jmx

[Gość: piecyk gazowy]

R1 - HKCU\Software\Microsoft\Interne t Explorer,Search =
thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Interne t Explorer,SearchURL =
thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Interne t Explorer,Search =
thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Interne t Explorer,SearchURL =
thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,
Default_Search_URL =
thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar =
www.kyickvxxpnnsmsotpv.net/7jgzy3ttiHBXlS5kAUleASUtksmrSiWDSkxTy29Ghp
Cq0449TInpumNWjraWA6j9.htm
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,
Default_Search_URL =
thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
thenewsearch.com/thenewsearch.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,
CustomizeSearch =
thenewsearch.com/search.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,
CustomizeSearch =
thenewsearch.com/search.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,
LinksFolderName =
Łącza
O1 - Hosts: 69.50.173.250 auto.search.msn.com
O1 - Hosts: 69.50.173.250 auto.search.msn.com

O2 - BHO: (no name) - {7C90E940-84B0-6333-0104-345428 235DD1} -
C:\DOCUME~1\Joanna\DANEAP~1\MEM OOK~1\Internet Store.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched. exe" -osboot
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_01\bin\jus ched.exe
O4 - HKLM\..\Run: [32 Dog Dead Copy] C:\Documents and Settings\All
Users\Dane aplikacji\slow send 32 dog\blaheggs.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [kbddv] C:\WINDOWS\System32\kbddv.exe
O4 - HKCU\..\Run: [deletesetup] C:
\DOCUME~1\Joanna\DANEAP~1\SEEKC A~1\Peak
Dumb.exe

O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O8 - Extra context menu item: &Search -
bar.mywebsearch.com/menusearch.html?p=ZSxdm004
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} -
C:\Program Files\Java\j2re1.4.2_01\bin\npj pi142_01.dll

O16 - DPF: {10000000-1000-0000-1000-000000 000000} -
ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.
exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E4168 4E07BB} -
ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSet
up1.0.0.8.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B3 1F7455} (ExentInf Class) -
us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentct
l_0_0_0_1.ocx
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B 08747F} (RealArcadeRdxIE
Class) -
games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

[jmx]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\ outpost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched. exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\Amoumain.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jus ched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\NCLAUNCH.EXe
D:\program files\Phone\Skype.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.e xe
D:\Opera.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Interne t Explorer,Search = thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Interne t Explorer,SearchURL = thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Interne t Explorer,Search = thenewsearch.com/search.html
R1 - HKLM\Software\Microsoft\Interne t Explorer,SearchURL = thenewsearch.com/search.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Bar = www.zsmqtpqgflmylbvkndlczmesb.com/7jgzy3ttiHBXlS5kAUleASUtksmrSiWDSkxTy29GhpDsphZf6fjnPmNWjraWA6j9.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper. ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B 084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF 00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\ outpost.exe /waitservice
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WheelMouse] d:\PROGRA~1\Amoumain.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Skype] "D:\program files\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E 2333D0} (MailCfg Control) - poczta.wp.pl/autoryzacja/mailcfg.ocx
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{F35CA02D-7368-46C6-A6F7-47C B1F793274}: NameServer = 194.204.152.34 194.204.159.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\ outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\S CRIPT~1\SBServ.exe

[Gość: piecyk gazowy]

Win XP SP2 PL
download.microsoft.com/download/a/c/7/ac78df4d-59cc-4e25-b4d7-94598a149719/WindowsXP-KB835935-SP2-PLK.exe