Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware Problem - please help[resolved]

Started by Pistons , Feb 28 2005 03:22 AM

  • This topic is locked This topic is locked

#16
Guest_thatman_*
Posted 01 March 2005 - 07:44 AM

Guest_thatman_*
  • Guest
Hi Pistons

Welcome to geekstogo

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: Be sure you're able to Enable hidden files and folders:

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
1. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
2. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
3. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
4. Once the definitions have been updated:
5. Reconfigure Ad-Aware for Full Scan as per the following instructions:
* Launch the program, and click on the Gear at the top of the start screen.
* Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is grayed out, those features are only available in the retail version.)
o "Automatically save logfile"
o Automatically quarantine objects prior to removal"
o Safe Mode (always request confirmation)
o Prompt to update outdated confirmation) - Change to 7 days.
* Click the "Scanning" button (On the left side).
* Under Drives & Folders, select "Scan within Archives"
* Click "Click here to select Drives + folders" and select your installed hard drives.
* Under Memory & Registry, select all options.
* Click the "Advanced" button (On the left-hand side).
* Under "Shell Integration", select "Move deleted files to Recycle Bin".
* Under "Log-file detail", select all options.
* Click on the "Defaults" button on the left.
* Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
* Click the "Tweak" button (Again, on the left-hand side).
* Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
o "Unload recognized processes during scanning."
o "Obtain command line of scanned processes"
o "Scan registry for all users instead of current user only"
* Under "Cleaning Engine", select the following:
o "Automatically try to unregister objects prior to deletion."
o "During removal, unload explorer and IE if necessary"
o "Let Windows remove files in use at next reboot."
o "Delete quarantined objects after restoring"
* Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
* Click on "Proceed" to save these Preferences.
* Click on the "Scan Now" button on the left.
* Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
6. Close all programs except ad-aware.
7. Click on "Next" in the bottom right corner to start the scan.
8. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
9. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may have found. Allow it to finish.

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearch.ws/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ?a;cza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Lpr] C:\WINDOWS\Gof.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.co...kanerOnline.cab

Using Windows Explorer, locate the following files/folders, and delete them if found:

C:\WINDOWS\Gof.exe

Close Windows Explorer

Thanks to LineOFire for this .reg file fix -

1.) Copy the contents of the Quote Box below to Notepad.
2.) Save the file as RemoveTrustedZone.reg
3.) Change the Save as Type to All Files.
4.) Save this file to the desktop.

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

--
1.) Double-click on RemoveTrustedZone.reg.
2.) When it asks you to merge the information to the registry click Yes.

Reboot into normal mode (simply restart your computer as you normally would),

Please run the following free, online virus scans: Please post the logs From both virus scans we will need them to remove previous infections that have left files on your system.
http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0

Advertisements

#17
Pistons
Posted 01 March 2005 - 03:11 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hello ThatMan again!
wooops - it was over 1 hour of work - so thats why my reply is a bit late.
Anyway again thank you for your time
Here are Results:

NEW HJT SCAN:

Logfile of HijackThis v1.99.1
Scan saved at 22:05:38, on 2005-03-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\Hqs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKLM\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKLM\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKLM\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKLM\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKLM\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKLM\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKLM\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKLM\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKLM\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKLM\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKLM\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKLM\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKLM\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKLM\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKLM\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKLM\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKLM\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKLM\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKLM\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKLM\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKLM\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKLM\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKLM\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - HKLM\..\Run: [Pdu] C:\WINDOWS\Kbn.exe
O4 - HKLM\..\Run: [Sgh] C:\WINDOWS\Ilb.exe
O4 - HKLM\..\Run: [Qip] C:\WINDOWS\System32\Bto.exe
O4 - HKLM\..\Run: [Pev] C:\WINDOWS\Oji.exe
O4 - HKLM\..\Run: [Rpb] C:\WINDOWS\System32\Hlt.exe
O4 - HKLM\..\Run: [Aiu] C:\WINDOWS\Qsd.exe
O4 - HKLM\..\Run: [Shf] C:\WINDOWS\Bft.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Taq.exe
O4 - HKLM\..\Run: [Lhe] C:\WINDOWS\Csk.exe
O4 - HKLM\..\Run: [Mgj] C:\WINDOWS\System32\Gfg.exe
O4 - HKLM\..\Run: [Kfa] C:\WINDOWS\Cve.exe
O4 - HKLM\..\Run: [Fgp] C:\WINDOWS\Thk.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Igr.exe
O4 - HKLM\..\Run: [Isn] C:\WINDOWS\Gin.exe
O4 - HKLM\..\Run: [Evj] C:\WINDOWS\Jpr.exe
O4 - HKLM\..\Run: [Nqp] C:\WINDOWS\Vpu.exe
O4 - HKLM\..\Run: [Efo] C:\WINDOWS\Cui.exe
O4 - HKLM\..\Run: [Rra] C:\WINDOWS\Dbh.exe
O4 - HKLM\..\Run: [Ack] C:\WINDOWS\Gso.exe
O4 - HKLM\..\Run: [Idv] C:\WINDOWS\System32\Adt.exe
O4 - HKLM\..\Run: [Uoh] C:\WINDOWS\System32\Cml.exe
O4 - HKLM\..\Run: [Jro] C:\WINDOWS\Cur.exe
O4 - HKLM\..\Run: [Fht] C:\WINDOWS\System32\Ael.exe
O4 - HKLM\..\Run: [Dks] C:\WINDOWS\Ehk.exe
O4 - HKLM\..\Run: [Smq] C:\WINDOWS\Shc.exe
O4 - HKLM\..\Run: [Sdb] C:\WINDOWS\System32\Qkm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\System32\Mhc.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKCU\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKCU\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKCU\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKCU\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKCU\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKCU\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKCU\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKCU\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKCU\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKCU\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKCU\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKCU\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKCU\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKCU\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKCU\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKCU\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKCU\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKCU\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKCU\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKCU\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKCU\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKCU\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKCU\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKCU\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKCU\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKCU\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKCU\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKCU\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - HKCU\..\Run: [Pdu] C:\WINDOWS\Kbn.exe
O4 - HKCU\..\Run: [Sgh] C:\WINDOWS\Ilb.exe
O4 - HKCU\..\Run: [Qip] C:\WINDOWS\System32\Bto.exe
O4 - HKCU\..\Run: [Pev] C:\WINDOWS\Oji.exe
O4 - HKCU\..\Run: [Rpb] C:\WINDOWS\System32\Hlt.exe
O4 - HKCU\..\Run: [Aiu] C:\WINDOWS\Qsd.exe
O4 - HKCU\..\Run: [Shf] C:\WINDOWS\Bft.exe
O4 - HKCU\..\Run: [Uib] C:\WINDOWS\System32\Taq.exe
O4 - HKCU\..\Run: [Lhe] C:\WINDOWS\Csk.exe
O4 - HKCU\..\Run: [Mgj] C:\WINDOWS\System32\Gfg.exe
O4 - HKCU\..\Run: [Kfa] C:\WINDOWS\Cve.exe
O4 - HKCU\..\Run: [Fgp] C:\WINDOWS\Thk.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Igr.exe
O4 - HKCU\..\Run: [Isn] C:\WINDOWS\Gin.exe
O4 - HKCU\..\Run: [Evj] C:\WINDOWS\Jpr.exe
O4 - HKCU\..\Run: [Nqp] C:\WINDOWS\Vpu.exe
O4 - HKCU\..\Run: [Efo] C:\WINDOWS\Cui.exe
O4 - HKCU\..\Run: [Rra] C:\WINDOWS\Dbh.exe
O4 - HKCU\..\Run: [Ack] C:\WINDOWS\Gso.exe
O4 - HKCU\..\Run: [Idv] C:\WINDOWS\System32\Adt.exe
O4 - HKCU\..\Run: [Uoh] C:\WINDOWS\System32\Cml.exe
O4 - HKCU\..\Run: [Jro] C:\WINDOWS\Cur.exe
O4 - HKCU\..\Run: [Fht] C:\WINDOWS\System32\Ael.exe
O4 - HKCU\..\Run: [Dks] C:\WINDOWS\Ehk.exe
O4 - HKCU\..\Run: [Smq] C:\WINDOWS\Shc.exe
O4 - HKCU\..\Run: [Sdb] C:\WINDOWS\System32\Qkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...432/mcfscan.cab
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


*****************************
PANDA SCAN
*****************************


Incident Status Location

Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hqs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qqv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Rgr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fdv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Upi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Hqi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dhe.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kno.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kpn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jja.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gvi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Sth.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qqn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fuj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tre.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ugo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Heb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Bfj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fms.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qrm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gnj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kgk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Asa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Foe.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Eaa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qrh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qlo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Loo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rbb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vrf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Pid.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Obt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Emp.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qec.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qtq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nou.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ssq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ort.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cui.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fcp.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Asd.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Lig.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rsu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cua.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fro.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cnn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ldc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tvr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gdu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qbu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kkc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jcv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ihu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ape.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hip.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vok.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qsv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dpm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gbf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tat.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vrv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kld.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jds.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fbh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Chk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Osj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Blc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vvg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ubr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Mqr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fkn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jav.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Clg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fvo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Amq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Blh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Cep.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qhf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Mnj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Klm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kbq.exe
  • 0

#18
Pistons
Posted 01 March 2005 - 03:13 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
**********
PANDA SCAN
***********


Incident Status Location

Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hqs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qqv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Rgr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fdv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Upi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Hqi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dhe.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kno.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kpn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jja.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gvi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Sth.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qqn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fuj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tre.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ugo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Heb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Bfj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fms.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qrm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gnj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kgk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Asa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Foe.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Eaa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qrh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qlo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Loo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rbb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vrf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Pid.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Obt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Emp.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qec.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qtq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nou.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ssq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ort.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cui.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fcp.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Asd.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Lig.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rsu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cua.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fro.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cnn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ldc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tvr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gdu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qbu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kkc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jcv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ihu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ape.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hip.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vok.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qsv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dpm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gbf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tat.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vrv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kld.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jds.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fbh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Chk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Osj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Blc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vvg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ubr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Mqr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fkn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jav.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Clg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fvo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Amq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Blh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Cep.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qhf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Mnj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Klm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kbq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Lqc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Uph.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cql.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rlp.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jll.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gva.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Mhc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Plk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vfu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rks.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vpk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Lkd.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Epu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Unb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fau.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Dvt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hrv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qnh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Bpk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vir.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qcs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fsh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Iqm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rti.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vht.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Pef.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hmg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Res.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nkm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Prs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Som.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ple.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Huf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jja.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Djs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Lkm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Esq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Aov.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cff.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Trs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Udg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Gcc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ghg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jbv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ibk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Fqs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fms.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Sbq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Gqb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Klb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Tas.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fge.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ajf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Aue.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Rkq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jti.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Lvv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Rci.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Aqi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kio.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ouv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Oad.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Afj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Jut.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Gsn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gij.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Oon.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kdm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Uag.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Tfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Nje.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Qks.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Bau.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kpf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Pmc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Vrn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Oap.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Djc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kbn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ilb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Bto.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Oji.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hlt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qsd.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Bft.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Taq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Csk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gfg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Cve.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Thk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Igr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Gin.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jpr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vpu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Cui.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dbh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Gso.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Adt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Cml.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Cur.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Ael.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Hqs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Qqv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Rgr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Fdv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Upi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Hqi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Dhe.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Kno.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Kpn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Jja.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\System32\Gvi.exe
  • 0

#19
Pistons
Posted 01 March 2005 - 03:15 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Heb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Hip.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Hlt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Hmg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Hqs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Hrv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Ihu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Iqm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Jbv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Jds.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Jll.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Jti.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Jut.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Kbq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Kdm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Klm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Kpn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Ldc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Lkd.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Loo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Mhc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Mqr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Nfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Nje.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Nkm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Nou.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Oad.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Obt.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Oon.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Osj.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Ouv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Pef.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Pid.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Ple.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Plk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Pmc.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qbu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qcs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qec.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qhf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qks.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qqn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qrh.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qrm.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Qtq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Res.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Rgr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Rkq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Sbq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Scg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Taq.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Tat.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Tfa.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Tre.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Trs.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Tvr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Udg.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Ugo.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Unb.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Upi.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vfu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vir.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vpk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vrf.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vrn.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\system32\Vrv.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Tas.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Thk.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Uag.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Ubr.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Uph.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vht.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vok.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vpu.exe
Spyware:Spyware/Slimield No disinfected C:\WINDOWS\Vvg.exe
Adware:Adware/Gator No disinfected F:\Program Files\Audiogalaxy Satellite\fsg-ag_3102.exe
Adware:Adware/Gator No disinfected F:\Program Files\Audiogalaxy Satellite\fsg-ag_3102a.exe
Adware:Adware/BrilliantDigitalNo disinfected F:\Program Files\KaZaA Lite\bdcore.dll
Adware:Adware/WebHancer No disinfected F:\Program Files\WAV to MP3 Encoder\wh_CC_NETBLAZE.exe[whAgent.inf]
Virus:W32/Netsky.Q.worm Disinfected Foldery lokalne\Elementy usunięte\Failure ([email protected])\msg18880.zip[mail.eml .scr]
  • 0

#20
Pistons
Posted 01 March 2005 - 03:17 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
About Buster Scan
***************************
Scanned at: 20:04:50 on: 2005-03-01


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!



********************
Housecall was impossible to install since it wors only with English IE.
Anyway - Panda made a huge work with it and found many....

Now I am waiting for another steps to take master!
Thanks for your time!

BEST REGARDS
Pistons
  • 0

#21
maxc666
Posted 01 March 2005 - 03:35 PM

maxc666

    New Member

  • Member
  • Pip
  • 5 posts
Please refrain from posting from live logs until you have been trained.

- Matt

Edited by mpfeif101, 01 March 2005 - 05:17 PM.

  • 0

#22
Pistons
Posted 01 March 2005 - 04:02 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok i will, a tommorow morning i will let you know results
Thanks!
  • 0

#23
Pistons
Posted 02 March 2005 - 03:03 AM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Please tell me what shall I delete in hiJackThis...
Someone edited ThatMan post but didnt say a word...
Its not fair!
At least he was helping me - and you didnt Mat...
Regards
Pistons
  • 0

#24
Guest_thatman_*
Posted 02 March 2005 - 08:51 AM

Guest_thatman_*
  • Guest
Hi Pistons

I am still here to help you, sorry for the confusion

Please post back and let me know you still need help.

Kc :tazz:
  • 0

#25
Pistons
Posted 02 March 2005 - 12:29 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Amico!
I am glad you're still there.
Please take a look again on my logs and tell me what should I delete
Someone edited your last post...
  • 0

Advertisements

#26
Guest_thatman_*
Posted 02 March 2005 - 01:08 PM

Guest_thatman_*
  • Guest
Hi Pistons

Before you start this fix it would be in your interest to back up all your important files.

Please set your system to show all files; see here for how to do this if you're unsure.

Please read through the instructions before you start (you may want to print this out).

