Skocz do zawartości


Zdjęcie

Logi - Interpretacja

Rozpoczęty przez Zgrzytus , 21 10 2009 17:38

  • Zamknięty Temat jest zamknięty
2 odpowiedzi w tym temacie

#1 Zgrzytus

Zgrzytus

    Początkujący

  • 18 postów

Napisano 21 10 2009 - 17:38

Witam,
Bardzo prosiłbym o sprawdzenie czy mam wszystko w porządku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:05, on 2009-10-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Programy\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Tlen7\tlen7.exe
D:\Gry\Counter-Strike Steam\Steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 91.121.9.61 L2authd.Lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Tlen.pl] C:\Program Files\Tlen7\tlen7.exe
O4 - HKCU\..\Run: [Steam] "D:\Gry\Counter-Strike Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6413 bytes
Dziękuje :mad:

Użytkownik macsch15 edytował ten post 10 11 2009 - 21:32
Przenoszę

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 22 10 2009 - 07:57

Log czysty.Proszę daj może loga z combofix'a.

  • 0

#3 Zgrzytus

Zgrzytus

    Początkujący

  • 18 postów

Napisano 22 10 2009 - 19:23

Proszę:

ComboFix 09-10-21.02 - Marcin 2009-10-22 19:14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.767.271 [GMT 2:00]
Uruchomiony z: e:\download\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 091021-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Pliki utworzone od 2009-09-22 do 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-21 15:58 . 2009-10-21 15:58 -------- d-----w- c:\program files\CCleaner
2009-10-21 15:09 . 2009-10-21 15:09 -------- d-----w- c:\program files\Trend Micro
2009-10-21 13:07 . 2009-10-21 13:07 -------- d-----w- c:\program files\Greatis
2009-10-21 12:41 . 2009-10-21 12:41 -------- d-----w- c:\program files\Alcohol Soft
2009-10-21 04:56 . 2009-10-21 04:56 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 17:17 . 2009-10-20 17:17 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-20 17:16 . 2009-10-20 17:17 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\teamspeak2
2009-10-19 11:52 . 2009-10-19 11:52 -------- d-----w- c:\program files\Defraggler
2009-10-19 11:03 . 2008-05-15 23:15 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-19 11:03 . 2008-05-15 23:14 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-19 11:03 . 2008-05-15 23:13 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-19 11:03 . 2008-05-15 23:12 95608 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-19 11:03 . 2008-05-15 23:20 78416 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-19 11:03 . 2008-05-15 23:18 94416 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-19 11:03 . 2008-05-15 23:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-19 11:03 . 2008-01-17 17:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-19 11:02 . 2008-05-15 23:24 1152888 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-19 11:02 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-19 11:02 . 2009-10-19 11:02 -------- d-----w- c:\program files\Alwil Software
2009-10-18 07:49 . 2009-10-18 07:49 -------- d-----w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\PCHealth
2009-10-18 05:01 . 2009-10-18 05:01 -------- d-----w- c:\program files\Bonjour
2009-10-18 04:45 . 2009-10-18 04:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-17 17:45 . 2009-10-17 17:45 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\Media Player Classic
2009-10-17 15:46 . 2009-10-17 15:47 -------- d-----w- C:\be5bf18b4b36065bb37d53b9a816b5
2009-10-17 15:45 . 2009-10-18 04:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-16 13:43 . 2009-10-16 13:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-10-16 03:52 . 2009-10-20 15:09 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\foobar2000
2009-10-15 15:46 . 2006-10-26 15:28 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-10-15 15:45 . 2006-10-26 15:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-15 15:42 . 2009-10-15 15:42 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:39 . 2009-10-15 15:39 -------- d-----w- c:\program files\Microsoft.NET
2009-10-15 15:34 . 2009-10-15 15:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-15 15:33 . 2009-10-15 15:40 -------- d-----w- c:\windows\SHELLNEW
2009-10-15 15:32 . 2009-10-15 15:32 -------- d-----w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-10-15 15:31 . 2009-10-15 15:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-10-15 14:17 . 2007-06-19 05:21 97704 ----a-w- c:\windows\system32\drivers\s816unic.sys
2009-10-15 14:17 . 2007-06-19 05:21 97320 ----a-w- c:\windows\system32\drivers\s816obex.sys
2009-10-15 14:17 . 2007-06-19 05:21 11176 ----a-w- c:\windows\system32\drivers\s816whnt.sys
2009-10-15 14:17 . 2007-06-19 05:21 11176 ----a-w- c:\windows\system32\drivers\s816wh.sys
2009-10-15 14:17 . 2007-06-19 05:21 99112 ----a-w- c:\windows\system32\drivers\s816mgmt.sys
2009-10-15 14:17 . 2007-06-19 05:21 21928 ----a-w- c:\windows\system32\drivers\s816nd5.sys
2009-10-15 14:17 . 2007-06-19 05:21 107304 ----a-w- c:\windows\system32\drivers\s816mdm.sys
2009-10-15 14:17 . 2007-06-19 05:21 13864 ----a-w- c:\windows\system32\drivers\s816mdfl.sys
2009-10-15 14:17 . 2007-06-19 05:21 11176 ----a-w- c:\windows\system32\drivers\s816cmnt.sys
2009-10-15 14:17 . 2007-06-19 05:21 11176 ----a-w- c:\windows\system32\drivers\s816cm.sys
2009-10-15 14:17 . 2007-06-19 05:21 9768 ----a-w- c:\windows\system32\drivers\s816cr.sys
2009-10-15 14:17 . 2007-06-19 05:21 81832 ----a-w- c:\windows\system32\drivers\s816bus.sys
2009-10-15 14:01 . 2008-04-13 17:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-15 13:47 . 2009-10-15 13:47 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\Notepad++
2009-10-15 13:47 . 2009-10-15 13:47 -------- d-----w- c:\program files\Notepad++
2009-10-15 13:46 . 2009-10-15 13:46 -------- d-----w- c:\program files\foobar2000
2009-10-15 13:46 . 2009-10-15 13:46 -------- d-----w- c:\program files\SubEdit-Player
2009-10-15 02:07 . 2009-10-15 13:29 -------- d-----w- c:\program files\Easy Icon Maker
2009-10-14 18:40 . 2009-10-14 18:40 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\ATI
2009-10-14 18:40 . 2009-10-14 18:40 -------- d-----w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\ATI

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 12:55 . 2009-07-16 21:33 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-10-21 12:55 . 2009-07-16 21:33 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-10-18 05:03 . 2009-10-14 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 04:12 . 2009-10-14 16:33 68456 ----a-w- c:\documents and settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-15 15:41 . 2009-10-14 15:49 -------- d-----w- c:\program files\MSBuild
2009-10-14 17:56 . 2009-07-16 21:33 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-14 17:41 . 2009-10-14 17:41 -------- d-----w- c:\program files\TGTSoft
2009-10-14 16:48 . 2009-10-14 16:48 -------- d-----w- c:\program files\Intel
2009-10-14 16:38 . 2009-10-14 16:38 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\Ventrilo
2009-10-14 16:37 . 2009-10-14 16:37 -------- d-----w- c:\program files\Ventrilo
2009-10-14 16:37 . 2009-10-14 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-14 16:28 . 2009-10-14 16:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2009-10-14 16:00 . 2009-10-14 15:21 -------- d-----w- c:\program files\ATI Technologies
2009-10-14 15:49 . 2009-10-14 15:49 -------- d-----w- c:\program files\microsoft frontpage
2009-10-14 15:49 . 2009-10-14 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-14 15:45 . 2009-10-14 15:45 -------- d-----w- c:\program files\Usługi online
2009-10-14 15:43 . 2009-10-14 15:43 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-14 15:42 . 2009-10-14 15:42 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-14 15:24 . 2009-10-14 15:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-14 15:24 . 2009-10-14 15:24 -------- d-----w- c:\program files\C-Media
2009-10-14 15:21 . 2009-10-14 15:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 15:08 . 2009-10-14 15:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-14 15:08 . 2009-10-14 15:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 15:08 . 2009-10-14 15:08 -------- d-----w- c:\program files\Java
2009-10-14 14:48 . 2009-10-14 14:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET
2009-10-14 14:46 . 2009-10-14 14:45 -------- d-----w- c:\documents and settings\ADMIN\Dane aplikacji\Tlen.pl
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\program files\Tlen7
2009-10-13 18:00 . 2009-10-14 15:07 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-11 14:15 . 2009-07-16 21:33 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-07-16 21:33 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:52 . 2009-07-16 21:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 10:34 . 2009-10-14 16:48 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-26 08:03 . 2009-07-16 21:33 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-16 15:08 . 2009-10-14 15:07 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-05 09:01 . 2009-07-16 21:33 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:23 . 2009-02-09 11:19 2067456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:23 . 2009-07-16 21:33 2190592 ----a-w- c:\windows\system32\ntoskrnl.exe
.

------- Sigcheck -------

[-] 2009-07-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tlen.pl"="c:\program files\Tlen7\tlen7.exe" [2009-10-08 94208]
"Steam"="d:\gry\Counter-Strike Steam\Steam.exe" [2009-10-18 1217784]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2001-11-15 1216512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-16 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Gry\\Counter-Strike Steam\\Steam.exe"=
"d:\\Gry\\Counter-Strike Steam\\steamapps\\djok380\\counter-strike\\hl.exe"=
"d:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-07-16 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-07-16 212520]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-07-16 125952]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-19 20560]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-10-15 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-10-15 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-10-15 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-10-15 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-10-15 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-10-15 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-10-15 97704]
.
Zawartość folderu 'Zaplanowane zadania'

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{2C54DC0E-8F4E-4F88-9DCC-31F8256F4CB0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-16 21:33]

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{8D268AF1-894F-46D1-855D-6F2CCABD9C07}.job
- c:\windows\system32\msfeedssync.exe [2009-07-16 21:33]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\ho20rqmp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\documents and settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\ho20rqmp.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 19:20
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-117609710-776561741-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,44,6f,ca,d6,2d,3a,41,91,8f,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,44,6f,ca,d6,2d,3a,41,91,8f,0c,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2009-10-22 19:23
ComboFix-quarantined-files.txt 2009-10-22 17:23

Przed: 44 866 953 216 bajtów wolnych
Po: 44 852 387 840 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 341B46DAB0FC040200768C8DC56C0DCD


a tak nawiasem... zawsze jak strona się załaduje do końca to firefox się zawiesza.... (tylko forum.tweaks.pl :P )

irytuje mnie długi start systemu oto screen logu z BootLog XP (log był bardzo duży)
Dołączona grafika

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·