od paru dni próbuje zagrać w CoDa4 ale za każdym razem gdy wchodzę na jakiś serwer PB wywala mi po jakimś czasie taki error:
Z góry mowie że nie używam żadnych cheatów itp.
załączam również logi:
HiJackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:52, on 2009-05-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Program Files\foobar2000\foobar2000.exe
D:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Curse\CurseClient.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8555 bytes
ComboFix
- Kod: Zaznacz wszystko
ComboFix 09-05-26.05 - Sp4wN 2009-05-27 18:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2654 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Sp4wN\Pulpit\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sp4wN\Dane aplikacji\EurekaLog
c:\documents and settings\Sp4wN\Dane aplikacji\inst.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-27 do 2009-05-27 )))))))))))))))))))))))))))))))
.
2009-05-25 14:16 . 2009-05-25 14:16 -------- d-----w c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\PunkBuster
2009-05-24 16:34 . 2009-05-24 16:34 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\TeamViewer
2009-05-24 16:33 . 2009-05-24 16:33 -------- d-----w c:\documents and settings\Sp4wN\temp
2009-05-24 11:52 . 2009-05-24 11:53 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-24 11:52 . 2009-05-24 11:52 -------- d-----w c:\program files\Common Files\Nokia
2009-05-24 11:52 . 2009-05-24 11:52 -------- d-----w c:\program files\Nokia
2009-05-24 11:41 . 2009-05-24 11:41 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nokia
2009-05-24 11:30 . 2009-05-24 11:30 -------- d-----w c:\program files\MSXML 6.0
2009-05-24 11:22 . 2008-04-13 22:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-24 11:22 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-05-22 14:56 . 2009-05-24 12:36 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\Nokia
2009-05-22 14:56 . 2009-05-24 11:22 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\PC Suite
2009-05-22 14:56 . 2009-05-24 11:22 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-05-22 14:56 . 2009-05-22 14:56 -------- d-----w c:\program files\DIFX
2009-05-22 14:56 . 2008-08-26 07:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-05-22 14:56 . 2009-05-22 14:56 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-22 14:55 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-22 14:55 . 2008-09-15 05:56 8064 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-22 14:55 . 2008-09-15 05:56 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-22 14:55 . 2008-09-15 05:56 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-22 14:55 . 2008-09-15 05:56 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-05-22 14:55 . 2008-09-15 05:29 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-22 14:55 . 2008-09-15 05:56 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-22 14:55 . 2009-05-24 11:46 34040128 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe
2009-05-22 14:55 . 2009-05-22 14:55 8192 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-22 14:55 . 2009-05-22 14:55 61440 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-22 14:55 . 2009-05-22 14:55 10240 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-22 14:55 . 2009-05-24 11:52 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations
2009-05-21 21:15 . 2009-05-21 21:15 -------- d-----w c:\program files\Common Files\Skype
2009-05-21 16:24 . 2008-07-02 07:36 819200 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Mozilla\Firefox\Profiles\ran4krzm.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
2009-05-19 13:24 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-17 21:09 . 2009-05-17 21:09 -------- d-----w c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Real
2009-05-10 12:34 . 2009-05-10 12:34 349184 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-05-10 12:34 . 2009-05-10 12:34 79872 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe
2009-05-10 12:34 . 2009-05-10 12:34 541696 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaUpdater.exe
2009-05-10 12:34 . 2009-05-10 12:34 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk
2009-05-05 11:53 . 2009-05-05 11:53 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\Samsung
2009-05-05 11:53 . 2006-05-03 20:53 174592 ----a-w c:\windows\system32\framedyn.dll
2009-05-05 11:52 . 2009-05-05 11:52 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-05-05 11:52 . 2007-05-02 09:11 15112 ----a-w c:\windows\system32\drivers\ss_mdfl.sys
2009-05-05 11:52 . 2007-05-02 09:11 12424 ----a-w c:\windows\system32\drivers\ss_whnt.sys
2009-05-05 11:52 . 2007-05-02 09:11 12424 ----a-w c:\windows\system32\drivers\ss_wh.sys
2009-05-05 11:52 . 2007-05-02 09:11 109704 ----a-w c:\windows\system32\drivers\ss_mdm.sys
2009-05-05 11:52 . 2007-05-02 09:11 83592 ----a-w c:\windows\system32\drivers\ss_bus.sys
2009-05-05 11:52 . 2007-05-02 09:11 12424 ----a-w c:\windows\system32\drivers\ss_cmnt.sys
2009-05-05 11:52 . 2007-05-02 09:11 12424 ----a-w c:\windows\system32\drivers\ss_cm.sys
2009-05-05 11:51 . 2006-07-24 14:05 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-05-05 08:38 . 2009-05-05 08:40 -------- d-----w c:\program files\ARCHPR
2009-05-05 06:46 . 2005-10-23 16:22 55168 ------w c:\windows\system32\drivers\sdcplh.sys
2009-05-04 14:58 . 2009-05-04 14:58 98304 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\nxgameeu.dll
2009-05-04 14:58 . 2009-05-04 14:58 81920 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
2009-05-04 14:58 . 2009-05-04 14:58 331776 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMResource.dll
2009-05-04 14:58 . 2009-05-04 14:58 258352 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\unicows.dll
2009-05-04 14:58 . 2009-05-04 14:58 532480 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMDll.dll
2009-05-04 14:58 . 2009-05-04 14:58 155648 ----a-w c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe
2009-05-04 14:58 . 2009-05-04 14:58 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NexonEU
2009-05-03 18:08 . 2009-05-27 16:21 -------- d-----w c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\CurseClient
2009-05-03 15:09 . 2009-05-03 15:09 -------- d-----w C:\Nexon
2009-05-03 15:09 . 2009-05-04 12:43 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-05-03 10:20 . 2009-05-03 10:20 -------- d-----w c:\documents and settings\Gość
2009-04-30 16:17 . 2009-04-30 16:17 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard
2009-04-30 15:21 . 2009-04-30 15:45 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-29 01:00 . 2009-04-29 01:00 -------- d-----w c:\windows\system32\KB905474
2009-04-29 01:00 . 2009-03-10 20:26 1436544 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-29 01:00 . 2009-03-10 20:18 455048 ----a-w c:\windows\system32\KB905474\wgasetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 16:48 . 2008-11-23 19:56 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\foobar2000
2009-05-27 16:34 . 2008-11-20 16:03 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-27 16:33 . 2008-11-20 16:02 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-27 14:27 . 2008-11-17 18:08 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\uTorrent
2009-05-26 19:06 . 2008-11-20 16:02 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-26 17:59 . 2008-11-16 22:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-26 17:45 . 2008-11-20 16:03 22328 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\PnkBstrK.sys
2009-05-26 17:45 . 2008-11-20 16:03 22328 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\PnkBstrK.sys
2009-05-25 15:55 . 2009-02-02 18:33 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\Tlen.pl
2009-05-24 17:39 . 2009-02-20 11:53 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\FileZilla
2009-05-24 11:22 . 2009-05-24 11:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-24 11:22 . 2009-05-24 11:22 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-21 21:20 . 2008-11-30 11:25 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\Skype
2009-05-21 21:15 . 2008-11-30 11:24 -------- d-----r c:\program files\Skype
2009-05-21 21:15 . 2008-11-30 11:24 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-05-21 21:09 . 2008-11-30 11:31 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\skypePM
2009-05-05 11:49 . 2008-11-21 22:59 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 20:15 . 2009-01-17 19:45 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\Ventrilo
2009-04-19 09:37 . 2009-04-19 09:37 -------- d-----w c:\program files\IrfanView
2009-04-14 21:26 . 2008-11-24 20:06 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\teamspeak2
2009-04-14 18:43 . 2009-02-08 21:18 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-11 23:18 . 2009-04-11 23:12 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\POPWWPROFILES
2009-04-07 08:03 . 2009-04-07 08:03 -------- d-----w c:\program files\Ubisoft
2009-04-07 07:48 . 2009-04-07 07:48 57344 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\5b902232-2be24f68-n\Decora-SSE.dll
2009-04-07 07:48 . 2009-04-07 07:48 24064 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7126218b-n\Decora-D3D.dll
2009-04-07 07:48 . 2009-04-07 07:48 315392 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-474b5821-n\jogl.dll
2009-04-07 07:48 . 2009-04-07 07:48 20480 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-474b5821-n\jogl_awt.dll
2009-04-07 07:48 . 2009-04-07 07:48 114688 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-474b5821-n\jogl_cg.dll
2009-04-07 07:48 . 2009-04-07 07:48 20480 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\45\4f710eed-466fe89b-n\gluegen-rt.dll
2009-04-07 07:48 . 2009-04-07 07:48 499712 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-3133f016-n\msvcp71.dll
2009-04-07 07:48 . 2009-04-07 07:48 499712 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-3133f016-n\jmc.dll
2009-04-07 07:48 . 2009-04-07 07:48 348160 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-3133f016-n\msvcr71.dll
2009-04-07 07:47 . 2008-12-03 10:35 -------- d-----w c:\program files\Java
2009-04-07 07:47 . 2001-10-26 16:15 74450 ----a-w c:\windows\system32\perfc015.dat
2009-04-07 07:47 . 2001-10-26 16:15 448348 ----a-w c:\windows\system32\perfh015.dat
2009-04-07 07:47 . 2009-04-07 07:47 152576 ----a-w c:\documents and settings\Sp4wN\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-06 17:14 . 2009-04-04 11:25 -------- d-----w c:\program files\Neostrada TP
2009-04-05 12:21 . 2009-04-05 12:21 -------- d-----w c:\documents and settings\Sp4wN\Dane aplikacji\SPORE
2009-04-04 11:35 . 2009-04-04 11:35 -------- d-----w c:\program files\Wanadoo
2009-03-17 15:17 . 2008-11-16 22:36 98488 ----a-w c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-09 03:19 . 2008-12-03 10:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2008-04-14 20:50 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2008-03-01 14:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 08:29 . 2009-03-01 08:29 0 ----a-w c:\windows\PowerReg.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-11-30 133104]
"SansaDispatch"="c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-10 79872]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-09-16 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-06-26 380928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-12-10 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\Sp4wN\Menu Start\Programy\Autostart\
PowerReg Scheduler V3.exe [2009-3-1 225280]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 434176]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\steamapps\\kenny528\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"d:\\Program Files\\Red Faction\\RedFaction.exe"=
"d:\\Program Files\\Red Faction\\rf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"d:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"d:\combat arms eu\CombatArms.exe"= d:\combat arms eu\CombatArms.exe:*Enabled:CombatArms.exe
"d:\combat arms eu\Engine.exe"= d:\combat arms eu\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\TightVNC\\vncviewer.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-19 38448]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-24 150568]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-09-21 468224]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-17 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-17 36864]
S3 c32f1e6a-fc0b-4ea1-bc53-f6c536e31d71;c32f1e6a-fc0b-4ea1-bc53-f6c536e31d71;\??\e:\player\cds300.dll --> e:\player\cds300.dll [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - PNKBSTRK
*Deregistered* - PnkBstrK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Zawartość folderu 'Zaplanowane zadania'
2009-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1801674531-682003330-1003.job
- c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-30 10:22]
2009-05-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
SafeBoot-procexp90.Sys
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sp4wN\Dane aplikacji\Mozilla\Firefox\Profiles\ran4krzm.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Sp4wN\Dane aplikacji\Mozilla\Firefox\Profiles\ran4krzm.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\documents and settings\Sp4wN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPSOLITAIRE.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 18:56
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Sp4wN\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe?2000%2526%26content-actions%3d%26??n?k?.?????????????p0??????????&expected-license-usag
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1202660629-1801674531-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,79,1e,c8,ba,88,a0,2a,f3,0c,0c,1d,8b,c9,60,89,8a,a6,fd,59,be,f4,7b,
31,14,67,32,c0,b9,bc,3c,10,fd,85,28,0e,ef,b7,f0,45,0e,23,f8,4f,5d,d6,7e,b5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1202660629-1801674531-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:50,e0,7e,11,db,95,02,56,c0,7e,7e,ba,70,48,1f,45,7a,ee,62,14,47,
47,ca,67,0b,ed,84,98,8a,86,f2,5f,34,c2,f8,b7,b5,18,b8,23,2e,12,ee,29,b0,7d,\
"rkeysecu"=hex:6f,c7,aa,ae,4a,6b,55,22,ca,95,1e,38,7a,ee,14,8c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,3f,19,ad,a6,77,
0b,4d,28,e2,63,26,f1,3f,c8,ff,68,c9,d4,3f,ee,7c,d0,ae,f3,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c4,9c,cf,23,72,
b4,86,00,6a,9c,d6,61,af,45,84,18,bc,f8,8b,ed,16,3c,c2,79,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,04,e5,7d,13,99,
15,86,29,ff,7c,85,e0,43,d4,0e,fe,be,ed,11,5b,26,57,d5,c0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,1f,47,08,32,f3,
87,36,16,86,8c,21,01,be,91,eb,e7,f0,40,d3,c1,7d,98,5b,81,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,be,ae,36,d4,34,
c3,0c,b1,f5,1d,4d,73,a8,13,5c,05,44,a5,db,5c,6d,9e,ab,4a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d1,e0,f6,fd,47,
b9,d4,4a,df,20,58,62,78,6b,cf,c8,63,d9,1e,44,77,4a,60,46,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c1,d1,76,5f,9b,
69,fb,e3,fb,a7,78,e6,12,2f,9a,ea,aa,6e,26,ae,cd,76,9c,dd,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,be,e9,0a,e6,87,
6b,1b,c9,01,3a,48,fc,e8,04,4a,f1,93,8e,0d,21,1f,6d,33,2f,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,bb,4b,6f,4c,0b,
a1,b6,57,f6,0f,4e,58,98,5b,89,c9,9c,c6,8b,79,af,99,6d,f1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,29,1b,39,e9,22,
65,62,2d,3d,ce,ea,26,2d,45,aa,78,81,6b,ea,44,ef,49,7d,b3,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,78,a0,0c,a6,bb,
96,53,9f,2a,b7,cc,b5,b9,7f,41,e7,ad,bf,56,3a,ea,ce,a4,06,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,98,44,8b,47,cf,
7e,ae,84,6c,43,2d,1e,aa,22,2f,9c,01,5c,d0,47,cb,97,df,da,6c,43,2d,1e,aa,22,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-05-27 18:57
ComboFix-quarantined-files.txt 2009-05-27 16:57
Przed: 9 419 022 336 bajtów wolnych
Po: 10 222 157 824 bajtów wolnych
329 --- E O F --- 2009-05-15 19:45
Co może być nie tak?