.exe
O4 – HKLM\..\Run: [Aoj] C:\WINDOWS\System32\Bst.exe
O4 – HKLM\..\Run: [Vra] C:\WINDOWS\System32\Krj.exe
O4 – HKLM\..\Run: [Ihl] C:\WINDOWS\Hse.exe
O4 – HKLM\..\Run: [Hdq] C:\WINDOWS\Fhh.exe
O4 – HKLM\..\Run: [Gch] C:\WINDOWS\Qon.exe
O4 – HKLM\..\Run: [Ejj] C:\WINDOWS\Pks.exe
O4 – HKLM\..\Run: [Hfn] C:\WINDOWS\System32\Mca.exe
O4 – HKLM\..\Run: [Mot] C:\WINDOWS\System32\Sfs.exe
O4 – HKLM\..\Run: [Ssg] C:\WINDOWS\System32\Tat.exe
O4 – HKLM\..\Run: [Otm] C:\WINDOWS\System32\Dij.exe
O4 – HKLM\..\Run: [Ncb] C:\WINDOWS\System32\Cpd.exe
O4 – HKLM\..\Run: [Pga] C:\WINDOWS\System32\Hqm.exe
O4 – HKLM\..\Run: [Kso] C:\WINDOWS\Fir.exe
O4 – HKLM\..\Run: [Mqv] C:\WINDOWS\System32\Veg.exe
O4 – HKLM\..\Run: [Ucu] C:\WINDOWS\Tsn.exe
O4 – HKLM\..\Run: [Jhb] C:\WINDOWS\System32\Aeb.exe
O4 – HKLM\..\Run: [Dbu] C:\WINDOWS\System32\Qsi.exe
O4 – HKLM\..\Run: [Eqv] C:\WINDOWS\Qkd.exe
O4 – HKLM\..\Run: [Qdp] C:\WINDOWS\System32\Uct.exe
O4 – HKLM\..\Run: [Ofm] C:\WINDOWS\Sfh.exe
O4 – HKLM\..\Run: [Lfl] C:\WINDOWS\System32\Iid.exe
O4 – HKLM\..\Run: [Bve] C:\WINDOWS\System32\Fvh.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] D:\tlen\tlen.exe
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – HKCU\..\Run: [BASE FREE] C:\DOCUME~1\test\DANEAP~1\COALVG~1\WaveRoad.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Pei] C:\WINDOWS\System32\Juk.exe
O4 – HKCU\..\Run: [Ukl] C:\WINDOWS\System32\Oqk.exe
O4 – HKCU\..\Run: [Jlt] C:\WINDOWS\System32\Mou.exe
O4 – HKCU\..\Run: [Htt] C:\WINDOWS\System32\Nsr.exe
O4 – HKCU\..\Run: [Aoj] C:\WINDOWS\System32\Bst.exe
O4 – HKCU\..\Run: [Vra] C:\WINDOWS\System32\Krj.exe
O4 – HKCU\..\Run: [Ihl] C:\WINDOWS\Hse.exe
O4 – HKCU\..\Run: [Hdq] C:\WINDOWS\Fhh.exe
O4 – HKCU\..\Run: [Gch] C:\WINDOWS\Qon.exe
O4 – HKCU\..\Run: [Ejj] C:\WINDOWS\Pks.exe
O4 – HKCU\..\Run: [Hfn] C:\WINDOWS\System32\Mca.exe
O4 – HKCU\..\Run: [Mot] C:\WINDOWS\System32\Sfs.exe
O4 – HKCU\..\Run: [Ssg] C:\WINDOWS\System32\Tat.exe
O4 – HKCU\..\Run: [Otm] C:\WINDOWS\System32\Dij.exe
O4 – HKCU\..\Run: [Ncb] C:\WINDOWS\System32\Cpd.exe
O4 – HKCU\..\Run: [Pga] C:\WINDOWS\System32\Hqm.exe
O4 – HKCU\..\Run: [Kso] C:\WINDOWS\Fir.exe
O4 – HKCU\..\Run: [Mqv] C:\WINDOWS\System32\Veg.exe
O4 – HKCU\..\Run: [Ucu] C:\WINDOWS\Tsn.exe
O4 – HKCU\..\Run: [Jhb] C:\WINDOWS\System32\Aeb.exe
O4 – HKCU\..\Run: [Dbu] C:\WINDOWS\System32\Qsi.exe
O4 – HKCU\..\Run: [Eqv] C:\WINDOWS\Qkd.exe
O4 – HKCU\..\Run: [Qdp] C:\WINDOWS\System32\Uct.exe
O4 – HKCU\..\Run: [Ofm] C:\WINDOWS\Sfh.exe
O4 – HKCU\..\Run: [Lfl] C:\WINDOWS\System32\Iid.exe
O4 – HKCU\..\Run: [Bve] C:\WINDOWS\System32\Fvh.exe
O4 – Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: PS2 Keyboard English Edition.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {88D758A3–D33B–45FD–91E3–67749B4057FA} (Sinstaller Class) – http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 – Service: Panda Firewall Service – Unknown – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service – Unknown – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Scan saved at 21:45:10, on 2005–04–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Winamp\Winampa.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\Juk.exe
C:\WINDOWS\System32\Services\{084442CF–DD93–43CE–8777–47D2E86896BF}\SVCHOST.EXE
c:\124841.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Gadu–Gadu\gg.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
c:\124841.exe
C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
D:\SpywareGuard\sgmain.exe
D:\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\test\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = "%1" /S
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: SpywareGuard Download Protection – {4A368E80–174F–4872–96B5–0B27DDD11DB2} – D:\SpywareGuard\dlprotect.dll
O2 – BHO: (no name) – {4FC95EDD–4796–4966–9049–29649C80111D} – (no file)
O2 – BHO: (no name) – {A99E1618–98EC–98F3–7B56–50D9B27636B8} – C:\DOCUME~1\test\DANEAP~1\ONCECL~1\Inforef.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [WinampAgent] "D:\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [RealJukeboxSystray] D:\RealJukebox\tsystray.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [Bib City Info Window] C:\Documents and Settings\All Users\Dane aplikacji\Soft drv bib city\Forkkind.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Pei] C:\WINDOWS\System32\Juk.exe
O4 – HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\test\USTAWI~1\Temp\keep.exe
O4 – HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{084442CF–DD93–43CE–8777–47D2E86896BF}\SVCHOST.EXE
O4 – HKLM\..\Run: [Ukl] C:\WINDOWS\System32\Oqk.exe
O4 – HKLM\..\Run: [Jlt] C:\WINDOWS\System32\Mou.exe
O4 – HKLM\..\Run: [Htt] C:\WINDOWS\System32\Nsr.exe
O4 – HKLM\..\Run: [Aoj] C:\WINDOWS\System32\Bst.exe
O4 – HKLM\..\Run: [Vra] C:\WINDOWS\System32\Krj.exe
O4 – HKLM\..\Run: [Ihl] C:\WINDOWS\Hse.exe
O4 – HKLM\..\Run: [Hdq] C:\WINDOWS\Fhh.exe
O4 – HKLM\..\Run: [Gch] C:\WINDOWS\Qon.exe
O4 – HKLM\..\Run: [Ejj] C:\WINDOWS\Pks.exe
O4 – HKLM\..\Run: [Hfn] C:\WINDOWS\System32\Mca.exe
O4 – HKLM\..\Run: [Mot] C:\WINDOWS\System32\Sfs.exe
O4 – HKLM\..\Run: [Ssg] C:\WINDOWS\System32\Tat.exe
O4 – HKLM\..\Run: [Otm] C:\WINDOWS\System32\Dij.exe
O4 – HKLM\..\Run: [Ncb] C:\WINDOWS\System32\Cpd.exe
O4 – HKLM\..\Run: [Pga] C:\WINDOWS\System32\Hqm.exe
O4 – HKLM\..\Run: [Kso] C:\WINDOWS\Fir.exe