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

[B]O4 - HKLM\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKLM\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKLM\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKLM\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKLM\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKLM\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKLM\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKLM\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKLM\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKLM\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKLM\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKLM\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKLM\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKLM\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKLM\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKLM\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKLM\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKLM\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKLM\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKLM\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKLM\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKLM\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKLM\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKLM\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKLM\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKLM\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKLM\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKLM\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKLM\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKLM\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKLM\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKLM\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKLM\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKLM\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKLM\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKLM\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKLM\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKLM\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKLM\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKLM\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKLM\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKLM\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKLM\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKLM\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKLM\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKLM\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKLM\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKLM\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKLM\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKLM\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKLM\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKLM\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKLM\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKLM\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKLM\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKLM\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKLM\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKLM\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKLM\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKLM\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKLM\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKLM\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKLM\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKLM\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKLM\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKLM\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKLM\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKLM\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKLM\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKLM\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKLM\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKLM\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKLM\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKLM\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKLM\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKLM\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKLM\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKLM\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKLM\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKLM\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKLM\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKLM\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKLM\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKLM\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKLM\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKLM\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKLM\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKLM\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKLM\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKLM\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKLM\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - HKLM\..\Run: [Pdu] C:\WINDOWS\Kbn.exe
O4 - HKLM\..\Run: [Sgh] C:\WINDOWS\Ilb.exe
O4 - HKLM\..\Run: [Qip] C:\WINDOWS\System32\Bto.exe
O4 - HKLM\..\Run: [Pev] C:\WINDOWS\Oji.exe
O4 - HKLM\..\Run: [Rpb] C:\WINDOWS\System32\Hlt.exe
O4 - HKLM\..\Run: [Aiu] C:\WINDOWS\Qsd.exe
O4 - HKLM\..\Run: [Shf] C:\WINDOWS\Bft.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Taq.exe
O4 - HKLM\..\Run: [Lhe] C:\WINDOWS\Csk.exe
O4 - HKLM\..\Run: [Mgj] C:\WINDOWS\System32\Gfg.exe
O4 - HKLM\..\Run: [Kfa] C:\WINDOWS\Cve.exe
O4 - HKLM\..\Run: [Fgp] C:\WINDOWS\Thk.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\Igr.exe
O4 - HKLM\..\Run: [Isn] C:\WINDOWS\Gin.exe
O4 - HKLM\..\Run: [Evj] C:\WINDOWS\Jpr.exe
O4 - HKLM\..\Run: [Nqp] C:\WINDOWS\Vpu.exe
O4 - HKLM\..\Run: [Efo] C:\WINDOWS\Cui.exe
O4 - HKLM\..\Run: [Rra] C:\WINDOWS\Dbh.exe
O4 - HKLM\..\Run: [Ack] C:\WINDOWS\Gso.exe
O4 - HKLM\..\Run: [Idv] C:\WINDOWS\System32\Adt.exe
O4 - HKLM\..\Run: [Uoh] C:\WINDOWS\System32\Cml.exe
O4 - HKLM\..\Run: [Jro] C:\WINDOWS\Cur.exe
O4 - HKLM\..\Run: [Fht] C:\WINDOWS\System32\Ael.exe
O4 - HKLM\..\Run: [Dks] C:\WINDOWS\Ehk.exe
O4 - HKLM\..\Run: [Smq] C:\WINDOWS\Shc.exe
O4 - HKLM\..\Run: [Sdb] C:\WINDOWS\System32\Qkm.exe
O4 - HKCU\..\Run: [Pps] C:\WINDOWS\Lhc.exe
O4 - HKCU\..\Run: [Hcl] C:\WINDOWS\System32\Hqs.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Qqv.exe
O4 - HKCU\..\Run: [Lac] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Fql] C:\WINDOWS\System32\Fdv.exe
O4 - HKCU\..\Run: [Oev] C:\WINDOWS\System32\Upi.exe
O4 - HKCU\..\Run: [Npi] C:\WINDOWS\Hqi.exe
O4 - HKCU\..\Run: [Tec] C:\WINDOWS\Dhe.exe
O4 - HKCU\..\Run: [Cvt] C:\WINDOWS\Kno.exe
O4 - HKCU\..\Run: [Ibp] C:\WINDOWS\System32\Kpn.exe
O4 - HKCU\..\Run: [Epr] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Vdk] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Qqv] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Qqn.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\Fuj.exe
O4 - HKCU\..\Run: [Kci] C:\WINDOWS\System32\Tre.exe
O4 - HKCU\..\Run: [Vhl] C:\WINDOWS\System32\Ugo.exe
O4 - HKCU\..\Run: [Dmc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Hoc] C:\WINDOWS\Bfj.exe
O4 - HKCU\..\Run: [Psn] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Qcp] C:\WINDOWS\System32\Qrm.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\System32\Gnj.exe
O4 - HKCU\..\Run: [Fgr] C:\WINDOWS\Kgk.exe
O4 - HKCU\..\Run: [Ame] C:\WINDOWS\Asa.exe
O4 - HKCU\..\Run: [Gjt] C:\WINDOWS\System32\Foe.exe
O4 - HKCU\..\Run: [Nfd] C:\WINDOWS\System32\Eaa.exe
O4 - HKCU\..\Run: [Vpv] C:\WINDOWS\System32\Qrh.exe
O4 - HKCU\..\Run: [Btt] C:\WINDOWS\Qlo.exe
O4 - HKCU\..\Run: [Sej] C:\WINDOWS\System32\Loo.exe
O4 - HKCU\..\Run: [Olr] C:\WINDOWS\Rbb.exe
O4 - HKCU\..\Run: [Mgf] C:\WINDOWS\System32\Vrf.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\System32\Pid.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\System32\Obt.exe
O4 - HKCU\..\Run: [Ehv] C:\WINDOWS\Emp.exe
O4 - HKCU\..\Run: [Orf] C:\WINDOWS\System32\Qec.exe
O4 - HKCU\..\Run: [Cfk] C:\WINDOWS\System32\Qtq.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Nou.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\Ssq.exe
O4 - HKCU\..\Run: [Tcf] C:\WINDOWS\Ort.exe
O4 - HKCU\..\Run: [Jmu] C:\WINDOWS\System32\Cui.exe
O4 - HKCU\..\Run: [Msv] C:\WINDOWS\Fcp.exe
O4 - HKCU\..\Run: [Qkk] C:\WINDOWS\Asd.exe
O4 - HKCU\..\Run: [Raq] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Rsu.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Cua.exe
O4 - HKCU\..\Run: [Eal] C:\WINDOWS\Fro.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\System32\Cnn.exe
O4 - HKCU\..\Run: [Ath] C:\WINDOWS\System32\Ldc.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Tvr.exe
O4 - HKCU\..\Run: [Fth] C:\WINDOWS\System32\Gdu.exe
O4 - HKCU\..\Run: [Nga] C:\WINDOWS\System32\Qbu.exe
O4 - HKCU\..\Run: [Ope] C:\WINDOWS\Kkc.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\Jcv.exe
O4 - HKCU\..\Run: [Jov] C:\WINDOWS\System32\Ihu.exe
O4 - HKCU\..\Run: [Aai] C:\WINDOWS\System32\Ape.exe
O4 - HKCU\..\Run: [Hll] C:\WINDOWS\System32\Hip.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\Vok.exe
O4 - HKCU\..\Run: [Dci] C:\WINDOWS\Qsv.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Dpm.exe
O4 - HKCU\..\Run: [Itb] C:\WINDOWS\System32\Gbf.exe
O4 - HKCU\..\Run: [Ufq] C:\WINDOWS\System32\Tat.exe
O4 - HKCU\..\Run: [Jdr] C:\WINDOWS\System32\Vrv.exe
O4 - HKCU\..\Run: [Ktv] C:\WINDOWS\Kld.exe
O4 - HKCU\..\Run: [Aum] C:\WINDOWS\System32\Jds.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Jqs] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Jpl] C:\WINDOWS\System32\Osj.exe
O4 - HKCU\..\Run: [Mja] C:\WINDOWS\Blc.exe
O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\Vvg.exe
O4 - HKCU\..\Run: [Eql] C:\WINDOWS\Ubr.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Pcp] C:\WINDOWS\System32\Fkn.exe
O4 - HKCU\..\Run: [Ttp] C:\WINDOWS\Jav.exe
O4 - HKCU\..\Run: [Vdh] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Peb] C:\WINDOWS\Clg.exe
O4 - HKCU\..\Run: [Dnf] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Vtg] C:\WINDOWS\System32\Amq.exe
O4 - HKCU\..\Run: [Qos] C:\WINDOWS\System32\Blh.exe
O4 - HKCU\..\Run: [Kvs] C:\WINDOWS\Cep.exe
O4 - HKCU\..\Run: [Jrv] C:\WINDOWS\System32\Qhf.exe
O4 - HKCU\..\Run: [Evf] C:\WINDOWS\Mnj.exe
