Comodo antyvir wykrywa dziwny plik

**Posty:** 124 · przez **j3zz** 14 Gru 2009, 14:11

Witam

Wczoraj zaczęło się dziać coś dziwnego. Co 5-10 minut o ile komputer jest połączony z internetem, Comodo wywala takie oto okienko :

Żeby było śmieszniej plik xxxx.temp za każdym razem ma inną nazwę.

Przeskanowałem svhost.exe polecanym przez Was skanerem ze strony virscan.org ale nic nie wykrył. Proszę o sugestie co można z tym fantem zrobić.

**Posty:** 2183 · przez **NieWiem** 14 Gru 2009, 14:38

Pobierz program TFC
Zamknij wszystkie otwarte programy - inaczej TFC zrobi to za Ciebie
Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
Kliknij przycisk Start
Czyszczenie lokalizacji tymczasowych może chwilę potrwać (ale znowu bez przesady), uzbrój się w cierpliwość.
Jeśli padnie prośba o restart - zgódź się.

Plus pokaż logi z OTL:

Pobierz aplikację OTL i zapisz ją na pulpicie.
Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
Gdy pojawi sie okno, skonfiguruj go następująco:
- Zaznacz opcje LOP Check i Purity Check
- Zaznacz opcje Scan All Users.
- Upewnij się, że w okienku Extra Registry jest zaznaczone Use Safelist.
Upewnij się, że wszystkie pozostałe okna są zamknięte i pozwól mu pracować bez zakłóceń - nie stukaj w klawiaturę, nie ruszaj myszką.
Kliknij Run Scan i poczekaj cierpliwie aż program wykona swoje.
Kiedy skanowanie sie skończy, pojawią sie 2 okna notatnika, zatytułowane OTL.txt i Extras.txt. Będą one zapisane w tym samym miejscu, co aplikacja OTL.
Skopiuj (Edycja => Zaznacz wszystko, Edycja => Kopiuj) zawartość tych plików i wklej na http://www.wklej.org lub w poście w tagach [code].

Autor postu otrzymał pochwałę

**Posty:** 124 · przez **j3zz** 14 Gru 2009, 15:59

Więc tak :

TFC zadziałał, przy końcówce "czyszczenia" okno alertu antyvira otworzyło się kilka razy z rzędu, nie żądał restartu komputera. Jednak po ponowmym uruchomieniu explorera oczywiście alert znowu wyskoczył.

Wklejam logi z OTL :

Kod: Zaznacz wszystko: OTL logfile created on: 14/12/2009 13:43:22 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\j3zz\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 57.65% Memory free 3.75 Gb Paging File | 2.93 Gb Available in Paging File | 78.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 14.65 Gb Total Space | 2.68 Gb Free Space | 18.28% Space Free | Partition Type: NTFS Drive D: | 82.48 Gb Total Space | 2.37 Gb Free Space | 2.87% Space Free | Partition Type: NTFS Drive E: | 14.66 Gb Total Space | 7.46 Gb Free Space | 50.88% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 524.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: J3ZZ-PC Current User Name: j3zz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/12/14 13:41:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\j3zz\Desktop\OTL.exe PRC - [2009/11/26 01:07:47 | 01,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2009/11/26 01:07:36 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2009/08/03 05:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 01:14:24 | 00,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe PRC - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009/12/14 13:41:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\j3zz\Desktop\OTL.exe MOD - [2009/11/26 01:08:16 | 00,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll MOD - [2009/07/14 01:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 01:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 01:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/14 01:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 01:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/14 01:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 01:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 01:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 01:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 01:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/14 01:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/11/26 01:07:36 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2009/07/14 01:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 01:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 01:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 01:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 01:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 01:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 01:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 01:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 01:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 01:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 01:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 01:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 01:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 01:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 01:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 01:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 01:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/14 01:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 01:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/03/06 10:52:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2007/07/20 11:29:28 | 00,274,432 | ---- | M] (WEBZEN) [Auto | Stopped] -- D:\Download\-=Firefox=-\WZItemShopServer\WZItemShopServer\WZItemShopServer.exe -- (WZItemShopServer) SRV - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009/11/26 01:09:08 | 00,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2009/11/26 01:08:14 | 00,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2009/11/26 01:08:14 | 00,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009/10/25 23:17:12 | 00,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/07/14 01:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/14 01:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/14 01:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/14 01:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/14 01:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/14 01:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/14 01:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/14 01:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/14 01:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/14 01:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/14 01:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/14 01:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/14 01:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/14 01:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/14 01:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/14 01:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/14 01:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/07/14 01:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/14 01:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/14 01:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/14 01:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/14 01:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/14 01:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/14 01:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/14 01:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/14 01:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/14 01:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/14 01:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/14 01:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/14 01:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/14 01:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/14 01:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/14 01:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/14 01:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/14 01:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/14 01:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/14 01:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/14 01:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/14 01:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/14 01:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/14 01:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/14 01:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/14 01:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/14 00:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/14 00:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/14 00:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 23:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 23:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 23:53:36 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\loop.sys -- (msloop) DRV - [2009/07/13 23:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 23:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 23:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 23:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 23:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 23:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 23:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 23:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 23:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 23:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 23:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 23:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 23:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 23:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009/07/13 23:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 23:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 22:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 22:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 22:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 22:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 22:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 22:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 22:13:46 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92) DRV - [2009/07/13 22:13:45 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac) DRV - [2009/07/13 22:13:45 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA) DRV - [2009/07/13 22:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 22:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 22:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/07/13 20:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2009/04/20 14:38:54 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2009/03/06 10:52:00 | 07,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/06/27 00:40:18 | 00,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187) DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/03/03 04:10:44 | 00,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/07/10 05:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/20 02:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007/06/20 02:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007/06/20 02:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007/05/03 17:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/04/20 03:12:58 | 00,102,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007/02/16 22:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006/06/18 14:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2442085166-4172260138-1712270699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2442085166-4172260138-1712270699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2442085166-4172260138-1712270699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 42 7B CA 3E 52 CA 01 [binary data] IE - HKU\S-1-5-21-2442085166-4172260138-1712270699-1000\S-1-5-21-2442085166-4172260138-1712270699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6 FF - prefs.js..extensions.enabledItems: pl@dictionaries.addons.mozilla.org:1.0.20091103 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 23:30:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/22 20:53:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/21 19:30:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/21 11:35:04 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Mozilla\Extensions [2009/12/14 11:22:01 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions [2009/10/23 14:15:22 | 00,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} [2009/12/12 20:28:08 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/28 23:54:28 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/10/26 09:18:38 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009/12/01 19:04:03 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Mozilla\Firefox\Profiles\n0kow97k.default\extensions\pl@dictionaries.addons.mozilla.org [2009/12/14 11:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/08/24 19:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/08/24 19:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/08/24 19:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/08/24 19:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-2442085166-4172260138-1712270699-1000..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\j3zz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5 208.67.222.222 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009/12/14 13:41:52 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\j3zz\Desktop\OTL.exe [2009/12/14 11:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue [2009/12/14 11:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/12/14 11:00:26 | 00,000,000 | ---D | C] -- C:\Windows\pss [2009/12/13 12:00:30 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Roaming\runic games [2009/12/13 12:00:24 | 00,103,672 | ---- | C] (Valve Corporation) -- C:\Windows\System32\steam_api.dll [2009/12/13 12:00:21 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll [2009/12/13 12:00:21 | 00,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll [2009/12/13 12:00:18 | 02,454,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cg.dll [2009/12/13 11:58:23 | 00,373,904 | ---- | C] (Firelight Technologies) -- C:\Windows\System32\fmodex.dll [2009/12/07 20:45:09 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2009/12/07 20:45:09 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2009/12/07 20:45:09 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2009/12/07 20:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2009/12/07 20:24:09 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer [2009/12/07 00:07:09 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Roaming\FileZilla [2009/12/07 00:07:00 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2009/12/04 18:58:04 | 00,000,000 | ---D | C] -- C:\Users\j3zz\Desktop\muweb [2009/12/03 02:09:28 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Roaming\OpenOffice.org [2009/12/03 02:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\JRE [2009/12/03 02:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2009/12/03 02:06:59 | 00,000,000 | ---D | C] -- C:\Users\j3zz\Desktop\OpenOffice.org 3.1 (en-US) Installation Files [2009/12/03 01:06:54 | 00,129,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx [2009/12/03 01:06:53 | 01,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm50.dll [2009/12/03 01:06:48 | 00,192,569 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrpjt40.dll [2009/12/03 01:06:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdt2fw95.dll [2009/12/03 01:06:30 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntwdblib.dll [2009/12/03 01:06:28 | 00,376,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdo20.dll [2009/12/03 01:06:28 | 00,097,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdocurs.dll [2009/12/03 01:06:27 | 00,032,830 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmsshrn.dll [2009/12/03 01:06:27 | 00,028,734 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmslpcn.dll [2009/12/03 01:05:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2009/12/03 01:03:22 | 00,000,000 | ---D | C] -- C:\SQLEVAL [2009/12/03 01:00:36 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/12/03 01:00:36 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/12/03 01:00:36 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/12/03 00:30:08 | 00,000,000 | ---D | C] -- C:\xampp [2009/12/01 23:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\directx [2009/11/29 21:54:30 | 00,000,000 | ---D | C] -- C:\Users\j3zz\Documents\Zombie Shooter 2 Saves [2009/11/29 20:57:51 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule [2009/11/29 20:57:40 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Local\eMule [2009/11/29 20:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\eMule [2009/11/29 13:34:12 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Roaming\Leadertech [2009/11/27 00:57:51 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Local\COMODO [2009/11/27 00:51:50 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2009/11/26 00:58:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009/11/22 22:01:40 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Local\Yahoo [2009/11/22 22:01:39 | 00,000,000 | ---D | C] -- C:\Users\j3zz\AppData\Roaming\Yahoo! [2009/11/22 21:54:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2009/11/22 21:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2009/11/22 21:52:02 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2009/11/22 21:20:01 | 00,000,000 | ---D | C] -- C:\Program Files\Evermotion [2009/11/22 20:53:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009/11/22 20:52:53 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/11/22 18:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2009/11/19 10:30:56 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2009/11/19 10:30:55 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2009/11/19 10:30:55 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2009/11/19 10:30:50 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2009/11/19 10:30:49 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2009/11/19 10:30:49 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2009/11/19 10:30:49 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2009/11/19 10:30:48 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2009/11/19 10:30:48 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2009/11/19 10:30:47 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2009/11/19 10:30:47 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2009/11/19 10:30:46 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2009/11/16 19:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip [2009/11/15 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\Comical [2009/10/21 16:30:42 | 01,213,952 | ---- | C] (Karol Winnicki) -- C:\Program Files\BESTplayer.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009/12/14 13:47:15 | 01,835,008 | -HS- | M] () -- C:\Users\j3zz\ntuser.dat [2009/12/14 13:43:10 | 01,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2009/12/14 13:41:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\j3zz\Desktop\OTL.exe [2009/12/14 13:41:04 | 01,514,098 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/12/14 13:41:04 | 00,683,418 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2009/12/14 13:41:04 | 00,603,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/12/14 13:41:04 | 00,129,762 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2009/12/14 13:41:04 | 00,103,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/12/14 11:47:49 | 00,001,083 | ---- | M] () -- C:\Users\j3zz\Desktop\ProcessScanner.lnk [2009/12/14 11:45:55 | 00,261,313 | ---- | M] () -- C:\Users\j3zz\Desktop\wtf.jpg [2009/12/14 11:20:58 | 00,000,130 | ---- | M] () -- C:\Windows\cfplogvw.INI [2009/12/14 11:14:45 | 00,001,835 | ---- | M] () -- C:\Users\j3zz\Desktop\CCleaner.lnk [2009/12/14 11:08:07 | 02,479,536 | -H-- | M] () -- C:\Users\j3zz\AppData\Local\IconCache.db [2009/12/14 10:41:48 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/14 10:41:48 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/14 10:33:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/14 10:33:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/12/14 10:33:20 | 15,088,55808 | -HS- | M] () -- C:\hiberfil.sys [2009/12/13 12:36:13 | 00,002,048 | -H-- | M] () -- C:\Users\j3zz\Documents\Default.rdp [2009/12/13 11:48:48 | 00,494,876 | ---- | M] () -- C:\Users\j3zz\Desktop\haxx.jpg [2009/12/10 19:08:04 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2009/12/09 12:10:12 | 00,309,880 | ---- | M] () -- C:\Users\j3zz\Desktop\drakelv.jpg [2009/12/09 09:18:11 | 00,284,402 | ---- | M] () -- C:\Users\j3zz\Desktop\1099252426412.gif [2009/12/06 10:40:48 | 00,000,079 | ---- | M] () -- C:\Windows\HEDIT.INI [2009/12/04 17:37:46 | 00,174,660 | ---- | M] () -- C:\Users\j3zz\Desktop\fuuu.png [2009/12/03 09:40:12 | 00,068,256 | ---- | M] () -- C:\Users\j3zz\AppData\Local\GDIPFONTCACHEV1.DAT [2009/12/03 08:41:55 | 00,296,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/12/03 01:29:57 | 00,000,202 | ---- | M] () -- C:\Windows\ODBC.INI [2009/12/03 01:07:55 | 00,001,263 | ---- | M] () -- C:\Windows\setup.iss [2009/12/03 01:07:53 | 00,001,744 | ---- | M] () -- C:\Windows\sql.mif [2009/12/03 01:07:52 | 00,002,211 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2009/12/01 16:51:20 | 00,791,409 | ---- | M] () -- C:\Users\j3zz\Documents\SCFMT Source.rar [2009/12/01 16:48:01 | 00,000,020 | -H-- | M] () -- C:\Users\j3zz\Documents\SCFMT Source.rar.sha [2009/11/30 19:33:46 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2009/11/29 13:24:44 | 00,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat [2009/11/28 20:36:59 | 00,117,953 | ---- | M] () -- C:\Users\j3zz\Desktop\Gzyms 002.jpg [2009/11/27 14:04:44 | 00,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2009/11/27 00:01:33 | 00,007,648 | ---- | M] () -- C:\Users\j3zz\AppData\Local\Resmon.ResmonCfg [2009/11/26 01:09:08 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys [2009/11/26 01:08:16 | 00,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2009/11/26 01:08:14 | 00,128,376 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys [2009/11/26 01:08:14 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009/12/14 11:47:49 | 00,001,083 | ---- | C] () -- C:\Users\j3zz\Desktop\ProcessScanner.lnk [2009/12/14 11:45:54 | 00,261,313 | ---- | C] () -- C:\Users\j3zz\Desktop\wtf.jpg [2009/12/14 11:20:58 | 00,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI [2009/12/14 11:14:45 | 00,001,835 | ---- | C] () -- C:\Users\j3zz\Desktop\CCleaner.lnk [2009/12/13 12:00:23 | 00,593,552 | ---- | C] () -- C:\Windows\System32\RenderSystem_GL.dll [2009/12/13 12:00:23 | 00,437,904 | ---- | C] () -- C:\Windows\System32\ReferenceAppLayer.dll [2009/12/13 12:00:23 | 00,400,528 | ---- | C] () -- C:\Windows\System32\RenderSystem_Direct3D9.dll [2009/12/13 12:00:23 | 00,108,688 | ---- | C] () -- C:\Windows\System32\Plugin_ParticleFX.dll [2009/12/13 12:00:22 | 00,247,440 | ---- | C] () -- C:\Windows\System32\Plugin_OctreeSceneManager.dll [2009/12/13 12:00:22 | 00,085,648 | ---- | C] () -- C:\Windows\System32\OIS.dll [2009/12/13 12:00:22 | 00,051,344 | ---- | C] () -- C:\Windows\System32\Plugin_CgProgramManager.dll [2009/12/13 12:00:21 | 00,069,776 | ---- | C] () -- C:\Windows\System32\OgreGUIRenderer.dll [2009/12/13 12:00:17 | 01,778,832 | ---- | C] () -- C:\Windows\System32\CEGUIBase.dll [2009/12/13 12:00:17 | 00,131,216 | ---- | C] () -- C:\Windows\System32\CEGUIFalagardWRBase.dll [2009/12/13 12:00:17 | 00,109,200 | ---- | C] () -- C:\Windows\System32\CEGUIExpatParser.dll [2009/12/13 11:59:55 | 00,960,144 | ---- | C] () -- C:\Windows\System32\ParticleUniverse.dll [2009/12/13 11:58:03 | 05,671,056 | ---- | C] () -- C:\Windows\System32\OgreMain.dll [2009/12/13 11:48:47 | 00,494,876 | ---- | C] () -- C:\Users\j3zz\Desktop\haxx.jpg [2009/12/10 19:08:04 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2009/12/09 12:10:11 | 00,309,880 | ---- | C] () -- C:\Users\j3zz\Desktop\drakelv.jpg [2009/12/09 09:18:10 | 00,284,402 | ---- | C] () -- C:\Users\j3zz\Desktop\1099252426412.gif [2009/12/07 20:45:11 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/12/07 20:45:10 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2009/12/07 20:45:10 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/12/07 20:45:08 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/12/07 20:45:08 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/12/07 20:45:06 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/12/07 20:45:06 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/12/06 10:58:31 | 00,000,719 | ---- | C] () -- C:\Users\j3zz\Desktop\GameServerjpn.lnk [2009/12/06 10:40:48 | 00,000,079 | ---- | C] () -- C:\Windows\HEDIT.INI [2009/12/04 17:37:46 | 00,174,660 | ---- | C] () -- C:\Users\j3zz\Desktop\fuuu.png [2009/12/03 01:28:31 | 00,000,202 | ---- | C] () -- C:\Windows\ODBC.INI [2009/12/03 01:07:53 | 00,001,744 | ---- | C] () -- C:\Windows\sql.mif [2009/12/03 01:07:52 | 00,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2009/12/03 01:06:47 | 00,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe [2009/12/03 01:04:59 | 00,001,263 | ---- | C] () -- C:\Windows\setup.iss [2009/12/01 16:48:01 | 00,791,409 | ---- | C] () -- C:\Users\j3zz\Documents\SCFMT Source.rar [2009/12/01 16:48:01 | 00,000,020 | -H-- | C] () -- C:\Users\j3zz\Documents\SCFMT Source.rar.sha [2009/11/30 19:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009/11/29 13:24:44 | 00,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2009/11/28 20:36:52 | 00,117,953 | ---- | C] () -- C:\Users\j3zz\Desktop\Gzyms 002.jpg [2009/11/27 10:17:55 | 01,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2009/10/31 08:49:41 | 00,000,091 | ---- | C] () -- C:\Windows\CIV.INI [2009/10/21 12:54:54 | 00,007,648 | ---- | C] () -- C:\Users\j3zz\AppData\Local\Resmon.ResmonCfg [2009/07/13 23:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/04/20 03:12:58 | 00,102,696 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys [2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [1996/04/03 19:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2009/12/13 03:21:57 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\BESTplayer [2009/12/07 00:12:43 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\FileZilla [2009/10/21 16:16:31 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Gadu-Gadu [2009/10/25 19:17:05 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\GHISLER [2009/10/23 19:41:07 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\ImgBurn [2009/11/29 13:34:12 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Leadertech [2009/12/03 02:09:28 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\OpenOffice.org [2009/10/24 00:30:56 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Opera [2009/12/13 12:00:30 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\runic games [2009/10/21 19:30:24 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\Thunderbird [2009/12/13 03:46:34 | 00,000,000 | ---D | M] -- C:\Users\j3zz\AppData\Roaming\uTorrent [2009/07/14 04:53:46 | 00,012,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras (wklejam z "wklejarki", niestety miałem za dużo znaków w wiadomości) : http://www.wklej.org/hash/f0b94a0741/

**Posty:** 18165 · przez **wojtas** 14 Gru 2009, 20:25

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu

Autor postu otrzymał pochwałę

**Posty:** 124 · przez **j3zz** 20 Gru 2009, 17:03

Żeby nie było, że "zrobiłem i zapomniałem" . Przeszło "samo" jakoś ... To był tzw. FP (false positive) czy jak to się tam fachowo nazywa. Proces wywoływała aplikacja odpowiedzialna na touch pad'a w laptopie, po updacie sterowników z windows update. Niemniej jednak dziękuję za wskazówki i jednocześnie kilka przydatnych linków. Temat do zamknięcia.

Comodo antyvir wykrywa dziwny plik - svchost.exe

Comodo antyvir wykrywa dziwny plik - svchost.exe

Comodo antyvir wykrywa dziwny plik

Comodo antyvir wykrywa dziwny plik - svchost.exe

Comodo antyvir wykrywa dziwny plik - svchost.exe

Kto jest na forum