Przy starcie windowsa ładują się mi niepotrzebvne procesy tj.:
mDSNRes...
alg.exe
itd.
Pytanie
Jak je zlokalizować i usunąć iem że są jakieś programy:)
Aktualizacje na programosy.pl:
Mozilla Firefox • Folder Lock • Passware Kit Standard • ReSharper • Adblock Plus • EverNote • SIW (System Info) • IntelliJ IDEA Community Edition • Lansweeper
-
- Ogłoszenie:
z procesami?! jak je usunąć
19 posty(ów) • Strona 1 z 1
z procesami?! jak je usunąć
przez eSpEY 01 Lis 2007, 20:43
Przy starcie windowsa ładują się mi niepotrzebvne procesy tj.:
mDSNRes...
alg.exe
itd.
Pytanie
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
przez Kuba1 01 Lis 2007, 20:49
Człowieku alg.exe jest niepotrzebnym procesem?!
Start>>uruchom>>msconfig>>zakładka uruchamianie>>odznacz te rzeczy które znasz, albo pokaż screen z tą zakładką.
Autor postu otrzymał pochwałę
Start>>uruchom>>msconfig>>zakładka uruchamianie>>odznacz te rzeczy które znasz, albo pokaż screen z tą zakładką.
Autor postu otrzymał pochwałę
- Kuba1
- ~user
- Posty: 237
- Dołączenie: 27 Lip 2007, 18:59
- Pochwały: 16
przez Dzi@dek 01 Lis 2007, 20:50
dj_disc napisał(a):alg.exe
Proces musi pozostać.
INFO:
Application Layer Gateway Service
alg.exe is a part of the Microsoft Windows operating system. It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall. This program is important for the stable and secure running of your computer and should not be terminated
Author: Microsoft Corp.
Part of: Microsoft Windows Operating System
Virus: No ( Remove )
Trojan: No ( Remove )
Spyware: No ( Remove )
Security Risk (0-5): 0
Proces polaczenia internetowego (firewall) w SP2.
Umozliwia on stabilna prace ze wzgledu na bezpieczenstwo,
odcina droge ataku nieautoryzowanym procesom z zew.
Informuje o wylaczonym np. firewallu w systemie.
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez eSpEY 01 Lis 2007, 21:07
zal gdy te procesy mam uruchomione tylko google.pl mi się ładuje!!!
żadna inna strona nie!
żadna inna strona nie!
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez eSpEY 01 Lis 2007, 21:40
HijackThis napisał(a):Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:22, on 2007-11-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\sXe Injected\sXe Injected.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KraMixer_WhenUSave_Installer] C:\Program Files\KraMixer_WhenUSave_Installer\KraMixer_WhenUSave_Installer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ratlerek.lnk = C:\WINDOWS\RTHDCPL.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_29.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_48.cab
O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame1.dll
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool- http://67.15.101.3/g_bin/pl/billard8_2_0_0_35.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_29.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - e:\usr/MYSQL/bin/mysqld.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - ID Anti-Virus Lab - C:\Program Files\DrWeb\SpiderNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7169 bytes
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez Dzi@dek 01 Lis 2007, 21:50
Usuń
Na próbę odinstaluj program C:\Program Files\Bonjour\
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Na próbę odinstaluj program C:\Program Files\Bonjour\
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez eSpEY 01 Lis 2007, 21:52
Fix Checed??
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez Dzi@dek 01 Lis 2007, 21:52
Dzi@dek napisał(a):R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
fix checked
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez eSpEY 01 Lis 2007, 22:01
ok usunięte za pomocą KillBox `a:
HJ:
HJ:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:52, on 2007-11-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\KraMixer_WhenUSave_Installer\KraMixer_WhenUSave_Installer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
e:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KraMixer_WhenUSave_Installer] C:\Program Files\KraMixer_WhenUSave_Installer\KraMixer_WhenUSave_Installer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ratlerek.lnk = C:\WINDOWS\RTHDCPL.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_29.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_48.cab
O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame1.dll
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_29.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - e:\usr/MYSQL/bin/mysqld.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - ID Anti-Virus Lab - C:\Program Files\DrWeb\SpiderNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7448 bytes
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez Dzi@dek 01 Lis 2007, 22:06
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: MySql - Unknown owner - e:\usr/MYSQL/bin/mysqld.exe (file missing)
Fix w HJ.
to znasz
O4 - HKLM\..\Run: [KraMixer_WhenUSave_Installer] C:\Program Files\KraMixer_WhenUSave_Installer\KraMixer_WhenUSave_Installer.exe
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez Kuba1 01 Lis 2007, 22:09
O4 - HKLM\..\Run: [KraMixer_WhenUSave_Installer] C:\Program Files\KraMixer_WhenUSave_Installer\KraMixer_WhenUSave_Installer.exe
Instalator szpiega WhenUSave cały folder do wyrzucenia.
