Aktualizacje na programosy.pl:
Cent Browser • DVDFab HD Decrypter • PDF24 Creator • Personal Backup • FolderSizes • K7 UltimateSecurity • UEStudio • Chromium • Kaspersky Rescue Disk
-
- Ogłoszenie:
Moj pulpit jest czerwony zarazony SPYWARE !
25 posty(ów) • Strona 1 z 2 • 1, 2
Moj pulpit jest czerwony zarazony SPYWARE !
przez typerek 06 Kwi 2005, 16:13
- typerek
- ~user
- Posty: 105
- Dołączenie: 12 Mar 2005, 16:10
przez Magik 06 Kwi 2005, 16:22
Jak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
PZDR
P.S
i wklejaj mi tu calego loga ino szybko
przelec system ad-aware, spybot'em i porzadnym regcleanerem
PZDR
P.S
i wklejaj mi tu calego loga ino szybko
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez typerek 06 Kwi 2005, 16:25
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 16:23:02, on 2005-04-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\AVK9\HelperService.exe
C:\Programy\AVK9\AvkServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Kwenlru\Pbcpwb.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\Olt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKLM\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKCU\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKCU\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKCU\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKCU\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKCU\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKCU\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: AVK HilfsService (AVKHelper) - Unknown owner - C:\Programy\AVK9\HelperService.exe
Ostatnio edytowany przez typerek, 06 Kwi 2005, 16:35, edytowano w sumie 1 raz
- typerek
- ~user
- Posty: 105
- Dołączenie: 12 Mar 2005, 16:10
-
przez Magik 06 Kwi 2005, 16:31
typerek napisał(a):paytime.exe
typerek napisał(a):R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
wszystko na fix w HiJackThis
typerek napisał(a):O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
typerek napisał(a):O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Wszystko to do kosza albo fix
CO JEST NAPISANE W REGULAMINIE??????
loga opatrzyc tagami [code]......Naprawde chcialbym Cie oszczedzic ale zarobisz dzis na to ostrzezenie
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez Magik 06 Kwi 2005, 16:44
Chlopak ja nie mam zamiaru nabijac sobie postow w tym temacie i wogole
Jak zrobisz naprawde wszystko to dopiero oczekuj dalszych wskazowe....I czytaj uwaznie co sie do Ciebie pisze, a nie tak po lepkach....Haslo rzucone typerek leci, a le wstecz juz nie spojrzy....Jasna ta metafora??
PZDR
Autor postu otrzymał pochwałę
Jak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
Jak zrobisz naprawde wszystko to dopiero oczekuj dalszych wskazowe....I czytaj uwaznie co sie do Ciebie pisze, a nie tak po lepkach....Haslo rzucone typerek leci, a le wstecz juz nie spojrzy....Jasna ta metafora??
PZDR
Autor postu otrzymał pochwałę
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez typerek 06 Kwi 2005, 16:48
D!eselek 1.9T napisał(a):Chlopak ja nie mam zamiaru nabijac sobie postow w tym temacie i wogoleJak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
Jak zrobisz naprawde wszystko to dopiero oczekuj dalszych wskazowe....I czytaj uwaznie co sie do Ciebie pisze, a nie tak po lepkach....Haslo rzucone typerek leci, a le wstecz juz nie spojrzy....Jasna ta metafora??
PZDR
Wielkie dzieki za pomoc ale tego nie potrafie... wiec juz po komputerze ... dostajesz plusik sorki za zajety czas
musze zrobic formata, ... u kogos kto ma Windows XP bo jak nie to nie da rady ...
Pozdrawiam wielkie dzieki i szacunek!
- typerek
- ~user
- Posty: 105
- Dołączenie: 12 Mar 2005, 16:10
-
przez Tom@szek 06 Kwi 2005, 17:03
Wg mnie to wszystko są śmieci.
Jeśli nie znasz tego IP - do kosza.
- Kod: Zaznacz wszystko
C:\Program Files\Media Access\MediaAccK.exe Nasty
Nasty running process. (MediaAccK.exe)
AdWare.ToolBar.Azesearch This is a nasty process! You should fix it and try to delete it manually!
- Kod: Zaznacz wszystko
C:\Program Files\Internet Optimizer\optimize.exe Nasty
Nasty running process. (optimize.exe)
Internet Optimizer Malware This is a nasty process! You should fix it and try to delete it manually!
- Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe Nasty
Nasty AdWare.ToolBar.Azesearch
Hit rate: 99 % (result) Must be fixed!
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" Nasty
Nasty Internet connection optimizer. Malware.
Hit rate: 99 % (result) Must be fixed!
- Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe Unknown
Unknown
Hit rate: 10 % (result) Unknown application.
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe Unknown
Unknown
Hit rate: 8 % (result) Unknown application.
O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe Unknown
Unknown
Hit rate: 13 % (result) Unknown application.
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe Unknown
Unknown
Hit rate: 13 % (result) Unknown application.
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe Unknown
Unknown
- Kod: Zaznacz wszystko
C:\Program Files\Kwenlru\Pbcpwb.exe Unknown
Unknown running process. (Pbcpwb.exe)
This is a unknown process.
C:\WINDOWS\System32\paytime.exe Unknown
Unknown running process. (paytime.exe)
This is a unknown process.
C:\WINDOWS\Olt.exe Unknown
Unknown running process. (Olt.exe)
This is a unknown process.
- Kod: Zaznacz wszystko
C:\WINDOWS\System32\paytime.exe Unknown
Unknown running process. (paytime.exe)
This is a unknown process.
- Kod: Zaznacz wszystko
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll Unknown
Unknown Entries found in this registry zone are potentially nasty. This application ([A0269420-A638-4509-889C-8FC3CC85DA7E] - Result: ) has been checked. Hit rate: -1 % Unknown application.
Jeśli nie znasz tego IP - do kosza.
- Kod: Zaznacz wszystko
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '194.204.152.34,194.204.159.1'? If not, fix this entry.
Ostatnio edytowany przez Tom@szek, 06 Kwi 2005, 18:34, edytowano w sumie 1 raz
- Tom@szek
-
przez pawko 06 Kwi 2005, 17:12
kemot analizatorowi logów nie zawsze warto wierzyć ale w tym wypadku masz racje choć wydaje mi się że oprócz tego
typerek gdyby cię jednak coś odwiodło od formata daj znać a się upewnie i ci powiem co do wywalenia dokładnie .
Pozdrawiam
- Kod: Zaznacz wszystko
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1
typerek gdyby cię jednak coś odwiodło od formata daj znać a się upewnie i ci powiem co do wywalenia dokładnie .
Pozdrawiam
Chelsea Londyn ....
Blue is the color ....
Blue is the color ....
-
pawko - ~user
- Posty: 137
- Dołączenie: 25 Sty 2005, 20:15
- Miejscowość: 3miasto
- Pochwały: 7
-
przez Magik 09 Kwi 2005, 23:08
typerek napisał(a):Zrobilem formata i jak narazie jest spokoj
Zmien przegladarke z IE na Firefox'a czy Opere
typerek napisał(a):i jak narazie jest spokoj
i bedziesz mial spokoj wieczny
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
przez Maciek_13_dynow 12 Kwi 2005, 16:00
tez to mam musze dać resa !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Maciek_13_dynow
- ~user
- Posty: 3
- Dołączenie: 12 Kwi 2005, 15:52
-
przez skibol 14 Kwi 2005, 22:12
ratuuunkuu mam to samo to jest jakieś perfidne dziadostwo!! włączyłem jak mnie kumpel uczył awaryjny odpaliłem scana i dupa wykryło mi pare usunąłem nawet te które nie chciały się usunąć recznie wykasowałem ale wciąrz to samo 
może ktośmiał tego spyware'a i wie jak go usunąć?? proszę o pomoc
może ktośmiał tego spyware'a i wie jak go usunąć?? proszę o pomoc przez Robertj 15 Kwi 2005, 18:28
Poczytaj zwłaszcza ten pierwszy link, ale większość tych przypadków kończy się formatem dysku i wgraniem na nowo systemu.
http://forum.mks.com.pl/forum/viewthread.php?fid=9&tid=11794&action=printable
http://www.searchengines.pl/phpbb203/index.php?showtopic=31660
http://forum.mks.com.pl/forum/viewthread.php?fid=9&tid=11794&action=printable
http://www.searchengines.pl/phpbb203/index.php?showtopic=31660
-
Robertj - ~user
- Posty: 1203
- Dołączenie: 27 Sty 2004, 12:28
- Pochwały: 121
-
przez Robertj 15 Kwi 2005, 18:53
kemot301 napisał(a):Ładnie. Kliknąłem w pierwszy link i z mety wskoczył do systemy wirus - Bloodhound.Explolit.6
Tomek piszesz o tym linku co podałem? Bo Avast nic nie znalazł.
-
Robertj - ~user
- Posty: 1203
- Dołączenie: 27 Sty 2004, 12:28
- Pochwały: 121
-
przez Magik 15 Kwi 2005, 19:53
Robertj napisał(a):Tomek piszesz o tym linku co podałem? Bo Avast nic nie znalazł.
Dokladnie o tym Robert.....Moj NAV i rezerwowy McAfee rowniez to potwierdzily
PZDR
-
Magik - ~user
- Posty: 7956
- Dołączenie: 08 Maj 2004, 09:17
- Miejscowość: Głogów
- Pochwały: 886
-
tez mam czerwony pulpit!!!
przez PartyBoy 15 Kwi 2005, 23:05
Logfile of HijackThis v1.99.1
Scan saved at 22:59:56, on 2005-04-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\srvss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\NPRTOECT.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System\msveup.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Wanadoo\Profil1\Hoomor\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gameonly.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {9C522E3E-1084-40D9-A1DD-836240F11123} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [zeb] C:\WINDOWS\zeb.exe
O4 - HKLM\..\Run: [xnoyzglswdnc] C:\WINDOWS\System32\keglir.exe
O4 - HKLM\..\Run: [xkt] C:\WINDOWS\xkt.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webabr] C:\WINDOWS\addins\webabr.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Video drivers] vidsd32D.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [tssf32j] srsav32.exe
O4 - HKLM\..\Run: [Tnt] C:\WINDOWS\Bjt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\vxobhsag.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Sdg] C:\WINDOWS\system32\Vkf.exe
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Rtc] C:\WINDOWS\system32\Ono.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Qll] C:\WINDOWS\Jet.exe
O4 - HKLM\..\Run: [Pum] C:\WINDOWS\system32\Fpp.exe
O4 - HKLM\..\Run: [Ppo] C:\WINDOWS\system32\Jet.exe
O4 - HKLM\..\Run: [pjnnkc] C:\WINDOWS\System32\pjnnkc.exe
O4 - HKLM\..\Run: [Pje] C:\WINDOWS\Chm.exe
O4 - HKLM\..\Run: [Vvi] C:\WINDOWS\system32\Mpf.exe
O4 - HKLM\..\Run: [Vhe] C:\WINDOWS\Ugq.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\system32\Uhn.exe
O4 - HKLM\..\Run: [Thg] C:\WINDOWS\system32\Dmq.exe
O4 - HKLM\..\Run: [Tai] C:\WINDOWS\Ldn.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Rqi] C:\WINDOWS\Fnm.exe
O4 - HKLM\..\Run: [Rpq] C:\WINDOWS\system32\Loa.exe
O4 - HKLM\..\Run: [Pjc] C:\WINDOWS\Mtk.exe
O4 - HKLM\..\Run: [Phh] C:\WINDOWS\system32\Ime.exe
O4 - HKLM\..\Run: [Pfs] C:\WINDOWS\system32\Iin.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Oqp] C:\WINDOWS\system32\Jid.exe
O4 - HKLM\..\Run: [Oqe] C:\WINDOWS\Qkm.exe
O4 - HKLM\..\Run: [Ohr] C:\WINDOWS\Ppd.exe
O4 - HKLM\..\Run: [Ohp] C:\WINDOWS\system32\Qlg.exe
O4 - HKLM\..\Run: [Nut] C:\WINDOWS\system32\Une.exe
O4 - HKLM\..\Run: [Nud] C:\WINDOWS\system32\Veu.exe
O4 - HKLM\..\Run: [Norton anti-virus] NPRTOECT.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] wupdate.exe
O4 - HKLM\..\Run: [Microsoft Updates] wkssvrs.exe
O4 - HKLM\..\Run: [Microsoft Update] lsac.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Mcf] C:\WINDOWS\Dnt.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [Lgi] C:\WINDOWS\Skn.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Uek.exe
O4 - HKLM\..\Run: [Jsk] C:\WINDOWS\Npe.exe
O4 - HKLM\..\Run: [Joi] C:\WINDOWS\Orq.exe
O4 - HKLM\..\Run: [Jll] C:\WINDOWS\system32\Frm.exe
O4 - HKLM\..\Run: [Jcb] C:\WINDOWS\Jhh.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Inv] C:\WINDOWS\system32\Ssj.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Hpm] C:\WINDOWS\Abl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hmf] C:\WINDOWS\system32\Rbq.exe
O4 - HKLM\..\Run: [hlljeagygcqo] C:\WINDOWS\System32\keglir.exe
O4 - HKLM\..\Run: [Hih] C:\WINDOWS\system32\Veq.exe
O4 - HKLM\..\Run: [Hfk] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\Pui.exe
O4 - HKLM\..\Run: [Grk] C:\WINDOWS\system32\Vgt.exe
O4 - HKLM\..\Run: [Gms] C:\WINDOWS\system32\Ena.exe
O4 - HKLM\..\Run: [Ggr] C:\WINDOWS\system32\Jci.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Fvi] C:\WINDOWS\Lve.exe
O4 - HKLM\..\Run: [Epu] C:\WINDOWS\system32\Ehn.exe
O4 - HKLM\..\Run: [Eld] C:\WINDOWS\system32\Urq.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [Dij] C:\WINDOWS\Lpb.exe
O4 - HKLM\..\Run: [DD9B83CF] C:\WINDOWS\System32\vuwes.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\sojxhm.exe
O4 - HKLM\..\Run: [Crk] C:\WINDOWS\Agl.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Bsp] C:\WINDOWS\Ahp.exe
O4 - HKLM\..\Run: [Bot] C:\WINDOWS\Thm.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Bcj] C:\WINDOWS\Eil.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Aen] C:\WINDOWS\system32\Ann.exe
O4 - HKLM\..\Run: [Ads] C:\WINDOWS\system32\Vam.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\system32\Ehe.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [0utlook Express] ghnmp.exe
O4 - HKLM\..\Run: [.msfupdate] C:\WINDOWS\System\msveup.exe
O4 - HKLM\..\RunServices: [Norton anti-virus] NPRTOECT.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [cB3pRSHpU] sprcm32.exe
O4 - HKCU\..\Run: [Rpq] C:\WINDOWS\system32\Loa.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Tai] C:\WINDOWS\Ldn.exe
O4 - HKCU\..\Run: [Ohp] C:\WINDOWS\system32\Qlg.exe
O4 - HKCU\..\Run: [Pfs] C:\WINDOWS\system32\Iin.exe
O4 - HKCU\..\Run: [Epu] C:\WINDOWS\system32\Ehn.exe
O4 - HKCU\..\Run: [Jll] C:\WINDOWS\system32\Frm.exe
O4 - HKCU\..\Run: [Hpm] C:\WINDOWS\Abl.exe
O4 - HKCU\..\Run: [Dij] C:\WINDOWS\Lpb.exe
O4 - HKCU\..\Run: [Vhe] C:\WINDOWS\Ugq.exe
O4 - HKCU\..\Run: [Joi] C:\WINDOWS\Orq.exe
O4 - HKCU\..\Run: [Aci] C:\WINDOWS\system32\Ehe.exe
O4 - HKCU\..\Run: [Ggr] C:\WINDOWS\system32\Jci.exe
