Proces rlvknlg.exe, podejrzenie o "szpiegu" + log

Error403 · 17 Marzec 2012 12:57

Od jakiegoś czasu widzę podejrzany proces rlvknlg.exe, który zużywa dość dużo pamięci.

Poczytałem w google i wynika, że to jakiś “szpieg”.

Prosiłbym o sprawdzenie logów i odpowiedź czy wszystko jest w porządku.

Z góry dziękuję i pozdrawiam.

Logi:

OTL: http://www.wklej.eu/index.php?id=c6f3546616

OTL Extras: http://www.wklej.eu/index.php?id=82d4f65bd3

Acorus · 17 Marzec 2012 13:40

Odinstaluj YouTube Downloader Toolbar v5.1,IObit Toolbar v5.1,Ask & Record Toolbar 4.01,Brothersoft Toolbar,HyperCam Toolbar,MyAshampoo Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL SRV - [2012-03-04 22:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] – C:\Program Files\Application Updater\ApplicationUpdater.exe – (Application Updater) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1329514680_282021 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1329514680_282021 IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1329514680_282021 IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1329514680_282021 IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://supertoolbar.ask.com/redirect?cl … src=crm&q={searchTerms}&locale=en_US IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\SearchScopes{83F69AEB-E0FE-4BD1-91EB-02AE5C7B2169}: “URL” = http://search.yahoo.com/search?fr=chr-g … =937811&p={searchTerms} IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\SearchScopes{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: “URL” = http://www.bigseekpro.com/search/browser/hypercam/{B77F6797-0E98-4512-B306-2AC9AAAA49B6}?q={searchTerms} IE - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 FF - prefs.js…browser.search.defaultenginename: “Yahoo” FF - prefs.js…browser.search.defaultthis.engineName: “MyAshampoo Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.param.yahoo-fr: “chr-greentree_ff&type=937811&ilc=12” FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js…keyword.URL: “http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=” FF - HKLM\Software\MozillaPlugins@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\3.bin\NPFunWeb.dll (Fun Web Products, Inc.) [2011-03-23 18:00:33 | 000,000,000 | —D | M] (HyperCam Toolbar) – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\extensions{75656794-AB59-4712-BFBC-5D816D56F3BC} [2012-03-07 23:18:19 | 000,000,000 | —D | M] (Zynga Community Toolbar) – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\extensions{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012-02-15 01:48:06 | 000,000,000 | —D | M] (MyAshampoo Community Toolbar) – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\extensions{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012-02-15 01:48:08 | 000,000,000 | —D | M] (Brothersoft Community Toolbar) – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\extensions{e8de9422-3b2c-4243-bf6f-235da84d8ef8} [2011-05-03 14:50:13 | 000,000,000 | —D | M] (Conduit Engine) – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\extensions\engine@conduit.com [2011-03-29 19:44:02 | 000,000,923 | ---- | M] () – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\searchplugins\conduit.xml [2011-03-26 17:45:02 | 000,002,374 | ---- | M] () – C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\12pzubxi.default\searchplugins\search.xml [2012-03-16 21:53:08 | 000,000,000 | —D | M] (Widgi Toolbar Platform) – C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012-03-16 21:53:08 | 000,000,000 | —D | M] (IObit Toolbar) – C:\PROGRAM FILES\IOBIT TOOLBAR\FF [2012-03-10 21:13:29 | 000,000,000 | —D | M] (YouTube Downloader Toolbar) – C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O2 - BHO: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM…\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM…\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM…\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\Toolbar\WebBrowser: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [nwiz] nwiz.exe /install File not found O4 - HKLM…\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe (TMRG, Inc.) O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found O4 - HKU\S-1-5-21-776561741-1979792683-1177238915-1004…\Run: [LG LinkAir] File not found O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Key error.) [2012-03-17 12:24:12 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge [2012-03-17 02:01:00 | 000,000,234 | ---- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job :Commands [emptytemp]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.