Witam
Walczę już z tym trzy dni i bez rezultatów.Formatowałem dysk wielokrotnie,ale to nic nie pomaga.
Proszę o pomoc mądrzejszych
ComboFix 09-02-05.01 - Administrator 2009-02-06 7:40:57.7 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.386 [GMT 1:00]
Uruchomiony z: e:\comboFix.exe
AV: PC Tools AntiVirus 5.0.0.16 *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\services.exe
d:\windows\system32\9.tmp
d:\windows\system32\D.tmp
d:\windows\system32\drivers\protect.sys
d:\windows\system32\idaw64.exe
. . . jest zainfekowany!!
. . . jest zainfekowany!!
. . . jest zainfekowany!!
. . . jest zainfekowany!!
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PROTECT
-------\Service_Passthru
-------\Service_protect
((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 )))))))))))))))))))))))))))))))
.
2009-02-06 07:44 . 2009-02-06 07:44 2,693 --------- d:\windows\system32\D.tmp
2009-02-06 07:40 . 2009-02-06 07:40 27,513 --a------ d:\windows\system32\37.tmp
2009-02-06 07:40 . 2009-02-06 07:40 168 --a------ d:\windows\system32\35.tmp
2009-02-06 07:32 . 2009-02-06 07:32 3,584 --a------ d:\windows\nttmfvsf.exe
2009-02-06 07:32 . 2009-02-06 07:32 1,748 --a------ d:\windows\system32\netsf.inf
2009-02-06 07:32 . 2009-02-06 07:32 695 --a------ d:\windows\system32\netsf_m.inf
2009-02-06 07:31 . 2009-02-06 07:31 67,585 --a------ d:\windows\system32\36.tmp
2009-02-06 07:28 . 2009-02-06 07:31 162,756 --a------ d:\windows\system32\28.tmp
2009-02-06 07:28 . 2009-02-06 07:28 168 --a------ d:\windows\system32\E.tmp
2009-02-06 00:44 . 2009-02-06 00:44 106,310 --a------ d:\windows\system32\32.tmp
2009-02-06 00:44 . 2009-02-06 00:44 67,585 --a------ d:\windows\system32\31.tmp
2009-02-06 00:43 . 2003-07-17 09:10 7,040 -ra------ d:\windows\system32\ntsim.sys.bak
2009-02-06 00:43 . 2009-02-06 00:43 3,584 --a------ d:\windows\bnfpfgkq.exe
2009-02-06 00:33 . 2009-02-06 00:33
2009-02-05 23:55 . 2009-02-05 23:55
2009-02-05 22:47 . 2009-02-05 22:47 32,768 --ah----- d:\documents and settings\Czarek\nwflcbb.exe
2009-02-05 22:47 . 2009-02-05 22:50 15,833 --a------ d:\windows\system32\34.tmp
2009-02-05 22:47 . 2009-02-05 22:47 168 --a------ d:\windows\system32\33.tmp
2009-02-05 22:46 . 2009-02-05 22:46 67,585 --a------ d:\windows\system32\30.tmp
2009-02-05 21:42 . 2009-02-05 21:43 110,080 --a------ d:\windows\system32\2E.tmp
2009-02-05 21:42 . 2009-02-05 21:42 67,585 --a------ d:\windows\system32\2B.tmp
2009-02-05 21:35 . 2009-02-05 21:35 11,776 --ah----- d:\documents and settings\Administrator\smfba.exe
2009-02-05 21:34 . 2009-02-05 21:34 67,585 --a------ d:\windows\system32\2F.tmp
2009-02-05 21:34 . 2009-02-05 21:34 168 --a------ d:\windows\system32\2C.tmp
2009-02-05 21:34 . 2009-02-05 21:34 0 --a------ d:\windows\system32\2D.tmp
2009-02-05 21:33 . 2009-02-05 21:35 49,413 --a------ d:\windows\system32\2A.tmp
2009-02-05 21:33 . 2009-02-05 21:33 168 --a------ d:\windows\system32\29.tmp
2009-02-05 21:32 . 2009-02-05 21:35 61,093 --a------ d:\windows\system32\27.tmp
2009-02-05 21:32 . 2009-02-05 21:32 168 --a------ d:\windows\system32\26.tmp
2009-02-05 19:17 . 2009-02-06 07:32 137,408 --a------ d:\windows\system32\drivers\ethypcgf.sys
2009-02-05 19:17 . 2009-02-05 19:17 67,585 --a------ d:\windows\system32\22.tmp
2009-02-05 19:17 . 2009-02-05 19:17 23,553 --a------ d:\windows\system32\21.tmp
2009-02-05 19:09 . 2009-02-05 19:09 168 --a------ d:\windows\system32\B.tmp
2009-02-05 17:45 . 2009-02-05 17:45 67,585 --a------ d:\windows\system32\25.tmp
2009-02-05 17:45 . 2009-02-05 17:45 32,768 --ah----- d:\documents and settings\Czarek\cdwersy.exe
2009-02-05 17:45 . 2009-02-05 17:45 23,553 --a------ d:\windows\system32\24.tmp
2009-02-05 17:45 . 2009-02-05 17:45 124 --a------ d:\windows\system32\23.tmp
2009-02-05 17:44 . 2009-02-05 17:44 32,768 --ah----- d:\documents and settings\Czarek\oisukj.exe
2009-02-05 17:07 . 2009-02-05 17:07 32,768 --ah----- d:\documents and settings\Administrator\dqfawjr.exe
2009-02-05 17:07 . 2009-02-05 17:07 124 --a------ d:\windows\system32\A.tmp
2009-02-05 17:04 . 2009-02-05 17:04 67,585 --a------ d:\windows\system32\20.tmp
2009-02-05 17:04 . 2009-02-05 17:04 32,768 --ah----- d:\documents and settings\Czarek\ameux.exe
2009-02-05 17:04 . 2009-02-05 17:04 23,553 --a------ d:\windows\system32\1F.tmp
2009-02-05 17:04 . 2009-02-05 17:04 124 --a------ d:\windows\system32\1E.tmp
2009-02-05 17:03 . 2009-02-05 17:03 32,768 --ah----- d:\documents and settings\Czarek\ibbytf.exe
2009-02-05 15:49 . 2009-02-06 07:34 2,433,056 --ahs---- d:\windows\system32\drivers\fidbox.dat
2009-02-05 15:49 . 2009-02-06 07:34 18,164 --ahs---- d:\windows\system32\drivers\fidbox.idx
2009-02-05 15:48 . 2009-02-05 16:41
2009-02-05 15:33 . 2009-02-05 15:33 67,585 --a------ d:\windows\system32\1D.tmp
2009-02-05 15:33 . 2009-02-05 15:33 39,937 --a------ d:\windows\system32\1C.tmp
2009-02-05 15:33 . 2009-02-05 15:33 124 --a------ d:\windows\system32\1B.tmp
2009-02-05 15:29 . 2009-02-05 15:29 39,937 --a------ d:\windows\system32\19.tmp
2009-02-05 15:29 . 2009-02-05 15:29 124 --a------ d:\windows\system32\17.tmp
2009-02-05 15:29 . 2009-02-05 15:29 0 --a------ d:\windows\system32\1A.tmp
2009-02-05 15:26 . 2009-02-05 15:26 67,585 --a------ d:\windows\system32\18.tmp
2009-02-05 15:26 . 2009-02-05 15:26 32,768 --ah----- d:\documents and settings\Administrator\sxaf.exe
2009-02-05 15:26 . 2009-02-05 15:26 124 --a------ d:\windows\system32\13.tmp
2009-02-05 15:02 . 2009-02-05 15:02 20,480 --ahs---- d:\windows\system32\7z.dll
2009-02-05 14:48 . 2009-02-05 14:48 67,585 --a------ d:\windows\system32\16.tmp
2009-02-05 14:48 . 2009-02-05 14:48 23,553 --a------ d:\windows\system32\15.tmp
2009-02-05 14:48 . 2009-02-05 14:48 168 --a------ d:\windows\system32\12.tmp
2009-02-05 14:36 . 2009-02-05 14:36 67,585 --a------ d:\windows\system32\14.tmp
2009-02-05 14:36 . 2009-02-05 14:36 168 --a------ d:\windows\system32\10.tmp
2009-02-05 14:32 . 2009-02-05 14:32 67,585 --a------ d:\windows\system32\11.tmp
2009-02-05 14:32 . 2009-02-05 14:32 128 --a------ d:\windows\system32\F.tmp
2009-02-05 13:06 . 2009-02-05 13:06 128 --a------ d:\windows\system32\C.tmp
2009-02-05 13:06 . 2009-02-05 15:28 81 --a-s---- d:\windows\system32\2949561164.dat
2009-02-05 12:45 . 2009-02-05 12:49
2009-02-05 11:14 . 2009-02-05 11:14
2009-02-05 11:13 . 2009-02-06 07:43
2009-02-05 11:13 . 2009-02-05 11:14
2009-02-05 11:13 . 2007-12-06 15:51 28,568 --a------ d:\windows\system32\drivers\AVHook.sys
2009-02-05 11:13 . 2007-12-06 15:51 21,912 --a------ d:\windows\system32\drivers\AVRec.sys
2009-02-05 11:13 . 2008-02-12 10:44 21,904 --a------ d:\windows\system32\drivers\AVFilter.sys
2009-02-05 11:02 . 2009-02-05 11:02
2009-02-05 11:02 . 2009-02-05 11:02
2009-02-05 10:58 . 2009-02-05 10:58 128 --a------ d:\windows\system32\8.tmp
2009-02-05 10:37 . 2009-02-05 19:08 130 --a------ d:\windows\adobe.bat
2009-02-05 10:37 . 2009-02-05 10:37 128 --a------ d:\windows\system32\6.tmp
2009-02-05 10:37 . 2009-02-05 10:52 5 --a------ d:\windows_id.dat
2009-02-05 07:18 . 2009-02-05 07:18
2009-02-05 07:18 . 2009-02-05 07:18
2009-02-05 07:15 . 2009-02-05 07:15 32,768 --ah----- d:\documents and settings\Czarek\drf.exe
2009-02-05 07:15 . 2009-02-05 07:15 44 --a------ d:\windows\system32\4.tmp
2009-02-05 07:01 . 33,920 d:\windows\system32\drivers\xgabqikj.sys
2009-02-05 07:01 . 2009-02-05 07:01 32,768 --ah----- d:\documents and settings\Czarek\xcnc.exe
2009-02-05 07:01 . 2009-02-05 07:01 44 --a------ d:\windows\system32\7.tmp
2009-02-05 07:00 . 66,560 d:\windows\system32\secupdat.dat
2009-02-05 07:00 . 53,248 d:\windows\system32\drivers\ndisio.sys
2009-02-05 07:00 . 2009-02-05 07:00 32,768 --ah----- d:\documents and settings\Czarek\ndho.exe
2009-02-05 07:00 . 2009-02-05 07:00 616 --a------ d:\windows\system32\5.tmp
2009-02-05 06:59 . 2009-02-05 06:59 44 --a------ d:\windows\system32\3.tmp
2009-02-05 06:55 . 2009-02-05 06:55
2009-02-05 06:50 . 2009-02-05 07:17
2009-02-05 06:50 . 2009-02-05 06:57
2009-02-05 06:48 . 2009-02-05 23:36
2009-02-05 06:48 . 2009-02-04 13:37
2009-02-05 06:48 . 2009-02-04 12:46
2009-02-05 06:48 . 2009-02-05 17:27
2009-02-05 06:48 . 2009-02-05 17:24
2009-02-05 06:48 . 2009-02-04 13:37
2009-02-05 06:48 . 2009-02-05 06:55
2009-02-05 06:48 . 2009-02-05 21:35
2009-02-05 01:29 . 2009-02-05 01:29 19 --a------ d:\windows\SC.ini
2009-02-05 01:28 . 2009-02-05 01:28
2009-02-05 00:06 . 2009-02-05 01:18
2009-02-05 00:05 . 2009-02-06 00:02
2009-02-05 00:05 . 2009-02-05 15:42 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-02-05 00:03 . 2009-02-06 00:42
2009-02-05 00:02 . 2009-02-05 00:02
2009-02-05 00:02 . 2009-02-05 00:02
2009-02-05 00:01 . 2009-02-05 00:02
2009-02-04 23:30 . 2009-02-04 23:30
2009-02-04 23:30 . 2009-02-04 23:30
2009-02-04 23:30 . 2009-02-04 23:30
2009-02-04 23:28 . 2009-02-04 23:28
2009-02-04 23:14 . 2004-08-04 00:35 327,040 --------- d:\windows\system32\drivers\ati2mtaa.sys
2009-02-04 14:25 . 2009-02-04 23:30
2009-02-04 14:25 . 2008-10-16 21:33 6,066,176 -----c— d:\windows\system32\dllcache\ieframe.dll
2009-02-04 14:25 . 2007-04-17 10:32 2,455,488 -----c— d:\windows\system32\dllcache\ieapfltr.dat
2009-02-04 14:25 . 2007-03-08 06:11 1,036,288 -----c— d:\windows\system32\dllcache\ieframe.dll.mui
2009-02-04 14:25 . 2008-10-16 21:33 459,264 -----c— d:\windows\system32\dllcache\msfeeds.dll
2009-02-04 14:25 . 2008-10-16 21:33 383,488 -----c— d:\windows\system32\dllcache\ieapfltr.dll
2009-02-04 14:25 . 2008-10-16 21:33 267,776 -----c— d:\windows\system32\dllcache\iertutil.dll
2009-02-04 14:25 . 2008-10-16 21:33 63,488 -----c— d:\windows\system32\dllcache\icardie.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 06:44 --------- d—a-w d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-04 14:30 --------- d-----w d:\program files\WinFast
2009-02-04 13:17 --------- d–h--w d:\program files\InstallShield Installation Information
2009-02-04 12:59 --------- d-----w d:\program files\Common Files\Ulead Systems
2009-02-04 12:56 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Ulead Systems
2009-02-04 12:44 --------- d-----w d:\program files\Leadtek Research Inc
2009-02-04 12:44 --------- d-----w d:\documents and settings\Czarek\Dane aplikacji\InstallShield
2009-02-04 12:42 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-04 12:31 --------- d-----w d:\program files\VIA
2009-02-04 12:29 --------- d-----w d:\program files\C-Media 3D Audio
2009-02-04 12:08 --------- d-----w d:\program files\Common Files\PC Tools
2009-02-04 11:50 --------- d-----w d:\program files\microsoft frontpage
2009-02-04 11:48 --------- d-----w d:\program files\Usługi online
2008-12-11 10:57 333,952 ----a-w d:\windows\system32\drivers\srv.sys
2001-11-23 04:08 712,704 ----a-w d:\windows\inf\OTHER\AUDIO3D.DLL
.
------- Sigcheck -------
2004-08-03 23:44 31744 01817a20ddae775b432785d0aacfa79f d:\windows$NtServicePackUninstall$\svchost.exe
2008-04-14 18:21 31744 8279ba2d8141cdcc5b099735ae5deafd d:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 18:21 31744 184fb5f9447c8768d21f7d9c5185e26b d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\svchost.exe
2008-04-14 18:21 31744 efc842994cb8397f6f89d9603bb2e7e0 d:\windows\system32\svchost.exe
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 d:\windows$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d d:\windows$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e d:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 d:\windows$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 d:\windows$NtUninstallKB951748$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c d:\windows$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 d:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 d:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp2gdr\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 d:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp2qfe\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d d:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3gdr\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e d:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3qfe\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\tcpip.sys
2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 d:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 d:\windows\system32\drivers\tcpip.sys
2008-04-14 18:21 1052672 768247aa27d4817b274efee6ae745cdb d:\windows\explorer.exe
2004-08-03 23:44 1051136 103e7add24cd3ca6bdd53071730d1313 d:\windows$NtServicePackUninstall$\explorer.exe
2008-04-14 18:21 1052672 85fe54a1cb25ead42f28f5b93bcf8e64 d:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 18:21 1052672 5923d409cafeae03564fa8d4dc91d8ea d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\explorer.exe
2004-08-03 23:44 32768 8aef7807568464e23ff39189d8df174c d:\windows$NtServicePackUninstall$\ctfmon.exe
2008-04-14 18:21 32768 9112e8f2870bf5e68aadf911c0849782 d:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 18:21 32768 1289ca98af4dd141d84dfc617de689cf d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe
2008-04-14 18:21 32768 5b8817a6e07c458842ce3e1e0f23472e d:\windows\system32\ctfmon.exe
2004-08-03 23:44 75264 78e2f7464b40cd65f2e37905decca06c d:\windows$NtServicePackUninstall$\spoolsv.exe
2008-04-14 18:21 75264 4e2457f320ff0a575df7604647191a9f d:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 18:21 75264 1be3647c3c069bb57354cb83c230cac1 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\spoolsv.exe
2008-04-14 18:21 75264 ebf763af06057dc4297e93a71fa4d0e8 d:\windows\system32\spoolsv.exe
2004-08-03 23:44 42496 d98192c81aca4cbe8e3b8c35c0ef2828 d:\windows$NtServicePackUninstall$\userinit.exe
2008-04-14 18:21 44032 f38acf4fd657fdc7e9ab6bb8ad03dcd1 d:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 18:21 44032 37c47e870a49d3e84903e440ac8095e7 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe
2008-04-14 18:21 44032 83a39c0a03be3df87b0d466db77fc8b0 d:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“d:\windows\system32\ctfmon.exe” [2008-04-14 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PCTAVApp”=“d:\program files\PC Tools AntiVirus\PCTAV.exe” [2008-08-12 1259408]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“d:\windows\system32\CTFMON.EXE” [2008-04-14 32768]
“bnfpfgkq.exe”=“d:\windows\bnfpfgkq.exe” [2009-02-06 3584]
“nttmfvsf.exe”=“d:\windows\nttmfvsf.exe” [2009-02-06 3584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“d:\windows\explorer.exe,”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xgabqikj.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“d:\Program Files\Skype\Phone\Skype.exe”=
R0 xgabqikj;xgabqikj;d:\windows\system32\Drivers\xgabqikj.sys --> d:\windows\system32\Drivers\xgabqikj.sys [?]
R2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [2009-02-04 59776]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [2009-02-04 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [2009-02-04 9600]
S1 ethypcgf;ethypcgf;d:\windows\system32\drivers\ethypcgf.sys [2009-02-05 137408]
— Inne Usługi/Sterowniki w Pamięci —
*Deregistered* - mchInjDrv
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/pl/antivirus/fre … CHIPSEP08/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 07:43:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
skanowanie ukrytych procesów …
d:\documents and settings\Czarek\ymkhsf.exe [17104] 0x81C21458
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\protect]
“ImagePath”=“System32\drivers\protect.sys”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(796)
-
-
-
-
-
d:\program files\PC Tools AntiVirus\PCTAVHook.dll
-
-
-
-
-
-
- > ‘lsass.exe’(852)
-
-
-
-
-
d:\program files\PC Tools AntiVirus\PCTAVHook.dll
-
-
-
-
-
-
- > ‘csrss.exe’(772)
-
-
-
-
-
d:\program files\PC Tools AntiVirus\PCTAVHook.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\program files\PC Tools AntiVirus\PCTAVSvc.exe
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\windres.exe
d:\windows\services.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-06 7:46:52 - komputer został uruchomiony ponownie [Czarek]
ComboFix-quarantined-files.txt 2009-02-06 06:46:47
Przed: 18,263,162,880 bajtów wolnych
Po: 17,722,036,224 bajtów wolnych
278 — E O F — 2009-02-05 09:54:53