O4 – HKLM\..\Run: [Mqv] C:\WINDOWS\System32\Veg.exe
O4 – HKLM\..\Run: [Ucu] C:\WINDOWS\Tsn.exe
O4 – HKLM\..\Run: [Jhb] C:\WINDOWS\System32\Aeb.exe
O4 – HKLM\..\Run: [Dbu] C:\WINDOWS\System32\Qsi.exe
O4 – HKLM\..\Run: [Eqv] C:\WINDOWS\Qkd.exe
O4 – HKLM\..\Run: [Qdp] C:\WINDOWS\System32\Uct.exe
O4 – HKLM\..\Run: [Ofm] C:\WINDOWS\Sfh.exe
O4 – HKLM\..\Run: [Lfl] C:\WINDOWS\System32\Iid.exe
O4 – HKLM\..\Run: [Bve] C:\WINDOWS\System32\Fvh.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] D:\tlen\tlen.exe
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – HKCU\..\Run: [BASE FREE] C:\DOCUME~1\test\DANEAP~1\COALVG~1\WaveRoad.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Pei] C:\WINDOWS\System32\Juk.exe
O4 – HKCU\..\Run: [Ukl] C:\WINDOWS\System32\Oqk.exe
O4 – HKCU\..\Run: [Jlt] C:\WINDOWS\System32\Mou.exe
O4 – HKCU\..\Run: [Htt] C:\WINDOWS\System32\Nsr.exe
O4 – HKCU\..\Run: [Aoj] C:\WINDOWS\System32\Bst.exe
O4 – HKCU\..\Run: [Vra] C:\WINDOWS\System32\Krj.exe
O4 – HKCU\..\Run: [Ihl] C:\WINDOWS\Hse.exe
O4 – HKCU\..\Run: [Hdq] C:\WINDOWS\Fhh.exe
O4 – HKCU\..\Run: [Gch] C:\WINDOWS\Qon.exe
O4 – HKCU\..\Run: [Ejj] C:\WINDOWS\Pks.exe
O4 – HKCU\..\Run: [Hfn] C:\WINDOWS\System32\Mca.exe
O4 – HKCU\..\Run: [Mot] C:\WINDOWS\System32\Sfs.exe
O4 – HKCU\..\Run: [Ssg] C:\WINDOWS\System32\Tat.exe
O4 – HKCU\..\Run: [Otm] C:\WINDOWS\System32\Dij.exe
O4 – HKCU\..\Run: [Ncb] C:\WINDOWS\System32\Cpd.exe
O4 – HKCU\..\Run: [Pga] C:\WINDOWS\System32\Hqm.exe
O4 – HKCU\..\Run: [Kso] C:\WINDOWS\Fir.exe
O4 – HKCU\..\Run: [Mqv] C:\WINDOWS\System32\Veg.exe
O4 – HKCU\..\Run: [Ucu] C:\WINDOWS\Tsn.exe
O4 – HKCU\..\Run: [Jhb] C:\WINDOWS\System32\Aeb.exe
O4 – HKCU\..\Run: [Dbu] C:\WINDOWS\System32\Qsi.exe
O4 – HKCU\..\Run: [Eqv] C:\WINDOWS\Qkd.exe
O4 – HKCU\..\Run: [Qdp] C:\WINDOWS\System32\Uct.exe
O4 – HKCU\..\Run: [Ofm] C:\WINDOWS\Sfh.exe
O4 – HKCU\..\Run: [Lfl] C:\WINDOWS\System32\Iid.exe
O4 – HKCU\..\Run: [Bve] C:\WINDOWS\System32\Fvh.exe
O4 – Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: PS2 Keyboard English Edition.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {88D758A3–D33B–45FD–91E3–67749B4057FA} (Sinstaller Class) – http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{46EC2E6B–E144–476F–9635–9658082D0FC2}: NameServer = 10.100.0.254,194.204.152.34
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 – Service: Panda Firewall Service – Unknown – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service – Unknown – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Odpowiedzi: 1
Kontynuuj w temacie w ktorym zaczales.
Nie widzisz ze guzik usunales z tego o czym pisal Bobi ?
Nie widzisz ze guzik usunales z tego o czym pisal Bobi ?
Strona 1 / 1