- Kod: Zaznacz wszystko
ComboFix 10-06-17.02 - GeoPC 2010-06-18 17:19:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1483 [GMT 2:00]
Uruchomiony z: c:\documents and settings\GeoPC\Pulpit\programy do sprawdz.logów\ComboFix.exe
AV: ArcaVir *On-access scanning enabled* (Updated) {430EE792-8EF9-4D8A-B486-78BBF686F0E1}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ArcaVir Firewall *enabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\GeoPC\Recent\bet-at-home.com.URL
.
((((((((((((((((((((((((( Pliki utworzone od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-18 15:10 . 2010-06-18 15:10 -------- d-----w- c:\windows\LastGood
2010-06-18 12:15 . 2010-06-18 12:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SEGA Corporation
2010-06-17 22:23 . 2010-06-17 22:23 -------- d-----w- c:\windows\system32\VIRepair
2010-06-17 22:23 . 2004-11-27 17:00 94208 ----a-w- c:\windows\system32\pskill.exe
2010-06-17 19:37 . 2010-06-17 19:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-17 19:19 . 2010-06-17 19:19 388096 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 19:19 . 2010-06-17 19:19 -------- d-----w- c:\program files\Trend Micro
2010-06-14 19:37 . 2010-06-18 15:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-06-12 10:43 . 2010-06-18 15:07 -------- d-----w- c:\program files\Odkurzacz
2010-06-12 10:43 . 2010-06-12 10:43 -------- d-----w- c:\program files\TGTSoft
2010-06-08 22:09 . 2010-06-08 22:09 -------- d-----w- c:\program files\Total Video Converter
2010-06-02 12:58 . 2010-06-08 22:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SEGA Corporation(2)
2010-05-30 20:36 . 2010-05-30 20:36 -------- d-----w- c:\program files\MOJOSOFT
2010-05-30 20:36 . 2010-05-30 20:36 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\mojosoft
2010-05-29 20:09 . 2010-05-29 20:09 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\BlackBean
2010-05-29 20:09 . 2010-05-29 20:09 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Simply Super Software
2010-05-29 12:11 . 2010-05-29 12:11 -------- d-----w- c:\documents and settings\GeoPC\Ustawienia lokalne\Dane aplikacji\Midway
2010-05-27 22:05 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-27 22:05 . 2010-05-29 20:10 -------- d-----w- c:\program files\PDFCreator
2010-05-27 22:05 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-27 22:05 . 2009-12-16 06:19 282624 ------w- c:\windows\system32\fppr332.dll
2010-05-27 22:05 . 2009-12-15 11:52 393216 ------w- c:\windows\system32\fppmon3.dll
2010-05-25 10:56 . 2010-05-25 10:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ArcaBit
2010-05-25 10:48 . 2010-05-25 10:48 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\ArcaBit
2010-05-25 10:43 . 2009-12-01 16:14 34384 ----a-w- c:\windows\system32\drivers\abndis.sys
2010-05-25 09:35 . 2010-03-02 00:28 3691384 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Simply Super Software\Trojan Remover\bem1.exe
2010-05-25 09:27 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-25 09:27 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-25 09:27 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-25 09:27 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-25 09:27 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-25 09:27 . 2010-05-29 20:09 -------- d-----w- c:\program files\Trojan Remover
2010-05-25 09:27 . 2010-05-25 09:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2010-05-25 00:51 . 2010-05-25 01:29 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Uniblue
2010-05-25 00:51 . 2010-06-08 22:11 -------- d-----w- c:\program files\Uniblue
2010-05-25 00:39 . 2010-05-25 00:39 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Thinstall
2010-05-24 11:18 . 2010-05-24 11:18 -------- d-----w- c:\program files\GameSpy
2010-05-24 10:52 . 2010-05-24 10:54 -------- dc-h--w- c:\windows\ie8
2010-05-23 22:22 . 2010-05-23 22:22 503808 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4efa2587-n\msvcp71.dll
2010-05-23 22:22 . 2010-05-23 22:22 499712 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4efa2587-n\jmc.dll
2010-05-23 22:22 . 2010-05-23 22:22 348160 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4efa2587-n\msvcr71.dll
2010-05-23 22:22 . 2010-05-23 22:22 61440 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-382baafe-n\decora-sse.dll
2010-05-23 22:22 . 2010-05-23 22:22 12800 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-382baafe-n\decora-d3d.dll
2010-05-23 19:01 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2010-05-23 19:01 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll
2010-05-23 19:01 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2010-05-23 19:01 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-05-23 19:01 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-05-23 18:48 . 2010-05-23 18:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2010-05-23 18:44 . 2010-05-23 19:03 178218 ----a-w- c:\windows\hpoins28.dat
2010-05-23 18:44 . 2008-07-01 04:02 796 ------w- c:\windows\hpomdl28.dat
2010-05-23 06:40 . 2010-05-23 06:40 341504 ----a-w- c:\windows\system32\yowindow.scr
2010-05-23 01:26 . 2010-06-08 22:52 -------- d-----w- c:\documents and settings\GeoPC\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
2010-05-23 01:25 . 2010-05-23 01:25 -------- d-----w- c:\documents and settings\GeoPC\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
2010-05-21 16:49 . 2010-05-21 16:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 15:07 . 2010-05-16 18:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-18 15:07 . 2010-05-12 01:19 -------- d-----w- c:\program files\Anti Trojan Elite
2010-06-18 15:07 . 2009-05-26 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2010-06-18 15:07 . 2009-05-14 17:16 -------- d-----w- c:\program files\AC3Filter
2010-06-18 15:04 . 2010-02-21 10:55 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\uTorrent
2010-06-18 13:40 . 2009-05-05 09:30 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\HPAppData
2010-06-17 20:39 . 2010-05-12 01:33 -------- d-----w- c:\program files\Spyware Doctor
2010-06-17 20:36 . 2009-05-04 21:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-17 20:34 . 2009-05-04 12:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 20:32 . 2009-10-09 10:41 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\Temp
2010-06-17 20:30 . 2009-09-22 08:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2010-06-17 20:27 . 2009-05-04 21:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-15 17:25 . 2009-05-26 16:09 -------- d-----w- c:\program files\MPlayer for Windows
2010-06-08 22:11 . 2010-05-18 15:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2010-05-31 07:43 . 2009-08-07 18:39 -------- d-----w- c:\program files\Ashampoo
2010-05-29 20:09 . 2009-05-04 14:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-28 19:14 . 2009-05-04 22:34 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-05-24 21:56 . 2009-11-26 02:43 -------- d-----w- c:\program files\iTunes
2010-05-23 19:02 . 2009-05-05 08:34 -------- d-----w- c:\program files\HP
2010-05-23 18:49 . 2009-05-05 08:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP
2010-05-21 16:48 . 2010-01-19 15:02 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-05-18 16:56 . 2010-04-21 21:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 16:38 . 2001-10-26 16:15 566792 ----a-w- c:\windows\system32\perfh015.dat
2010-05-18 16:38 . 2001-10-26 16:15 108920 ----a-w- c:\windows\system32\perfc015.dat
2010-05-18 16:32 . 2010-05-18 16:32 -------- d-----w- c:\program files\Microsoft.NET
2010-05-18 15:07 . 2010-05-18 15:07 -------- d-----w- c:\program files\Lotto Organizer
2010-05-17 19:59 . 2010-05-17 19:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3-D HUNTING 2010
2010-05-17 14:49 . 2010-05-16 19:00 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\ViSplore
2010-05-16 20:13 . 2010-05-12 22:34 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-16 20:13 . 2010-05-12 22:34 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-16 19:09 . 2010-05-16 19:00 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\ViGlance
2010-05-16 19:01 . 2010-05-16 19:00 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\ViStart
2010-05-16 19:00 . 2009-05-04 12:50 77664 ----a-w- c:\documents and settings\GeoPC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-05-16 18:11 . 2009-05-04 14:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-16 18:11 . 2010-05-15 17:50 -------- d-----w- c:\program files\Adobe Media Player
