Tak naprawde nie wiem co do końca mam, avast juz nie reaguje. najpierw był to IO.bat, ve.exe standartowo przyniesiony pendrivem, teraz za to wyskakuje mi co chwile ze nie mozna uruchomic procesu bo nie ma pamieci (Opera, Excel, taskmgr)
Logi
COMBOFIX
ComboFix 09-01-16.03 - Lewy Szef 2009-01-17 15:07:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.503.188 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Lewy Szef\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081203-0] *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\iq.bat
D:\iq.bat
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-17 do 2009-01-17 )))))))))))))))))))))))))))))))
.
2009-01-15 14:22 . 2009-01-15 14:22 156 --a------ c:\windows\Twunk001.MTX
2009-01-15 14:22 . 2009-01-15 14:22 2 --a------ c:\windows\Twain001.Mtx
2009-01-15 14:22 . 2009-01-15 14:22 0 --a------ c:\windows\Twunk002.MTX
2009-01-14 22:09 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-14 22:02 . 2009-01-14 22:10 110,883 -r-hs---- C:\ve.exe
2009-01-14 22:02 . 2009-01-14 22:02 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll
2009-01-14 22:01 . 2009-01-14 22:10 95,744 --a------ c:\windows\system32\nmdfgds0.dll
2009-01-05 11:14 . 2009-01-09 13:57 85,504 --------- c:\windows\system32\ciuytr1.dll
2009-01-05 11:04 . 2009-01-12 15:56 84,992 -r-hs---- c:\windows\system32\cvnmhg0.dll
2008-12-27 17:19 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-27 17:19 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-27 17:19 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-27 17:19 . 2004-08-04 00:38 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-27 17:18 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-27 17:18 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-22 11:57 . 2008-12-22 11:57
HijackThis
[code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:01, on 2009-01-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe D:\VISUM100\metropolis\METROPOLIS15-PLUGIN\mysql-4.0.18\bin\mysqld-nt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\AhnRpta.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL - Unknown owner - D:\VISUM100\metropolis\METROPOLIS15-PLUGIN\mysql-4.0.18\bin\mysqld-nt.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 4577 bytes
Z góry wielkie dzięki za interperatcje tych logów