Pokaż log z ComboFix
- Kuba1
- ~user
- Posty: 237
- Dołączenie: 27 Lip 2007, 18:59
- Pochwały: 16
-
przez eSpEY 02 Lis 2007, 10:04
HJ:
...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:38, on 2007-11-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
e:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ratlerek.lnk = C:\WINDOWS\RTHDCPL.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_29.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_48.cab
O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame1.dll
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_29.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - ID Anti-Virus Lab - C:\Program Files\DrWeb\SpiderNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - e:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7172 bytes
...
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez eSpEY 02 Lis 2007, 10:10
Robi się!!!...
Długo to trwa!
[ Dodano: Dzisiaj o 9:22 ]
Długo to trwa!
[ Dodano: Dzisiaj o 9:22 ]
ComboFix 07-11-01.1 - Admin 2007-11-02 9:08:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.217 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Pulpit\LOGI ITP\ComboFix2.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\imex.bat
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\vpnpms.exe
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\urqomjg.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.
2007-10-30 18:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-29 16:16 <DIR> d-------- C:\Dev-Pas
2007-10-28 22:49 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-10-24 16:35 <DIR> d-------- C:\Program Files\Just BASIC v1.01
2007-10-24 16:13 <DIR> d-------- C:\setups
2007-10-24 16:11 <DIR> d-------- C:\Program Files\createinstall free
2007-10-22 16:01 <DIR> d-------- C:\Program Files\_AOE
2007-10-20 21:29 <DIR> d-------- C:\Program Files\CamStudio
2007-10-07 14:44 60,416 --a------ C:\WINDOWS\system32\drivers\dg^mwswc.sys
2007-10-04 14:01 <DIR> d-------- C:\cpp
2007-10-03 19:25 <DIR> d-------- C:\Documents and Settings\Admin\.borland
2007-10-03 19:23 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 08:12 --------- d-----w C:\Program Files\FlashGet
2007-11-02 01:20 --------- d-----w C:\Program Files\eMule
2007-11-01 19:57 --------- d-----w C:\Program Files\Bonjour
2007-11-01 18:45 --------- d-----w C:\Program Files\sXe Injected
2007-10-30 18:21 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Draco Organizer
2007-10-18 16:55 --------- d-----w C:\Program Files\Gadu-Gadu
2007-10-14 08:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-04 13:08 --------- d-----w C:\Program Files\Borland
2007-10-01 06:56 --------- d-----w C:\Program Files\WexTech
2007-10-01 06:56 --------- d-----w C:\Program Files\Common Files\WexTech Shared
2007-10-01 06:56 --------- d-----w C:\Program Files\Common Files\LHSPF
2007-10-01 06:56 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-09-29 18:18 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\teamspeak2
2007-09-29 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-26 09:53 --------- d-----w C:\Program Files\Java
2007-09-22 13:53 --------- d-----w C:\Program Files\Valve Hammer Editor
2007-09-22 13:50 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Tlen.pl
2007-09-22 08:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-22 07:48 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-09-15 11:04 --------- d-----w C:\Program Files\DrWeb
2007-09-15 08:44 --------- d-----w C:\Program Files\Opera
2007-09-12 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-09-07 13:00 --------- d-----w C:\Program Files\SkanerOnline
2007-09-07 12:58 --------- d-----w C:\Program Files\Trend Micro
2007-09-07 12:12 --------- d-----w C:\Program Files\kswiat
2007-08-13 18:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-11 20:57 4 ----a-w C:\Program Files\2007-08-11 22_55.gps.bin
2007-08-11 20:56 0 ----a-w C:\Program Files\2007-08-11 22_55.gps
2007-08-08 14:47 44 ----a-w C:\Documents and Settings\Admin\ipspace.dat
2007-08-08 14:47 4,411 ----a-w C:\Documents and Settings\Admin\serverlist.dat
2007-08-08 14:47 2 ----a-w C:\Documents and Settings\Admin\filter.dat
2007-08-07 13:29 389,936 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-03-31 15:20:56 868 --sha-w C:\WINDOWS\system32\regnessem_nsm.dat
.
