ruszku utworzono 19 maja 2009 utworzono 19 maja 2009 prosze o sprawdzenie tego loga (osobiście to nie pasuje mi tu rlvknlg.exe ale wole się upewnić) jestem słaby w te klocki prosze o w miare nie skomplikowaną pomoc Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:23, on 2009-05-20Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\GameFace Messenger\GameFace.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\program files\relevantknowledge\rlvknlg.exeC:\Program Files\Ares\Ares.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\EPSON\ESM2\eEBSVC.exeC:\WINDOWS\ATKKBService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kalendarz XP\Kalendarz.exeC:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\System32\wbem\unsecapp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exeO4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startupO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -bootO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /startO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Startup: UniSpiker-2.6.lnk = C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 8223 bytes z góry dzięki za pomoc
Gość komentarz 20 maja 2009 komentarz 20 maja 2009 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) Fix. Daj log z ComboFixa. .
ruszku komentarz 20 maja 2009 Autor komentarz 20 maja 2009 log z combofixa ComboFix 09-05-19.08 - RADEK 2009-05-20 16:23.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.511.66 [GMT 2:00]Uruchomiony z: c:\documents and settings\RADEK\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\RADEK\Dane aplikacji\EurekaLogc:\documents and settings\RADEK\Dane aplikacji\EurekaLog\EurekaLog.inic:\documents and settings\RADEK\Dane aplikacji\inst.exec:\windows\system32\AutoRun.infc:\windows\system32\i.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER((((((((((((((((((((((((( Pliki utworzone od 2009-04-20 do 2009-05-20 ))))))))))))))))))))))))))))))).2009-05-19 22:46 . 2009-05-19 22:46 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\ATI2009-05-19 22:23 . 2009-05-19 22:23 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\skypePM2009-05-19 17:21 . 2009-05-19 17:21 -------- d-----w c:\program files\Spybot - Search & Destroy2009-05-19 17:21 . 2009-05-19 17:41 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-05-15 13:30 . 2009-05-15 13:30 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\OpenOffice.org2009-05-15 13:28 . 2009-05-15 13:28 -------- d-----w c:\program files\OpenOffice.org 32009-05-11 19:09 . 2009-05-11 21:34 -------- d-----w c:\program files\RelevantKnowledge2009-05-11 19:09 . 2009-05-11 19:09 -------- d-----w c:\program files\MP3MyMP3 3.02009-05-11 18:53 . 2009-05-11 19:07 -------- d-----w C:\My Recordings2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w c:\program files\FREE Hi-Q Recorder2009-05-06 20:21 . 2009-05-06 20:21 -------- d-----w C:\tiesto2009-05-05 20:51 . 2009-05-05 20:51 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\OpenFM2009-05-02 13:36 . 2009-05-19 18:56 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\uTorrent.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 17:02 . 2007-06-03 15:49 1496064 ------w c:\windows\system32\CC3250MT.DLL2060-08-18 16:40 . 2007-06-03 15:49 909824 ------w c:\windows\system32\cp3245mt.dll2060-08-18 16:40 . 2007-06-03 15:49 24064 ------w c:\windows\system32\borlndmm.dll2009-05-19 23:08 . 2007-04-09 11:19 -------- d-----w c:\program files\Kalendarz XP2009-05-19 22:40 . 2009-02-19 18:27 -------- d-----w c:\program files\Odkurzacz2009-05-17 22:06 . 2007-04-07 15:27 196608 ----a-w c:\windows\system32\drivers\aStandard.bin2009-05-15 15:47 . 2009-02-11 14:05 21072 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT2009-05-04 20:00 . 2007-04-07 14:56 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-22 20:58 . 2008-10-13 15:57 -------- d-----w c:\program files\Nowe Gadu-Gadu2009-04-18 14:48 . 2008-10-12 22:45 -------- d-----w c:\program files\ALLPlayer2009-04-13 19:13 . 2008-08-29 17:17 47360 ----a-w c:\documents and settings\RADEK\Dane aplikacji\pcouffin.sys2009-04-06 17:44 . 2009-04-06 17:44 50688 ----a-w c:\windows\system32\wbhelp2.dll2009-04-04 17:40 . 2009-04-04 17:40 -------- d-----w c:\program files\Opera2009-03-31 15:51 . 2008-07-08 16:55 -------- d-----w c:\program files\Java2009-03-29 15:26 . 2001-10-26 16:15 79606 ----a-w c:\windows\system32\perfc015.dat2009-03-29 15:26 . 2001-10-26 16:15 457574 ----a-w c:\windows\system32\perfh015.dat2009-03-09 03:19 . 2008-11-28 18:46 410984 ----a-w c:\windows\system32\deploytk.dll2009-03-06 14:23 . 2009-03-06 14:23 1456 ----a-w c:\windows\system32\etdblsid.dll2009-03-06 14:23 . 2009-03-06 14:23 11547 ----a-w c:\windows\system32\etdbls.dll2008-12-11 19:36 . 2008-12-11 19:36 56 --sh--r c:\windows\system32\BD43F0F14A.sys2008-12-11 19:36 . 2008-12-11 19:36 3350 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-12-19 1093632]"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312]"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-03-16 5092352]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 198160]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-06 16262656][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]c:\documents and settings\RADEK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]UniSpiker-2.6.lnk - c:\program files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2003-10-6 65536]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-4-9 882176]R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2007-04-07 63232]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-04-07 11264]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 114768]R4 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [2005-10-20 5376]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2007-04-07 35712]S3 CrystalSysInfo;CrystalSysInfo;\??\f:\program files\MediaCoder\SysInfo.sys --> f:\program files\MediaCoder\SysInfo.sys [?]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - ALG*NewlyCreated* - IPNAT[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc..------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uInternet Connection Wizard,ShellNext = iexploreIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htmFF - ProfilePath - c:\documents and settings\RADEK\Dane aplikacji\Mozilla\Firefox\Profiles\87tmtaoz.default\FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nppl3260.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprjplug.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-20 16:31Windows 5.1.2600 Dodatek Service Pack. 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(612)c:\windows\System32\ODBC32.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(668)c:\windows\System32\dssenh.dll- - - - - - - > 'explorer.exe'(3904)c:\windows\System32\msi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\EPSON\ESM2\eEBSvc.exec:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alcohol Soft\Alcohol 120\Alcohol.exec:\windows\system32\wdfmgr.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\program files\Alwil Software\Avast4\ashMaiSv.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\HP\Digital Imaging\bin\hpqste08.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\ATI Technologies\ATI.ACE\CLI.exe.**************************************************************************.Czas ukończenia: 2009-05-20 16:42 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-05-20 14:42Przed: 8 120 864 768 bajtów wolnychPo: 8 046 301 184 bajtów wolnych168 co z tym procesem rlvknlg??
Gość komentarz 20 maja 2009 komentarz 20 maja 2009 ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER Mam nadzieję, że przy następnym skanowaniu ComboFixem już nie będzie tej usługi. Wklej do Notatnika: File::C:\program files\relevantknowledge\rlvknlg.exeFolder::C:\program files\relevantknowledgec:\program files\GameFace MessengerDriver::CrystalSysInfoRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS SmartDoctor"=-"ares"=-"AQQ"=-"ALLUpdate"=-"Odkurzacz-MCD"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AsusStartupHelp"=-"GameFace Messenger"=-"DAEMON Tools"=-"Sony Ericsson PC Suite"=-"TkBellExe"=-"SkyTel"=-"RTHDCPL"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
ruszku komentarz 20 maja 2009 Autor komentarz 20 maja 2009 nowy log ComboFix 09-05-19.08 - RADEK 2009-05-20 17:58.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.511.74 [GMT 2:00]Uruchomiony z: c:\documents and settings\RADEK\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\RADEK\Pulpit\CFScript.txtUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!FILE ::c:\program files\relevantknowledge\rlvknlg.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\GameFace Messengerc:\program files\GameFace Messenger\AceClientDLL.dllc:\program files\GameFace Messenger\AceFPT.dllc:\program files\GameFace Messenger\acelib.dllc:\program files\GameFace Messenger\acenode.cfgc:\program files\GameFace Messenger\AceSkin.dllc:\program files\GameFace Messenger\AceUtility.dllc:\program files\GameFace Messenger\alert1.wavc:\program files\GameFace Messenger\alert2.wavc:\program files\GameFace Messenger\AnimationMenu.dllc:\program files\GameFace Messenger\ExtenControl.dllc:\program files\GameFace Messenger\FlashPlayer.dllc:\program files\GameFace Messenger\frame.bmpc:\program files\GameFace Messenger\GameFace.chmc:\program files\GameFace Messenger\GameFace.exec:\program files\GameFace Messenger\GameFaceLib.dllc:\program files\GameFace Messenger\hangup.wavc:\program files\GameFace Messenger\history\MessageLog.xslc:\program files\GameFace Messenger\IMSetting.datc:\program files\GameFace Messenger\IMSkin.datc:\program files\GameFace Messenger\irunin.bmpc:\program files\GameFace Messenger\irunin.datc:\program files\GameFace Messenger\irunin.inic:\program files\GameFace Messenger\irunin.lngc:\program files\GameFace Messenger\language\English\DllResource.dllc:\program files\GameFace Messenger\language\Simplified Chinese\DllResource.dllc:\program files\GameFace Messenger\language\Traditional Chinese\DllResource.dllc:\program files\GameFace Messenger\libcurl.dllc:\program files\GameFace Messenger\libeay32.dllc:\program files\GameFace Messenger\LibInstall\[u]0[/u]x0409.inic:\program files\GameFace Messenger\LibInstall\ASUS GameFace Library.msic:\program files\GameFace Messenger\LibInstall\CheckExist\[u]0[/u]x0409.inic:\program files\GameFace Messenger\LibInstall\CheckExist\CheckExist2.msic:\program files\GameFace Messenger\LibInstall\CheckExist\instmsia.exec:\program files\GameFace Messenger\LibInstall\CheckExist\instmsiw.exec:\program files\GameFace Messenger\LibInstall\CheckExist\ISScript9.Msic:\program files\GameFace Messenger\LibInstall\CheckExist\Setup.inic:\program files\GameFace Messenger\LibInstall\CheckExist\setup.logc:\program files\GameFace Messenger\LibInstall\Data1.cabc:\program files\GameFace Messenger\LibInstall\instmsia.exec:\program files\GameFace Messenger\LibInstall\instmsiw.exec:\program files\GameFace Messenger\LibInstall\ISScript11.Msic:\program files\GameFace Messenger\LibInstall\Setup.inic:\program files\GameFace Messenger\LibInstall\setup.logc:\program files\GameFace Messenger\MediaResource.dllc:\program files\GameFace Messenger\mfc71.dllc:\program files\GameFace Messenger\mfc71u.dllc:\program files\GameFace Messenger\msvcp71.dllc:\program files\GameFace Messenger\msvcr71.dllc:\program files\GameFace Messenger\OleImageIM.dllc:\program files\GameFace Messenger\PfCore.dllc:\program files\GameFace Messenger\phone.wavc:\program files\GameFace Messenger\SafeGuard.dllc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\AsusFrame.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\Chat.inic:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\ConvMenu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\[u]0[/u].bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\1.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\10.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\11.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\2.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\3.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\4.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\5.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\6.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\7.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\8.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\9.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\AddUserBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\AnswerButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\answerhangup.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\BlockButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\bsMessengerlongBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\bsMessengerShortBanner.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\ConRepeatButtonBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\DefaultMyself.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\EmotionButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\FontButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\groupIconDown.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\groupIconRight.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\HangupButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\icon-talk.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\InviteButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\LogInAnimation.gifc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Phone.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Portrait_disconnected.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\Portrait_normal.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SecureButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SendFileButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\SendMessageButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_away.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_away_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_blocked.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_busy.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_busy_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_offline.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_online.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\smallPerson_online_lock.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\images\WinkButton.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainMenu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainMidBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainStatus.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainTab.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\MainTopBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\menu.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\menu2.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\OptionTab.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\PhotoBar.bmpc:\program files\GameFace Messenger\skins\ASUS_GameFace_Green\Skin.inic:\program files\GameFace Messenger\skins\Default\AsusFrame.bmpc:\program files\GameFace Messenger\skins\Default\AsusFrameGreen.bmpc:\program files\GameFace Messenger\skins\Default\Chat.inic:\program files\GameFace Messenger\skins\Default\ConvMenu.bmpc:\program files\GameFace Messenger\skins\Default\frame.bmpc:\program files\GameFace Messenger\skins\Default\images\[u]0[/u].bmpc:\program files\GameFace Messenger\skins\Default\images\1.bmpc:\program files\GameFace Messenger\skins\Default\images\10.bmpc:\program files\GameFace Messenger\skins\Default\images\11.bmpc:\program files\GameFace Messenger\skins\Default\images\2.bmpc:\program files\GameFace Messenger\skins\Default\images\3.bmpc:\program files\GameFace Messenger\skins\Default\images\4.bmpc:\program files\GameFace Messenger\skins\Default\images\5.bmpc:\program files\GameFace Messenger\skins\Default\images\6.bmpc:\program files\GameFace Messenger\skins\Default\images\7.bmpc:\program files\GameFace Messenger\skins\Default\images\8.bmpc:\program files\GameFace Messenger\skins\Default\images\9.bmpc:\program files\GameFace Messenger\skins\Default\images\AddUserBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\AnswerButton.bmpc:\program files\GameFace Messenger\skins\Default\images\answerhangup.bmpc:\program files\GameFace Messenger\skins\Default\images\BlockButton.bmpc:\program files\GameFace Messenger\skins\Default\images\bsMessengerlongBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\bsMessengerShortBanner.bmpc:\program files\GameFace Messenger\skins\Default\images\ConRepeatButtonBar.bmpc:\program files\GameFace Messenger\skins\Default\images\DefaultMyself.bmpc:\program files\GameFace Messenger\skins\Default\images\EmotionButton.bmpc:\program files\GameFace Messenger\skins\Default\images\FontButton.bmpc:\program files\GameFace Messenger\skins\Default\images\groupIconDown.bmpc:\program files\GameFace Messenger\skins\Default\images\groupIconRight.bmpc:\program files\GameFace Messenger\skins\Default\images\HangupButton.bmpc:\program files\GameFace Messenger\skins\Default\images\icon-talk.bmpc:\program files\GameFace Messenger\skins\Default\images\InviteButton.bmpc:\program files\GameFace Messenger\skins\Default\images\LogInAnimation.gifc:\program files\GameFace Messenger\skins\Default\images\Phone.bmpc:\program files\GameFace Messenger\skins\Default\images\Portrait_disconnected.bmpc:\program files\GameFace Messenger\skins\Default\images\Portrait_normal.bmpc:\program files\GameFace Messenger\skins\Default\images\SecureButton.bmpc:\program files\GameFace Messenger\skins\Default\images\SendFileButton.bmpc:\program files\GameFace Messenger\skins\Default\images\SendMessageButton.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_away.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_away_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_blocked.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_busy.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_busy_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_offline.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_online.bmpc:\program files\GameFace Messenger\skins\Default\images\smallPerson_online_lock.bmpc:\program files\GameFace Messenger\skins\Default\images\WinkButton.bmpc:\program files\GameFace Messenger\skins\Default\MainMenu.bmpc:\program files\GameFace Messenger\skins\Default\MainMidBar.bmpc:\program files\GameFace Messenger\skins\Default\MainStatus.bmpc:\program files\GameFace Messenger\skins\Default\MainTab.bmpc:\program files\GameFace Messenger\skins\Default\MainTopBar.bmpc:\program files\GameFace Messenger\skins\Default\menu.bmpc:\program files\GameFace Messenger\skins\Default\OptionTab.bmpc:\program files\GameFace Messenger\skins\Default\PhotoBar.bmpc:\program files\GameFace Messenger\skins\Default\Skin.inic:\program files\GameFace Messenger\ssleay32.dllc:\program files\relevantknowledgec:\program files\relevantknowledge\rlls.dllc:\program files\relevantknowledge\rloci.binc:\program files\relevantknowledge\rlservice.exec:\program files\relevantknowledge\rlvknlg.exe.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CRYSTALSYSINFO-------\Service_CrystalSysInfo((((((((((((((((((((((((( Pliki utworzone od 2009-04-20 do 2009-05-20 ))))))))))))))))))))))))))))))).2009-05-19 22:46 . 2009-05-19 22:46 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\ATI2009-05-19 22:23 . 2009-05-19 22:23 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\skypePM2009-05-19 17:21 . 2009-05-19 17:21 -------- d-----w c:\program files\Spybot - Search & Destroy2009-05-19 17:21 . 2009-05-19 17:41 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-05-15 13:30 . 2009-05-15 13:30 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\OpenOffice.org2009-05-15 13:28 . 2009-05-15 13:28 -------- d-----w c:\program files\OpenOffice.org 32009-05-11 19:09 . 2009-05-11 19:09 -------- d-----w c:\program files\MP3MyMP3 3.02009-05-11 18:53 . 2009-05-11 19:07 -------- d-----w C:\My Recordings2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w c:\program files\FREE Hi-Q Recorder2009-05-06 20:21 . 2009-05-06 20:21 -------- d-----w C:\tiesto2009-05-05 20:51 . 2009-05-05 20:51 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\OpenFM2009-05-02 13:36 . 2009-05-19 18:56 -------- d-----w c:\documents and settings\RADEK\Dane aplikacji\uTorrent.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2060-08-18 17:02 . 2007-06-03 15:49 1496064 ------w c:\windows\system32\CC3250MT.DLL2060-08-18 16:40 . 2007-06-03 15:49 909824 ------w c:\windows\system32\cp3245mt.dll2060-08-18 16:40 . 2007-06-03 15:49 24064 ------w c:\windows\system32\borlndmm.dll2009-05-20 16:06 . 2001-10-26 16:15 79606 ----a-w c:\windows\system32\perfc015.dat2009-05-20 16:06 . 2001-10-26 16:15 457574 ----a-w c:\windows\system32\perfh015.dat2009-05-19 23:08 . 2007-04-09 11:19 -------- d-----w c:\program files\Kalendarz XP2009-05-19 22:40 . 2009-02-19 18:27 -------- d-----w c:\program files\Odkurzacz2009-05-17 22:06 . 2007-04-07 15:27 196608 ----a-w c:\windows\system32\drivers\aStandard.bin2009-05-15 15:47 . 2009-02-11 14:05 21072 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT2009-05-04 20:00 . 2007-04-07 14:56 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-22 20:58 . 2008-10-13 15:57 -------- d-----w c:\program files\Nowe Gadu-Gadu2009-04-18 14:48 . 2008-10-12 22:45 -------- d-----w c:\program files\ALLPlayer2009-04-13 19:13 . 2008-08-29 17:17 47360 ----a-w c:\documents and settings\RADEK\Dane aplikacji\pcouffin.sys2009-04-06 17:44 . 2009-04-06 17:44 50688 ----a-w c:\windows\system32\wbhelp2.dll2009-04-04 17:40 . 2009-04-04 17:40 -------- d-----w c:\program files\Opera2009-03-31 15:51 . 2008-07-08 16:55 -------- d-----w c:\program files\Java2009-03-09 03:19 . 2008-11-28 18:46 410984 ----a-w c:\windows\system32\deploytk.dll2009-03-06 14:23 . 2009-03-06 14:23 1456 ----a-w c:\windows\system32\etdblsid.dll2009-03-06 14:23 . 2009-03-06 14:23 11547 ----a-w c:\windows\system32\etdbls.dll2008-12-11 19:36 . 2008-12-11 19:36 56 --sh--r c:\windows\system32\BD43F0F14A.sys2008-12-11 19:36 . 2008-12-11 19:36 3350 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((( SnapShot@2009-05-20_14.32.09 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-20 16:03 . 2009-05-20 16:03 16384 c:\windows\Temp\Perflib_Perfdata_704.dat+ 2009-05-20 16:03 . 2009-05-20 16:03 16384 c:\windows\Temp\Perflib_Perfdata_508.dat+ 2001-08-17 21:30 . 2009-05-20 16:06 62422 c:\windows\system32\perfc009.dat- 2001-08-17 21:30 . 2009-03-29 15:26 62422 c:\windows\system32\perfc009.dat+ 2001-08-17 21:30 . 2009-05-20 16:06 400760 c:\windows\system32\perfh009.dat- 2001-08-17 21:30 . 2009-03-29 15:26 400760 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]c:\documents and settings\RADEK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]UniSpiker-2.6.lnk - c:\program files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2003-10-6 65536]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-4-9 882176]R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2007-04-07 63232]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-04-07 11264]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 114768]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2007-04-07 35712][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc..------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uInternet Connection Wizard,ShellNext = iexploreIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htmFF - ProfilePath - c:\documents and settings\RADEK\Dane aplikacji\Mozilla\Firefox\Profiles\87tmtaoz.default\FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nppl3260.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprjplug.dllFF - plugin: f:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-20 18:05Windows 5.1.2600 Dodatek Service Pack. 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(612)c:\windows\System32\ODBC32.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(668)c:\windows\System32\dssenh.dll- - - - - - - > 'explorer.exe'(1928)c:\windows\System32\msi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\EPSON\ESM2\eEBSvc.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alcohol Soft\Alcohol 120\Alcohol.exec:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\ATI Technologies\ATI.ACE\CLI.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\HP\Digital Imaging\bin\hpqste08.exe.**************************************************************************.Czas ukończenia: 2009-05-20 18:16 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-05-20 16:16ComboFix2.txt 2009-05-20 14:42Przed: 8 091 734 016 bajtów wolnychPo: 8 051 929 088 bajtów wolnych331
Gość komentarz 20 maja 2009 komentarz 20 maja 2009 Teraz jest czysto. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). 3. Wykonaj optymalizację systemu 4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
ruszku komentarz 20 maja 2009 Autor komentarz 20 maja 2009 kaspersky nic nie wykrył czysto wielkie dzięki !!!!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.