x-kom hosting

zainfekowany komputer, brak wyświetlania plików ukrytych

frazek
utworzono
utworzono

Witam,

Mam problem, który zauważyłem po użyciu pendrive'a kolegi (NOD32 wyrzucił jakąś informację, ale wtedy niestety nie zwróciłem na nią uwagi ;/). Chodzi o to, że po tym fakcie czasami przy uruchomieniu komputer całkowicie zawiesza się (w momencie automatycznego uruchamiania NOD32) i nic wtedy nie można zrobić poza restartem komputera (podobnie jest także po uruchomieniu - komputer stanie i koniec). Poza tym okazało się, że nie mogę wyświetlić plików ukrytych mimo zaznaczenia takiej opcji. To są wszystkie rzeczy które na razie wykryłem, całkiem możliwe jest ich więcej, nie wiem ? Niestety wcześniej nie miałem styczności z tego typu problemami i nie wiem jak sobie z nimi poradzić, a bardzo zależy mi na niezawodnym komputerze, który nie sprawiałby mi takich niespodzianek. Czekam na jakąś pomoc ze strony ekspertów w tym temacie.

Poniżej dołączam logi z: OTListIt2, NODA32 i Kaspersky (online):

Kaspersky

Data ostatniej aktualizacji bazy danych: Sunday, April 26, 2009 11:06:35

Liczba wpisów: 2080659

--------------------------------------------------------------------------------

Ustawienia skanowania:

Typ bazy danych użytej do skanowania: rozszerzona

Skanuj archiwa: tak

Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:

C:\

D:\

E:\

F:\

G:\

Statystyki skanowania:

Przeskanowanych plików: 51134

Nazwa zagrożenia: 3

Zainfekowanych obiektów: 7

Podejrzanych obiektów: 0

Czas skanowania: 01:14:09

Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń

C:\Documents and Settings\1ny\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KPUKJ6W8\help[1].rar Zainfekowany: Trojan.Win32.RaMag.a 1

C:\eyt.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1

C:\npee.com Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1

C:\WINDOWS\system32\nmdfgds0.dll Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1

C:\WINDOWS\system32\olhrwef.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1

D:\eyt.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1

D:\npee.com Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1

Wybrany obszar został przeskanowany.

NOD32

2009-04-25 14:49:48 Ochrona systemu plików w czasie rzeczywistym plik C:\System Volume Information\_restore{911D0DE5-97BD-4B95-85EE-2979413964A4}\RP100\A0009229.com Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

2009-04-25 08:40:52 Ochrona systemu plików w czasie rzeczywistym plik C:\System Volume Information\_restore{911D0DE5-97BD-4B95-85EE-2979413964A4}\RP100\A0009224.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

2009-04-25 07:38:38 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe.

2009-04-25 07:38:30 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe.

2009-04-25 07:38:30 Skaner przy uruchamianiu plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie

2009-04-25 07:38:07 Ochrona systemu plików w czasie rzeczywistym plik D:\autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas tworzenia nowego pliku przez aplikację: C:\WINDOWS\Explorer.EXE.

2009-04-25 07:38:06 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\olhrwef.exe Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\Explorer.EXE.

2009-04-25 07:38:06 Ochrona systemu plików w czasie rzeczywistym plik C:\autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas tworzenia nowego pliku przez aplikację: C:\WINDOWS\Explorer.EXE.

2009-04-25 07:38:05 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe.

2009-04-24 11:57:08 Ochrona systemu plików w czasie rzeczywistym plik H:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

2009-04-24 11:55:26 Ochrona systemu plików w czasie rzeczywistym plik H:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

2009-03-27 16:34:38 Ochrona systemu plików w czasie rzeczywistym plik G:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

2009-02-22 22:44:39 Ochrona systemu plików w czasie rzeczywistym plik G:\Autorun.inf Win32/AutoRun.PI robak wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

OTListIt2

OTListIt logfile created on: 2009-04-26 16:22:23 - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\1ny\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1006,78 Mb Total Physical Memory | 334,31 Mb Available Physical Memory | 33,21% Memory free

