evocati Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 Witam. Ostatnio zauwazylem ze prawdopodobnie jakis syf podszywa mi sie pod juz zamkniete programy i obciaza procesor w 100%. Np. po zamknieciu mirandyIM proces nadal widnieje w Menadżerze zadan i obciaza procesor, np. teraz po wypakowaniu Hijackthis plik sfx juz nic nie robi ale obciaz procka w 100%. Hijackthi: Logfile of HijackThis v1.99.1 Scan saved at 17:11:58, on 2007-06-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\ATITool\ATITool.exe C:\Fraps\fraps.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Profiles\Evocati\Pulpit\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{461699C4-03C0-4D13-9C6F-B99C24DB29AE}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{461699C4-03C0-4D13-9C6F-B99C24DB29AE}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{461699C4-03C0-4D13-9C6F-B99C24DB29AE}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Silent Runners: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."] "MKS_MENU" = "C:\Program Files\MKS\Bin\mks_menu.exe" ["MKS Sp. z o.o."] "ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" ["ArcaBit"] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."] "AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer" \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyswietlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyswietlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}" -> {HKLM...CLSID} = "MkS_Vir Shell Extension" \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}" -> {HKLM...CLSID} = "MkS_Vir Shell Extension" \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSMMyPictures" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove My Pictures icon from Start Menu} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "boinc.scr" ["Space Sciences Laboratory"] Startup items in "Evocati" & "All Users" startup folders: --------------------------------------------------------- C:\Profiles\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): : ÿþ[ V e r s i o n ] : S i g n a t u r e = " $ C H I C A G O $ " : A d v a n c e d I N F = 2 . 5 , " Y o u n e e d a n e w v e r s i o n o f a d v p a c k . d l l " : : [ R e s t o r e H o m e P a g e ] : A d d R e g = R e s t o r e H o m e P a g e . r e g : : [ R e s t o r e B r o w s e r S e t t i n g s ] : A d d R e g = R e s t o r e B r o w s e r S e t t i n g s . r e g : D e l R e g = D e l e t e T e m p l a t e s . r e g , D e l e t e A u t o s e a r c h . r e g : : [ R e s t o r e H o m e P a g e . r e g ] : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S t a r t P a g e " , 0 , % S T A R T _ P A G E _ U R L % : : [ R e s t o r e B r o w s e r S e t t i n g s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ P a g e _ U R L " , 0 , % S T A R T _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " D e f a u l t _ S e a r c h _ U R L " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 1 " , 0 , " w w w . % s . c o m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 2 " , 0 , " w w w . % s . o r g " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 3 " , 0 , " w w w . % s . n e t " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 4 " , 0 , " w w w . % s . e d u " : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " S e a r c h P a g e " , 0 , % S E A R C H _ P A G E _ U R L % : : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h U r l " , " P r o v i d e r " , 0 , " " : : t m " : t m " : H K L M , " S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s \ S a f e S i t e s " , % S A F E S I T E _ V A L U E % , 0 , " h t t p : / / i e . s e a r c h . m s n . c o m / * " : : [ D e l e t e T e m p l a t e s . r e g ] : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 5 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 6 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 7 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 8 " : H K L M , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ U r l T e m p l a t e " , " 9 " : : [ D e l e t e A u t o s e a r c h . r e g ] : ; N O T E ( a n d r e w g u ) i e 5 . 5 b # 1 0 8 2 5 9 - a u t o s e a r c h s e t t i n g s a r e n o t p r o p e r l y r e s e t : H K C U , " S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n " , " A u t o S e a r c h " : : [ S t r i n g s ] : S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : S E A R C H _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & a r = i e s e a r c h " : S A F E S I T E _ V A L U E = " i e . s e a r c h . m s n . c o m " : : ; I M P O R T A N T N O T E : : ; I E b r a n d i n g d l l ( i e d k c s 3 2 . d l l ) u s e s t h e f o l l o w i n g e n t r i e s t o r e s t o r e t h e d e f a u l t M S v a l u e s . : ; I n t h e v a n i l l a v e r s i o n o f I E , t h e v a l u e s m u s t b e t h e s a m e a s t h e i r c o r r e s p o n d i n g n o n M S _ * v a l u e s . : ; F o r e x a m p l e , S T A R T _ P A G E _ U R L a n d M S _ S T A R T _ P A G E _ U R L m u s t h a v e t h e s a m e U R L i n t h e I E v e r s i o n r e l e a s e d b y M S . : M S _ S T A R T _ P A G E _ U R L = " h t t p : / / w w w . m i c r o s o f t . c o m / i s a p i / r e d i r . d l l ? p r d = i e & p v e r = 6 & a r = m s n h o m e " : Missing lines (compared with English-language version): [Version]: 2 lines [RestoreHomePage]: 1 line [RestoreHomePage.reg]: 1 line [RestoreBrowserSettings.reg]: 12 lines [DeleteTemplates.reg]: 5 lines [DeleteAutosearch.reg]: 1 line [strings]: 1 line [RestoreBrowserSettings]: 2 lines [strings]: 3 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, "C:\Program Files\MKS\Bin\NetMonSV.exe" ["ArcaBit sp. z o.o."] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] MkS_Scan, MkS_Scan, "C:\Program Files\MKS\Bin\mks_scan.exe" [empty string] MkS_Vir Monitor, MksVirMonSvc, "C:\Program Files\MKS\Bin\mksmonsv.exe" [empty string] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 168 seconds, including 9 seconds for message boxes) Pozdrawiam Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
CatchMe Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 Logi są czyste. Wklej log z ComboFix. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
evocati Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 Combofix: ComboFix 07-06-13.3 - C:\Profiles\Evocati\Pulpit\ComboFix.exe "Evocati" - 2007-06-14 20:10:05 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 ))))))))))))))))))))))))))))))) 2007-06-14 20:09 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-14 17:58 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-14 17:58 <DIR> d-------- C:\Profiles\ALLUSE~1\DANEAP~1\Lavasoft 2007-06-14 17:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-13 14:15 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2007-06-08 17:47 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-06-08 17:47 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-06-08 12:08 <DIR> d-------- C:\Program Files\Opera 2007-06-08 12:08 <DIR> d-------- C:\Profiles\Evocati\DANEAP~1\Opera 2007-06-08 12:01 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-06-07 10:46 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-06-07 10:46 <DIR> d-------- C:\Profiles\ALLUSE~1\DANEAP~1\Adobe Systems 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-22 19:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-05-21 17:17 <DIR> d-------- C:\Program Files\foobar2000 2007-05-21 17:17 <DIR> d-------- C:\Profiles\Evocati\DANEAP~1\foobar2000 2007-05-20 18:23 <DIR> d-------- C:\Program Files\NAPI-PROJEKT 2007-05-20 12:41 <DIR> d-------- C:\Profiles\Evocati\PsiData 2007-05-19 17:44 <DIR> d-------- C:\WINDOWS\pss 2007-05-19 17:40 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-05-19 17:38 <DIR> d-------- C:\Program Files\MultiRes 2007-05-19 17:37 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.330 Uninstall.exe 2007-05-19 17:37 <DIR> d-------- C:\Program Files\Radeon Omega Drivers 2007-05-19 17:11 <DIR> d-------- C:\Program Files\Driver Cleaner 2007-05-19 11:06 <DIR> d-------- C:\Profiles\Evocati\DANEAP~1\Gadu-Gadu 2007-05-19 10:59 <DIR> d-------- C:\Program Files\Simple DNS Plus 2007-05-19 10:06 <DIR> d-------- C:\Profiles\Evocati\Gadu-Gadu 2007-05-15 20:11 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-05-15 20:11 196,608 --a------ C:\WINDOWS\system32\libssl32.dll 2007-05-15 20:11 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll 2007-05-15 20:11 <DIR> d-------- C:\OpenSSL 2007-05-15 17:44 <DIR> d-------- C:\Profiles\Evocati\DANEAP~1\Help (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-14 16:02:15 -------- d-----w C:\Program Files\AutoConnect 2007-06-13 12:15:17 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-10 09:15:01 -------- d-----w C:\Program Files\FlashFXP 2007-06-08 17:12:38 -------- d-----w C:\Profiles\Evocati\DANEAP~1\uTorrent 2007-06-07 19:28:14 -------- d-----w C:\Program Files\PSPad editor 2007-06-07 19:27:02 -------- d-----w C:\Program Files\Cake Mania 2007-06-07 19:24:48 -------- d-----w C:\Program Files\CCleaner 2007-05-27 19:54:10 -------- d-----w C:\Program Files\SpeedFan 2007-05-24 19:14:15 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Real 2007-05-24 19:00:54 -------- d-----w C:\Program Files\Joost 2007-05-19 15:44:28 -------- d-----w C:\Program Files\BOINC 2007-05-19 15:36:03 -------- d-----w C:\Program Files\WorldCommunityGrid 2007-05-19 15:22:27 -------- d-----w C:\Program Files\DNA-drivers 2007-05-07 20:29:15 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-05-05 11:18:58 -------- d-----w C:\Program Files\Thomson 2007-05-04 17:34:00 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Joost 2007-05-04 12:33:45 -------- d-----w C:\Profiles\Evocati\DANEAP~1\CyberLink 2007-05-04 12:32:22 -------- d-----w C:\Program Files\CyberLink 2007-05-03 08:21:25 -------- d-----w C:\Program Files\TC PowerPack 2007-05-01 20:59:31 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Media Player Classic 2007-05-01 20:57:27 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-01 16:05:08 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Apple Computer 2007-05-01 10:00:27 -------- d-----w C:\Program