Aktualizacje na programosy.pl:
Chromium • Kaspersky Rescue Disk • Vim • TeamViewer QuickSupport • TeamViewer Portable • TeamViewer • Notepad++ Portable • Notepad++ • Image for Windows
-
- Ogłoszenie:
Trojan onlinegames
48 posty(ów) • Strona 3 z 3 • 1, 2, 3
Trojan onlinegames
przez sklozgos 06 Sie 2008, 20:16
Trojan onlinegames
przez sklozgos 06 Sie 2008, 20:17
i przy okazji znalazlem raport z kasperskiego
- Kod: Zaznacz wszystko
D:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
D:\WINDOWS\SchedLgU.Txt Object is locked pominięty
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
D:\WINDOWS\Sti_Trace.log Object is locked pominięty
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
D:\WINDOWS\system32\config\default Object is locked pominięty
D:\WINDOWS\system32\config\default.LOG Object is locked pominięty
D:\WINDOWS\system32\config\SAM Object is locked pominięty
D:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
D:\WINDOWS\system32\config\SECURITY Object is locked pominięty
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
D:\WINDOWS\system32\config\software Object is locked pominięty
D:\WINDOWS\system32\config\software.LOG Object is locked pominięty
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
D:\WINDOWS\system32\config\system Object is locked pominięty
D:\WINDOWS\system32\config\system.LOG Object is locked pominięty
D:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
D:\WINDOWS\system32\h323log.txt Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
D:\WINDOWS\wiadebug.log Object is locked pominięty
D:\WINDOWS\wiaservc.log Object is locked pominięty
D:\WINDOWS\WindowsUpdate.log Object is locked pominięty
Trojan onlinegames
przez djarta 06 Sie 2008, 20:22
A to Mój komputer?
Jeśli nie przeskanuj "Mój komputer".
Jeśli nie przeskanuj "Mój komputer".
Pozdrawiam djarta. 
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
Trojan onlinegames
przez Okocza 06 Sie 2008, 20:23
KONIEC TEJ KAFEJKI.
sklozgos, wstawiasz log po skanie i to wszystko, potem Ci ktoś odpowie.
sklozgos, wstawiasz log po skanie i to wszystko, potem Ci ktoś odpowie.
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
Trojan onlinegames
przez sklozgos 06 Sie 2008, 20:29
- Kod: Zaznacz wszystko
ComboFix 08-08-05.05 - Michał 2008-08-06 20:27:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.552 [GMT 2:00]
Running from: F:\Eset\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-06 20:05 . 2008-08-06 20:05 <DIR> d-------- D:\Documents and Settings\Michał\DoctorWeb
2008-08-06 20:05 . 2008-08-06 20:05 <DIR> d-------- D:\Documents and Settings\Michał\DoctorWeb
2008-08-06 19:43 . 2008-08-06 19:43 578,560 --a--c--- D:\WINDOWS\system32\dllcache\user32.dll
2008-08-06 19:42 . 2008-08-06 19:42 <DIR> d-------- D:\WINDOWS\ERUNT
2008-08-06 19:39 . 2008-08-06 19:47 <DIR> d-------- D:\SDFix
2008-08-06 16:27 . 2008-08-06 16:27 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-08-06 16:27 . 2008-08-06 16:27 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-06 15:33 . 2008-08-06 15:33 16,244 --a------ D:\WINDOWS\system32\rrt_is.wav
2008-08-06 15:33 . 2008-08-06 15:33 7,302 --a------ D:\WINDOWS\system32\rrt_vf.wav
2008-08-06 15:33 . 2008-08-06 15:33 7,148 --a------ D:\WINDOWS\system32\rrt_tv.wav
2008-08-06 15:33 . 2008-08-06 15:33 6,282 --a------ D:\WINDOWS\system32\rrt_tn.wav
2008-08-06 14:59 . 2008-08-06 14:59 <DIR> d-------- D:\Program Files\Trend Micro
2008-08-06 14:56 . <DIR> D:\Documents and Settings\Micha-
2008-08-02 22:33 . 2008-08-06 20:28 <DIR> d--h----- D:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-02 22:33 . 2007-11-28 18:05 <DIR> d-------- D:\Documents and Settings\Administrator\Ulubione
2008-08-02 22:33 . 2007-11-28 18:07 <DIR> d--h----- D:\Documents and Settings\Administrator\Szablony
2008-08-02 22:33 . 2008-08-06 20:28 <DIR> d-------- D:\Documents and Settings\Administrator\Pulpit
2008-08-02 22:33 . 2007-11-28 18:05 <DIR> d-------- D:\Documents and Settings\Administrator\Moje dokumenty
2008-08-02 22:33 . 2007-11-28 18:05 <DIR> dr------- D:\Documents and Settings\Administrator\Menu Start