2,37 Gb Paging File | 1,79 Gb Available in Paging File | 75,83% Paging File free

Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39,06 Gb Total Space | 23,72 Gb Free Space | 60,73% Space Free | Partition Type: NTFS

Drive D: | 109,99 Gb Total Space | 48,60 Gb Free Space | 44,18% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006-10-05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2008-07-01 10:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-04-11 21:39:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2008-01-23 01:14:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2006-05-25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe

PRC - [2007-02-25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

PRC - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007-03-12 18:05:44 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2007-01-09 16:23:04 | 00,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe

PRC - [2005-11-29 21:45:36 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

PRC - [2007-12-15 16:29:06 | 00,184,320 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe

PRC - [2006-10-27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008-07-01 10:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2007-05-24 17:27:00 | 00,716,800 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe

PRC - [2007-01-29 22:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2007-03-12 15:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

PRC - [2007-04-09 19:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2008-11-02 10:38:58 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2006-12-03 17:34:56 | 00,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe

PRC - [2007-03-06 20:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

PRC - [2009-04-11 21:39:30 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2006-04-11 18:52:14 | 01,409,024 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

PRC - [2007-10-25 18:23:36 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe

PRC - [2006-09-08 16:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe

PRC - [2007-03-02 17:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

PRC - [2006-03-23 16:23:54 | 00,471,040 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

PRC - [2006-04-12 12:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

PRC - [2009-04-23 20:59:28 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-04-26 16:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006-10-05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-01-09 17:25:43 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])

SRV - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-01 10:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2008-07-01 10:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2009-04-11 21:39:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2001-10-26 21:30:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])

SRV - [2008-01-23 01:14:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2006-04-12 12:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])

SRV - [2006-05-25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])

SRV - [2007-02-25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])

SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-11-28 17:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2008-02-07 01:23:46 | 00,166,448 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])

DRV - [2004-10-15 13:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])

DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])

DRV - [2007-02-01 13:37:40 | 00,250,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])

DRV - [2008-07-01 09:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2008-07-01 09:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys -- (easdrv [system | Running])

DRV - [2008-07-01 10:04:40 | 00,034,312 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])

DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007-03-12 20:32:40 | 04,486,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2007-06-21 05:43:26 | 02,208,512 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])

DRV - [2006-03-24 09:32:00 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])

DRV - [2006-03-24 09:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])

DRV - [2006-03-24 09:32:00 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])

DRV - [2006-03-24 09:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])

DRV - [2008-01-23 01:14:00 | 06,863,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2008-11-02 10:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2009-01-09 15:48:01 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2006-12-03 17:21:12 | 00,038,288 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])

DRV - [2007-02-22 16:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])

DRV - [2007-01-24 15:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

DRV - [2006-10-23 17:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Running])

DRV - [2008-04-14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\S-1-5-21-57989841-1614895754-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-11 21:39:31 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-23 20:59:33 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-23 20:59:33 | 00,000,000 | ---D | M]

[2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Extensions

[2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Firefox\Profiles\lssp3n6r.default\extensions

[2009-04-25 12:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-04-23 20:59:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-04-11 21:39:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-04-23 20:59:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-04-23 20:59:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-02-08 23:17:24 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-02-08 23:17:24 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-02-08 23:17:24 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-02-08 23:17:24 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-02-08 23:17:24 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-02-08 23:17:24 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-02-08 23:17:24 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect ()

O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup (Nokia)

O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup (UPEK Inc.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found

O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.)

O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSODDCtl] TPSODDCtl.exe (TOSHIBA Corporation)

O4 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()

O4 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-25 15:44:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-04-26 16:22:38 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009-04-26 16:22:38 | 00,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{00c0a5a3-30b6-11de-b424-0013e8fb364d}\Shell\AutoRun\command - "" = H:\vwewav8.com -- File not found

O33 - MountPoints2\{00c0a5a3-30b6-11de-b424-0013e8fb364d}\Shell\open\Command - "" = H:\vwewav8.com -- File not found

O33 - MountPoints2\{eb3ed1c2-d28c-11dd-b871-806d6172696f}\Shell\AutoRun\command - "" = C:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] ()

O33 - MountPoints2\{eb3ed1c2-d28c-11dd-b871-806d6172696f}\Shell\open\Command - "" = C:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] ()

O33 - MountPoints2\{eb3ed1c3-d28c-11dd-b871-806d6172696f}\Shell\AutoRun\command - "" = D:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] ()

O33 - MountPoints2\{eb3ed1c3-d28c-11dd-b871-806d6172696f}\Shell\open\Command - "" = D:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] ()

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]

[2009-04-26 16:17:02 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe

[2009-04-26 11:25:22 | 00,107,157 | RHS- | C] () -- C:\eyt.exe

[2009-04-25 09:48:51 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll

[2009-04-25 07:39:04 | 00,106,749 | RHS- | C] () -- C:\npee.com

[2009-04-25 07:39:04 | 00,000,053 | RHS- | C] () -- C:\autorun.inf

[2009-04-25 07:38:38 | 00,107,157 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe

[2009-04-25 07:38:38 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll

[2009-04-23 21:18:01 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska..doc

[2009-04-20 13:35:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\Mathsoft

[2009-04-20 13:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Mathsoft

[2009-04-20 13:24:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mathcad

[2009-04-20 13:19:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009-04-20 13:01:42 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys

[2009-04-20 13:01:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys

[2009-04-20 13:01:41 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk

[2009-04-20 13:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\D-Tools

[2009-04-20 13:01:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2009-04-17 19:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Media Player Classic

[2009-04-11 22:28:53 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-04-11 22:28:48 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2009-04-11 22:28:48 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-04-11 22:28:48 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2009-04-11 22:28:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-04-11 22:28:48 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2009-04-11 22:28:48 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2009-04-11 22:28:47 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-04-11 22:28:47 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009-04-11 22:28:42 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009-04-11 22:28:40 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-04-11 22:28:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-04-11 22:28:39 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

[2009-04-11 22:28:39 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2009-04-11 21:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009-04-11 21:39:26 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009-04-11 21:37:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Sun

[2009-04-11 21:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Moje dokumenty\Learn The 7 Rules For Excellent English

[2009-04-03 15:40:20 | 00,013,702 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\fryzura.jpg

[2009-03-31 12:32:00 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska.doc

[2009-03-23 17:03:34 | 00,000,868 | ---- | C] () -- C:\WINDOWS\rm-win.ini

[2009-01-09 17:45:02 | 00,000,175 | ---- | C] () -- C:\WINDOWS\splendor.ini

[2009-01-09 15:48:00 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-12-30 23:53:17 | 01,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll

[2008-12-30 23:53:17 | 00,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll

[2008-12-30 23:53:17 | 00,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll

[2008-12-30 23:53:17 | 00,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll

[2008-12-30 23:53:16 | 00,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll

[2008-12-30 23:53:16 | 00,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll

[2008-12-30 23:53:16 | 00,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll

[2008-12-30 23:53:16 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll

[2008-12-30 23:53:16 | 00,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll

[2008-12-30 23:53:16 | 00,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll

[2008-12-30 23:53:16 | 00,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll

[2008-12-30 23:53:16 | 00,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll

[2008-12-30 23:53:16 | 00,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll

[2008-12-30 23:53:15 | 01,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll

[2008-12-30 23:53:15 | 00,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll

[2008-12-30 23:53:15 | 00,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll

[2008-12-30 23:53:15 | 00,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll

[2008-12-30 23:53:15 | 00,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll

[2008-12-30 15:28:12 | 00,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008-12-30 15:28:12 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008-12-30 15:25:45 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008-12-25 16:52:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI

[2008-12-25 16:21:41 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2008-12-25 16:21:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2008-12-25 16:21:41 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2008-12-25 16:21:41 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2008-07-01 10:04:40 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys

[2008-01-23 01:14:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-01-23 01:14:00 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-01-23 01:14:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-01-23 01:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-12-05 14:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005-12-07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2005-07-22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

[2001-07-22 02:16:20 | 00,000,670 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009-04-26 16:23:29 | 00,000,053 | RHS- | M] () -- C:\autorun.inf

[2009-04-26 16:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe

[2009-04-26 14:49:39 | 00,086,528 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll

[2009-04-26 14:49:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-04-26 14:49:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-04-26 12:21:50 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\1ny\Pulpit\Microsoft Office Word 2007.lnk

[2009-04-26 11:24:56 | 00,086,528 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll

[2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe

[2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () -- C:\eyt.exe

[2009-04-25 07:38:36 | 00,106,749 | RHS- | M] () -- C:\npee.com

[2009-04-23 21:18:01 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska..doc

[2009-04-22 21:47:37 | 00,012,745 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\filmy.docx

[2009-04-22 21:38:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-04-20 13:37:48 | 00,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-04-20 13:34:43 | 00,101,456 | ---- | M] () -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-04-20 13:22:09 | 00,461,608 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-04-20 13:22:09 | 00,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-04-20 13:22:09 | 00,080,862 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-04-20 13:22:09 | 00,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-04-20 13:22:08 | 01,018,236 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-04-20 13:01:41 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk

[2009-04-11 22:25:57 | 03,171,880 | -H-- | M] () -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-04-04 18:57:45 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-04-03 15:40:21 | 00,013,702 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\fryzura.jpg

[2009-03-31 13:05:11 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska.doc

[2009-03-29 11:20:23 | 00,056,832 | -HS- | M] () -- C:\Documents and Settings\1ny\Pulpit\Thumbs.db

< End of report >

Z góry dziękuję za pomoc

Pozdrawiam

Gość
komentarz
komentarz
2009-04-26 11:25:22 | 00,107,157 | RHS- | C] () -- C:\eyt.exe[2009-04-25 09:48:51 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll[2009-04-25 07:39:04 | 00,106,749 | RHS- | C] () -- C:\npee.com[2009-04-25 07:39:04 | 00,000,053 | RHS- | C] () -- C:\autorun.inf[2009-04-25 07:38:38 | 00,107,157 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe[2009-04-25 07:38:38 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll

Infekcja z pena, daj log z ComboFixa.

.

consafo
komentarz
komentarz

Co do plików ukrytych to masz robaczka "amvo". Combofix to usunie. bierz go

frazek
komentarz
komentarz

Log z ComboFixa:

ComboFix 09-04-25.A3 - 1ny 2009-04-26 21:34.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1007.561 [GMT 2:00]Uruchomiony z: c:\documents and settings\1ny\Pulpit\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated).(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\pthreadGC2.dll.(((((((((((((((((((((((((   Pliki utworzone od 2009-05-26 do 2009-4-26  ))))))))))))))))))))))))))))))).2009-04-26 19:01 . 2009-04-26 19:01	--------	d--h--w	c:\windows\system32\GroupPolicy2009-04-20 11:35 . 2009-04-20 11:35	--------	d-----w	c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\Mathsoft2009-04-20 11:27 . 2009-04-20 11:27	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Mathsoft2009-04-20 11:24 . 2009-04-20 11:24	--------	d-----w	c:\program files\Mathcad2009-04-20 11:01 . 2004-08-22 14:31	5248	----a-w	c:\windows\system32\drivers\d347prt.sys2009-04-20 11:01 . 2004-08-22 14:31	155136	----a-w	c:\windows\system32\drivers\d347bus.sys2009-04-20 11:01 . 2009-04-20 11:01	--------	d-----w	c:\program files\D-Tools2009-04-20 11:01 . 2009-04-20 11:01	--------	d-----w	c:\windows\Downloaded Installations2009-04-17 17:31 . 2009-04-17 17:31	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Media Player Classic2009-04-11 19:56 . 2009-04-11 19:56	--------	d-----w	c:\windows\Sun2009-04-11 19:39 . 2009-04-11 19:39	73728	----a-w	c:\windows\system32\javacpl.cpl2009-04-11 19:39 . 2009-04-11 19:39	410984	----a-w	c:\windows\system32\deploytk.dll2009-04-11 19:39 . 2009-04-11 19:39	--------	d-----w	c:\program files\Java.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-25 13:00 . 2008-12-29 10:33	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\uTorrent2009-04-20 11:34 . 2008-12-25 16:34	101456	----a-w	c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-20 11:22 . 2001-10-26 18:15	80862	----a-w	c:\windows\system32\perfc015.dat2009-04-20 11:22 . 2001-10-26 18:15	461608	----a-w	c:\windows\system32\perfh015.dat2009-04-11 20:29 . 2009-04-11 20:28	--------	d-----w	c:\program files\K-Lite Codec Pack2009-04-04 18:42 . 2008-12-29 10:21	--------	d-----w	c:\program files\Gadu-Gadu2009-03-20 20:57 . 2009-03-20 20:57	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Nokia Multimedia Player2009-03-20 20:57 . 2009-03-20 20:57	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Nokia2009-03-20 20:57 . 2009-03-20 20:57	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Datalayer2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\PC Suite2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\program files\DIFX2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\program files\Common Files\Nokia2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\program files\Common Files\PCSuite2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\program files\Nokia2009-03-20 20:54 . 2009-03-20 20:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-03-20 20:53 . 2009-03-20 20:53	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-03-15 17:44 . 2009-03-15 17:42	--------	d-----w	c:\documents and settings\1ny\Dane aplikacji\Winamp2009-03-15 17:44 . 2009-03-15 17:42	--------	d-----w	c:\program files\Winamp2009-03-02 18:10 . 2009-04-11 20:28	67584	----a-w	c:\windows\system32\ff_vfw.dll2009-01-09 15:19 . 2009-01-09 15:19	128	----a-w	c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\fusioncache.dat2008-03-09 06:25 . 2008-12-30 21:53	236	---ha-w	c:\program files\Common Files\dx.reg.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2006-12-03 16:03	2854912	----a-w	c:\program files\Protector Suite QL\farchns.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2006-12-03 16:03	2854912	----a-w	c:\program files\Protector Suite QL\farchns.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-22 8495104]"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2008-01-22 49152]"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744]"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-22 1626112]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-12 16125440]"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-02-02 110592]"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-07-26 315392]"TFncKy"="TFncKy.exe" [bU]"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2007-05-24 716800][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]2006-12-03 15:50	90112	----a-w	c:\windows\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages	REG_MULTI_SZ   	scecli psqlpwd[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\uTorrent\\uTorrent.exe"=R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]..------- Skan uzupełniający -------.IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\1ny\Dane aplikacji\Mozilla\Firefox\Profiles\lssp3n6r.default\FF - prefs.js: browser.startup.homepage - www.google.plFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-26 21:37Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1248)c:\windows\system32\psqlpwd.dllc:\program files\Protector Suite QL\homefus2.dllc:\program files\Protector Suite QL\infra.dllc:\program files\Protector Suite QL\homepass.dllc:\program files\Protector Suite QL\bio.dllc:\program files\Protector Suite QL\remote.dllc:\program files\Protector Suite QL\crypto.dll- - - - - - - > 'lsass.exe'(1304)c:\windows\system32\psqlpwd.dllc:\program files\Protector Suite QL\homefus2.dllc:\program files\Protector Suite QL\infra.dll- - - - - - - > 'explorer.exe'(3184)c:\windows\system32\nview.dllc:\program files\Protector Suite QL\farchns.dllc:\program files\Protector Suite QL\infra.dllc:\program files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllc:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\agrsmsvc.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\TODDSrv.exec:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\system32\wdfmgr.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\program files\Canon\CAL\CALMAIN.exec:\program files\Apoint2K\ApntEx.exec:\program files\Apoint2K\hidfind.exec:\program files\Protector Suite QL\psqltray.exec:\program files\Brother\ControlCenter3\BrccMCtl.exec:\program files\Brother\Brmfcmon\BrMfcMon.exec:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exec:\program files\Common Files\PCSuite\Services\ServiceLayer.exec:\windows\system32\wbem\wmiapsrv.exec:\windows\system32\wscntfy.exe.**************************************************************************.Czas ukończenia: 2009-04-26 21:39 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-04-26 19:39Przed: 27 830 894 592 bajtów wolnychPo: 27 751 084 032 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect182

Czekam na dalsze info...

Gość
komentarz
komentarz

A to dziwne, ani ślady infekcji z pena.

Przeskanuj ponownie Kasperskym on-line. ;)

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.