x-kom hosting

log z combofix do sprawdzenia

kv1
utworzono
utworzono (edytowane)

Witam, proszę o sprawdzenie logu.
[log]ComboFix 11-06-21.08 - Wiktor 2011-06-22 17:29:25.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.1022.264 [GMT 2:00]
Uruchomiony z: c:\users\Wiktor\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Wiktor\Documents\cc_20110618_121856.reg
C:\Windows 7 Loader eXtreme Edition 3.010.exe
c:\windows 7 loader extreme edition 3.010.exe\Windows 7 Loader eXtreme Edition 3.010.exe
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-05-22 do 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 15:46 . 2011-06-22 16:02 -------- d-----w- c:\users\Wiktor\AppData\Local\temp
2011-06-22 15:46 . 2011-06-22 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 15:46 . 2011-06-22 15:46 -------- d-----w- c:\users\Aneta\AppData\Local\temp
2011-06-21 21:42 . 2004-04-12 15:27 609584 ----a-w- c:\windows\system32\comctl32.ocx
2011-06-21 21:42 . 2011-06-21 21:42 -------- d-----w- c:\program files\Mp3 Knife
2011-06-21 21:42 . 2004-04-12 15:27 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2011-05-31 18:28 . 2011-05-31 18:28 -------- d-----w- c:\program files\LizardTech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 08:06 . 2011-05-17 06:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 19:26 . 2010-11-05 16:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-21 19:26 . 2010-11-05 16:15 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-10 12:10 . 2010-11-06 00:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-11-05 23:59 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-02-25 16:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-11-05 23:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-11-05 23:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-11-05 23:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-11-05 23:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-11-05 23:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-03 18:33 . 2011-05-03 18:33 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-04-26 15:29 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 15:29 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-14 16:59 . 2011-04-29 15:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-12-29 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
"AsioReg"="CTASIO.DLL" [2010-03-18 46592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-11-02 19:03 1432064 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-01-13 08:20 395192 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 17:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-06 14:57 136176 ----atw- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-05 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2010-03-18 18904]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1000Core.job
- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 14:57]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1000UA.job
- c:\users\Wiktor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 14:57]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1005Core.job
- c:\users\Aneta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 15:09]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052454877-2649449513-4081860687-1005UA.job
- c:\users\Aneta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 15:09]
.
.
------- Skan uzupełniający -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Wiktor\AppData\Roaming\Mozilla\Firefox\Profiles\firdzja0.default\
FF - prefs.js: browser.search.selectedEngine - Wirtualna Polska
FF - prefs.js: browser.startup.homepage - google.pl
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-NBKeyScan - d:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-PhotoFiltre - c:\program files\PhotoFiltre\Uninst.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Czas ukończenia: 2011-06-22 18:07:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-06-22 16:07
.
Przed: 2 110 525 440 bajtów wolnych
Po: 4 227 203 072 bajtów wolnych
.
- - End Of File - - 4CF479C906D83250C0FE23737089E4FA
[/log]

wirusolog
komentarz
komentarz

Wygeneruj logi wg. tego regulaminu: [url=http://www.forumpc.pl/index.php?showtopic=168073][b][color=blue][u]LINK[/url][/b][/color][/u].
Log z ComboFixa jest czysty.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.