2008-08-02 22:33 . 2007-11-28 18:05 <DIR> dr-h----- D:\Documents and Settings\Administrator\Dane aplikacji
2008-08-02 22:33 . 2008-08-02 22:33 <DIR> d-------- D:\Documents and Settings\Administrator
2008-08-02 11:12 . 2008-08-02 11:12 <DIR> d-------- D:\Program Files\ESET
2008-08-02 11:12 . 2008-08-02 11:12 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-14 22:50 . 2008-08-02 14:47 <DIR> d-------- D:\Program Files\sXe Injected
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 12:55 --------- d-----w D:\Program Files\eMule
2008-08-06 10:59 --------- d-----w D:\Program Files\Starcraft
2008-08-06 10:41 --------- d-----w D:\Program Files\Valve
2008-07-23 10:37 --------- d-----w D:\Program Files\Gadu-Gadu
2008-06-10 16:56 34,312 ----a-w D:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w D:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w D:\WINDOWS\system32\drivers\eamon.sys
2008-05-22 23:09 98,304 ----a-w D:\WINDOWS\system32\qttask.exe
2008-01-17 20:43 66,936 --sha-w D:\WINDOWS\dlinfo_0.drv
2008-01-17 20:37 66,936 --sha-w D:\WINDOWS\slinfo_0.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"AlcoholAutomount"="D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="D:\WINDOWS\system32\hkcmd.exe" [2005-11-28 07:52 77824]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 D:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave9"= PLOADER_SCBW.DLL
"msacm.sl_anet"= D:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= D:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - hosting REG_SZ D:\WINDOWS\system32\wbem\scrcs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 18:46 217544 D:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-11-28 07:55 118784 D:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-11-28 07:55 98304 D:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 D:\Program Files\Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-20 00:05 81920 D:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-23 01:09 98304 D:\WINDOWS\system32\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-20 00:05 1626112 D:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 D:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27534:TCP"= 27534:TCP:BitComet 27534 TCP
"27534:UDP"= 27534:UDP:BitComet 27534 UDP
"4662:TCP"= 4662:TCP:emule tcp
"4672:UDP"= 4672:UDP:emule udp
R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;D:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 11:29]
.
Contents of the 'Scheduled Tasks' folder
2008-08-06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O16 -: DirectAnimation Java Classes - file://D:\WINDOWS\Java\classes\dajava.cab
D:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://D:\WINDOWS\Java\classes\xmldso.cab
D:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
D:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
D:\WINDOWS\system32\SkanerOnlineUninstall.exe
D:\WINDOWS\system32\SkanerOnline.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 20:28:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-06 20:29:06
ComboFix-quarantined-files.txt 2008-08-06 18:29:04
Pre-Run: 7,216,721,920 bajtów wolnych
Post-Run: 7,206,060,032 bajtów wolnych
143 --- E O F --- 2007-12-16 17:17:39
Dodano Dzisiaj, 20:31:
sorry zawiesilem sie bo usuwalem pliki kore pominieto w skanowaniu
Dodano Dzisiaj, 20:33:
to byl raport ze skanoania mojego komputera
Trojan onlinegames
przez djarta 06 Sie 2008, 20:36
To więc jest czysto,temat można zamknąć. 
Pozdrawiam djarta.
- djarta
- ~user
- Posty: 684
- Dołączenie: 31 Lip 2008, 10:49
- Pochwały: 55
-
Trojan onlinegames
przez sklozgos 06 Sie 2008, 20:37
ok jak mi wyskoczy jeszce raz to bede pisal
Dodano Dzisiaj, 13:12:
2008-08-07 12:46:35
Ochrona systemu plików w czasie rzeczywistym
F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP6\A0007341.cmd
Win32/PSW.OnLineGames.OBZ koń trojański wyleczony przez usunięcie - poddany kwarantannie urzytkownik - ZARZĄDZANIE NT\SYSTEM
Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: D:\WINDOWS\System32\svchost.exe.
wyglada na to ze to jest nie do usuniecia
Dodano Dzisiaj, 13:14:
juz to sie wczesniej ladowalo
Dodano Dzisiaj, 16:08:
Dodano Dzisiaj, 16:10:
raport jest za dlugi a ta stronka wklej.org jest jakas nienormalna i nie moge tam pliku umiescic nie wiem po co ktos napial zeby tak robic jak teks za dlugi skoro sie nie da
Dodano Dzisiaj, 20:52:
Czesc mam znow problem z tym wirem tylko ze na drugim kompie. Daje logi pierwszy z comfixa
Dodano Dzisiaj, 20:58:
Dodano Dzisiaj, 21:01:
drugi
Dodano Dzisiaj, 21:03:
wykonalem optymalizacje i to wczesniej podawaliscie tylko trzeba sprawdzic te logi bo nie umiem
Dodano Dzisiaj, 13:12:
2008-08-07 12:46:35
Ochrona systemu plików w czasie rzeczywistym
F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP6\A0007341.cmd
Win32/PSW.OnLineGames.OBZ koń trojański wyleczony przez usunięcie - poddany kwarantannie urzytkownik - ZARZĄDZANIE NT\SYSTEM
Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: D:\WINDOWS\System32\svchost.exe.
wyglada na to ze to jest nie do usuniecia
Dodano Dzisiaj, 13:14:
juz to sie wczesniej ladowalo
Dodano Dzisiaj, 16:08:
- Kod: Zaznacz wszystko
BSINSTALLPL_(www.programs.pl).exe\data018;C:\Downloads\BSINSTALLPL_(www.programs.pl).exe;Adware.SearchAid.40;;
data025\data005;C:\Downloads\BSINSTALLPL_(www.programs.pl).exe\data025;Adware.Msearch;;
data025;C:\Downloads\BSINSTALLPL_(www.programs.pl).exe;Archiwum zawierające zainfekowane obiekty;;
BSINSTALLPL_(www.programs.pl).exe;C:\Downloads;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0011845.exe\data018;C:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9\A0011845.exe;Adware.SearchAid.40;;
data025\data005;C:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9\A0011845.exe\data025;Adware.Msearch;;
data025;C:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9\A0011845.exe;Archiwum zawierające zainfekowane obiekty;;
A0011845.exe;C:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
ECC.exe;D:\Documents and Settings\Michał\Moje dokumenty\ECC 5.2;Trojan.MulDrop.14010;Usunięty.;
Super Simple Wall v2.8.exe;D:\Documents and Settings\Michał\Pulpit\Super_Simple_Wallhack_v2[1].8\Super Simple Wallhack v2.8\Super Simple Wallhack v2.8;Trojan.Armin;Usunięty.;
RunMSC.dll;D:\Program Files\BearShare;Adware.SearchAid.40;Usunięty.;
A0011796.dll;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Virtumod;Usunięty.;
A0011797.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Stars.183;Usunięty.;
A0011798.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Win32.IRC.Bot.based;Usunięty.;
A0011799.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Insider;Usunięty.;
A0011800.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Rond.origin;Niewyleczalny.Przeniesiony.;
A0011801.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Rond;Usunięty.;
A0011802.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;BackDoor.IRC.Sdbot.945;Usunięty.;
A0011803.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;BackDoor.IRC.Sdbot.2571;Usunięty.;
A0011804.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.3290;Usunięty.;
A0011805.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.3290;Usunięty.;
A0011806.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.3290;Usunięty.;
A0011807.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.3290;Usunięty.;
A0011808.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.9785;Usunięty.;
A0011809.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.MulDrop.9785;Usunięty.;
A0011846.exe;D:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Trojan.Armin;Usunięty.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;F:\Eset\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;F:\Eset;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
SDFix.exe\SDFix\apps\Process.exe;F:\Eset\SDFix.exe;Tool.Prockill;;
SDFix.exe;F:\Eset;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0011848.exe\327882R2FWJFW\psexec.cfexe;F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9\A0011848.exe;Program.PsExec.171;;
A0011848.exe;F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0011849.exe\SDFix\apps\Process.exe;F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9\A0011849.exe;Tool.Prockill;;
A0011849.exe;F:\System Volume Information\_restore{ADC7EAA3-D50F-4EEB-A93F-19C125FD5D1F}\RP9;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
Dodano Dzisiaj, 16:10:
raport jest za dlugi a ta stronka wklej.org jest jakas nienormalna i nie moge tam pliku umiescic nie wiem po co ktos napial zeby tak robic jak teks za dlugi skoro sie nie da
Dodano Dzisiaj, 20:52:
Czesc mam znow problem z tym wirem tylko ze na drugim kompie. Daje logi pierwszy z comfixa
Dodano Dzisiaj, 20:58:
- Kod: Zaznacz wszystko
ComboFix 08-09-01.03 - Skalar 2008-09-02 20:56:21.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.678 [GMT 2:00]
Running from: C:\Wiruas\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.