Files\MarBit 2007-05-01 09:59:09 -------- d-----w C:\Program Files\Xvid 2007-05-01 09:29:32 -------- d-----w C:\Program Files\CYH Project 2007-05-01 07:45:48 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-04-27 14:54:27 69,632 ----a-w C:\WINDOWS\UD.SCR 2007-04-27 05:08:48 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Ahead 2007-04-27 05:04:38 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-27 05:01:57 -------- d-----w C:\Program Files\Nero 2007-04-25 18:16:42 -------- d-----w C:\Profiles\Evocati\DANEAP~1\Google 2007-04-25 18:16:00 -------- d-----w C:\Program Files\Google 2007-04-25 14:42:53 -------- d-----w C:\Program Files\HD Tune 2007-04-24 16:46:22 -------- d-----w C:\Program Files\Real Alternative 2007-04-17 20:12:02 -------- d-----w C:\Profiles\Evocati\DANEAP~1\PSpad 2007-04-15 07:41:56 -------- d-----w C:\Profiles\Evocati\DANEAP~1\AdobeUM 2007-04-14 17:12:41 -------- d-----w C:\Program Files\MKS 2007-04-14 17:09:55 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-14 17:04:29 265 ----a-w C:\WINDOWS\mks.bat 2007-04-14 14:14:49 671 ----a-w C:\WINDOWS\mozver.dat 2007-04-14 12:22:32 -------- d-----w C:\Program Files\A4Tech 2007-04-13 19:04:45 82,466 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-13 19:04:45 485,408 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-13 18:34:31 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-13 18:15:36 0 --sha-r C:\MSDOS.SYS 2007-04-13 18:15:36 0 --sha-r C:\IO.SYS 2007-04-13 18:15:36 0 ----a-w C:\CONFIG.SYS 2007-04-13 18:15:36 0 ----a-w C:\AUTOEXEC.BAT 2007-04-13 18:12:41 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-13 14:57:27 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2007-04-13 14:57:15 991,744 ----a-w C:\WINDOWS\system32\syssetup.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 17:01 C:\WINDOWS\SOUNDMAN.EXE] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38] "WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2005-08-29 08:15] "MKS_MENU"="C:\Program Files\MKS\Bin\mks_menu.exe" [2007-04-14 19:08] "ABREGMON"="C:\Program Files\MKS\Bin\ABregmon.exe" [2007-04-14 19:03] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48] "AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoSMMyPictures"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoSMMyPictures"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profiles^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Profiles\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profiles^Evocati^Menu Start^Programy^Autostart^BOINC Manager.lnk] path=C:\Profiles\Evocati\Menu Start\Programy\Autostart\BOINC Manager.lnk backup=C:\WINDOWS\pss\BOINC Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Profiles^Evocati^Menu Start^Programy^Autostart^World Community Grid Agent.lnk] path=C:\Profiles\Evocati\Menu Start\Programy\Autostart\World Community Grid Agent.lnk backup=C:\WINDOWS\pss\World Community Grid Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple DNS Plus] C:\Program Files\Simple DNS Plus\sdnsplus.exe -s Contents of the 'Scheduled Tasks' folder 2007-06-07 10:29:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-14 20:11:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-14 20:12:33 --- E O F --- Pozdrawiam Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
CatchMe Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 - Log jest czysty. - Przeskanuj system tym programem i usuń wszystko co znajdzie: www.ewido.net i wklej raport na forum. - Wklej logi z Gmera. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
evocati Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:35:05 2007-06-14 + Scan result: :mozilla.232:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.233:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.234:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.235:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.236:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.237:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.255:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.335:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.81:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.82:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.83:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.397:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.398:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.168:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.169:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.206:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.207:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.380:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.381:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.52:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.53:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.54:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.118:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.224:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.225:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