2010-05-16 18:10 . 2010-05-16 09:40 -------- d-----w- c:\program files\Spyware Terminator
2010-05-16 18:10 . 2010-05-16 14:17 -------- d-----w- c:\program files\Crawler
2010-05-16 18:10 . 2010-05-16 09:40 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Spyware Terminator
2010-05-16 18:10 . 2009-11-26 02:42 -------- d-----w- c:\program files\QuickTime
2010-05-16 18:10 . 2010-05-16 18:10 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\DivX
2010-05-16 18:10 . 2010-05-16 18:10 -------- d-----w- c:\program files\Xvid
2010-05-16 18:10 . 2009-05-19 20:36 -------- d-----w- c:\program files\DivX
2010-05-16 18:10 . 2010-05-16 18:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-16 18:10 . 2010-05-16 17:47 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-05-16 18:10 . 2009-05-12 16:21 -------- d-----w- c:\program files\ALLPlayer
2010-05-16 18:10 . 2010-05-16 17:55 -------- d-----w- c:\program files\K-Lite Codec Pack(2)
2010-05-16 18:10 . 2010-05-16 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DivX
2010-05-16 18:05 . 2010-05-16 18:03 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\DivX(2)
2010-05-15 19:17 . 2010-03-19 08:12 -------- d-----w- c:\program files\Super Internet TV
2010-05-15 19:13 . 2010-05-15 19:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\regid.1986-12.com.adobe
2010-05-15 17:48 . 2010-05-15 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-15 13:25 . 2010-05-15 13:25 -------- d-----w- c:\program files\Wondershare
2010-05-15 08:10 . 2009-05-04 20:59 -------- d-----w- c:\program files\uTorrent
2010-05-12 22:57 . 2010-05-12 22:57 8854 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-05-12 22:57 . 2010-05-12 22:57 45056 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-05-12 22:57 . 2010-05-12 22:57 45056 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\ARPPRODUCTICON.exe
2010-05-12 22:57 . 2010-05-12 22:57 3262 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-05-12 22:57 . 2010-05-12 22:57 -------- d-----w- c:\program files\GameShadow
2010-05-12 14:23 . 2010-05-12 14:23 4096 ----a-w- c:\windows\system32\02.tmp
2010-05-12 01:38 . 2010-05-12 01:38 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Real Desktop
2010-05-12 01:38 . 2010-05-12 01:18 -------- d-----w- c:\program files\Real Desktop
2010-05-11 23:23 . 2009-06-01 16:55 -------- d-----w- c:\program files\SopCast
2010-05-11 22:30 . 2009-05-26 15:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\RFA_Backups
2010-05-11 22:04 . 2009-12-23 15:04 -------- d-----w- c:\program files\ALLConverter
2010-05-09 15:01 . 2009-05-18 19:26 -------- d-----w- c:\program files\TVUPlayer
2010-05-09 15:00 . 2010-02-10 21:17 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\TVU networks
2010-05-08 08:28 . 2010-05-06 17:15 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\QuickStoresToolbar
2010-05-06 17:15 . 2010-05-06 17:15 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\JLC's Software
2010-05-06 17:15 . 2010-05-06 17:15 704248 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\QuickStoresToolbar\unins000.exe
2010-05-06 17:15 . 2010-05-06 17:15 -------- d-----w- c:\program files\JLC's Software
2010-05-06 13:54 . 2010-04-29 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 14:44 . 2010-05-05 14:26 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\ScanSpyware
2010-05-05 14:39 . 2009-11-30 20:23 -------- d-----w- c:\program files\Collage Maker 3.50
2010-05-05 14:36 . 2009-11-26 02:39 -------- d-----w- c:\program files\Common Files\Apple
2010-05-05 14:31 . 2010-02-03 15:53 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\vghd
2010-05-04 15:44 . 2010-05-04 15:44 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\SecuROM
2010-05-04 15:41 . 2010-05-04 15:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2010-05-03 11:44 . 2010-05-03 11:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KONAMI
2010-05-03 11:02 . 2009-05-19 20:37 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\BSplayer Pro
2010-04-30 22:40 . 2009-06-30 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 22:40 . 2010-04-30 22:40 503808 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-148331f0-n\msvcp71.dll
2010-04-30 22:40 . 2010-04-30 22:40 499712 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-148331f0-n\jmc.dll
2010-04-30 22:40 . 2010-04-30 22:40 348160 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-148331f0-n\msvcr71.dll
2010-04-30 22:40 . 2010-04-30 22:40 61440 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6af8f74a-n\decora-sse.dll
2010-04-30 22:40 . 2010-04-30 22:40 12800 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6af8f74a-n\decora-d3d.dll
2010-04-29 11:14 . 2010-04-29 11:14 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Malwarebytes
2010-04-29 11:13 . 2010-04-29 11:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-04-29 07:24 . 2010-03-03 14:49 439816 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Real\Update\setup3.10\setup.exe
2010-04-28 11:10 . 2010-04-28 10:23 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\ChomikBox
2010-04-25 10:52 . 2010-04-25 10:52 -------- d-----w- c:\program files\EA Sports
2010-04-25 08:08 . 2010-04-25 08:08 2439 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Out of the Park Developments\OOTP Baseball 11\config\uninstall_folders.bat
2010-04-25 08:08 . 2010-04-25 08:07 759877 ----a-w- c:\documents and settings\GeoPC\Dane aplikacji\Out of the Park Developments\OOTP Baseball 11\config\uninstall_files.bat
2010-04-25 08:05 . 2010-04-25 08:05 -------- d-----w- c:\program files\Common Files\eSellerate
2010-04-25 07:23 . 2010-04-25 07:23 -------- d-----w- c:\documents and settings\GeoPC\Dane aplikacji\Out of the Park Developments
2010-04-23 16:29 . 2009-05-04 12:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-21 21:31 . 2009-05-13 16:52 -------- d-----w- c:\program files\Java
2010-04-18 17:18 . 2010-04-18 17:18 10134 ----a-r- c:\documents and settings\GeoPC\Dane aplikacji\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-04-13 07:06 . 2010-05-16 20:13 782336 ----a-r- c:\windows\system32\tmp17.tmp
2009-10-25 13:47 . 2009-10-25 13:26 88 --sh--r- c:\windows\system32\C32B35E37F.sys
2009-11-12 20:21 . 2009-11-12 20:21 23 --sha-w- c:\windows\system32\edacded0.dat
2006-05-03 09:06 . 2009-11-28 02:34 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-03-02 17:08 . 2009-10-25 13:18 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2009-11-28 02:34 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-11-28 02:34 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2008-04-14 . 8CA14ECF04594EABBE93C9FF2E3CBFB1 . 2190336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . C643880DDD7B3CCE2103F2AE3B8E4F94 . 2199168 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-14 . F3F4AB43668CC50AA8C5595D3E4CBC2B . 1433600 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 . 4BBA965664FAA56B187C27F4CAD7E7C5 . 2067200 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-14 . D19209F2CA9E9742CBC2862EF3DAD271 . 2076032 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Gry\\Battlefield.Bad.Company.2. 2010 PL\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Gry\\Pro.Evolution.Soccer.2010-RELOADED\\Ekstraklasa patch 2010.exe"=
"d:\\Gry\\Left_4_Dead_2-\\Left 4 Dead 2\\left4dead2.exe"=
"d:\\Gry\\Pro.Evolution.Soccer.2010-RELOADED\\PRO2010.exe"=
"d:\\Gry\\Pro.Evolution.Soccer.2010-RELOADED\\pes2010.exe"=
"d:\\Gry\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4091:TCP"= 4091:TCP:kahqwr
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
R0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\drivers\FO_PAnt.sys [2009-10-26 89216]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/08 11:27];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 16:59 87536]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2010-05-12 9216]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-12-17 66944]
R3 ABndisMP;ABndisMP;c:\windows\system32\drivers\abndis.sys [2010-05-25 34384]
S1 DVDHlp;DVDHlp Driver;c:\windows\system32\drivers\DVDHlp.sys --> c:\windows\system32\drivers\DVDHlp.sys [?]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2009-05-05 5904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-04-18 90112]
S3 ABndis;ABndis Service;c:\windows\system32\drivers\abndis.sys [2010-05-25 34384]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\GeoPC\USTAWI~1\Temp\TRV1B.tmp --> c:\docume~1\GeoPC\USTAWI~1\Temp\TRV1B.tmp [?]
S3 oqlfvajp;oqlfvajp;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-04-18 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-04-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-04-18 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-04-18 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-04-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-04-18 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-04-18 109864]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-05 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2010-06-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-04 17:27]
2010-04-22 c:\windows\Tasks\GlaryUpdate.job
- c:\program files\Glary Utilities\webupdate.exe [2009-05-04 17:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{215940F1-E7E0-4801-BEE3-44D045534106} - c:\program files\Common Files\moje.js
IE: {{4F1DF60B-1BFF-4566-924B-9F24A974C910} - trenpl4ie_opcje.htm
IE: {{50C285B9-12A7-427B-B1B4-3BD810513848} - trenpl4ie_tlumaczenpl.htm
IE: {{860D2F9E-9D14-4D7C-A3C9-1B1B40C758F6} - trenpl4ie_tlumaczplen.htm
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
TCP: {27B68C8B-1CD0-403A-9AB4-6273D1FCEF77} = 77.242.226.226,77.242.226.251
FF - ProfilePath - c:\documents and settings\GeoPC\Dane aplikacji\Mozilla\Firefox\Profiles\1si9ddw2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\GameSpy\Comrade\npcomrade.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 17:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\GeoPC\USTAWI~1\Temp\TRV1B.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\oqlfvajp]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f7,73,34,93,e4,ed,fe,c6,cb,fa,0d,87,24,1a,57,1c,09,6e,43,92,26,
06,17,ef,39,20,53,07,c7,c3,16,b9,7f,0b,95,c6,e9,07,a4,6e,d6,28,a4,09,d3,d7,\
"rkeysecu"=hex:82,21,7f,a5,9d,e8,21,1c,6a,34,68,01,c5,3c,41,e5
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2010-06-18 17:25:00
ComboFix-quarantined-files.txt 2010-06-18 15:24
ComboFix2.txt 2010-06-17 23:10
ComboFix3.txt 2010-06-17 22:17
Przed: 12 042 334 208 bajtów wolnych
Po: 12 022 083 584 bajtów wolnych
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 3AF38C249858C787B327AD679C34C9F1
- Kod: Zaznacz wszystko
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-18 00:57:08
Windows 5.1.2600 Dodatek Service Pack 3
Running: dov8kpg6.exe; Driver: C:\DOCUME~1\GeoPC\USTAWI~1\Temp\kfxyqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.sfreloc˙˙˙˙sfsync04unknown last section [0xB7F66000, 0xBC8, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB7F66000, 0xBC8, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71D0380, 0x550AF5, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3E53300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB84A0300, 0x1BEE, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB3ABE000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB3AE1050]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0xE7 0x7F 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0x3E 0x0C 0x2E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1B 0xAD 0x49 0x06 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x74 0xFD 0xB3 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d69776d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0xE7 0x7F 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0x3E 0x0C 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x3D 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x74 0xFD 0xB3 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x48 0xE7 0x7F 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0x3E 0x0C 0x2E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0xBC 0x2A 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x74 0xFD 0xB3 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d69776d
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x11 0xC4 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000b0d69776d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x11 0xC4 0x8D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
Dodano Dzisiaj, 18:28:
za moment wyśle logi z OTL i Extras
Dodano Dzisiaj, 18:33:
Proszę o cierpliwość ponieważ muszę czekać za linkiem aktywacyjnym konto w http://wklej.org aby wkleić tam loga
Dodano Dzisiaj, 18:39:
Zamieszczam log OTL
http://wklej.org/hash/1c7f3b91f85/[url][/url]
log Extras
http://wklej.org/hash/a71e70fdade/[url][/url]
Dodano Dzisiaj, 18:47:
Przesyłam także logi DDS
http://wklej.org/id/352836/
oraz Attach
http://wklej.org/hash/109d86e900e/
Dodano Dzisiaj, 18:57:
Także przesyłam log HijackThis
http://wklej.org/hash/36b65767aa0/
Dodano Dzisiaj, 19:11:
Pomoże ktoś??? Może źle coś zrobiłem???