O4 - HKCU\..\Run: [Rqi] C:\WINDOWS\Fnm.exe
O4 - HKCU\..\Run: [Vcg] C:\WINDOWS\system32\Uhn.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\Pui.exe
O4 - HKCU\..\Run: [Jcb] C:\WINDOWS\Jhh.exe
O4 - HKCU\..\Run: [Jsk] C:\WINDOWS\Npe.exe
O4 - HKCU\..\Run: [Inv] C:\WINDOWS\system32\Ssj.exe
O4 - HKCU\..\Run: [Bcj] C:\WINDOWS\Eil.exe
O4 - HKCU\..\Run: [Phh] C:\WINDOWS\system32\Ime.exe
O4 - HKCU\..\Run: [Eld] C:\WINDOWS\system32\Urq.exe
O4 - HKCU\..\Run: [Vvi] C:\WINDOWS\system32\Mpf.exe
O4 - HKCU\..\Run: [Oqp] C:\WINDOWS\system32\Jid.exe
O4 - HKCU\..\Run: [Thg] C:\WINDOWS\system32\Dmq.exe
O4 - HKCU\..\Run: [Grk] C:\WINDOWS\system32\Vgt.exe
O4 - Startup: winupdate14302205[1].exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {4A3D5FD1-E10F-4513-8288-044AD98FEE07} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4A3D5FD1-E10F-4513-8288-044AD98FEE07} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094540270503
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://horse-active.net/ang/loader2.ocx
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemix
O17 - HKLM\Software\..\Telephony: DomainName = artemix
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artemix
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = artemix
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O21 - SSODL: NTDBGTOOL - {2BCA6328-087C-4953-8A56-8C6E50CD8536} - C:\WINDOWS\system32\setunirl.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Client (nwclntmon) - Unknown owner - C:\WINDOWS\system32\netclnt.exe (file missing)
O23 - Service: Network Client-Server (nwclntserv) - Unknown owner - C:\WINDOWS\system32\srvss.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
CO MAM ZFIXOWAC?!?!?!?!?
Scan saved at 22:59:56, on 2005-04-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\srvss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\NPRTOECT.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System\msveup.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Wanadoo\Profil1\Hoomor\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gameonly.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {9C522E3E-1084-40D9-A1DD-836240F11123} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [zeb] C:\WINDOWS\zeb.exe
O4 - HKLM\..\Run: [xnoyzglswdnc] C:\WINDOWS\System32\keglir.exe
O4 - HKLM\..\Run: [xkt] C:\WINDOWS\xkt.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webabr] C:\WINDOWS\addins\webabr.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Video drivers] vidsd32D.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [tssf32j] srsav32.exe
O4 - HKLM\..\Run: [Tnt] C:\WINDOWS\Bjt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\vxobhsag.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Sdg] C:\WINDOWS\system32\Vkf.exe
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Rtc] C:\WINDOWS\system32\Ono.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Qll] C:\WINDOWS\Jet.exe
O4 - HKLM\..\Run: [Pum] C:\WINDOWS\system32\Fpp.exe
O4 - HKLM\..\Run: [Ppo] C:\WINDOWS\system32\Jet.exe
O4 - HKLM\..\Run: [pjnnkc] C:\WINDOWS\System32\pjnnkc.exe
O4 - HKLM\..\Run: [Pje] C:\WINDOWS\Chm.exe
O4 - HKLM\..\Run: [Vvi] C:\WINDOWS\system32\Mpf.exe
O4 - HKLM\..\Run: [Vhe] C:\WINDOWS\Ugq.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\system32\Uhn.exe
O4 - HKLM\..\Run: [Thg] C:\WINDOWS\system32\Dmq.exe
O4 - HKLM\..\Run: [Tai] C:\WINDOWS\Ldn.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Rqi] C:\WINDOWS\Fnm.exe
O4 - HKLM\..\Run: [Rpq] C:\WINDOWS\system32\Loa.exe
O4 - HKLM\..\Run: [Pjc] C:\WINDOWS\Mtk.exe
O4 - HKLM\..\Run: [Phh] C:\WINDOWS\system32\Ime.exe
O4 - HKLM\..\Run: [Pfs] C:\WINDOWS\system32\Iin.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Oqp] C:\WINDOWS\system32\Jid.exe
O4 - HKLM\..\Run: [Oqe] C:\WINDOWS\Qkm.exe
O4 - HKLM\..\Run: [Ohr] C:\WINDOWS\Ppd.exe
O4 - HKLM\..\Run: [Ohp] C:\WINDOWS\system32\Qlg.exe
O4 - HKLM\..\Run: [Nut] C:\WINDOWS\system32\Une.exe
O4 - HKLM\..\Run: [Nud] C:\WINDOWS\system32\Veu.exe
O4 - HKLM\..\Run: [Norton anti-virus] NPRTOECT.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] wupdate.exe
O4 - HKLM\..\Run: [Microsoft Updates] wkssvrs.exe
O4 - HKLM\..\Run: [Microsoft Update] lsac.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Mcf] C:\WINDOWS\Dnt.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [Lgi] C:\WINDOWS\Skn.exe
O4 - HKLM\..\Run: [Knj] C:\WINDOWS\Uek.exe
O4 - HKLM\..\Run: [Jsk] C:\WINDOWS\Npe.exe
O4 - HKLM\..\Run: [Joi] C:\WINDOWS\Orq.exe
O4 - HKLM\..\Run: [Jll] C:\WINDOWS\system32\Frm.exe
O4 - HKLM\..\Run: [Jcb] C:\WINDOWS\Jhh.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Inv] C:\WINDOWS\system32\Ssj.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Hpm] C:\WINDOWS\Abl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hmf] C:\WINDOWS\system32\Rbq.exe
O4 - HKLM\..\Run: [hlljeagygcqo] C:\WINDOWS\System32\keglir.exe
O4 - HKLM\..\Run: [Hih] C:\WINDOWS\system32\Veq.exe
O4 - HKLM\..\Run: [Hfk] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\Pui.exe
O4 - HKLM\..\Run: [Grk] C:\WINDOWS\system32\Vgt.exe
O4 - HKLM\..\Run: [Gms] C:\WINDOWS\system32\Ena.exe
O4 - HKLM\..\Run: [Ggr] C:\WINDOWS\system32\Jci.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Fvi] C:\WINDOWS\Lve.exe
O4 - HKLM\..\Run: [Epu] C:\WINDOWS\system32\Ehn.exe
O4 - HKLM\..\Run: [Eld] C:\WINDOWS\system32\Urq.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [Dij] C:\WINDOWS\Lpb.exe
O4 - HKLM\..\Run: [DD9B83CF] C:\WINDOWS\System32\vuwes.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\sojxhm.exe
O4 - HKLM\..\Run: [Crk] C:\WINDOWS\Agl.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Bsp] C:\WINDOWS\Ahp.exe
O4 - HKLM\..\Run: [Bot] C:\WINDOWS\Thm.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Bcj] C:\WINDOWS\Eil.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Aen] C:\WINDOWS\system32\Ann.exe
O4 - HKLM\..\Run: [Ads] C:\WINDOWS\system32\Vam.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\system32\Ehe.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [0utlook Express] ghnmp.exe
O4 - HKLM\..\Run: [.msfupdate] C:\WINDOWS\System\msveup.exe
O4 - HKLM\..\RunServices: [Norton anti-virus] NPRTOECT.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [cB3pRSHpU] sprcm32.exe