.228:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.241:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.242:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.243:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.244:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.245:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.246:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.247:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.109:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.220:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.221:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.276:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.278:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.281:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.282:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.115:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.141:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.142:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Profiles\Evocati\Cookies\evocati@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.11:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.15:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Gemius : Cleaned. C:\Profiles\Evocati\Cookies\evocati@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned. :mozilla.229:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.354:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.217:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.218:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.219:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.110:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.111:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.112:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.113:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.177:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.178:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.179:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.21:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.22:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.23:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.24:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.123:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.385:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.386:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.387:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.315:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Webtrends : Cleaned. C:\Profiles\Evocati\Cookies\evocati@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.253:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.137:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.138:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.139:C:\Profiles\Evocati\Dane aplikacji\Mozilla\Firefox\Profiles\zb6fqx81.Imex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Profiles\Evocati\Cookies\evocati@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
CatchMe Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 Tu jest wszystko bardzo ładnie. 8O Wklej jeszcze logi z Gmera. 8O Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
ULLISSES Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 Heh, oczywiste to było. To dzieje się także z innymi programami? Generalnie takie przypadki są mi znane. Przyczyna nie jest mi znana, ale podobne efekty robi: Firefox, Opera, GG. Żeby nie było - nie zawsze i nie każda wersja. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Niemiec Opublikowano 14 Czerwca 2007 Zgłoś Opublikowano 14 Czerwca 2007 tez notuje u siebie przypadki, ze soft po zamknieciu potrafi sobie zajac oba rdzenie na amen 8O nawet dzisiaj GG przy przywracaniu okna rozmowy zajelo oba rdzenie na prawie 2 min a opera po zamknieciu w menagerze potrafi wisiec i z minute 8O czemu sie tak dzieje nie mam pojecia, irytuje to i to bardzo bardzo, ale widocznie ten typ tak ma. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
evocati Opublikowano 20 Czerwca 2007 Zgłoś Opublikowano 20 Czerwca 2007 Witam. Minelo juz troche czasu, ale problem pozostal. Tyle ze teraz juz nie dzieje sie to czasami tylko zawsze. Zaden "zamkniety" progrm sie nie wyłącza tylko proces zostaje i zre 100% procka 8O Jakies pomysly ? Menadzer zadan wylaczylem. Pozdrawiam Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
ULLISSES Opublikowano 20 Czerwca 2007 Zgłoś Opublikowano 20 Czerwca 2007 Jeśli "żaden" oznacza FF/Operę i GG, to poczytaj to: http://forum.purepc.pl/index.php?s=&sh...t&p=2646152 Jeśli także inne programy, to może format? Zawsze pomaga. :] Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
evocati Opublikowano 21 Czerwca 2007 Zgłoś Opublikowano 21 Czerwca 2007 (edytowane) Gdy wszedlem w "Threads" oto co zobaczylem : MirandaIM: Paint: xD Moze mi ktos powiedziec co to za plik ? Ram skanowalem MemTestem i zadnych bledow nie znalazl. Pozdrawiam Edytowane 21 Czerwca 2007 przez evocati Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
