http://oczyszczaczkomputerza.com/

Niemiec · 24 Kwietnia 2008

nie wiem jakim cudem, ale zalapalme http://oczyszczaczkomputerza.com/

pojawily mi sie tez dwie nowe dll'ki w autostarcie:

pybcdhaf i sbxbhnow

wczesniej usunalem jeszcze 2 dwie dll:

anaurlvb.dll i hhcmxmrx.dll

Log hijack

Spoiler! Kliknij w poniższy kontener by otworzyć.

log

rosLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:05:49, on 2008-04-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

C:\Program Files\WinFast\WFDTV\WFWIZ.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Kamil\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=w3cache.ols.vectranet.pl:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [symantec PIF alertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\alertEng.dll"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe

O4 - HKLM\..\Run: [bM1f8dc4fd] Rundll32.exe "C:\WINDOWS\system32\pybcdhaf.dll",s

O4 - HKLM\..\Run: [1cbef761] rundll32.exe "C:\WINDOWS\system32\sbxbhnoe.dll",b

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://mks.com.pl

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189552198531

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189552181359

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.casper.pl/msrdp.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {CB8E6DE7-DEF3-41AB-9772-9E6584722F07} (DrvInstall Class) - http://www.casper.pl/DrvInstObj.cab

O16 - DPF: {E3F7811E-BBE8-4C75-B576-43601C6230A8} (CivToOp Control) - http://www.casper.pl/CivToOp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--

End of file - 10106 bytes

log silent runners

Spoiler! Kliknij w poniższy kontener by otworzyć.

log

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" [file not found]

"DAEMON Tools Pro Agent" = ""C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]

"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]

"ATITool" = ""C:\Program Files\ATITool\ATITool.exe" -s" ["http://atitool.techpowerup.com"]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"Symantec PIF alertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\alertEng.dll"" ["Symantec Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]

"WinFastDTV" = "C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" ["Leadtek Research Inc."]

"WinFast Schedule" = "C:\Program Files\WinFast\WFDTV\WFWIZ.exe" ["Leadtek Research Inc."]

"BM1f8dc4fd" = "Rundll32.exe "C:\WINDOWS\system32\pybcdhaf.dll",s" [MS]

"1cbef761" = "rundll32.exe "C:\WINDOWS\system32\sbxbhnoe.dll",b" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"]

{32F05659-3AF7-48BB-B161-1D78F3152BED}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\urqqonn.dll" [null data]

{5A954051-291C-444A-8FB5-C1A3CB5BABF8}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\vturq.dll" [file not found]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "IeCatch2 Class"

\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]

{BB06C7F6-7ED2-4F72-836D-009C2C6AC3CA}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnnm.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

Edytowane 24 Kwietnia 2008 przez Niemiec

Kolobos · 25 Kwietnia 2008

Daj log z combofix.

Niemiec · 25 Kwietnia 2008

Daj log z combofix.

prosze bardzo:

Spoiler! Kliknij w poniższy kontener by otworzyć.

log

ComboFix 08-04-24.1 - Kamil 2008-04-25 15:26:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1384 [GMT 2:00]

Running from: C:\Documents and Settings\Kamil\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\cbxxyvu.dll

C:\WINDOWS\system32\eonhbxbs.ini

C:\WINDOWS\system32\kernel.dll

C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\mnnmp.ini2

C:\WINDOWS\system32\pmnnm.dll

C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\prutv.ini2

C:\WINDOWS\system32\pybcdhaf.dll

C:\WINDOWS\system32\qrutv.ini

C:\WINDOWS\system32\qrutv.ini2

C:\WINDOWS\system32\sbxbhnoe.dll

C:\WINDOWS\system32\urqqonn.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))

.

2008-04-25 15:31 . 2008-04-25 15:31 <DIR> d-------- C:\temp\WPDNSE

2008-04-25 15:31 . 2008-04-25 15:31 53,248 --a------ C:\temp\catchme.dll

2008-04-25 15:28 . 2008-04-25 15:31 <DIR> d-------- C:\temp

2008-04-24 10:31 . 2008-04-24 10:32 145 --a------ C:\WINDOWS\wininit.ini

2008-04-24 10:17 . 2008-04-24 22:23 <DIR> d-------- C:\Program Files\a-squared Free