O4 - HKCU\..\Run: [Rpq] C:\WINDOWS\system32\Loa.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Tai] C:\WINDOWS\Ldn.exe
O4 - HKCU\..\Run: [Ohp] C:\WINDOWS\system32\Qlg.exe
O4 - HKCU\..\Run: [Pfs] C:\WINDOWS\system32\Iin.exe
O4 - HKCU\..\Run: [Epu] C:\WINDOWS\system32\Ehn.exe
O4 - HKCU\..\Run: [Jll] C:\WINDOWS\system32\Frm.exe
O4 - HKCU\..\Run: [Hpm] C:\WINDOWS\Abl.exe
O4 - HKCU\..\Run: [Dij] C:\WINDOWS\Lpb.exe
O4 - HKCU\..\Run: [Vhe] C:\WINDOWS\Ugq.exe
O4 - HKCU\..\Run: [Joi] C:\WINDOWS\Orq.exe
O4 - HKCU\..\Run: [Aci] C:\WINDOWS\system32\Ehe.exe
O4 - HKCU\..\Run: [Ggr] C:\WINDOWS\system32\Jci.exe
O4 - HKCU\..\Run: [Rqi] C:\WINDOWS\Fnm.exe
O4 - HKCU\..\Run: [Vcg] C:\WINDOWS\system32\Uhn.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\Pui.exe
O4 - HKCU\..\Run: [Jcb] C:\WINDOWS\Jhh.exe
O4 - HKCU\..\Run: [Jsk] C:\WINDOWS\Npe.exe
O4 - HKCU\..\Run: [Inv] C:\WINDOWS\system32\Ssj.exe
O4 - HKCU\..\Run: [Bcj] C:\WINDOWS\Eil.exe
O4 - HKCU\..\Run: [Phh] C:\WINDOWS\system32\Ime.exe
O4 - HKCU\..\Run: [Eld] C:\WINDOWS\system32\Urq.exe
O4 - HKCU\..\Run: [Vvi] C:\WINDOWS\system32\Mpf.exe
O4 - HKCU\..\Run: [Oqp] C:\WINDOWS\system32\Jid.exe
O4 - HKCU\..\Run: [Thg] C:\WINDOWS\system32\Dmq.exe
O4 - HKCU\..\Run: [Grk] C:\WINDOWS\system32\Vgt.exe
O4 - Startup: winupdate14302205[1].exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {4A3D5FD1-E10F-4513-8288-044AD98FEE07} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4A3D5FD1-E10F-4513-8288-044AD98FEE07} - (no file) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094540270503
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://horse-active.net/ang/loader2.ocx
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemix
O17 - HKLM\Software\..\Telephony: DomainName = artemix
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artemix
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = artemix
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O21 - SSODL: NTDBGTOOL - {2BCA6328-087C-4953-8A56-8C6E50CD8536} - C:\WINDOWS\system32\setunirl.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Client (nwclntmon) - Unknown owner - C:\WINDOWS\system32\netclnt.exe (file missing)
O23 - Service: Network Client-Server (nwclntserv) - Unknown owner - C:\WINDOWS\system32\srvss.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
CO MAM ZFIXOWAC?!?!?!?!?
przez MUTOPOMPKA 15 Kwi 2005, 23:32
Rany!!!! Ale masz syfu w kompie!!!!! Moja rada!!!! Odpal kompa w trybie awaryjnym i skorzystaj ze skanera online, np: http://skaner.mks.com.pl/skaner.html
Po drugie: Wywal wszystko, co ma dziwne nazwy, np: mpf.exe itp.... Następnie zapuść jakiś program antywirusowy, bo masz tyle syfu, że głowa mała !!!!!!
Po drugie: Wywal wszystko, co ma dziwne nazwy, np: mpf.exe itp.... Następnie zapuść jakiś program antywirusowy, bo masz tyle syfu, że głowa mała !!!!!!
Ubuntu user (Lucid - 10.04)
-
MUTOPOMPKA - ^zasłużony
- Posty: 9184
- Dołączenie: 17 Lis 2004, 21:38
- Miejscowość: Głogów
- Pochwały: 787
-
25 posty(ów) • Strona 1 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 5 gości