Skocz do zawartości

  2. Przeglądanie profilu: Tematy: kreig1

kreig1

Rejestracja: 30 kwi 2007
OFFLINE Ostatnio: 11 03 2009 22:49
-----

Moje tematy

Logi - Profilaktyczna kontrola

11 03 2009 - 19:28

Ogólnie rzecz biorąc to proszę o sprawdzenie tych logów.

Log z ComboFix:
CODE-BOX
ComboFix 09-03-10.03 - nn 2009-03-11 18:09:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.503.305 [GMT 1:00]
Uruchomiony z: c:\documents and settings\nn\Pulpit\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
* Resident AV is active

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-11 do 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 17:54 . 2009-03-11 17:54 <DIR> d-------- c:\windows\LastGood
2009-03-11 00:14 . 2009-03-11 00:33 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-11 00:14 . 2009-03-11 00:14 <DIR> d-------- c:\program files\Crawler
2009-03-11 00:14 . 2009-03-11 00:33 <DIR> d-------- c:\documents and settings\nn\Dane aplikacji\Spyware Terminator
2009-03-11 00:14 . 2009-03-11 00:25 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator
2009-03-11 00:14 . 2009-03-11 00:14 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-10 20:39 . 2009-03-10 22:44 <DIR> d-------- c:\documents and settings\nn\DoctorWeb
2009-03-08 22:38 . 2009-03-08 22:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-08 22:38 . 2009-03-08 22:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-03-08 21:18 . 2009-03-08 21:18 <DIR> d-------- c:\program files\Trend Micro
2009-02-26 23:27 . 2009-02-26 23:27 <DIR> dr------- c:\program files\Skype
2009-02-26 23:27 . 2009-02-26 23:27 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 20:28 --------- d-----w c:\program files\vplayer
2009-03-08 20:14 --------- d-----w c:\program files\ESET
2009-03-08 19:45 --------- d-----w c:\program files\DNA
2009-03-04 01:28 --------- d-----w c:\documents and settings\nn\Dane aplikacji\Skype
2009-03-04 01:17 --------- d-----w c:\documents and settings\nn\Dane aplikacji\skypePM
2009-02-26 22:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-05 02:30 --------- d-----w c:\documents and settings\nn\Dane aplikacji\uTorrent
2009-01-11 19:25 --------- d-----w c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-07-06 949376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-07-06 2468200]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-07-06 15424]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - AD-WATCH_REAL-TIME_SCANNER
*NewlyCreated* - AD-WATCH_REGISTRY_FILTER
.
.
------- Skan uzupełniający -------
.
IE: Crawler Search - tbr:iemenu
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\nn\Dane aplikacji\Mozilla\Firefox\Profiles\56qhqzdq.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 18:10:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2009-03-11 18:12:15
ComboFix-quarantined-files.txt 2009-03-11 17:11:57
ComboFix2.txt 2009-03-08 21:06:17

Przed: 16 251 899 904 bajtów wolnych
Po: 16,303,726,592 bajtów wolnych

92 --- E O F --- 2009-02-25 02:01:06




Log HiJackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:56, on 2009-03-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5315 bytes

[inne]Autostart systemu

11 03 2009 - 00:54

Witam

Panowie i Panie czy mogę wyrzucić z rejestru czyt z HKEY_MACHINE\SOFTWARE\Microsoft\Windows|CurrentVersion\Run usunąć takie coś jak domino.exe i VMSnap23.exe?

Logi - Wolne działanie komputera

08 03 2009 - 22:51

Prosze o sprawdzenie logów z ComboFix i hijacka. Mój laptop bardzo wolno działa. Aby uruchomić mozzili potrzeba mu około 1minuty... :) nie wiem czemu... mój NOD32 wykrył wirusa XP-Police-09 ale nie wykasował go chyba???? proszę o pomoc. Sprzęt na laptopie to Intel Core 2 GHz 512 RAM

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Tematy: kreig1
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·