2008-09-02 20:47 . 2008-09-02 20:47 <DIR> d-------- C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-09-02 20:47 . 2008-09-02 20:47 <DIR> d-------- C:\Documents and Settings\GoťŠ
2008-09-02 20:41 . 2008-09-02 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Wiruas
2008-08-26 20:24 . 2008-08-26 20:24 <DIR> d-------- C:\Program Files\3DNA
2008-08-26 19:50 . 2008-04-14 22:50 219,648 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-08-24 18:59 . 2008-08-24 18:59 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-24 18:59 . 2008-08-24 18:59 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-24 18:58 . 2008-08-24 18:58 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-15 13:45 . 2008-08-15 13:45 <DIR> d-------- C:\Program Files\RegCleaner
2008-08-15 13:35 . 2008-09-01 13:00 31 --a------ C:\WINDOWS\TSCTNDBG.INI
2008-08-15 13:30 . 2004-08-03 23:08 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008-08-15 13:30 . 2004-08-03 23:08 48,640 --a------ C:\WINDOWS\system32\dllcache\stream.sys
2008-08-13 11:54 . 2007-08-21 07:18 683,520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 11:54 . 2008-05-01 16:37 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 09:12 . 2004-08-04 00:43 97,280 --a------ C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-10 09:11 . 2008-08-10 09:11 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-08-10 09:11 . 2008-08-10 09:11 <DIR> d-------- C:\WINDOWS\system32\pl
2008-08-10 09:11 . 2008-08-10 09:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-10 09:11 . 2008-08-10 09:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-10 09:07 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]05697_.tmp
2008-08-10 09:05 . 2007-10-25 17:57 8,483,328 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-05 14:37 . 2008-08-05 14:37 90,474 -r-hs---- C:\xvlyb.exe
2008-08-03 19:48 . 2008-08-03 19:48 89,885 -r-hs---- C:\xqf.com
2008-08-03 19:47 . 2008-08-02 11:04 88,881 -r-hs---- C:\e.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 16:08 --------- d-----w C:\Program Files\easyCALL
2008-07-15 15:03 --------- d-----w C:\Program Files\Axis Communications
2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:01 273,024 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 1410304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 8429568]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-10-28 558080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\win_42.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Scheduler.lnk
backup=C:\WINDOWS\pss\Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Skalar^Menu Start^Programy^Autostart^MSWin--2057905908.exe]
path=C:\Documents and Settings\Skalar\Menu Start\Programy\Autostart\MSWin--2057905908.exe
backup=C:\WINDOWS\pss\MSWin--2057905908.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 14:51 212992 C:\Program Files\Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
--a------ 2007-02-06 00:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2007-04-19 23:05 8429568 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-20 00:05 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 17:56 159800 C:\WINDOWS\PowerS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
--a------ 2007-03-06 11:18 212992 C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:44 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--------- 2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 30728]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-12-09 3026]
R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2000-11-28 4256]
R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2000-04-09 278280]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2000-03-29 15200]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2000-03-29 12632]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\drivers\DLPortIO.sys [1996-09-27 3584]
R2 IOPort;IOPort;C:\WINDOWS\system32\DRIVERS\IOPORT.SYS [2004-05-24 6656]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]
R2 ScanDrv;ScanDrv;C:\WINDOWS\system32\drivers\ScanDrv.sys [1999-04-08 195384]
S1 alcom;ALcom server;C:\WINDOWS\system32\alcom.sys [ ]
S3 dTVdrvNT;dTVdrvNT;C:\WINDOWS\SYSTEM32\dTVdrvNT.sys [ ]
S3 NetTimeSvc;NetTime;C:\Program Files\NetTime\NeTmSvNT.exe [2001-08-12 428032]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6013d814-c911-11dc-ba68-001583c06fb8}]
\Shell\AutoRun\command - N:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed717bc6-84ab-11dc-b200-e3b2017e6bf2}]
\Shell\AutoRun\command - N:\tyktjfww.exe
\Shell\explore\Command - N:\tyktjfww.exe
\Shell\open\Command - N:\tyktjfww.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kamery.darlowo.pl/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 20:57:11
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-02 20:57:34
ComboFix-quarantined-files.txt 2008-09-02 18:57:34
Pre-Run: 8,147,959,808 bajtów wolnych
Post-Run: 8,138,752,000 bajtów wolnych
175 --- E O F --- 2008-07-10 08:54:10
Dodano Dzisiaj, 21:01:
drugi
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:10, on 2008-09-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ldr.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://kamery.darlowo.pl/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_42.dll
O20 - Winlogon Notify: alcomt - alcomt.dll (file missing)
O20 - Winlogon Notify: kerberos4 - win32ueb.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe (file missing)
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6358 bytes
Dodano Dzisiaj, 21:03:
wykonalem optymalizacje i to wczesniej podawaliscie tylko trzeba sprawdzic te logi bo nie umiem
48 posty(ów) • Strona 3 z 3 • 1, 2, 3
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości