kv1 utworzono 22 czerwca 2011 utworzono 22 czerwca 2011 (edytowane) Witam, proszę o sprawdzenie logu. [log]ComboFix 11-06-21.08 - Wiktor 2011-06-22 17:29:25.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.1022.264 [GMT 2:00] Uruchomiony z: c:\users\Wiktor\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Hotspot Shield\HssIE\HsSIe.dll c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\users\Wiktor\Documents\cc_20110618_121856.reg C:\Windows 7 Loader eXtreme Edition 3.010.exe c:\windows 7 loader extreme edition 3.010.exe\Windows 7 Loader eXtreme Edition 3.010.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Pliki utworzone od 2011-05-22 do 2011-06-22 ))))))))))))))))))))))))))))))) . . 2011-06-22 15:46 . 2011-06-22 16:02 -------- d-----w- c:\users\Wiktor\AppData\Local\temp 2011-06-22 15:46 . 2011-06-22 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-22 15:46 . 2011-06-22 15:46 -------- d-----w- c:\users\Aneta\AppData\Local\temp 2011-06-21 21:42 . 2004-04-12 15:27 609584 ----a-w- c:\windows\system32\comctl32.ocx 2011-06-21 21:42 . 2011-06-21 21:42 -------- d-----w- c:\program files\Mp3 Knife 2011-06-21 21:42 . 2004-04-12 15:27 152848 ----a-w- c:\windows\system32\comdlg32.ocx 2011-05-31 18:28 . 2011-05-31 18:28 -------- d-----w- c:\program files\LizardTech . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-21 08:06 . 2011-05-17 06:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 19:26 . 2010-11-05 16:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2011-05-21 19:26 . 2010-11-05 16:15 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2011-05-10 12:10 . 2010-11-06 00:01 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2010-11-05 23:59 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-02-25 16:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2010-11-05 23:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2010-11-05 23:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2010-11-05 23:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2010-11-05 23:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2010-11-05 23:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-03 18:33 . 2011-05-03 18:33 1060864 ----a-w- c:\windows\system32\mfc71.dll 2011-04-26 15:29 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-04-26 15:29 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-04-14 16:59 . 2011-04-29 15:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-12-29 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712] "AsioReg"="CTASIO.DLL" [2010-03-18 46592] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2010-11-02 19:03 1432064 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT] 2011-01-13 08:20 395192 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-11-16 17:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-11-06 14:57 136176 ----atw- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 99416] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 555096] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 555096] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 566360] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1343400] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-05 691696] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 99416] S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2010-03-18 18904] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 566360] S3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1000Core.job - c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 14:57] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1000UA.job - c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 14:57] . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1005Core.job - c:\users\Aneta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 15:09] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1005UA.job - c:\users\Aneta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 15:09] . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\firdzja0.default\ FF - prefs.js: browser.search.selectedEngine - Wirtualna Polska FF - prefs.js: browser.startup.homepage - google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-NBKeyScan - d:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe AddRemove-PhotoFiltre - c:\program files\PhotoFiltre\Uninst.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\AUDIODG.EXE . ************************************************************************** . Czas ukończenia: 2011-06-22 18:07:07 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-06-22 16:07 . Przed: 2 110 525 440 bajtów wolnych Po: 4 227 203 072 bajtów wolnych . - - End Of File - - 4CF479C906D83250C0FE23737089E4FA [/log]
wirusolog komentarz 22 czerwca 2011 komentarz 22 czerwca 2011 Wygeneruj logi wg. tego regulaminu: [url=http://www.forumpc.pl/index.php?showtopic=168073][b][color=blue][u]LINK[/url][/b][/color][/u]. Log z ComboFixa jest czysty.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.