Prozba o sprawdzenie loga z OTL! atak win32/Kryptik.cpf

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich!

Mam do was wielka prozbe o sprawdzenie loga.

Mam problem z komptem od jakiegos czasu kiedy Avast wposcil mi sasera i wiele innch wirusow, antimalware. Wydaje mi sie, ze udalo mi sie wszystko usunac skanujac kompa wieloma programami. Obecnie mam NOD 32 z licencja, Spyware Doctor i malwarebytes anit-malware. Porgramy te wykrywaja mi non-stop cos na kompie, nawet dzis jakies trojany. Nod informuje mnie o ponad 79 atakach wirusa win32/Kryptik.cpf., do tego podczas pracy w internecie wyskakuja mi rozne strony ktorych nie otwieralam, i komp strasznie muli (pomimo,ze przenioslam prawie wszystko, zostawilam muzyke na dysk dodatkowy, wiec nie powinien tak muliuc.

Wydaje mi sie ze jednak musze miec cos na kompie.

Prosze o sprawdzenie i jaks porade, dodam,ze jestem zielona jesli chodzi o sprawy informatyczne.

dzieki, :slight_smile:

Dodane 11.03.2010 (Cz) 18:38

OTL logfile created on: 2010-03-11 18:13:36 - Run 1

OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Ania\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 015,00 Mb Total Physical Memory | 496,00 Mb Available Physical Memory | 49,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 58,59 Gb Total Space | 15,57 Gb Free Space | 26,58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 53,19 Gb Total Space | 50,37 Gb Free Space | 94,70% Space Free | Partition Type: NTFS

Drive F: | 7,47 Gb Total Space | 4,63 Gb Free Space | 62,07% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ANNA-8B52E21E08

Current User Name: Ania

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Dodane 11.03.2010 (Cz) 18:38

========== Processes (SafeList) ==========

PRC - [2010-03-11 18:12:12 | 000,554,496 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Ania\Pulpit\OTL.exe

PRC - [2010-03-10 20:49:06 | 000,202,256 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-05-14 15:47:08 | 002,029,640 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009-04-17 02:35:18 | 000,408,424 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

PRC - [2009-01-21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\pctsSvc.exe

PRC - [2009-01-07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\pctsAuxs.exe

PRC - [2008-12-08 13:33:48 | 001,173,384 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\pctsTray.exe

PRC - [2008-10-25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-09-29 09:03:20 | 000,068,856 | ---- | M] (Google Inc.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007-01-04 18:48:52 | 000,112,152 | R— | M] (InterVideo) – C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006-11-03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2006-07-21 15:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE

PRC - [2006-06-01 12:57:02 | 000,573,440 | ---- | M] (Motorola Inc.) – C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2006-05-16 15:29:36 | 000,053,248 | ---- | M] (ASUSTeK Computer INC.) – C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2006-05-16 10:42:52 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2006-05-10 07:22:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2006-04-17 16:24:30 | 000,110,592 | ---- | M] () – C:\WINDOWS\ATK0100\HControl.exe

PRC - [2006-04-07 16:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2006-04-01 15:37:00 | 002,170,880 | ---- | M] () – C:\WINDOWS\ATK0100\ATKOSD.exe

PRC - [2006-02-06 22:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2006-01-27 17:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2006-01-23 20:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2005-09-30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) – C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010-03-11 18:12:12 | 000,554,496 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Ania\Pulpit\OTL.exe

MOD - [2009-02-13 14:11:44 | 000,100,864 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\klg.dat

MOD - [2008-11-13 14:19:40 | 000,148,944 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\smum32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-05-14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe – (EhttpSrv)

SRV - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe – (ekrn)

SRV - [2009-01-21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [Auto | Running] – C:\Program Files\Spyware Doctor\pctsSvc.exe – (sdCoreService)

SRV - [2009-01-07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] – C:\Program Files\Spyware Doctor\pctsAuxs.exe – (sdAuxService)

SRV - [2007-01-04 18:48:52 | 000,112,152 | R— | M] (InterVideo) [Auto | Running] – C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe – (IviRegMgr)

SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MsMpEng.exe – (WinDefend)

SRV - [2005-09-30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] – C:\Program Files\Canon\CAL\CALMAIN.exe – (CCALib8)

========== Driver Services (SafeList) ==========

DRV - [2009-05-14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\epfwtdir.sys – (epfwtdir)

DRV - [2009-05-14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ehdrv.sys – (ehdrv)

DRV - [2009-05-14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\eamon.sys – (eamon)

DRV - [2009-04-03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] – C:\WINDOWS\system32\drivers\PCTCore.sys – (PCTCore)

DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2007-07-18 18:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-08-09 13:15:14 | 001,116,544 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\SynMini.sys – (SynMini)

DRV - [2006-08-09 13:15:14 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\SynScan.sys – (SynScan)

DRV - [2006-07-26 09:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\NETw3x32.sys – (NETw3x32) Sterownik karty Intel®

DRV - [2006-06-01 13:03:00 | 000,894,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\smserial.sys – (smserial)

DRV - [2006-05-18 20:46:16 | 000,110,976 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosrfbd.sys – (Tosrfbd)

DRV - [2006-05-09 10:21:54 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosrfusb.sys – (Tosrfusb)

DRV - [2006-05-09 09:33:54 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosrfhid.sys – (Tosrfhid)

DRV - [2006-04-27 17:37:02 | 001,164,600 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\sthda.sys – (STHDA)

DRV - [2006-04-19 12:57:44 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosporte.sys – (tosporte)

DRV - [2006-03-16 09:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosrfbnp.sys – (Tosrfbnp)

DRV - [2006-03-15 09:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\tosrfsnd.sys – (TosRfSnd) Bluetooth Audio Device (WDM)

DRV - [2005-08-01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\tosrfcom.sys – (Tosrfcom)

DRV - [2005-07-11 17:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\toshidpt.sys – (toshidpt)

DRV - [2005-02-17 22:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ATKACPI.sys – (MTsensor)

DRV - [2005-01-06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\tosrfnds.sys – (tosrfnds)

DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2001-08-17 20:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\MODEMCSA.sys – (MODEMCSA)

========== Standard Registry (SafeList) ==========

Dodane 11.03.2010 (Cz) 18:41

tu raz jeszcze log caly

http://www.wklejto.pl/60171

#2

Log źle wklejony - brak ukośników ** - co uniemożliwia jego analizę.

Używaj wklej.org, wklej.to lub nopaste.pl.

Popraw log, bo z tego kawałka niewiele mogę wywróżyć. :slight_smile:

#3

Cabrera ,

Zamieszczenie logów na forum - przeczytaj i zastosuj się do zaleceń zawartych w Temacie

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

#4

http://www.wklejto.pl/60171

tu raz jeszcze, dziekuje

#5

W logu mam takie coś:

#6

wiem ze to glupo brzmi ale nie chce mi sie w tych programach moj login wkleic. Czy musi byc on caly? czy tylko jaks czesc? nie weim jaki jest problem, ze nie chce mi sie poprawna wersja z ukosnikami wkleic.

#7

Pisz z polskimi literami. Strach mi czytać tekst z tyloma błędami…

Nie wklejasz loga poprzez Przeglądaj… , tylko ręcznie kopiujesz jego zawartość w pole do wklejania tekstu.

#8

Witam,

Tak na początek to użyj tego

http://www.dobreprogramy.pl/Narzedzie-d … 13181.html

Potem tego

http://www.dobreprogramy.pl/SmitFraudFi … 12905.html

W tym odpalasz najlepiej w trybie awaryjnym i nastepnie wybierasz 2. Clean :slight_smile: