Aby ponownie zainstalować sterowniki dla tego urządzenia, kliknij przycisk Zainstaluj ponownie sterownik."
W szczegółach zaś jest identyfikator wystąpienia urządzenia: "ROOT\LEGACY_NPF\0000"
Co się dzieje.
* Po kazdym restarcie coś otwierało mi jeden port widoczny w wwdc, zrobiłem skan combofixem, program zrebootował komputer i oto log:
- Kod: Zaznacz wszystko
ComboFix 07-11-08.1 - TT 2007-11-15 16:51:52.9 - [color=red][b]FAT32[/b][/color]x86
Running from: E:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 16:38 <DIR> d--hs---- C:\FOUND.076
2007-11-14 23:47 <DIR> d--hs---- C:\FOUND.075
2007-11-14 14:52 <DIR> d--hs---- C:\FOUND.074
2007-11-12 15:00 <DIR> d--hs---- C:\FOUND.073
2007-11-06 19:59 <DIR> d-------- C:\Program Files\FDRLab
2007-11-01 15:39 <DIR> d--hs---- C:\FOUND.072
2007-10-31 00:42 <DIR> d--hs---- C:\FOUND.071
2007-10-30 23:23 <DIR> d--hs---- C:\FOUND.070
2007-10-28 23:40 <DIR> d--hs---- C:\FOUND.069
2007-10-28 19:15 <DIR> d--hs---- C:\FOUND.068
2007-10-27 15:10 <DIR> d-------- C:\!KillBox
2007-10-26 19:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-26 19:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-10-26 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-10-26 19:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-10-26 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-10-26 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-10-26 19:17 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-26 19:17 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-10-26 18:30 <DIR> d--hs---- C:\FOUND.067
2007-10-25 23:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 22:53 1,758 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-25 18:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-25 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-24 20:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-24 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 11:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-15 11:36 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-14 22:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-10 12:15 --------- d--h--r C:\Documents and Settings\AfgaN\Dane aplikacji\SecuROM
2007-10-10 11:45 --------- d-----w C:\Documents and Settings\AfgaN\Dane aplikacji\Ventrilo
2007-10-09 19:38 --------- d-----w C:\Program Files\WinHarp95
2007-10-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\RFA_Backups
2007-10-07 22:51 --------- d-----w C:\Program Files\7-Zip
2007-10-07 22:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ConeXware
2007-10-03 12:23 --------- d-----w C:\Documents and Settings\AfgaN\Dane aplikacji\MEGAUPLOADTOOLBAR
2007-09-21 23:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-21 23:46 --------- d--h--r C:\Documents and Settings\TT\Dane aplikacji\SecuROM
2007-09-21 23:38 --------- d-----w C:\Documents and Settings\TT\Dane aplikacji\InstallShield
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-11-18 19:56 492,896 ----a-w C:\Documents and Settings\TT\Install.exe
2006-01-31 13:48 14,976 ----a-w C:\Documents and Settings\TT\Device.dat
2005-08-18 18:48:26 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-08-18 18:48:26 56 --sh--r C:\WINDOWS\system32\7A835BE76D.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-14_18.21.50006 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-11-15 15:54:26 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34]
"nwiz"="nwiz.exe" [2005-05-12 00:34 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TT^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\TT\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo FireWall]
"C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"D:\Programy\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"d:\gry\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 16:54:57
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 16:56:06 - machine was rebooted
C:\ComboFix3.txt ... 2007-11-04 01:17
C:\ComboFix2.txt ... 2007-11-14 18:22
.
--- E O F ---
Po restarcie informacja o nowym urządzeniu już się nie pokazała, wydaje mi się że był jakiś robak i combofix go załatwił.