O4 - HKCU\..\Run: [Lif] C:\WINDOWS\System32\Klm.exe
O4 - HKCU\..\Run: [Upb] C:\WINDOWS\System32\Kbq.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Lqc.exe
O4 - HKCU\..\Run: [Sga] C:\WINDOWS\Uph.exe
O4 - HKCU\..\Run: [Kvi] C:\WINDOWS\System32\Cql.exe
O4 - HKCU\..\Run: [Uce] C:\WINDOWS\Rlp.exe
O4 - HKCU\..\Run: [Jal] C:\WINDOWS\System32\Jll.exe
O4 - HKCU\..\Run: [Uuq] C:\WINDOWS\System32\Gva.exe
O4 - HKCU\..\Run: [Daj] C:\WINDOWS\System32\Plk.exe
O4 - HKCU\..\Run: [Krq] C:\WINDOWS\System32\Vfu.exe
O4 - HKCU\..\Run: [Obj] C:\WINDOWS\Rks.exe
O4 - HKCU\..\Run: [Rfi] C:\WINDOWS\System32\Vpk.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\System32\Lkd.exe
O4 - HKCU\..\Run: [Eif] C:\WINDOWS\System32\Epu.exe
O4 - HKCU\..\Run: [Tfc] C:\WINDOWS\System32\Unb.exe
O4 - HKCU\..\Run: [Iut] C:\WINDOWS\System32\Fau.exe
O4 - HKCU\..\Run: [Efi] C:\WINDOWS\System32\Dvt.exe
O4 - HKCU\..\Run: [Fpa] C:\WINDOWS\System32\Hrv.exe
O4 - HKCU\..\Run: [Dab] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Dhs] C:\WINDOWS\Bpk.exe
O4 - HKCU\..\Run: [Hsv] C:\WINDOWS\System32\Vir.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\System32\Qcs.exe
O4 - HKCU\..\Run: [Cuj] C:\WINDOWS\Fsh.exe
O4 - HKCU\..\Run: [Oqv] C:\WINDOWS\System32\Iqm.exe
O4 - HKCU\..\Run: [Igs] C:\WINDOWS\Rti.exe
O4 - HKCU\..\Run: [Ogp] C:\WINDOWS\Vht.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\System32\Pef.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\System32\Hmg.exe
O4 - HKCU\..\Run: [Jdo] C:\WINDOWS\System32\Res.exe
O4 - HKCU\..\Run: [Vte] C:\WINDOWS\System32\Nkm.exe
O4 - HKCU\..\Run: [Iup] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Lhb] C:\WINDOWS\Som.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Ple.exe
O4 - HKCU\..\Run: [Dcv] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Hid] C:\WINDOWS\Jja.exe
O4 - HKCU\..\Run: [Fdh] C:\WINDOWS\System32\Djs.exe
O4 - HKCU\..\Run: [Ueo] C:\WINDOWS\Lkm.exe
O4 - HKCU\..\Run: [Hos] C:\WINDOWS\System32\Esq.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Aov.exe
O4 - HKCU\..\Run: [Qei] C:\WINDOWS\System32\Cff.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Trs.exe
O4 - HKCU\..\Run: [Bub] C:\WINDOWS\System32\Udg.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\Gcc.exe
O4 - HKCU\..\Run: [Ose] C:\WINDOWS\System32\Ghg.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Jbv.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Smt] C:\WINDOWS\Fqs.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\System32\Fms.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Sbq.exe
O4 - HKCU\..\Run: [Ges] C:\WINDOWS\Gqb.exe
O4 - HKCU\..\Run: [Pff] C:\WINDOWS\Klb.exe
O4 - HKCU\..\Run: [Dqr] C:\WINDOWS\Tas.exe
O4 - HKCU\..\Run: [Hel] C:\WINDOWS\System32\Fge.exe
O4 - HKCU\..\Run: [Vra] C:\WINDOWS\Ajf.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\System32\Aue.exe
O4 - HKCU\..\Run: [Mts] C:\WINDOWS\System32\Nfa.exe
O4 - HKCU\..\Run: [Dgo] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Qts] C:\WINDOWS\System32\Jti.exe
O4 - HKCU\..\Run: [Pdh] C:\WINDOWS\Lvv.exe
O4 - HKCU\..\Run: [Fup] C:\WINDOWS\Rci.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Abc] C:\WINDOWS\Kio.exe
O4 - HKCU\..\Run: [Vcb] C:\WINDOWS\System32\Ouv.exe
O4 - HKCU\..\Run: [Hde] C:\WINDOWS\System32\Oad.exe
O4 - HKCU\..\Run: [Ils] C:\WINDOWS\Afj.exe
O4 - HKCU\..\Run: [Lgu] C:\WINDOWS\System32\Jut.exe
O4 - HKCU\..\Run: [Huj] C:\WINDOWS\Gsn.exe
O4 - HKCU\..\Run: [Pfd] C:\WINDOWS\System32\Gij.exe
O4 - HKCU\..\Run: [Rjf] C:\WINDOWS\System32\Oon.exe
O4 - HKCU\..\Run: [Fme] C:\WINDOWS\System32\Kdm.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\Uag.exe
O4 - HKCU\..\Run: [Qfj] C:\WINDOWS\System32\Tfa.exe
O4 - HKCU\..\Run: [Bbr] C:\WINDOWS\System32\Nje.exe
O4 - HKCU\..\Run: [Kdp] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Bnp] C:\WINDOWS\System32\Bau.exe
O4 - HKCU\..\Run: [Mdg] C:\WINDOWS\Kpf.exe
O4 - HKCU\..\Run: [Vbc] C:\WINDOWS\System32\Pmc.exe
O4 - HKCU\..\Run: [Gqg] C:\WINDOWS\System32\Vrn.exe
O4 - HKCU\..\Run: [Gjv] C:\WINDOWS\Oap.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\Djc.exe
O4 - HKCU\..\Run: [Pdu] C:\WINDOWS\Kbn.exe
O4 - HKCU\..\Run: [Sgh] C:\WINDOWS\Ilb.exe
O4 - HKCU\..\Run: [Qip] C:\WINDOWS\System32\Bto.exe
O4 - HKCU\..\Run: [Pev] C:\WINDOWS\Oji.exe
O4 - HKCU\..\Run: [Rpb] C:\WINDOWS\System32\Hlt.exe
O4 - HKCU\..\Run: [Aiu] C:\WINDOWS\Qsd.exe
O4 - HKCU\..\Run: [Shf] C:\WINDOWS\Bft.exe
O4 - HKCU\..\Run: [Uib] C:\WINDOWS\System32\Taq.exe
O4 - HKCU\..\Run: [Lhe] C:\WINDOWS\Csk.exe
O4 - HKCU\..\Run: [Mgj] C:\WINDOWS\System32\Gfg.exe
O4 - HKCU\..\Run: [Kfa] C:\WINDOWS\Cve.exe
O4 - HKCU\..\Run: [Fgp] C:\WINDOWS\Thk.exe
O4 - HKCU\..\Run: [Njb] C:\WINDOWS\Igr.exe
O4 - HKCU\..\Run: [Isn] C:\WINDOWS\Gin.exe
O4 - HKCU\..\Run: [Evj] C:\WINDOWS\Jpr.exe
O4 - HKCU\..\Run: [Nqp] C:\WINDOWS\Vpu.exe
O4 - HKCU\..\Run: [Efo] C:\WINDOWS\Cui.exe
O4 - HKCU\..\Run: [Rra] C:\WINDOWS\Dbh.exe
O4 - HKCU\..\Run: [Ack] C:\WINDOWS\Gso.exe
O4 - HKCU\..\Run: [Idv] C:\WINDOWS\System32\Adt.exe
O4 - HKCU\..\Run: [Uoh] C:\WINDOWS\System32\Cml.exe
O4 - HKCU\..\Run: [Jro] C:\WINDOWS\Cur.exe
O4 - HKCU\..\Run: [Fht] C:\WINDOWS\System32\Ael.exe
O4 - HKCU\..\Run: [Dks] C:\WINDOWS\Ehk.exe
O4 - HKCU\..\Run: [Smq] C:\WINDOWS\Shc.exe
O4 - HKCU\..\Run: [Sdb] C:\WINDOWS\System32\Qkm.exe

Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

[B]C:\WINDOWS\Lhc.exe
C:\WINDOWS\System32\Hqs.exe
C:\WINDOWS\Qqv.exe
C:\WINDOWS\System32\Rgr.exe
C:\WINDOWS\System32\Fdv.exe
C:\WINDOWS\System32\Upi.exe
C:\WINDOWS\Hqi.exe
C:\WINDOWS\Dhe.exe
C:\WINDOWS\Kno.exe
C:\WINDOWS\System32\Kpn.exe
C:\WINDOWS\Jja.exe
C:\WINDOWS\System32\Gvi.exe
C:\WINDOWS\Sth.exe
C:\WINDOWS\System32\Qqn.exe
C:\WINDOWS\Fuj.exe
C:\WINDOWS\System32\Tre.exe
C:\WINDOWS\System32\Ugo.exe
C:\WINDOWS\System32\Heb.exe
C:\WINDOWS\Bfj.exe
C:\WINDOWS\Fms.exe
C:\WINDOWS\System32\Qrm.exe
C:\WINDOWS\System32\Gnj.exe
C:\WINDOWS\Kgk.exe
C:\WINDOWS\Asa.exe
C:\WINDOWS\System32\Foe.exe
C:\WINDOWS\System32\Eaa.exe
C:\WINDOWS\System32\Qrh.exe
C:\WINDOWS\Qlo.exe
C:\WINDOWS\System32\Loo.exe
C:\WINDOWS\Rbb.exe
C:\WINDOWS\System32\Vrf.exe
C:\WINDOWS\System32\Pid.exe
C:\WINDOWS\System32\Obt.exe
C:\WINDOWS\Emp.exe
C:\WINDOWS\System32\Qec.exe
C:\WINDOWS\System32\Qtq.exe
C:\WINDOWS\System32\Nou.exe
C:\WINDOWS\Ssq.exe
C:\WINDOWS\Ort.exe
C:\WINDOWS\System32\Cui.exe
C:\WINDOWS\Fcp.exe
C:\WINDOWS\Asd.exe
C:\WINDOWS\Lig.exe
C:\WINDOWS\Rsu.exe
C:\WINDOWS\System32\Cua.exe
C:\WINDOWS\Fro.exe
C:\WINDOWS\System32\Cnn.exe
C:\WINDOWS\System32\Ldc.exe
C:\WINDOWS\System32\Tvr.exe
C:\WINDOWS\System32\Gdu.exe
C:\WINDOWS\System32\Qbu.exe
C:\WINDOWS\Kkc.exe
C:\WINDOWS\Jcv.exe
C:\WINDOWS\System32\Ihu.exe
C:\WINDOWS\System32\Ape.exe
C:\WINDOWS\System32\Hip.exe
C:\WINDOWS\Vok.exe
C:\WINDOWS\Qsv.exe
C:\WINDOWS\Dpm.exe
C:\WINDOWS\System32\Gbf.exe
C:\WINDOWS\System32\Tat.exe
C:\WINDOWS\System32\Vrv.exe
C:\WINDOWS\Kld.exe
C:\WINDOWS\System32\Jds.exe
C:\WINDOWS\System32\Fbh.exe
C:\WINDOWS\Chk.exe
C:\WINDOWS\System32\Osj.exe
C:\WINDOWS\Blc.exe
C:\WINDOWS\Vvg.exe
C:\WINDOWS\Ubr.exe
C:\WINDOWS\System32\Mqr.exe
C:\WINDOWS\System32\Fkn.exe
C:\WINDOWS\Jav.exe
C:\WINDOWS\System32\Nfa.exe
C:\WINDOWS\Clg.exe
C:\WINDOWS\System32\Fvo.exe
C:\WINDOWS\System32\Amq.exe
C:\WINDOWS\System32\Blh.exe
C:\WINDOWS\Cep.exe
C:\WINDOWS\System32\Qhf.exe
C:\WINDOWS\Mnj.exe
C:\WINDOWS\System32\Klm.exe
C:\WINDOWS\System32\Kbq.exe
C:\WINDOWS\Lqc.exe
C:\WINDOWS\Uph.exe
C:\WINDOWS\System32\Cql.exe
C:\WINDOWS\Rlp.exe
C:\WINDOWS\System32\Jll.exe
C:\WINDOWS\System32\Gva.exe
C:\WINDOWS\System32\Plk.exe
C:\WINDOWS\System32\Vfu.exe
C:\WINDOWS\Rks.exe
C:\WINDOWS\System32\Vpk.exe
C:\WINDOWS\System32\Lkd.exe
C:\WINDOWS\System32\Epu.exe
C:\WINDOWS\System32\Unb.exe
C:\WINDOWS\System32\Fau.exe
C:\WINDOWS\System32\Dvt.exe
C:\WINDOWS\System32\Hrv.exe
C:\WINDOWS\Qnh.exe
C:\WINDOWS\Bpk.exe
C:\WINDOWS\System32\Vir.exe
C:\WINDOWS\System32\Qcs.exe
C:\WINDOWS\Fsh.exe
C:\WINDOWS\System32\Iqm.exe
C:\WINDOWS\Rti.exe
C:\WINDOWS\Vht.exe
C:\WINDOWS\System32\Pef.exe
C:\WINDOWS\System32\Hmg.exe
C:\WINDOWS\System32\Res.exe
C:\WINDOWS\System32\Nkm.exe
C:\WINDOWS\Prs.exe
C:\WINDOWS\Som.exe
C:\WINDOWS\System32\Ple.exe
C:\WINDOWS\Huf.exe
C:\WINDOWS\System32\Djs.exe
C:\WINDOWS\Lkm.exe
C:\WINDOWS\System32\Esq.exe
C:\WINDOWS\System32\Aov.exe
C:\WINDOWS\System32\Cff.exe
C:\WINDOWS\System32\Trs.exe
C:\WINDOWS\System32\Udg.exe
C:\WINDOWS\Gcc.exe
C:\WINDOWS\System32\Ghg.exe
C:\WINDOWS\System32\Jbv.exe
C:\WINDOWS\Ibk.exe
C:\WINDOWS\Fqs.exe
C:\WINDOWS\System32\Fms.exe
C:\WINDOWS\System32\Sbq.exe
C:\WINDOWS\Gqb.exe
C:\WINDOWS\Klb.exe
C:\WINDOWS\Tas.exe
C:\WINDOWS\System32\Fge.exe
C:\WINDOWS\Ajf.exe
C:\WINDOWS\System32\Aue.exe
C:\WINDOWS\System32\Rkq.exe
C:\WINDOWS\System32\Jti.exe
C:\WINDOWS\Lvv.exe
C:\WINDOWS\Rci.exe
C:\WINDOWS\Aqi.exe
C:\WINDOWS\Kio.exe
C:\WINDOWS\System32\Ouv.exe
C:\WINDOWS\System32\Oad.exe
C:\WINDOWS\Afj.exe
C:\WINDOWS\System32\Jut.exe
C:\WINDOWS\Gsn.exe
C:\WINDOWS\System32\Gij.exe
C:\WINDOWS\System32\Oon.exe
C:\WINDOWS\System32\Kdm.exe
C:\WINDOWS\Uag.exe
C:\WINDOWS\System32\Tfa.exe
C:\WINDOWS\System32\Nje.exe
C:\WINDOWS\System32\Qks.exe
C:\WINDOWS\System32\Bau.exe
C:\WINDOWS\Kpf.exe
C:\WINDOWS\System32\Pmc.exe
C:\WINDOWS\System32\Vrn.exe
C:\WINDOWS\Oap.exe
C:\WINDOWS\Djc.exe
C:\WINDOWS\Kbn.exe
C:\WINDOWS\Ilb.exe
C:\WINDOWS\System32\Bto.exe
C:\WINDOWS\Oji.exe
C:\WINDOWS\System32\Hlt.exe
C:\WINDOWS\Qsd.exe
C:\WINDOWS\Bft.exe
C:\WINDOWS\System32\Taq.exe
C:\WINDOWS\Csk.exe
C:\WINDOWS\System32\Gfg.exe
C:\WINDOWS\Cve.exe
C:\WINDOWS\Thk.exe
C:\WINDOWS\Igr.exe
C:\WINDOWS\Gin.exe
C:\WINDOWS\Jpr.exe
C:\WINDOWS\Vpu.exe
C:\WINDOWS\Cui.exe
C:\WINDOWS\Dbh.exe
C:\WINDOWS\Gso.exe
C:\WINDOWS\System32\Adt.exe
C:\WINDOWS\System32\Cml.exe
C:\WINDOWS\Cur.exe
C:\WINDOWS\System32\Ael.exe
C:\WINDOWS\Ehk.exe
C:\WINDOWS\Shc.exe
C:\WINDOWS\System32\Qkm.exe

Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#27
Pistons
Posted 04 March 2005 - 02:19 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ThatMan!
Sorry for a small delay but i wasnt at home.
I did what you told me and now the HJT log looks like:

Logfile of HijackThis v1.99.1
Scan saved at 21:17:04, on 2005-03-04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\hjt\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - D:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103734827958
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...432/mcfscan.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_21.cab
O21 - SSODL: QgRar - {681EE585-C2B4-4F2F-1011-511A7DA57594} - C:\WINDOWS\System32\yn.dll
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Please tell me what I should do next!
Ciao
Pistons
  • 0

#28
Guest_thatman_*
Posted 04 March 2005 - 02:31 PM

Guest_thatman_*
  • Guest
Hi Pistons

You have done a great job on your system. ;)

Just to double check please run one virus scan.

Please run one off the following free, online virus scans: Please post the logs From both virus scans we will need them to remove previous infections that have left files on your system.
http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Kc :tazz:
  • 0

#29
Pistons
Posted 05 March 2005 - 04:34 PM

Pistons

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you very very much THATMAN!
You are doing great job helping people out!
Can I count on you in case of troubles in the future?

Big Hug Man!
Thanks! :tazz:
  • 0

#30
Guest_thatman_*
Posted 06 March 2005 - 04:29 AM

Guest_thatman_*
  • Guest
Hi Pistons

You will allways find me here at geeks to go ;)

Thanks

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP