x-kom hosting

log z hijackthis

ruszku
utworzono
utworzono

prosze o sprawdzenie tego loga (osobiście to nie pasuje mi tu rlvknlg.exe ale wole się upewnić) jestem słaby w te klocki prosze o w miare nie skomplikowaną pomoc

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:23, on 2009-05-20Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\GameFace Messenger\GameFace.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\program files\relevantknowledge\rlvknlg.exeC:\Program Files\Ares\Ares.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\EPSON\ESM2\eEBSVC.exeC:\WINDOWS\ATKKBService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kalendarz XP\Kalendarz.exeC:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\System32\wbem\unsecapp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exeO4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startupO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -bootO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /startO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Startup: UniSpiker-2.6.lnk = C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 8223 bytes

z góry dzięki za pomoc

Gość
komentarz
komentarz
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Fix.

Daj log z ComboFixa.

.

ruszku
komentarz
komentarz

log z combofixa

ComboFix 09-05-19.08 - RADEK 2009-05-20 16:23.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.1.1250.48.1045.18.511.66 [GMT 2:00]Uruchomiony z: c:\documents and settings\RADEK\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\RADEK\Dane aplikacji\EurekaLogc:\documents and settings\RADEK\Dane aplikacji\EurekaLog\EurekaLog.inic:\documents and settings\RADEK\Dane aplikacji\inst.exec:\windows\system32\AutoRun.infc:\windows\system32\i.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER(((((((((((((((((((((((((   Pliki utworzone od 2009-04-20 do 2009-05-20  ))))))))))))))))))))))))))))))).2009-05-19 22:46 . 2009-05-19 22:46	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\ATI2009-05-19 22:23 . 2009-05-19 22:23	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\skypePM2009-05-19 17:21 . 2009-05-19 17:21	--------	d-----w	c:\program files\Spybot - Search & Destroy2009-05-19 17:21 . 2009-05-19 17:41	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-05-15 13:30 . 2009-05-15 13:30	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\OpenOffice.org2009-05-15 13:28 . 2009-05-15 13:28	--------	d-----w	c:\program files\OpenOffice.org 32009-05-11 19:09 . 2009-05-11 21:34	--------	d-----w	c:\program files\RelevantKnowledge2009-05-11 19:09 . 2009-05-11 19:09	--------	d-----w	c:\program files\MP3MyMP3 3.02009-05-11 18:53 . 2009-05-11 19:07	--------	d-----w	C:\My Recordings2009-05-11 18:52 . 2009-05-11 18:52	--------	d-----w	c:\program files\FREE Hi-Q Recorder2009-05-06 20:21 . 2009-05-06 20:21	--------	d-----w	C:\tiesto2009-05-05 20:51 . 2009-05-05 20:51	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\OpenFM2009-05-02 13:36 . 2009-05-19 18:56	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\uTorrent.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 17:02 . 2007-06-03 15:49	1496064	------w	c:\windows\system32\CC3250MT.DLL2060-08-18 16:40 . 2007-06-03 15:49	909824	------w	c:\windows\system32\cp3245mt.dll2060-08-18 16:40 . 2007-06-03 15:49	24064	------w	c:\windows\system32\borlndmm.dll2009-05-19 23:08 . 2007-04-09 11:19	--------	d-----w	c:\program files\Kalendarz XP2009-05-19 22:40 . 2009-02-19 18:27	--------	d-----w	c:\program files\Odkurzacz2009-05-17 22:06 . 2007-04-07 15:27	196608	----a-w	c:\windows\system32\drivers\aStandard.bin2009-05-15 15:47 . 2009-02-11 14:05	21072	----a-w	c:\windows\system32\GDIPFONTCACHEV1.DAT2009-05-04 20:00 . 2007-04-07 14:56	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-22 20:58 . 2008-10-13 15:57	--------	d-----w	c:\program files\Nowe Gadu-Gadu2009-04-18 14:48 . 2008-10-12 22:45	--------	d-----w	c:\program files\ALLPlayer2009-04-13 19:13 . 2008-08-29 17:17	47360	----a-w	c:\documents and settings\RADEK\Dane aplikacji\pcouffin.sys2009-04-06 17:44 . 2009-04-06 17:44	50688	----a-w	c:\windows\system32\wbhelp2.dll2009-04-04 17:40 . 2009-04-04 17:40	--------	d-----w	c:\program files\Opera2009-03-31 15:51 . 2008-07-08 16:55	--------	d-----w	c:\program files\Java2009-03-29 15:26 . 2001-10-26 16:15	79606	----a-w	c:\windows\system32\perfc015.dat2009-03-29 15:26 . 2001-10-26 16:15	457574	----a-w	c:\windows\system32\perfh015.dat2009-03-09 03:19 . 2008-11-28 18:46	410984	----a-w	c:\windows\system32\deploytk.dll2009-03-06 14:23 . 2009-03-06 14:23	1456	----a-w	c:\windows\system32\etdblsid.dll2009-03-06 14:23 . 2009-03-06 14:23	11547	----a-w	c:\windows\system32\etdbls.dll2008-12-11 19:36 . 2008-12-11 19:36	56	--sh--r	c:\windows\system32\BD43F0F14A.sys2008-12-11 19:36 . 2008-12-11 19:36	3350	--sha-w	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-12-19 1093632]"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312]"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-03-16 5092352]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-06 16262656][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]c:\documents and settings\RADEK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]UniSpiker-2.6.lnk - c:\program files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2003-10-6 65536]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-4-9 882176]R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2007-04-07 63232]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-04-07 11264]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 114768]R4 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [2005-10-20 5376]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2007-04-07 35712]S3 CrystalSysInfo;CrystalSysInfo;\??\f:\program files\MediaCoder\SysInfo.sys --> f:\program files\MediaCoder\SysInfo.sys [?]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - ALG*NewlyCreated* - IPNAT[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc..------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uInternet Connection Wizard,ShellNext = iexploreIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htmFF - ProfilePath - c:\documents and settings\RADEK\Dane aplikacji\Mozilla\Firefox\Profiles\87tmtaoz.default\FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nppl3260.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprjplug.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-20 16:31Windows 5.1.2600 Dodatek Service Pack. 1 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(612)c:\windows\System32\ODBC32.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(668)c:\windows\System32\dssenh.dll- - - - - - - > 'explorer.exe'(3904)c:\windows\System32\msi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\EPSON\ESM2\eEBSvc.exec:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alcohol Soft\Alcohol 120\Alcohol.exec:\windows\system32\wdfmgr.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\program files\Alwil Software\Avast4\ashMaiSv.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\HP\Digital Imaging\bin\hpqste08.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\ATI Technologies\ATI.ACE\CLI.exe.**************************************************************************.Czas ukończenia: 2009-05-20 16:42 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-05-20 14:42Przed: 8 120 864 768 bajtów wolnychPo: 8 046 301 184 bajtów wolnych168

co z tym procesem rlvknlg??

Gość
komentarz
komentarz
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER

Mam nadzieję, że przy następnym skanowaniu ComboFixem już nie będzie tej usługi.

Wklej do Notatnika:

File::C:\program files\relevantknowledge\rlvknlg.exeFolder::C:\program files\relevantknowledgec:\program files\GameFace MessengerDriver::CrystalSysInfoRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS SmartDoctor"=-"ares"=-"AQQ"=-"ALLUpdate"=-"Odkurzacz-MCD"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AsusStartupHelp"=-"GameFace Messenger"=-"DAEMON Tools"=-"Sony Ericsson PC Suite"=-"TkBellExe"=-"SkyTel"=-"RTHDCPL"=-

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

ruszku
komentarz
komentarz

nowy log

ComboFix 09-05-19.08 - RADEK 2009-05-20 17:58.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.1.1250.48.1045.18.511.74 [GMT 2:00]Uruchomiony z: c:\documents and settings\RADEK\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\RADEK\Pulpit\CFScript.txtUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!FILE ::c:\program files\relevantknowledge\rlvknlg.exe.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\GameFace Messengerc:\program files\GameFace Messenger\AceClientDLL.dllc:\program files\GameFace Messenger\AceFPT.dllc:\program files\GameFace Messenger\acelib.dllc:\program files\GameFace Messenger\acenode.cfgc:\program files\GameFace Messenger\AceSkin.dllc:\program files\GameFace Messenger\AceUtility.dllc:\program files\GameFace Messenger\alert1.wavc:\program files\GameFace Messenger\alert2.wavc:\program files\GameFace Messenger\AnimationMenu.dllc:\program files\GameFace Messenger\ExtenControl.dllc:\program files\GameFace Messenger\FlashPlayer.dllc:\program files\GameFace Messenger\frame.bmpc:\program files\GameFace Messenger\GameFace.chmc:\program files\GameFace Messenger\GameFace.exec:\program files\GameFace Messenger\GameFaceLib.dllc:\program files\GameFace Messenger\hangup.wavc:\program files\GameFace Messenger\history\MessageLog.xslc:\program files\GameFace Messenger\IMSetting.datc:\program files\GameFace Messenger\IMSkin.datc:\program files\GameFace Messenger\irunin.bmpc:\program files\GameFace Messenger\irunin.datc:\program files\GameFace Messenger\irunin.inic:\program files\GameFace Messenger\irunin.lngc:\program files\GameFace Messenger\language\English\DllResource.dllc:\program files\GameFace Messenger\language\Simplified Chinese\DllResource.dllc:\program files\GameFace Messenger\language\Traditional Chinese\DllResource.dllc:\program files\GameFace Messenger\libcurl.dllc:\program files\GameFace Messenger\libeay32.dllc:\program files\GameFace Messenger\LibInstall\[u]0[/u]x0409.inic:\program files\GameFace Messenger\LibInstall\ASUS GameFace Library.msic:\program files\GameFace Messenger\LibInstall\CheckExist\[u]0[/u]x0409.inic:\program files\GameFace Messenger\LibInstall\CheckExist\CheckExist2.msic:\program files\GameFace Messenger\LibInstall\CheckExist\instmsia.exec:\program files\GameFace Messenger\LibInstall\CheckExist\instmsiw.exec:\program files\GameFace Messenger\LibInstall\CheckExist\ISScript9.Msic:\program files\GameFace Messenger\LibInstall\CheckExist\Setup.inic:\program files\GameFace Messenger\LibInstall\CheckExist\setup.logc:\program files\GameFace Messenger\LibInstall\Data1.cabc:\program files\GameFace Messenger\LibInstall\instmsia.exec:\program files\GameFace Messenger\LibInstall\instmsiw.exec:\program files\GameFace Messenger\LibInstall\ISScript11.Msic:\program files\GameFace Messenger\LibInstall\Setup.inic:\program files\GameFace Messenger\LibInstall\setup.logc:\program files\GameFace Messenger\MediaResource.dllc:\program files\GameFace Messenger\mfc71.dllc:\program files\GameFace Messenger\mfc71u.dllc:\program files\GameFace Messenger\msvcp71.dllc:\program files\GameFace Messenger\msvcr71.dllc:\program files\GameFace Messenger\OleImageIM.dllc:\program files\GameFace Messenger\PfCore.dllc:\program files\GameFace Messenger\phone.wavc:\program files\GameFace Messenger\SafeGuard.dllc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\AsusFrame.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\Chat.inic:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\ConvMenu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\[u]0[/u].bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\1.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\10.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\11.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\2.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\3.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\4.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\5.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\6.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\7.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\8.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\9.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\AddUserBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\AnswerButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\answerhangup.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\BlockButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\bsMessengerlongBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\bsMessengerShortBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\ConRepeatButtonBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\DefaultMyself.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\EmotionButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\FontButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\groupIconDown.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\groupIconRight.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\HangupButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\icon-talk.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\InviteButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\LogInAnimation.gifc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Phone.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Portrait_disconnected.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Portrait_normal.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SecureButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SendFileButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SendMessageButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_away.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_away_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_blocked.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_busy.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_busy_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_offline.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_online.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_online_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\WinkButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainMenu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainMidBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainStatus.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainTab.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainTopBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\menu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\menu2.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\OptionTab.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\PhotoBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\Skin.inic:\program files\GameFace Messenger\skins\Default\AsusFrame.bmpc:\program files\GameFace Messenger\skins\Default\AsusFrameGreen.bmpc:\program files\GameFace Messenger\skins\Default\Chat.inic:\program files\GameFace Messenger\skins\Default\ConvMenu.bmpc:\program files\GameFace Messenger\skins\Default\frame.bmpc:\program files\GameFace Messenger\skins\Default\images\[u]0[/u].bmpc:\program files\GameFace Messenger\skins\Default\images\1.bmpc:\program files\GameFace Messenger\skins\Default\images\10.bmpc:\program files\GameFace Messenger\skins\Default\images\11.bmpc:\program files\GameFace Messenger\skins\Default\images\2.bmpc:\program files\GameFace Messenger\skins\Default\images\3.bmpc:\program files\GameFace Messenger\skins\Default\images\4.bmpc:\program files\GameFace Messenger\skins\Default\images\5.bmpc:\program files\GameFace Messenger\skins\Default\images\6.bmpc:\program files\GameFace Messenger\skins\Default\images\7.bmpc:\program files\GameFace Messenger\skins\Default\images\8.bmpc:\program files\GameFace Messenger\skins\Default\images\9.bmpc:\program files\GameFace Messenger\skins\Default\images\AddUserBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\AnswerButton.bmpc:\program files\GameFace Messenger\skins\Default\images\answerhangup.bmpc:\program files\GameFace Messenger\skins\Default\images\BlockButton.bmpc:\program files\GameFace Messenger\skins\Default\images\bsMessengerlongBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\bsMessengerShortBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\ConRepeatButtonBar.bmpc:\program files\GameFace Messenger\skins\Default\images\DefaultMyself.bmpc:\program files\GameFace Messenger\skins\Default\images\EmotionButton.bmpc:\program files\GameFace Messenger\skins\Default\images\FontButton.bmpc:\program files\GameFace Messenger\skins\Default\images\groupIconDown.bmpc:\program files\GameFace Messenger\skins\Default\images\groupIconRight.bmpc:\program files\GameFace Messenger\skins\Default\images\HangupButton.bmpc:\program files\GameFace Messenger\skins\Default\images\icon-talk.bmpc:\program files\GameFace Messenger\skins\Default\images\InviteButton.bmpc:\program files\GameFace Messenger\skins\Default\images\LogInAnimation.gifc:\program files\GameFace Messenger\skins\Default\images\Phone.bmpc:\program files\GameFace Messenger\skins\Default\images\Portrait_disconnected.bmpc:\program files\GameFace Messenger\skins\Default\images\Portrait_normal.bmpc:\program files\GameFace Messenger\skins\Default\images\SecureButton.bmpc:\program files\GameFace Messenger\skins\Default\images\SendFileButton.bmpc:\program files\GameFace Messenger\skins\Default\images\SendMessageButton.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_away.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_away_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_blocked.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_busy.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_busy_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_offline.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_online.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_online_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\WinkButton.bmpc:\program files\GameFace Messenger\skins\Default\MainMenu.bmpc:\program files\GameFace Messenger\skins\Default\MainMidBar.bmpc:\program files\GameFace Messenger\skins\Default\MainStatus.bmpc:\program files\GameFace Messenger\skins\Default\MainTab.bmpc:\program files\GameFace Messenger\skins\Default\MainTopBar.bmpc:\program files\GameFace Messenger\skins\Default\menu.bmpc:\program files\GameFace Messenger\skins\Default\OptionTab.bmpc:\program files\GameFace Messenger\skins\Default\PhotoBar.bmpc:\program files\GameFace Messenger\skins\Default\Skin.inic:\program files\GameFace Messenger\ssleay32.dllc:\program files\relevantknowledgec:\program files\relevantknowledge\rlls.dllc:\program files\relevantknowledge\rloci.binc:\program files\relevantknowledge\rlservice.exec:\program files\relevantknowledge\rlvknlg.exe.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CRYSTALSYSINFO-------\Service_CrystalSysInfo(((((((((((((((((((((((((   Pliki utworzone od 2009-04-20 do 2009-05-20  ))))))))))))))))))))))))))))))).2009-05-19 22:46 . 2009-05-19 22:46	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\ATI2009-05-19 22:23 . 2009-05-19 22:23	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\skypePM2009-05-19 17:21 . 2009-05-19 17:21	--------	d-----w	c:\program files\Spybot - Search & Destroy2009-05-19 17:21 . 2009-05-19 17:41	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-05-15 13:30 . 2009-05-15 13:30	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\OpenOffice.org2009-05-15 13:28 . 2009-05-15 13:28	--------	d-----w	c:\program files\OpenOffice.org 32009-05-11 19:09 . 2009-05-11 19:09	--------	d-----w	c:\program files\MP3MyMP3 3.02009-05-11 18:53 . 2009-05-11 19:07	--------	d-----w	C:\My Recordings2009-05-11 18:52 . 2009-05-11 18:52	--------	d-----w	c:\program files\FREE Hi-Q Recorder2009-05-06 20:21 . 2009-05-06 20:21	--------	d-----w	C:\tiesto2009-05-05 20:51 . 2009-05-05 20:51	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\OpenFM2009-05-02 13:36 . 2009-05-19 18:56	--------	d-----w	c:\documents and settings\RADEK\Dane aplikacji\uTorrent.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 17:02 . 2007-06-03 15:49	1496064	------w	c:\windows\system32\CC3250MT.DLL2060-08-18 16:40 . 2007-06-03 15:49	909824	------w	c:\windows\system32\cp3245mt.dll2060-08-18 16:40 . 2007-06-03 15:49	24064	------w	c:\windows\system32\borlndmm.dll2009-05-20 16:06 . 2001-10-26 16:15	79606	----a-w	c:\windows\system32\perfc015.dat2009-05-20 16:06 . 2001-10-26 16:15	457574	----a-w	c:\windows\system32\perfh015.dat2009-05-19 23:08 . 2007-04-09 11:19	--------	d-----w	c:\program files\Kalendarz XP2009-05-19 22:40 . 2009-02-19 18:27	--------	d-----w	c:\program files\Odkurzacz2009-05-17 22:06 . 2007-04-07 15:27	196608	----a-w	c:\windows\system32\drivers\aStandard.bin2009-05-15 15:47 . 2009-02-11 14:05	21072	----a-w	c:\windows\system32\GDIPFONTCACHEV1.DAT2009-05-04 20:00 . 2007-04-07 14:56	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-22 20:58 . 2008-10-13 15:57	--------	d-----w	c:\program files\Nowe Gadu-Gadu2009-04-18 14:48 . 2008-10-12 22:45	--------	d-----w	c:\program files\ALLPlayer2009-04-13 19:13 . 2008-08-29 17:17	47360	----a-w	c:\documents and settings\RADEK\Dane aplikacji\pcouffin.sys2009-04-06 17:44 . 2009-04-06 17:44	50688	----a-w	c:\windows\system32\wbhelp2.dll2009-04-04 17:40 . 2009-04-04 17:40	--------	d-----w	c:\program files\Opera2009-03-31 15:51 . 2008-07-08 16:55	--------	d-----w	c:\program files\Java2009-03-09 03:19 . 2008-11-28 18:46	410984	----a-w	c:\windows\system32\deploytk.dll2009-03-06 14:23 . 2009-03-06 14:23	1456	----a-w	c:\windows\system32\etdblsid.dll2009-03-06 14:23 . 2009-03-06 14:23	11547	----a-w	c:\windows\system32\etdbls.dll2008-12-11 19:36 . 2008-12-11 19:36	56	--sh--r	c:\windows\system32\BD43F0F14A.sys2008-12-11 19:36 . 2008-12-11 19:36	3350	--sha-w	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((   SnapShot@2009-05-20_14.32.09   ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-20 16:03 . 2009-05-20 16:03	16384			  c:\windows\Temp\Perflib_Perfdata_704.dat+ 2009-05-20 16:03 . 2009-05-20 16:03	16384			  c:\windows\Temp\Perflib_Perfdata_508.dat+ 2001-08-17 21:30 . 2009-05-20 16:06	62422			  c:\windows\system32\perfc009.dat- 2001-08-17 21:30 . 2009-03-29 15:26	62422			  c:\windows\system32\perfc009.dat+ 2001-08-17 21:30 . 2009-05-20 16:06	400760			  c:\windows\system32\perfh009.dat- 2001-08-17 21:30 . 2009-03-29 15:26	400760			  c:\windows\system32\perfh009.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]c:\documents and settings\RADEK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]UniSpiker-2.6.lnk - c:\program files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2003-10-6 65536]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-4-9 882176]R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2007-04-07 63232]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-04-07 11264]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 114768]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2007-04-07 35712][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc..------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uInternet Connection Wizard,ShellNext = iexploreIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htmFF - ProfilePath - c:\documents and settings\RADEK\Dane aplikacji\Mozilla\Firefox\Profiles\87tmtaoz.default\FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nppl3260.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprjplug.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-20 18:05Windows 5.1.2600 Dodatek Service Pack. 1 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(612)c:\windows\System32\ODBC32.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(668)c:\windows\System32\dssenh.dll- - - - - - - > 'explorer.exe'(1928)c:\windows\System32\msi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\EPSON\ESM2\eEBSvc.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alcohol Soft\Alcohol 120\Alcohol.exec:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\HP\Digital Imaging\bin\hpqste08.exe.**************************************************************************.Czas ukończenia: 2009-05-20 18:16 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-05-20 16:16ComboFix2.txt  2009-05-20 14:42Przed: 8 091 734 016 bajtów wolnychPo: 8 051 929 088 bajtów wolnych331
Gość
komentarz
komentarz

Teraz jest czysto. ;]

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

3. Wykonaj optymalizację systemu

4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

ruszku
komentarz
komentarz

kaspersky nic nie wykrył czysto

wielkie dzięki !!!! :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.