frazek utworzono 26 kwietnia 2009 utworzono 26 kwietnia 2009 Witam, Mam problem, który zauważyłem po użyciu pendrive'a kolegi (NOD32 wyrzucił jakąś informację, ale wtedy niestety nie zwróciłem na nią uwagi ;/). Chodzi o to, że po tym fakcie czasami przy uruchomieniu komputer całkowicie zawiesza się (w momencie automatycznego uruchamiania NOD32) i nic wtedy nie można zrobić poza restartem komputera (podobnie jest także po uruchomieniu - komputer stanie i koniec). Poza tym okazało się, że nie mogę wyświetlić plików ukrytych mimo zaznaczenia takiej opcji. To są wszystkie rzeczy które na razie wykryłem, całkiem możliwe jest ich więcej, nie wiem ? Niestety wcześniej nie miałem styczności z tego typu problemami i nie wiem jak sobie z nimi poradzić, a bardzo zależy mi na niezawodnym komputerze, który nie sprawiałby mi takich niespodzianek. Czekam na jakąś pomoc ze strony ekspertów w tym temacie. Poniżej dołączam logi z: OTListIt2, NODA32 i Kaspersky (online): Kaspersky Data ostatniej aktualizacji bazy danych: Sunday, April 26, 2009 11:06:35 Liczba wpisów: 2080659 -------------------------------------------------------------------------------- Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ F:\ G:\ Statystyki skanowania: Przeskanowanych plików: 51134 Nazwa zagrożenia: 3 Zainfekowanych obiektów: 7 Podejrzanych obiektów: 0 Czas skanowania: 01:14:09 Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń C:\Documents and Settings\1ny\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KPUKJ6W8\help[1].rar Zainfekowany: Trojan.Win32.RaMag.a 1 C:\eyt.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1 C:\npee.com Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1 C:\WINDOWS\system32\nmdfgds0.dll Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1 C:\WINDOWS\system32\olhrwef.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1 D:\eyt.exe Zainfekowany: Trojan-GameThief.Win32.Magania.azop 1 D:\npee.com Zainfekowany: Trojan-GameThief.Win32.WOW.lmf 1 Wybrany obszar został przeskanowany. NOD32 2009-04-25 14:49:48 Ochrona systemu plików w czasie rzeczywistym plik C:\System Volume Information\_restore{911D0DE5-97BD-4B95-85EE-2979413964A4}\RP100\A0009229.com Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. 2009-04-25 08:40:52 Ochrona systemu plików w czasie rzeczywistym plik C:\System Volume Information\_restore{911D0DE5-97BD-4B95-85EE-2979413964A4}\RP100\A0009224.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. 2009-04-25 07:38:38 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe. 2009-04-25 07:38:30 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe. 2009-04-25 07:38:30 Skaner przy uruchamianiu plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie 2009-04-25 07:38:07 Ochrona systemu plików w czasie rzeczywistym plik D:\autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas tworzenia nowego pliku przez aplikację: C:\WINDOWS\Explorer.EXE. 2009-04-25 07:38:06 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\olhrwef.exe Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\Explorer.EXE. 2009-04-25 07:38:06 Ochrona systemu plików w czasie rzeczywistym plik C:\autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas tworzenia nowego pliku przez aplikację: C:\WINDOWS\Explorer.EXE. 2009-04-25 07:38:05 Ochrona systemu plików w czasie rzeczywistym plik C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.NMP koń trojański wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uruchomienia pliku przez aplikację: C:\Program Files\Mozilla Firefox\firefox.exe. 2009-04-24 11:57:08 Ochrona systemu plików w czasie rzeczywistym plik H:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. 2009-04-24 11:55:26 Ochrona systemu plików w czasie rzeczywistym plik H:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. 2009-03-27 16:34:38 Ochrona systemu plików w czasie rzeczywistym plik G:\Autorun.inf Win32/PSW.OnLineGames.NMY koń trojański wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. 2009-02-22 22:44:39 Ochrona systemu plików w czasie rzeczywistym plik G:\Autorun.inf Win32/AutoRun.PI robak wyleczony przez usunięcie - poddany kwarantannie ZARZĄDZANIE NT\SYSTEM Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. OTListIt2 OTListIt logfile created on: 2009-04-26 16:22:23 - Run 1 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\1ny\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1006,78 Mb Total Physical Memory | 334,31 Mb Available Physical Memory | 33,21% Memory free 2,37 Gb Paging File | 1,79 Gb Available in Paging File | 75,83% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 23,72 Gb Free Space | 60,73% Space Free | Partition Type: NTFS Drive D: | 109,99 Gb Total Space | 48,60 Gb Free Space | 44,18% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - [2006-10-05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2008-07-01 10:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-04-11 21:39:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-01-23 01:14:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-05-25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe PRC - [2007-02-25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-03-12 18:05:44 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2007-01-09 16:23:04 | 00,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe PRC - [2005-11-29 21:45:36 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe PRC - [2007-12-15 16:29:06 | 00,184,320 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2006-10-27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008-07-01 10:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2007-05-24 17:27:00 | 00,716,800 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe PRC - [2007-01-29 22:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe PRC - [2007-03-12 15:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe PRC - [2007-04-09 19:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2008-11-02 10:38:58 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2006-12-03 17:34:56 | 00,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2007-03-06 20:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe PRC - [2009-04-11 21:39:30 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2006-04-11 18:52:14 | 01,409,024 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2007-10-25 18:23:36 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe PRC - [2006-09-08 16:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2007-03-02 17:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe PRC - [2006-03-23 16:23:54 | 00,471,040 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2006-04-12 12:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe PRC - [2009-04-23 20:59:28 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-04-26 16:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe ========== Win32 Services (SafeList) ========== SRV - [2006-10-05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-01-09 17:25:43 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped]) SRV - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-01 10:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2008-07-01 10:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-04-11 21:39:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2001-10-26 21:30:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped]) SRV - [2008-01-23 01:14:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-04-12 12:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2006-05-25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running]) SRV - [2007-02-25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-11-28 17:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2008-02-07 01:23:46 | 00,166,448 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running]) DRV - [2004-10-15 13:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped]) DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running]) DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running]) DRV - [2007-02-01 13:37:40 | 00,250,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running]) DRV - [2008-07-01 09:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2008-07-01 09:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys -- (easdrv [system | Running]) DRV - [2008-07-01 10:04:40 | 00,034,312 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-03-12 20:32:40 | 04,486,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-06-21 05:43:26 | 02,208,512 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running]) DRV - [2006-03-24 09:32:00 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped]) DRV - [2006-03-24 09:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped]) DRV - [2006-03-24 09:32:00 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped]) DRV - [2006-03-24 09:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped]) DRV - [2008-01-23 01:14:00 | 06,863,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2008-11-02 10:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-01-09 15:48:01 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2006-12-03 17:21:12 | 00,038,288 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running]) DRV - [2007-02-22 16:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running]) DRV - [2007-01-24 15:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running]) DRV - [2006-10-23 17:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Running]) DRV - [2008-04-14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\S-1-5-21-57989841-1614895754-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-11 21:39:31 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-23 20:59:33 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-23 20:59:33 | 00,000,000 | ---D | M] [2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Extensions [2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008-12-29 11:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1ny\Dane aplikacji\mozilla\Firefox\Profiles\lssp3n6r.default\extensions [2009-04-25 12:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-23 20:59:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-11 21:39:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-23 20:59:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-23 20:59:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-02-08 23:17:24 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-02-08 23:17:24 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-02-08 23:17:24 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-02-08 23:17:24 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-02-08 23:17:24 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-02-08 23:17:24 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-02-08 23:17:24 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.) O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET) O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.) O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect () O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup (Nokia) O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.) O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup (UPEK Inc.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [TFNF5] TFNF5.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSODDCtl] TPSODDCtl.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-1614895754-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-12-25 15:44:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-26 16:22:38 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-26 16:22:38 | 00,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{00c0a5a3-30b6-11de-b424-0013e8fb364d}\Shell\AutoRun\command - "" = H:\vwewav8.com -- File not found O33 - MountPoints2\{00c0a5a3-30b6-11de-b424-0013e8fb364d}\Shell\open\Command - "" = H:\vwewav8.com -- File not found O33 - MountPoints2\{eb3ed1c2-d28c-11dd-b871-806d6172696f}\Shell\AutoRun\command - "" = C:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () O33 - MountPoints2\{eb3ed1c2-d28c-11dd-b871-806d6172696f}\Shell\open\Command - "" = C:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () O33 - MountPoints2\{eb3ed1c3-d28c-11dd-b871-806d6172696f}\Shell\AutoRun\command - "" = D:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () O33 - MountPoints2\{eb3ed1c3-d28c-11dd-b871-806d6172696f}\Shell\open\Command - "" = D:\eyt.exe -- [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\*.tmp files] [2009-04-26 16:17:02 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe [2009-04-26 11:25:22 | 00,107,157 | RHS- | C] () -- C:\eyt.exe [2009-04-25 09:48:51 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-04-25 07:39:04 | 00,106,749 | RHS- | C] () -- C:\npee.com [2009-04-25 07:39:04 | 00,000,053 | RHS- | C] () -- C:\autorun.inf [2009-04-25 07:38:38 | 00,107,157 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe [2009-04-25 07:38:38 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-04-23 21:18:01 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska..doc [2009-04-20 13:35:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\Mathsoft [2009-04-20 13:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Mathsoft [2009-04-20 13:24:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mathcad [2009-04-20 13:19:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-04-20 13:01:42 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2009-04-20 13:01:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2009-04-20 13:01:41 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk [2009-04-20 13:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\D-Tools [2009-04-20 13:01:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2009-04-17 19:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Media Player Classic [2009-04-11 22:28:53 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-04-11 22:28:48 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009-04-11 22:28:48 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-04-11 22:28:48 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009-04-11 22:28:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-04-11 22:28:48 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009-04-11 22:28:48 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009-04-11 22:28:47 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-04-11 22:28:47 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009-04-11 22:28:42 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009-04-11 22:28:40 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-04-11 22:28:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-04-11 22:28:39 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll [2009-04-11 22:28:39 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2009-04-11 21:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009-04-11 21:39:26 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009-04-11 21:37:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Dane aplikacji\Sun [2009-04-11 21:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1ny\Moje dokumenty\Learn The 7 Rules For Excellent English [2009-04-03 15:40:20 | 00,013,702 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\fryzura.jpg [2009-03-31 12:32:00 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska.doc [2009-03-23 17:03:34 | 00,000,868 | ---- | C] () -- C:\WINDOWS\rm-win.ini [2009-01-09 17:45:02 | 00,000,175 | ---- | C] () -- C:\WINDOWS\splendor.ini [2009-01-09 15:48:00 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-12-30 23:53:17 | 01,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll [2008-12-30 23:53:17 | 00,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll [2008-12-30 23:53:17 | 00,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll [2008-12-30 23:53:17 | 00,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll [2008-12-30 23:53:16 | 00,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll [2008-12-30 23:53:16 | 00,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll [2008-12-30 23:53:16 | 00,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll [2008-12-30 23:53:16 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll [2008-12-30 23:53:16 | 00,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll [2008-12-30 23:53:16 | 00,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll [2008-12-30 23:53:16 | 00,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll [2008-12-30 23:53:16 | 00,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll [2008-12-30 23:53:16 | 00,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll [2008-12-30 23:53:15 | 01,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll [2008-12-30 23:53:15 | 00,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll [2008-12-30 23:53:15 | 00,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll [2008-12-30 23:53:15 | 00,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll [2008-12-30 23:53:15 | 00,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll [2008-12-30 15:28:12 | 00,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008-12-30 15:28:12 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008-12-30 15:25:45 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008-12-25 16:52:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI [2008-12-25 16:21:41 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2008-12-25 16:21:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2008-12-25 16:21:41 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2008-12-25 16:21:41 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2008-07-01 10:04:40 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2008-01-23 01:14:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-01-23 01:14:00 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-01-23 01:14:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-01-23 01:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-12-05 14:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-12-07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2005-07-22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2001-07-22 02:16:20 | 00,000,670 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-04-26 16:23:29 | 00,000,053 | RHS- | M] () -- C:\autorun.inf [2009-04-26 16:17:19 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1ny\Pulpit\OTListIt2.exe [2009-04-26 14:49:39 | 00,086,528 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-04-26 14:49:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-04-26 14:49:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-04-26 12:21:50 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\1ny\Pulpit\Microsoft Office Word 2007.lnk [2009-04-26 11:24:56 | 00,086,528 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe [2009-04-26 11:24:54 | 00,107,157 | RHS- | M] () -- C:\eyt.exe [2009-04-25 07:38:36 | 00,106,749 | RHS- | M] () -- C:\npee.com [2009-04-23 21:18:01 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska..doc [2009-04-22 21:47:37 | 00,012,745 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\filmy.docx [2009-04-22 21:38:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-04-20 13:37:48 | 00,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-04-20 13:34:43 | 00,101,456 | ---- | M] () -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-04-20 13:22:09 | 00,461,608 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-04-20 13:22:09 | 00,404,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-04-20 13:22:09 | 00,080,862 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-04-20 13:22:09 | 00,063,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-04-20 13:22:08 | 01,018,236 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-04-20 13:01:41 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk [2009-04-11 22:25:57 | 03,171,880 | -H-- | M] () -- C:\Documents and Settings\1ny\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-04-04 18:57:45 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini [2009-04-03 15:40:21 | 00,013,702 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\fryzura.jpg [2009-03-31 13:05:11 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\1ny\Moje dokumenty\Cv - Agnieszka Kowalska.doc [2009-03-29 11:20:23 | 00,056,832 | -HS- | M] () -- C:\Documents and Settings\1ny\Pulpit\Thumbs.db < End of report > Z góry dziękuję za pomoc Pozdrawiam
Gość komentarz 26 kwietnia 2009 komentarz 26 kwietnia 2009 2009-04-26 11:25:22 | 00,107,157 | RHS- | C] () -- C:\eyt.exe[2009-04-25 09:48:51 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll[2009-04-25 07:39:04 | 00,106,749 | RHS- | C] () -- C:\npee.com[2009-04-25 07:39:04 | 00,000,053 | RHS- | C] () -- C:\autorun.inf[2009-04-25 07:38:38 | 00,107,157 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe[2009-04-25 07:38:38 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll Infekcja z pena, daj log z ComboFixa. .
consafo komentarz 26 kwietnia 2009 komentarz 26 kwietnia 2009 Co do plików ukrytych to masz robaczka "amvo". Combofix to usunie. bierz go
frazek komentarz 26 kwietnia 2009 Autor komentarz 26 kwietnia 2009 Log z ComboFixa: ComboFix 09-04-25.A3 - 1ny 2009-04-26 21:34.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1007.561 [GMT 2:00]Uruchomiony z: c:\documents and settings\1ny\Pulpit\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated).((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\pthreadGC2.dll.((((((((((((((((((((((((( Pliki utworzone od 2009-05-26 do 2009-4-26 ))))))))))))))))))))))))))))))).2009-04-26 19:01 . 2009-04-26 19:01 -------- d--h--w c:\windows\system32\GroupPolicy2009-04-20 11:35 . 2009-04-20 11:35 -------- d-----w c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\Mathsoft2009-04-20 11:27 . 2009-04-20 11:27 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Mathsoft2009-04-20 11:24 . 2009-04-20 11:24 -------- d-----w c:\program files\Mathcad2009-04-20 11:01 . 2004-08-22 14:31 5248 ----a-w c:\windows\system32\drivers\d347prt.sys2009-04-20 11:01 . 2004-08-22 14:31 155136 ----a-w c:\windows\system32\drivers\d347bus.sys2009-04-20 11:01 . 2009-04-20 11:01 -------- d-----w c:\program files\D-Tools2009-04-20 11:01 . 2009-04-20 11:01 -------- d-----w c:\windows\Downloaded Installations2009-04-17 17:31 . 2009-04-17 17:31 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Media Player Classic2009-04-11 19:56 . 2009-04-11 19:56 -------- d-----w c:\windows\Sun2009-04-11 19:39 . 2009-04-11 19:39 73728 ----a-w c:\windows\system32\javacpl.cpl2009-04-11 19:39 . 2009-04-11 19:39 410984 ----a-w c:\windows\system32\deploytk.dll2009-04-11 19:39 . 2009-04-11 19:39 -------- d-----w c:\program files\Java.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-25 13:00 . 2008-12-29 10:33 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\uTorrent2009-04-20 11:34 . 2008-12-25 16:34 101456 ----a-w c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-20 11:22 . 2001-10-26 18:15 80862 ----a-w c:\windows\system32\perfc015.dat2009-04-20 11:22 . 2001-10-26 18:15 461608 ----a-w c:\windows\system32\perfh015.dat2009-04-11 20:29 . 2009-04-11 20:28 -------- d-----w c:\program files\K-Lite Codec Pack2009-04-04 18:42 . 2008-12-29 10:21 -------- d-----w c:\program files\Gadu-Gadu2009-03-20 20:57 . 2009-03-20 20:57 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Nokia Multimedia Player2009-03-20 20:57 . 2009-03-20 20:57 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Nokia2009-03-20 20:57 . 2009-03-20 20:57 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Datalayer2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\PC Suite2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\program files\DIFX2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\program files\Common Files\Nokia2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\program files\Common Files\PCSuite2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\program files\Nokia2009-03-20 20:54 . 2009-03-20 20:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-03-20 20:53 . 2009-03-20 20:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-03-15 17:44 . 2009-03-15 17:42 -------- d-----w c:\documents and settings\1ny\Dane aplikacji\Winamp2009-03-15 17:44 . 2009-03-15 17:42 -------- d-----w c:\program files\Winamp2009-03-02 18:10 . 2009-04-11 20:28 67584 ----a-w c:\windows\system32\ff_vfw.dll2009-01-09 15:19 . 2009-01-09 15:19 128 ----a-w c:\documents and settings\1ny\Ustawienia lokalne\Dane aplikacji\fusioncache.dat2008-03-09 06:25 . 2008-12-30 21:53 236 ---ha-w c:\program files\Common Files\dx.reg.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2006-12-03 16:03 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2006-12-03 16:03 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-22 8495104]"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2008-01-22 49152]"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744]"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-22 1626112]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-12 16125440]"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-02-02 110592]"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-07-26 315392]"TFncKy"="TFncKy.exe" [bU]"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2007-05-24 716800][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]2006-12-03 15:50 90112 ----a-w c:\windows\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli psqlpwd[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\uTorrent\\uTorrent.exe"=R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]..------- Skan uzupełniający -------.IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\1ny\Dane aplikacji\Mozilla\Firefox\Profiles\lssp3n6r.default\FF - prefs.js: browser.startup.homepage - www.google.plFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-26 21:37Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1248)c:\windows\system32\psqlpwd.dllc:\program files\Protector Suite QL\homefus2.dllc:\program files\Protector Suite QL\infra.dllc:\program files\Protector Suite QL\homepass.dllc:\program files\Protector Suite QL\bio.dllc:\program files\Protector Suite QL\remote.dllc:\program files\Protector Suite QL\crypto.dll- - - - - - - > 'lsass.exe'(1304)c:\windows\system32\psqlpwd.dllc:\program files\Protector Suite QL\homefus2.dllc:\program files\Protector Suite QL\infra.dll- - - - - - - > 'explorer.exe'(3184)c:\windows\system32\nview.dllc:\program files\Protector Suite QL\farchns.dllc:\program files\Protector Suite QL\infra.dllc:\program files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllc:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\agrsmsvc.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\TODDSrv.exec:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\system32\wdfmgr.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\program files\Canon\CAL\CALMAIN.exec:\program files\Apoint2K\ApntEx.exec:\program files\Apoint2K\hidfind.exec:\program files\Protector Suite QL\psqltray.exec:\program files\Brother\ControlCenter3\BrccMCtl.exec:\program files\Brother\Brmfcmon\BrMfcMon.exec:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exec:\program files\Common Files\PCSuite\Services\ServiceLayer.exec:\windows\system32\wbem\wmiapsrv.exec:\windows\system32\wscntfy.exe.**************************************************************************.Czas ukończenia: 2009-04-26 21:39 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-04-26 19:39Przed: 27 830 894 592 bajtów wolnychPo: 27 751 084 032 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect182 Czekam na dalsze info...
Gość komentarz 27 kwietnia 2009 komentarz 27 kwietnia 2009 A to dziwne, ani ślady infekcji z pena. Przeskanuj ponownie Kasperskym on-line. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.