2008-04-24 10:06 . 2008-04-24 10:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-24 10:06 . 2008-04-24 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-04-24 08:59 . 2008-04-24 08:59 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-24 08:59 . 2008-04-24 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-24 08:45 . 2008-04-24 08:48 1,504,798 ---hs---- C:\WINDOWS\system32\bvlruana.ini

2008-04-24 03:53 . 2008-04-24 03:53 1,540,617 ---hs---- C:\WINDOWS\system32\kqkxmrrm.ini

2008-04-23 03:53 . 2008-04-23 03:53 1,540,617 ---hs---- C:\WINDOWS\system32\aonedimh.ini

2008-04-23 03:50 . 2008-04-25 11:08 109,756 --a------ C:\WINDOWS\BM1f8dc4fd.xml

2008-04-19 23:55 . 2008-04-25 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania

2008-04-11 13:21 . 2008-04-11 13:21 <DIR> d-------- C:\Program Files\Combined Community Codec Pack

2008-04-06 20:22 . 2007-03-20 11:37 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll

2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-04-06 20:18 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-04-06 20:18 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-04-06 20:18 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-25 13:31 --------- d-----w C:\Program Files\cFosSpeed

2008-04-25 13:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-25 13:23 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-04-25 13:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-04-24 20:59 --------- d-----w C:\Program Files\Steam

2008-04-24 20:42 --------- d-----w C:\Program Files\Opera

2008-04-24 20:05 --------- d-----w C:\Program Files\FlashGet

2008-04-24 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-24 06:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-24 06:54 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Lavasoft

2008-04-21 00:18 --------- d-----w C:\Program Files\SpeedFan

2008-04-11 11:16 --------- d-----w C:\Program Files\WinFast

2008-04-11 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\PC Suite

2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Nokia

2008-04-06 18:18 --------- d-----w C:\Program Files\Nokia

2008-04-06 18:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations

2008-03-28 01:21 --------- d-----w C:\Program Files\DAEMON Tools Pro

2008-03-23 20:14 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Creative

2008-03-23 00:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative

2008-03-14 22:41 --------- d-----w C:\Program Files\Gadu-Gadu

2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-02-25 08:45 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys

2008-02-25 08:45 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys

2008-02-25 08:44 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys

2008-02-25 08:44 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys

2008-02-25 08:44 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys

2008-02-25 08:44 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys

2008-02-25 08:44 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys

2008-02-25 08:44 1,172,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys

2008-02-25 08:43 524,312 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys

2008-02-25 08:43 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys

2008-02-25 08:43 346,856 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys

2008-02-25 08:43 18,840 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS

2008-02-25 08:43 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys

2008-02-25 08:43 1,372,568 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS

2008-02-25 08:43 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS

2008-02-20 19:59 11,776 ----a-w C:\WINDOWS\INRES.DLL

2008-02-20 19:58 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL

2008-02-20 19:58 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL

2008-01-27 18:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2006-11-22 23:58 1 ----a-w C:\Documents and Settings\Kamil\SI.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A954051-291C-444A-8FB5-C1A3CB5BABF8}]

C:\WINDOWS\system32\vturq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2005-12-09 18:22 712704]

"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-02-26 22:03 2695680]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 18:17 8527872]

"nwiz"="nwiz.exe" [2007-10-25 18:17 1626112 C:\WINDOWS\system32\nwiz.exe]

"Symantec PIF alertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 18:17 81920]

"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOWS\system32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-08-10 16:28 90112]

"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 18:09 409600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqonn]

urqqonn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przypominacz.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przypominacz.lnk

backup=C:\WINDOWS\pss\Przypominacz.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1cbef761]

C:\WINDOWS\system32\anaurlvb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1f8dc4fd]

C:\WINDOWS\system32\hhcmxmrx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]

C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2004-11-30 12:36 1945600 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online]

C:\Program Files\VS Online\VSOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"HASPSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"D:\\gry\\GTL\\GTL.exe"=

"C:\\TOTALCMD\\Totalcmd.exe"=

"D:\\gry\\FlatOut2\\FlatOut2.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"D:\\gry\\GTR2\\GTR2.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"D:\\gry\\rFactor\\rFactor.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\msncall.exe"=

"D:\\gry\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27724:TCP"= 27724:TCP:BitComet 27724 TCP

"27724:UDP"= 27724:UDP:BitComet 27724 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 20:24]

R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2004-10-12 14:02]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 10:44]

S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-10-02 00:56]

S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys []

S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

S4 HASPSrv;HASPSrv;C:\WINDOWS\system32\HASPSrv.exe [2006-07-20 08:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0129c55a-429d-11db-8730-0016768ea9ad}]

\Shell\AutoRun\command - H:\MLLaunch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30ecf246-9e7b-11db-8992-00407b714699}]

\Shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-04-24 20:16:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Kamil.job"

Kolobos · 25 Kwietnia 2008

Utworz na pulpicie pliK CFScript.txt i wklej do niego:

Folder::

C:\temp

File::

C:\WINDOWS\system32\bvlruana.ini

C:\WINDOWS\system32\kqkxmrrm.ini

C:\WINDOWS\system32\aonedimh.ini

C:\WINDOWS\BM1f8dc4fd.xml

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A954051-291C-444A-8FB5-C1A3CB5BABF8}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqonn]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1cbef761]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1f8dc4fd]

Zapisz i przeciagnij go na ikone combofix.

Do tego zrob skan przy pomocy Dr.Web Cure IT oraz http://www.google.pl/search?hl=pl&q=Ka...&lr=lang_pl

Niemiec · 25 Kwietnia 2008

Spoiler! Kliknij w poniższy kontener by otworzyć.
LOG

ComboFix 08-04-24.1 - Kamil 2008-04-25 16:31:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1502 [GMT 2:00]
Running from: C:\Documents and Settings\Kamil\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kamil\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM1f8dc4fd.xml
C:\WINDOWS\system32\aonedimh.ini
C:\WINDOWS\system32\bvlruana.ini
C:\WINDOWS\system32\kqkxmrrm.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1f8dc4fd.xml
C:\WINDOWS\system32\aonedimh.ini
C:\WINDOWS\system32\bvlruana.ini
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\kqkxmrrm.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxxyvu.dll
C:\WINDOWS\system32\eonhbxbs.ini
C:\WINDOWS\system32\kernel.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\pybcdhaf.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\sbxbhnoe.dll
C:\WINDOWS\system32\urqqonn.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 16:32 . 2008-04-25 16:32 <DIR> d-------- C:\temp
2008-04-25 16:32 . 2008-04-25 16:32 53,248 --a------ C:\temp\catchme.dll
2008-04-25 16:29 . 2008-04-25 16:32 84,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 16:29 . 2008-04-25 16:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-24 10:31 . 2008-04-24 10:32 145 --a------ C:\WINDOWS\wininit.ini
2008-04-24 10:17 . 2008-04-24 22:23 <DIR> d-------- C:\Program Files\a-squared Free
2008-04-24 10:06 . 2008-04-24 10:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 10:06 . 2008-04-24 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-24 08:59 . 2008-04-24 08:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 08:59 . 2008-04-24 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-19 23:55 . 2008-04-25 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-04-11 13:21 . 2008-04-11 13:21 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-04-06 20:22 . 2007-03-20 11:37 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-06 20:18 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-06 20:18 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-06 20:18 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 14:32 --------- d-----w C:\Program Files\cFosSpeed
2008-04-25 14:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-25 13:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-25 13:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-24 20:59 --------- d-----w C:\Program Files\Steam
2008-04-24 20:42 --------- d-----w C:\Program Files\Opera
2008-04-24 20:05 --------- d-----w C:\Program Files\FlashGet
2008-04-24 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-24 06:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 06:54 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Lavasoft
2008-04-21 00:18 --------- d-----w C:\Program Files\SpeedFan
2008-04-11 11:16 --------- d-----w C:\Program Files\WinFast
2008-04-11 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 19:32 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-10 19:32 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\PC Suite
2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Nokia
2008-04-06 18:18 --------- d-----w C:\Program Files\Nokia
2008-04-06 18:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-03-28 01:21 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-23 20:14 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Creative
2008-03-23 00:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-25 08:45 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
2008-02-25 08:45 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-02-25 08:44 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-02-25 08:44 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
2008-02-25 08:44 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
2008-02-25 08:44 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-02-25 08:44 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-02-25 08:44 1,172,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
2008-02-25 08:43 524,312 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-02-25 08:43 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-02-25 08:43 346,856 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-02-25 08:43 18,840 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
2008-02-25 08:43 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-02-25 08:43 1,372,568 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
2008-02-25 08:43 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
2008-02-25 08:41 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
2008-02-25 08:41 566,296 ----a-w C:\WINDOWS\system32\CTSBLFX.DLL
2008-02-25 08:41 329,240 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
2008-02-25 08:41 286,232 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
2008-02-25 08:41 174,104 ----a-w C:\WINDOWS\system32\CTEAPSFX.DLL
2008-02-25 08:41 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
2008-02-25 08:41 134,680 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
2008-02-25 08:41 100,888 ----a-w C:\WINDOWS\system32\CTERFXFX.DLL
2008-02-25 08:41 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
2008-02-25 08:40 98,328 ----a-w C:\WINDOWS\system32\COMMONFX.DLL
2008-02-25 08:40 551,960 ----a-w C:\WINDOWS\system32\CTAUDFX.DLL
2008-02-20 20:00 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2008-02-20 19:59 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-02-20 19:59 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
2008-02-20 19:59 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
2008-02-20 19:59 163,840 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-02-20 19:59 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-02-20 19:55 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe
2008-02-20 19:55 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe
2008-02-20 19:55 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll
2008-02-20 19:49 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
2008-02-20 19:47 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
2008-02-20 19:47 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
2008-02-20 19:47 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll
2008-02-20 19:47 17,920 ----a-w C:\WINDOWS\system32\ctedasio.dll
2008-02-20 19:46 69,120 ----a-w C:\WINDOWS\system32\ctosuser.dll
2008-02-20 19:46 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll
2008-02-20 19:46 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll
2008-02-20 19:46 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
2008-02-20 19:46 104,448 ----a-w C:\WINDOWS\system32\sfms32.dll
2008-02-20 19:44 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe
2008-02-20 19:44 10,240 ----a-w C:\WINDOWS\system32\killapps.exe
2008-02-20 19:43 32,768 ----a-w C:\WINDOWS\system32\devreg.dll
2008-02-20 19:43 28,672 ----a-w C:\WINDOWS\system32\mididef.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-27 18:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-11-22 23:58 1 ----a-w C:\Documents and Settings\Kamil\SI.bin
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-25_15.34.33.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-05 12:34:52 134,160 ----a-w C:\WINDOWS\system32\drivers\klif.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2005-12-09 18:22 712704]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-02-26 22:03 2695680]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 18:17 8527872]
"nwiz"="nwiz.exe" [2007-10-25 18:17 1626112 C:\WINDOWS\system32\nwiz.exe]
"Symantec PIF alertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 18:17 81920]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-08-10 16:28 90112]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 18:09 409600]
"AVP"="C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_25.04.2008_16-23.exe" [2007-10-12 16:29 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przypominacz.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przypominacz.lnk
backup=C:\WINDOWS\pss\Przypominacz.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-11-30 12:36 1945600 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online]
C:\Program Files\VS Online\VSOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HASPSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\gry\\GTL\\GTL.exe"=
"C:\\TOTALCMD\\Totalcmd.exe"=
"D:\\gry\\FlatOut2\\FlatOut2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\gry\\GTR2\\GTR2.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"D:\\gry\\rFactor\\rFactor.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"D:\\gry\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27724:TCP"= 27724:TCP:BitComet 27724 TCP
"27724:UDP"= 27724:UDP:BitComet 27724 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 20:24]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2004-10-12 14:02]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-10-02 00:56]
S2 setup_7.0.0.180_25.04.2008_16-23;setup_7.0.0.180_25.04.2008_16-23;"C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_25.04.2008_16-23.exe" -r []
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys []
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S4 HASPSrv;HASPSrv;C:\WINDOWS\system32\HASPSrv.exe [2006-07-20 08:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0129c55a-429d-11db-8730-0016768ea9ad}]
\Shell\AutoRun\command - H:\MLLaunch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30ecf246-9e7b-11db-8992-00407b714699}]
\Shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - KLIF
*Newly Created Service* - SETUP_7.0.0.180_25.04.2008_16-23
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 20:16:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Kamil.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 16:32:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-25 16:33:13
ComboFix-quarantined-files.txt 2008-04-25 14:33:00

Pre-Run: 10,495,684,608 bajtów wolnych
Post-Run: 10,467,274,752 bajtów wolnych

284

Niemiec · 25 Kwietnia 2008

Spoiler! Kliknij w poniższy kontener by otworzyć.
combofix

ComboFix 08-04-24.1 - Kamil 2008-04-25 21:34:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1527 [GMT 2:00]
Running from: C:\Documents and Settings\Kamil\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 21:35 . 2008-04-25 21:35 <DIR> d-------- C:\temp
2008-04-25 21:35 . 2008-04-25 21:35 53,248 --a------ C:\temp\catchme.dll
2008-04-25 21:28 . 2008-04-25 21:28 <DIR> d-------- C:\VundoFix Backups
2008-04-25 21:16 . 2008-04-25 21:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-25 18:40 . 2008-04-25 20:08 <DIR> d-------- C:\Documents and Settings\Kamil\DoctorWeb
2008-04-25 16:29 . 2008-04-25 21:35 690,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 16:29 . 2008-04-25 21:14 12,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-24 10:31 . 2008-04-24 10:32 145 --a------ C:\WINDOWS\wininit.ini
2008-04-24 10:17 . 2008-04-24 22:23 <DIR> d-------- C:\Program Files\a-squared Free
2008-04-24 10:06 . 2008-04-24 10:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 10:06 . 2008-04-24 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-24 08:59 . 2008-04-24 08:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 08:59 . 2008-04-24 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-19 23:55 . 2008-04-25 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-04-11 13:21 . 2008-04-11 13:21 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-04-06 20:22 . 2007-03-20 11:37 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-06 20:18 . 2008-04-06 20:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-06 20:18 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-06 20:18 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-06 20:18 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-06 20:18 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 19:35 --------- d-----w C:\Program Files\cFosSpeed
2008-04-25 19:09 --------- d-----w C:\Program Files\BitSpirit
2008-04-25 18:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-25 17:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 14:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-25 14:42 --------- d-----w C:\Program Files\FlashGet
2008-04-24 20:59 --------- d-----w C:\Program Files\Steam
2008-04-24 20:42 --------- d-----w C:\Program Files\Opera
2008-04-24 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-24 06:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 06:54 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Lavasoft
2008-04-21 00:18 --------- d-----w C:\Program Files\SpeedFan
2008-04-11 11:16 --------- d-----w C:\Program Files\WinFast
2008-04-11 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 19:32 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-10 19:32 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\PC Suite
2008-04-06 18:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Nokia
2008-04-06 18:18 --------- d-----w C:\Program Files\Nokia
2008-04-06 18:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-03-28 01:21 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-23 20:14 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Creative
2008-03-23 00:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-25 08:45 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
2008-02-25 08:45 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-02-25 08:44 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-02-25 08:44 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
2008-02-25 08:44 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
2008-02-25 08:44 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-02-25 08:44 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-02-25 08:44 1,172,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
2008-02-25 08:43 524,312 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-02-25 08:43 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-02-25 08:43 346,856 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-02-25 08:43 18,840 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
2008-02-25 08:43 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-02-25 08:43 1,372,568 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
2008-02-25 08:43 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
2008-02-25 08:41 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
2008-02-25 08:41 566,296 ----a-w C:\WINDOWS\system32\CTSBLFX.DLL
2008-02-25 08:41 329,240 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
2008-02-25 08:41 286,232 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
2008-02-25 08:41 174,104 ----a-w C:\WINDOWS\system32\CTEAPSFX.DLL
2008-02-25 08:41 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
2008-02-25 08:41 134,680 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
2008-02-25 08:41 100,888 ----a-w C:\WINDOWS\system32\CTERFXFX.DLL
2008-02-25 08:41 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
2008-02-25 08:40 98,328 ----a-w C:\WINDOWS\system32\COMMONFX.DLL
2008-02-25 08:40 551,960 ----a-w C:\WINDOWS\system32\CTAUDFX.DLL
2008-02-20 20:00 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2008-02-20 19:59 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-02-20 19:59 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
2008-02-20 19:59 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
2008-02-20 19:59 163,840 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-02-20 19:59 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-02-20 19:55 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe
2008-02-20 19:55 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe
2008-02-20 19:55 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll
2008-02-20 19:49 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
2008-02-20 19:47 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
2008-02-20 19:47 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
2008-02-20 19:47 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll
2008-02-20 19:47 17,920 ----a-w C:\WINDOWS\system32\ctedasio.dll
2008-02-20 19:46 69,120 ----a-w C:\WINDOWS\system32\ctosuser.dll
2008-02-20 19:46 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll
2008-02-20 19:46 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll
2008-02-20 19:46 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
2008-02-20 19:46 104,448 ----a-w C:\WINDOWS\system32\sfms32.dll
2008-02-20 19:44 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe
2008-02-20 19:44 10,240 ----a-w C:\WINDOWS\system32\killapps.exe
2008-02-20 19:43 32,768 ----a-w C:\WINDOWS\system32\devreg.dll
2008-02-20 19:43 28,672 ----a-w C:\WINDOWS\system32\mididef.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-27 18:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-11-22 23:58 1 ----a-w C:\Documents and Settings\Kamil\SI.bin
2006-06-23 13:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2005-12-09 18:22 712704]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-02-26 22:03 2695680]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 18:17 8527872]
"nwiz"="nwiz.exe" [2007-10-25 18:17 1626112 C:\WINDOWS\system32\nwiz.exe]
"Symantec PIF alertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 18:17 81920]
"CTHelper"="CTHELPER.EXE" [2008-02-20 21:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 21:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-08-10 16:28 90112]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 18:09 409600]
"AVP"="C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_25.04.2008_16-23.exe" [2007-10-12 16:29 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przypominacz.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przypominacz.lnk
backup=C:\WINDOWS\pss\Przypominacz.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-11-30 12:36 1945600 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online]
C:\Program Files\VS Online\VSOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HASPSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\gry\\GTL\\GTL.exe"=
"C:\\TOTALCMD\\Totalcmd.exe"=
"D:\\gry\\FlatOut2\\FlatOut2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\gry\\GTR2\\GTR2.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"D:\\gry\\rFactor\\rFactor.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"D:\\gry\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27724:TCP"= 27724:TCP:BitComet 27724 TCP
"27724:UDP"= 27724:UDP:BitComet 27724 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 20:24]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2004-10-12 14:02]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 10:44]
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-10-02 00:56]
S2 setup_7.0.0.180_25.04.2008_16-23;setup_7.0.0.180_25.04.2008_16-23;"C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_25.04.2008_16-23.exe" -r []
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys []
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S4 HASPSrv;HASPSrv;C:\WINDOWS\system32\HASPSrv.exe [2006-07-20 08:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0129c55a-429d-11db-8730-0016768ea9ad}]
\Shell\AutoRun\command - H:\MLLaunch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30ecf246-9e7b-11db-8992-00407b714699}]
\Shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 20:16:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Kamil.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 21:35:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-25 21:36:08
ComboFix-quarantined-files.txt 2008-04-25 19:35:59
ComboFix2.txt 2008-04-25 14:33:14

Pre-Run: 10,368,761,856 bajtów wolnych
Post-Run: 10,344,050,688 bajtów wolnych

247

Spoiler! Kliknij w poniższy kontener by otworzyć.
sdfix

SDFix: Version 1.174
Run by Kamil on 2008-04-25 at 21:19

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\DOCUME~1\Kamil\Pulpit\wir\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 21:23:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:37,c4,ad,b1,ac,32,fc,d8,f0,3b,07,87,5a,00,45,b9,50,09,5b,fe,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ce,8d,96,93,f7,95,6a,88,aa,56,4c,fd,6e,7a,40,1c,20,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4f,da,79,12,1c,39,bc,92,3c,45,25,bd,4b,b0,02,a2,95,22,37,e5,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fc,56,bf,9e,cf,c4,33,a3,5d,b1,3e,88,48,ad,f0,be,bb,4a,2e,1a,10,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..
"a0"=hex:20,01,00,00,f3,43,ed,69,d8,76,9a,9b,ef,a7,d1,3d,45,b2,bc,d5,b5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,f2,c7,d3,da,30,84,a9,e0,3a,d6,a1,76,f7,5e,04,2e,fc,53,9a,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:16,f2,8c,6e,0e,e7,59,49,09,b5,0d,2e,d1,18,c7,68,b6,c9,28,36,7a,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,c7,87,69,10,f3,56,a6,57,ed,a4,1f,3d,ab,39,ab,4d,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f9,68,92,db,01,22,91,cf,78,98,57,44,94,3a,cd,91,f8,96,7b,12,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:15,2b,77,3b,b5,d6,a9,fb,15,1e,e7,b5,51,00,f6,9a,47,3e,e5,45,8e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,72,be,c8,78,cb,48,f6,a0,c6,db,ce,78,72,96,49,fd,c4,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,4f,47,af,2c,73,a7,db,d1,3c,d5,bd,e9,bb,2b,30,66,d2,5b,f1,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a8,94,0f,aa,8f,e5,c3,d7,68,8d,73,49,76,61,ef,e9,aa,55,02,71,ee,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,0d,fc,15,16,f1,e5,2c,d9,95,3a,7e,47,6b,09,56,8f,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:85,f3,2e,8d,7f,0b,b9,ed,9e,86,7f,0c,6c,de,35,b3,78,f7,ea,bc,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a8,94,0f,aa,8f,e5,c3,d7,68,8d,73,49,76,61,ef,e9,aa,55,02,71,ee,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,dc,d1,fc,a2,c0,d1,2f,dd,43,0f,51,f3,77,38,2b,2b,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,20,42,4a,00,d0,e2,65,e4,f0,ff,ff,ff,6c,68,01,00,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:1a,30,38,77,68,2b,65,80,5d,15,8b,5c,4e,93,5f,7e,aa,b8,2e,30,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,ed,76,65,2e,90,47,42,a0,75,aa,b3,7f,7b,85,1f,36,13,..
"hdf12"=hex:b0,d5,ca,4c,e0,4a,9a,9a,1d,10,ae,09,7c,74,6f,1d,a6,b3,30,1d,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:4c,b2,e1,f5,49,c8,4b,b6,30,85,7c,c5,4e,7c,70,12,20,c2,ae,00,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,60,20,bd,2c,f1,b5,9e,1d,58,71,3f,f9,b5,db,1d,6e,f5,..
"hdf12"=hex:d9,98,7d,26,65,9b,33,17,f9,cc,c9,3d,c3,c1,9c,99,d2,f6,ac,be,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:7e,01,dc,99,b9,3f,1c,56,c8,15,07,c5,89,66,3f,f8,5f,e2,57,78,fa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b2,94,e5,08,da,0b,f4,15,d7,fa,cd,bb,43,84,8e,62,ca,84,cf,aa,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8c,a1,e3,1e,5f,cc,1f,cb,ed,1f,98,7f,c0,01,62,f5,2f,fe,ef,4c,d1,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,9c,5f,23,88,17,7f,24,7f,e4,ac,e1,f5,cd,3c,1f,a5,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,b7,96,43,d4,d6,7f,a7,57,cf,4a,80,64,4c,1e,47,3c,ce,6d,a5,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:1a,30,38,77,68,2b,65,80,5d,15,8b,5c,4e,93,5f,7e,aa,b8,2e,30,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,ed,76,65,2e,90,47,42,a0,75,aa,b3,7f,7b,85,1f,36,13,..
"hdf12"=hex:b0,d5,ca,4c,e0,4a,9a,9a,1d,10,ae,09,7c,74,6f,1d,a6,b3,30,1d,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:4c,b2,e1,f5,49,c8,4b,b6,30,85,7c,c5,4e,7c,70,12,20,c2,ae,00,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,60,20,bd,2c,f1,b5,9e,1d,58,71,3f,f9,b5,db,1d,6e,f5,..
"hdf12"=hex:d9,98,7d,26,65,9b,33,17,f9,cc,c9,3d,c3,c1,9c,99,d2,f6,ac,be,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:7e,01,dc,99,b9,3f,1c,56,c8,15,07,c5,89,66,3f,f8,5f,e2,57,78,fa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b2,94,e5,08,da,0b,f4,15,d7,fa,cd,bb,43,84,8e,62,ca,84,cf,aa,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8c,a1,e3,1e,5f,cc,1f,cb,ed,1f,98,7f,c0,01,62,f5,2f,fe,ef,4c,d1,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,9c,5f,23,88,17,7f,24,7f,e4,ac,e1,f5,cd,3c,1f,a5,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,b7,96,43,d4,d6,7f,a7,57,cf,4a,80,64,4c,1e,47,3c,ce,6d,a5,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c8cc7793
"s2"=dword:2af5da37
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:1a,30,38,77,68,2b,65,80,5d,15,8b,5c,4e,93,5f,7e,aa,b8,2e,30,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,ed,76,65,2e,90,47,42,a0,75,aa,b3,7f,7b,85,1f,36,13,..
"hdf12"=hex:b0,d5,ca,4c,e0,4a,9a,9a,1d,10,ae,09,7c,74,6f,1d,a6,b3,30,1d,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,1c,1d,9d,bd,02,e2,3f,61,69,de,d7,99,64,62,a6,b1,12,a3,7f,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,60,20,bd,2c,f1,b5,9e,1d,58,71,3f,f9,b5,db,1d,6e,f5,..
"hdf12"=hex:d9,98,7d,26,65,9b,33,17,f9,cc,c9,3d,c3,c1,9c,99,d2,f6,ac,be,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:7e,01,dc,99,b9,3f,1c,56,c8,15,07,c5,89,66,3f,f8,5f,e2,57,78,fa,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b2,94,e5,08,da,0b,f4,15,d7,fa,cd,bb,43,84,8e,62,ca,84,cf,aa,6e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8c,a1,e3,1e,5f,cc,1f,cb,ed,1f,98,7f,c0,01,62,f5,2f,fe,ef,4c,d1,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,9c,5f,23,88,17,7f,24,7f,e4,ac,e1,f5,cd,3c,1f,a5,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,b7,96,43,d4,d6,7f,a7,57,cf,4a,80,64,4c,1e,47,3c,ce,6d,a5,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:1a,30,38,77,68,2b,65,80,5d,15,8b,5c,4e,93,5f,7e,aa,b8,2e,30,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,ed,76,65,2e,90,47,42,a0,75,aa,b3,7f,7b,85,1f,36,13,..
"hdf12"=hex:b0,d5,ca,4c,e0,4a,9a,9a,1d,10,ae,09,7c,74,6f,1d,a6,b3,30,1d,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:26,1c,1d,9d,bd,02,e2,3f,61,69,de,d7,99,64,62,a6,b1,12,a3,7f,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,60,20,bd,2c,f1,b5,9e,1d,58,71,3f,f9,b5,db,1d,6e,f5,..
"hdf12"=hex:d9,98,7d,26,65,9b,33,17,f9,cc,c9,3d,c3,c1,9c,99,d2,f6,ac,be,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:7e,01,dc,99,b9,3f,1c,56,c8,15,07,c5,89,66,3f,f8,5f,e2,57,78,fa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b2,94,e5,08,da,0b,f4,15,d7,fa,cd,bb,43,84,8e,62,ca,84,cf,aa,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:8c,a1,e3,1e,5f,cc,1f,cb,ed,1f,98,7f,c0,01,62,f5,2f,fe,ef,4c,d1,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,03,9c,5f,23,88,17,7f,24,7f,e4,ac,e1,f5,cd,3c,1f,a5,..
"khjeh"=hex:01,46,e1,31,72,9d,cb,ab,b2,0e,47,29,2f,ea,f9,80,7c,62,c1,27,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,b7,96,43,d4,d6,7f,a7,57,cf,4a,80,64,4c,1e,47,3c,ce,6d,a5,c6,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\gry\\GTL\\GTL.exe"="D:\\gry\\GTL\\GTL.exe:*:Enabled:GT Legends"
"C:\\TOTALCMD\\Totalcmd.exe"="C:\\TOTALCMD\\Totalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\gry\\FlatOut2\\FlatOut2.exe"="D:\\gry\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\gry\\GTR2\\GTR2.exe"="D:\\gry\\GTR2\\GTR2.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\\gry\\rFactor\\rFactor.exe"="D:\\gry\\rFactor\\rFactor.exe:*:Enabled:rFactor"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\gry\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="D:\\gry\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Kamil\Pulpit\wir\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 29 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 2 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 23 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 22 Apr 2008 8,011 ...HR --- "C:\Documents and Settings\Kamil\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Mon 2 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Kamil\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Mon 2 Oct 2006 20 A..H. --- "C:\Documents and Settings\Kamil\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Mon 2 Oct 2006 9,656 A.SH. --- "C:\Documents and Settings\Kamil\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"
Mon 19 Apr 2004 120,813 A..H. --- "C:\Documents and Settings\Kamil\Pulpit\MAMA\KSIAZKI_DO_ROZWOJU_DUCHOWEGO\22\Bo Yin Ra - Drogowskaz\~WRL0005.tmp"

Finished!

Niemiec · 25 Kwietnia 2008

zegarek chodzi normalnie, rozszerzenia lubie widziec a c:\temp robi zanormalnego tempa.

dziekuje bardzo za poswiecony czas.

Zaloguj się

http://oczyszczaczkomputerza.com/

Rekomendowane odpowiedzi

Niemiec

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Niemiec

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Niemiec

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Niemiec

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Niemiec

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Przeglądaj

Cała aktywność