Prośba o sprawdzenie mojego loga
Logfile of HijackThis v1.99.1
Scan saved at 20:58:57, on 2005–10–01
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SVCHOST128.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\WINDOWS\SYSTEM\SYSBAR.EXE
C:\WINDOWS\SYSTEM\LOL1.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PWN\DEFINICJE\BIN\STARTER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\WINDOWS\SYSTEM\I6J17GOB.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\ECNJKTC\GJQXL.EXE
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\PROGRAM FILES\NROC\OTPE.EXE
C:\WINSTALL.EXE
C:\WINDOWS\SYSTEM\SYSBAR.EXE
C:\WINDOWS\SYSTEM\CNVRH.EXE
C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800–840\DSLMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\SYSTEM\SDFDIL.EXE
C:\WINDOWS\TEMP\RAR$EX0J.2FV\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xt.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\NEM220.DLL
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\WSEM303.DLL
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\SYSTEM\ZOLKER011.DLL
O2 – BHO: (no name) – {82C0E3B7–2106–26A4–7631–2CD74F5836C1} – C:\WINDOWS\SYSTEM\UGFSO.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe –s
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 – HKLM\..\Run: [EPSON Stylus C42 Ser (Kopia 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P30 "EPSON Stylus C42 Ser (Kopia 2)" /O7 "EPUSB1:" /M "Stylus C42"
O4 – HKLM\..\Run: [epson stylus C42UX] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P18 "epson stylus C42UX" /O5 "LPT1:" /M "Stylus C42"
O4 – HKLM\..\Run: [EPSON Stylus C42 Serie (Copy 3)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C42 Serie (Copy 3)" /O5 "LPT1:" /M "Stylus C42"
O4 – HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe –launch
O4 – HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O7 "EPUSB1:" /M "Stylus C42"
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 – HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 – HKLM\..\Run: [i6j17gob] C:\WINDOWS\SYSTEM\i6j17gob.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Svehe] C:\PROGRAM FILES\ECNJKTC\GJQXL.EXE
O4 – HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 – HKLM\..\Run: [svchost] C:\WINDOWS\SYSTEM\svchost128.exe
O4 – HKLM\..\Run: [Auto Update] C:\WINDOWS\svchost.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 – HKLM\..\Run: [Spyware Stormer] C:\PROGRAM FILES\SPYWARE STORMER\SPYWARESTORMER.Exe
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 – HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 – HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 – HKLM\..\RunServices: [svchost] C:\WINDOWS\SYSTEM\svchost128.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 – HKCU\..\Run: [Mraa] "C:\Program Files\nroc\otpe.exe" –vt mt
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\SYSBAR.EXE
O4 – HKCU\..\Run: [Ghzbcxa] C:\WINDOWS\SYSTEM\cnvrh.exe
O4 – HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 – HKCU\..\RunServices: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\RunServices: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 – HKCU\..\RunServices: [Mraa] "C:\Program Files\nroc\otpe.exe" –vt mt
O4 – HKCU\..\RunServices: [Windows installer] C:\winstall.exe
O4 – HKCU\..\RunServices: [SNInstall] C:\WINDOWS\SYSTEM\SYSBAR.EXE
O4 – HKCU\..\RunServices: [Ghzbcxa] C:\WINDOWS\SYSTEM\cnvrh.exe
O4 – HKCU\..\RunServices: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 – Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Startup: folder.htt
O4 – Global Startup: folder.htt
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: MSN Messenger Service – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 – Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 72.36.223.62
O15 – Trusted IP range: 72.36.223.62 (HKLM)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c4.cab
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {261EE805–4893–45A3–8E9E–AD90914CB39A} (VacPro.internazionale_98_ver11) – http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=4981
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
Scan saved at 20:58:57, on 2005–10–01
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SVCHOST128.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\WINDOWS\SYSTEM\SYSBAR.EXE
C:\WINDOWS\SYSTEM\LOL1.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PWN\DEFINICJE\BIN\STARTER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\WINDOWS\SYSTEM\I6J17GOB.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\ECNJKTC\GJQXL.EXE
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\PROGRAM FILES\NROC\OTPE.EXE
C:\WINSTALL.EXE
C:\WINDOWS\SYSTEM\SYSBAR.EXE
C:\WINDOWS\SYSTEM\CNVRH.EXE
C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800–840\DSLMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\SYSTEM\SDFDIL.EXE
C:\WINDOWS\TEMP\RAR$EX0J.2FV\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xt.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\NEM220.DLL
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\WSEM303.DLL
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\SYSTEM\ZOLKER011.DLL
O2 – BHO: (no name) – {82C0E3B7–2106–26A4–7631–2CD74F5836C1} – C:\WINDOWS\SYSTEM\UGFSO.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe –s
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 – HKLM\..\Run: [EPSON Stylus C42 Ser (Kopia 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P30 "EPSON Stylus C42 Ser (Kopia 2)" /O7 "EPUSB1:" /M "Stylus C42"
O4 – HKLM\..\Run: [epson stylus C42UX] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P18 "epson stylus C42UX" /O5 "LPT1:" /M "Stylus C42"
O4 – HKLM\..\Run: [EPSON Stylus C42 Serie (Copy 3)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C42 Serie (Copy 3)" /O5 "LPT1:" /M "Stylus C42"
O4 – HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe –launch
O4 – HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O7 "EPUSB1:" /M "Stylus C42"
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 – HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 – HKLM\..\Run: [i6j17gob] C:\WINDOWS\SYSTEM\i6j17gob.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Svehe] C:\PROGRAM FILES\ECNJKTC\GJQXL.EXE
O4 – HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE
O4 – HKLM\..\Run: [svchost] C:\WINDOWS\SYSTEM\svchost128.exe
O4 – HKLM\..\Run: [Auto Update] C:\WINDOWS\svchost.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 – HKLM\..\Run: [Spyware Stormer] C:\PROGRAM FILES\SPYWARE STORMER\SPYWARESTORMER.Exe
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 – HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 – HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 – HKLM\..\RunServices: [svchost] C:\WINDOWS\SYSTEM\svchost128.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 – HKCU\..\Run: [Mraa] "C:\Program Files\nroc\otpe.exe" –vt mt
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\SYSBAR.EXE
O4 – HKCU\..\Run: [Ghzbcxa] C:\WINDOWS\SYSTEM\cnvrh.exe
O4 – HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 – HKCU\..\RunServices: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\RunServices: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 – HKCU\..\RunServices: [Mraa] "C:\Program Files\nroc\otpe.exe" –vt mt
O4 – HKCU\..\RunServices: [Windows installer] C:\winstall.exe
O4 – HKCU\..\RunServices: [SNInstall] C:\WINDOWS\SYSTEM\SYSBAR.EXE
O4 – HKCU\..\RunServices: [Ghzbcxa] C:\WINDOWS\SYSTEM\cnvrh.exe
O4 – HKCU\..\RunServices: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 – Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Startup: folder.htt
O4 – Global Startup: folder.htt
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: MSN Messenger Service – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 – Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 72.36.223.62
O15 – Trusted IP range: 72.36.223.62 (HKLM)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c4.cab
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {261EE805–4893–45A3–8E9E–AD90914CB39A} (VacPro.internazionale_98_ver11) – http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=4981
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
Odpowiedzi: 1
Najpierw samodzielnie –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Strona 1 / 1