((((((((((((((((((((((((((((( snapshot_2007-09-10_182104.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 22:44:06 2,804,224 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2004-08-03 22:44:24 77,312 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2004-08-03 22:44:06 331,264 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll
+ 2004-08-03 22:43:08 884,736 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll
+ 2004-08-03 22:44:06 44,032 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll
+ 2005-05-04 12:45:28 212,704 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-04 12:45:28 387,296 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- 2007-07-19 22:47:22 109,056 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 17:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2002-07-18 20:59:50 63,344 ----a-w C:\WINDOWS\CDILLA05.DLL
+ 2002-07-18 20:59:50 23,856 ----a-w C:\WINDOWS\CDILLA10.EXE
+ 2002-07-18 20:59:50 45,056 ----a-w C:\WINDOWS\CDILLA13.DLL
+ 2002-07-18 20:59:50 7,056 ----a-w C:\WINDOWS\CDILLA16.EXE
+ 2002-07-18 20:59:50 260,608 ----a-w C:\WINDOWS\CDILLA32.DLL
+ 2002-07-18 20:59:50 55,376 ----a-w C:\WINDOWS\CDILLA40.DLL
+ 2002-07-18 20:59:50 60,416 ----a-w C:\WINDOWS\CDILLA64.EXE
+ 2007-09-11 13:51:17 585,791 ----a-w C:\WINDOWS\gmer.dll
+ 2007-06-29 07:38:18 581,632 ----a-r C:\WINDOWS\gmer.exe
+ 2007-10-04 13:12:04 4,710 ----a-r C:\WINDOWS\Installer\{2864C41B-EF2D-4640-95A2-526276524519}\BCB.exe
- 2007-05-05 11:21:11 4,710 ----a-r C:\WINDOWS\Installer\{72263053-50D1-4598-9502-51ED64E54C51}\ARPPRODUCTICON.exe
+ 2007-10-03 18:24:57 4,710 ----a-r C:\WINDOWS\Installer\{72263053-50D1-4598-9502-51ED64E54C51}\ARPPRODUCTICON.exe
- 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-16 23:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 1998-12-10 07:42:54 168,448 ------w C:\WINDOWS\system32\Awrtl30.dll
+ 2000-04-07 11:41:36 204,800 ------w C:\WINDOWS\system32\awrtl30.dll
- 2004-08-03 22:44:06 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-03 22:44:24 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-03 22:44:06 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-03 22:43:08 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-03 22:44:06 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2006-02-28 10:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2006-02-28 10:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 1996-02-03 20:07:54 179,712 ----a-w C:\WINDOWS\system32\DPUNINST.DLL
+ 2002-07-18 20:59:50 57,968 ----a-w C:\WINDOWS\system32\drivers\CDANT.SYS
+ 2002-07-18 20:59:50 46,080 ----a-w C:\WINDOWS\system32\drivers\CDANTSRV.EXE
+ 2007-03-07 23:51:00 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2007-09-11 13:51:17 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2005-09-14 19:17:44 20,016 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
- 2007-08-14 10:04:49 1,354,344 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-25 18:17:48 2,538,512 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-07-12 07:12:42 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
+ 1996-06-01 01:02:00 32,768 ----a-w C:\WINDOWS\system32\IDUNINST.DLL
- 2007-03-13 22:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-03-13 22:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-03-14 00:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 1998-08-04 09:22:32 111,616 ------w C:\WINDOWS\system32\Ltih30tb.dll
- 2005-08-27 12:08:06 1,398,408 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-09-29 09:41:01 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 1995-01-13 12:10:00 149,504 ----a-w C:\WINDOWS\system32\MFCANS32.DLL
+ 1996-06-11 00:01:00 55,840 ----a-w C:\WINDOWS\system32\MLTHLP32.DLL
- 2004-08-03 22:44:06 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 22:44:24 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-03 22:44:06 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-03 22:43:08 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-03 22:44:06 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 1995-05-21 21:00:00 640,512 ----a-w C:\WINDOWS\system32\OC30.DLL
- 2007-03-25 07:14:49 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 12:45:47 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-25 07:14:49 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-10-28 12:45:47 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-03-25 07:14:49 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 12:45:47 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-03-25 07:14:49 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-10-28 12:45:47 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2005-09-14 19:17:44 462,848 ------w C:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00 547,576 ------w C:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2005-09-14 19:17:44 319,488 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-03-07 23:51:00 510,712 ------w C:\WINDOWS\system32\pxdrv.dll
- 2005-09-14 19:17:44 53,248 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2005-09-14 19:17:44 143,360 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2005-09-14 19:17:44 286,720 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-03-07 23:51:00 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2002-08-09 11:00:00 4,082,688 ----a-w C:\WINDOWS\system32\qtintf70.dll
+ 2005-05-04 12:45:28 15,584 ------w C:\WINDOWS\system32\spmsg.dll
+ 1997-08-05 00:01:00 345,536 ----a-w C:\WINDOWS\system32\stdvcl32.dll
+ 2002-08-09 11:00:00 549,888 ----a-w C:\WINDOWS\system32\stdvcl40.dll
- 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-05-03 17:37:08 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
+ 2007-05-03 17:37:08 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
+ 2007-05-03 17:37:08 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
+ 1995-10-27 14:06:00 1,115,136 ----a-w C:\WINDOWS\system32\VCFIDL32.DLL
+ 1995-10-27 14:06:00 566,784 ----a-w C:\WINDOWS\system32\VCFIWZ32.DLL
+ 1995-10-27 16:41:46 62,464 ----a-w C:\WINDOWS\system32\vspell32.dll
- 2005-09-14 19:17:44 28,672 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-03-07 23:51:00 39,672 ------w C:\WINDOWS\system32\vxblock.dll
- 2007-09-10 16:19:13 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-01 07:12:24 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-08-31 17:02:29 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-10-24 15:03:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
- 2007-08-31 17:02:29 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-10-24 15:03:42 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
- 2007-09-10 14:02:07 5,457,437 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-10-26 13:01:59 6,395,627 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2007-08-06 20:06:12 4,977,606 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
+ 2007-09-21 10:28:03 5,607,106 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
- 2007-08-31 17:02:29 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-24 15:03:42 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
- 2007-08-31 17:02:29 50,152 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-10-24 15:03:42 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
- 2007-09-07 12:19:22 82,432 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2007-10-31 16:03:44 82,432 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
- 2007-02-27 15:21:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
+ 2007-11-02 08:15:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
- 2007-09-10 16:19:01 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
+ 2007-11-02 08:16:05 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
- 2007-09-07 12:12:58 6,795 ----a-w C:\WINDOWS\unins000.dat
+ 2007-10-16 18:33:59 7,053 ----a-w C:\WINDOWS\unins000.dat
- 2003-02-01 23:00:00 87,351 ----a-w C:\WINDOWS\unins000.exe
+ 2003-02-01 22:00:00 87,351 ----a-w C:\WINDOWS\unins000.exe
+ 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 06:33]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20]
"nwiz"="nwiz.exe" [2005-06-15 10:20 C:\WINDOWS\system32\nwiz.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 13:28]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" []
C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\
Ratlerek.lnk - C:\WINDOWS\RTHDCPL.exe [2006-11-08 22:51:22]
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;C:\WINDOWS\system32\drivers\drwebnet.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
S2 SPIDER;SpIDer FS Monitor for Windows NT;\??\C:\Program Files\DrWeb\spider.sys
S2 spidernt;SpIDer Guard for Windows NT;C:\Program Files\DrWeb\SpiderNT.exe
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 ddsxeiservice;ddsxeiservice;\??\C:\Program Files\sXe Injected\ddsxei.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RivaTuner32;RivaTuner32;\??\e:\Program Files\RivaTuner v2.01\RivaTuner32.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 09:17:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-02 9:18:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 15:19
C:\ComboFix2.txt ... 2007-09-11 15:19
C:\ComboFix3.txt ... 2007-09-10 17:21
.
--- E O F ---
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
-
przez eSpEY 02 Lis 2007, 10:56
NIE MA TAKIEGO FOLDERU!?
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
przez Precel 02 Lis 2007, 11:12
nie ma bo combofix musial go usunac z lakalizacji
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec
Dołączenie:
29.04.2005 02:14:25
Ostatni post:
04.08.2008 15:22:24
dziękuje za wspaniałe chwile... ale trzeba wiedzieć kiedy z sceny zejść niepokonanym
to by było na tyle....
verba volant, scripta manent !
29.04.2005 02:14:25
Ostatni post:
04.08.2008 15:22:24
dziękuje za wspaniałe chwile... ale trzeba wiedzieć kiedy z sceny zejść niepokonanym
to by było na tyle....
verba volant, scripta manent !
-
Precel - ^zasłużony
- Posty: 10223
- Dołączenie: 29 Kwi 2005, 02:14
- Pochwały: 639
-
przez eSpEY 02 Lis 2007, 14:24
też tak myślę...
ale na wszelki wypadek próbowałem go usunąć!
może być eot
ale na wszelki wypadek próbowałem go usunąć!
może być eot
W domu:AMD Athlon X4 640 | Asus m4a78lt | DDR3 4096MB 666Mhz | NVDIA GeForce GTS 450 | ATX 500W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
W pracy:Intel Core i5-3470 | 2 x DDR4 4096MB 2133Mhz | Qyadro K600 1024MB | ATX 750W
-
eSpEY - Posty: 1340
- Dołączenie: 04 Lut 2007, 12:24
- Miejscowość: Olsztyn
- Pochwały: 111
-
19 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości