x-kom hosting

wsctf i EXPLORER.EXE

Mik99
utworzono
utworzono

Witajcie!

Mam wielki problem. Otóż na moim komputerze pojawiła się infekcja z którą nie radzą sobie Kasperky, Acravir i inne programy antywirusowe, po prostu jej nie wykrywają. Problem polega na tym, że jak chcę otworzyć jakiś dysk poprzez prawoklik (praczy przycisk myszy) to zamiast Otwórz mam open(o). Dodatkowo za każdym jednym uruchomieniem komputera na pulpicie pojawiają mi się Moje Dokumenty. Próbowałem wywalić ten syf z rejestru i nadal jest. Proszę o pomoc.

Logi z Hijacka

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:07:29, on 2008-07-01Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ArcaBit\ArcaVir\AVMenu.exeC:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exeC:\PROGRA~1\ArcaBit\ARCAUP~1\update.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\ArcaBit\ArcaVir\FileMonSV.exeC:\Program Files\ArcaBit\ArcaVir\NetMonSV.exeC:\Program Files\ArcaBit\Common\TaskScheduler.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exeO4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startupO4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://arcaonline.arcabit.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exeO23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exeO23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exeO23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exeO23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\Program Files\ArcaBit\Common\TaskScheduler.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 5939 bytes

Log z Combofixa:

ComboFix 08-06-20.4 - Levuss 2008-07-01 13:02:26.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.714 [GMT 2:00]Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  ))))))))))))))))))))))))))))))).2008-06-30 18:44 . 2008-06-30 18:44	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit2008-06-30 18:37 . 2008-06-30 21:56	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit2008-06-30 18:29 . 2008-06-30 18:29	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit2008-06-30 18:28 . 2008-06-30 22:22	<DIR>	d--------	C:\Program Files\ArcaBit2008-06-30 18:27 . 2008-06-30 18:27	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-25 18:36 . 2008-06-25 18:36	<DIR>	d--------	C:\Program Files\MSXML 4.02008-06-24 13:02 . 2008-06-24 13:24	<DIR>	d--------	C:\Program Files\GoD2008-06-24 13:02 . 2008-06-24 13:02	<DIR>	d--------	C:\Downloaded2008-06-23 13:55 . 2008-07-01 12:22	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\Downloads2008-06-14 15:12 . 2008-06-14 15:12	35,440	--a------	C:\WINDOWS\system32\sschk.trb2008-06-14 14:08 . 2008-04-14 19:20	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\pl-pl2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\pl2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\bits2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\l2schemas2008-06-14 14:03 . 2008-06-14 14:03	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-06-14 13:59 . 2008-06-14 13:59	<DIR>	d--------	C:\WINDOWS\EHome2008-06-14 13:36 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 13:30 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 13:27 . 2004-08-04 00:35	701,440	---------	C:\WINDOWS\system32\drivers\ati2mtag.sys2008-06-14 13:15 . 2008-06-14 13:15	<DIR>	d---s----	C:\Documents and Settings\Levuss\UserData2008-06-14 11:31 . 2008-06-14 11:31	<DIR>	d--------	C:\Program Files\RegVac Registry Cleaner2008-06-14 11:30 . 2008-06-14 15:12	585,296	--a------	C:\WINDOWS\system32\trupd.trb2008-06-14 11:26 . 2008-06-02 21:22	2,486,848	--a------	C:\WINDOWS\system32\rmt.trb2008-06-14 11:26 . 2008-05-25 18:06	983,616	--a------	C:\WINDOWS\system32\Rmvtrjan.trb2008-06-14 11:26 . 2008-06-14 15:12	878,672	--a------	C:\WINDOWS\system32\Trjscan.trb2008-06-14 11:25 . 2008-06-30 23:01	<DIR>	d--------	C:\Program Files\Trojan Remover2008-06-14 11:25 . 2008-06-14 11:25	<DIR>	d--------	C:\Documents and Settings\Levuss\Dane aplikacji\Simply Super Software2008-06-14 11:25 . 2003-02-02 19:06	153,088	--a------	C:\WINDOWS\system32\UNRAR3.dll2008-06-14 11:25 . 2002-03-06 00:00	75,264	--a------	C:\WINDOWS\system32\unacev2.dll2008-06-14 10:58 . 2008-06-14 11:31	<DIR>	d--------	C:\Program Files\RegVac2008-06-14 10:58 . 1999-07-17 02:21	4,608	--a------	C:\WINDOWS\system32\W95Inf32.DLL2008-06-14 10:58 . 1999-07-17 02:21	2,272	--a------	C:\WINDOWS\system32\W95Inf16.DLL2008-06-11 14:08 . 2002-07-08 00:14	1,294,336	--a------	C:\WINDOWS\system32\vorbis.acm2008-06-11 14:08 . 2006-06-20 10:56	225,280	--a------	C:\WINDOWS\system32\rewire.dll2008-06-11 14:07 . 2008-06-11 14:07	<DIR>	d--------	C:\Program Files\Steinberg2008-06-11 14:06 . 2003-06-20 13:28	1,777,664	--a------	C:\WINDOWS\system32\gdiplus.dll.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 16:28	---------	d-----w	C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit2008-06-27 19:30	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-25 07:35	---------	d-----w	C:\Program Files\English Translator 32008-06-23 11:54	2,560	----a-w	C:\WINDOWS\system32\bitcometres.dll2008-06-14 17:36	273,024	------w	C:\WINDOWS\system32\drivers\bthport.sys2008-06-10 13:18	---------	d-----w	C:\Program Files\ArcaMicroScan2008-06-01 20:52	---------	d-----w	C:\Program Files\VAG-COM2008-05-29 14:06	---------	d-----w	C:\Program Files\Spyware Doctor2008-05-26 10:00	---------	d-----w	C:\Program Files\Gadu-Gadu2008-05-25 09:31	---------	d-----w	C:\Documents and Settings\Levuss\Dane aplikacji\PC Tools2008-05-21 09:25	---------	d-----w	C:\Program Files\Panda Security2008-05-21 07:36	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-05-11 12:58	17,608	----a-w	C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT2008-05-11 08:05	---------	d-----w	C:\Program Files\Trend Micro2008-05-10 16:21	---------	d-----w	C:\Program Files\C-Media 6501 Sound2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 05:12	1,291,776	----a-w	C:\WINDOWS\system32\quartz.dll2008-05-02 13:49	---------	d-----w	C:\Program Files\BitComet2008-04-21 11:09	98,304	----a-w	C:\WINDOWS\system32\CmdLineExt.dll2008-04-21 06:44	668,672	----a-w	C:\WINDOWS\system32\wininet.dll2008-04-14 20:51	11,264	----a-w	C:\WINDOWS\system32\spnpinst.exe2008-04-14 20:50	997,888	----a-w	C:\WINDOWS\system32\setupapi.dll2008-04-14 20:50	424,960	----a-w	C:\WINDOWS\system32\licdll.dll2008-04-14 17:46	1,804	----a-w	C:\WINDOWS\system32\dcache.bin2008-04-14 17:26	332,288	----a-w	C:\WINDOWS\system32\netsetup.exe2008-04-14 17:22	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll2008-04-14 17:22	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll2008-04-14 17:22	695,808	----a-w	C:\WINDOWS\system32\drmv2clt.dll2008-04-14 17:22	356,352	----a-w	C:\WINDOWS\system32\msscp.dll2008-04-14 17:22	299,520	----a-w	C:\WINDOWS\system32\drmclien.dll2008-04-14 17:22	259,072	----a-w	C:\WINDOWS\system32\msnetobj.dll2008-04-14 17:22	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll2008-04-14 17:20	999,936	----a-w	C:\WINDOWS\system32\syssetup.dll2008-04-14 17:19	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll2008-04-14 17:18	5,632	----a-w	C:\WINDOWS\system32\wmi.dll2008-04-14 17:18	1,449,472	----a-w	C:\WINDOWS\system32\winntbbu.dll2008-04-14 17:17	57,375	----a-w	C:\WINDOWS\system32\odbcji32.dll2008-04-14 17:13	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll2008-04-14 17:12	3,584	----a-w	C:\WINDOWS\system32\msafd.dll2008-04-14 17:06	3,584	----a-w	C:\WINDOWS\system32\icmp.dll2008-04-14 17:05	9,344	----a-w	C:\WINDOWS\system32\framebuf.dll2008-04-14 17:03	3,072	----a-w	C:\WINDOWS\system32\dpnlobby.dll2008-04-14 17:03	3,072	----a-w	C:\WINDOWS\system32\dpnaddr.dll2008-04-14 17:01	16,896	----a-w	C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 17:00	285,696	----a-w	C:\WINDOWS\system32\atmfd.dll2008-04-14 16:29	2,146,816	----a-w	C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 16:29	2,025,472	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 16:25	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll2008-04-14 16:22	89,600	------w	C:\WINDOWS\system32\msxml6r.dll2008-04-14 16:20	80,896	------w	C:\WINDOWS\system32\msshavmsg.dll2008-04-14 16:15	49,664	----a-w	C:\WINDOWS\system32\inetres.dll2008-04-14 16:15	2,977,792	----a-w	C:\WINDOWS\system32\wmploc.dll2008-04-14 16:13	563,200	----a-w	C:\WINDOWS\system32\shdoclc.dll2008-04-14 16:09	190,976	----a-w	C:\WINDOWS\system32\wmerror.dll2008-04-14 16:07	10,240	----a-w	C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 16:05	67,584	----a-w	C:\WINDOWS\system32\browselc.dll2008-04-14 16:05	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys2008-04-14 16:02	57,344	----a-w	C:\WINDOWS\system32\mshtmler.dll2008-04-14 15:59	8,192	----a-w	C:\WINDOWS\system32\asferror.dll2008-04-14 15:59	103,936	----a-w	C:\WINDOWS\system32\dpcdll.dll2008-04-13 18:44	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys2008-04-13 18:40	427,008	----a-w	C:\WINDOWS\system32\xpob2res.dll2008-04-13 18:37	2,953,216	----a-w	C:\WINDOWS\system32\xpsp2res.dll2008-04-13 18:35	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll2008-04-13 18:35	194,560	----a-w	C:\WINDOWS\system32\xpsp1res.dll2008-04-13 18:31	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll2008-04-13 18:30	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll2008-04-13 17:37	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll2008-04-13 17:37	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll2008-04-13 17:21	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll2008-04-13 16:48	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll2008-04-13 16:45	216,064	----a-w	C:\WINDOWS\system32\moricons.dll2008-04-13 16:23	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll2008-04-13 15:39	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2008-06-30 22:01 514568]"ArcaCheck"="C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe" [2008-06-30 22:01 637448]"ABRegmon"="C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 11:41 348160][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMam][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\TacticalOps\\System\\TacticalOps.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\BitComet\\BitComet.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe"="D:\\Pes6\\PES6.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\system32\\mmc.exe"="D:\\PES 2008\\PES2008.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"10932:TCP"= 10932:TCP:BitComet 10932 TCP"10932:UDP"= 10932:UDP:BitComet 10932 UDP"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-06-30 22:01]R2 ABFileMon;ArcaBit FileMonitor;"C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe" [2008-06-30 22:01]R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"C:\Program Files\ArcaBit\Common\TaskScheduler.exe" [2007-10-25 05:20]R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2008-06-30 22:01]R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2008-06-30 22:01]R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe" [2008-06-30 22:22]R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe" [2008-06-30 22:22].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-01 13:03:27Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-01 13:04:04ComboFix-quarantined-files.txt  2008-07-01 11:03:58Pre-Run: 1,769,222,144 bajtów wolnychPost-Run: 1,797,799,936 bajtów wolnych204	--- E O F ---	2008-06-25 16:36:32

Dodam, że zaznaczenia wpisów w Hj i usunięcie ich przez komendę Fix checked pomaga tylko do restatru lub ponownego uruchomienia komputera.

//logi wstawiamy w tagi code a nie quote!

//vocativus

CatchMe
komentarz
komentarz

Użyj SDFix w trybie awaryjnym i wklej z niego raport.

W HijackThis kasujesz:

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Na razie ComboFix zostawiamy. Po zabiegach wygeneruj nowy log z ComboFix i wklej na forum.

Mik99
komentarz
komentarz

Logi z SDFix'a

[b]SDFix: Version 1.199 [/b]Run by Levuss on 2008-07-02 at 17:14Microsoft Windows XP [Wersja 5.1.2600]Running From: C:\lol\SDFix[b]Checking Services [/b]:Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: Trojan Files Found:C:\WINDOWS\system32\explorer.exe  - DeletedRemoving Temp Files[b]ADS Check [/b]:								 [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 17:18:36Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0[b]Remaining Services [/b]:Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g?˘wny""D:\\TacticalOps\\System\\TacticalOps.exe"="D:\\TacticalOps\\System\\TacticalOps.exe:*:Enabled:TacticalOps""C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater""C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process ""C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java Platform SE binary""C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares""C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client""C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""D:\\Pes6\\PES6.exe"="D:\\Pes6\\PES6.exe:*:Enabled:pes6.exe""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console""D:\\PES 2008\\PES2008.exe"="D:\\PES 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[b]Remaining Files [/b]:File Backups: - C:\lol\SDFix\backups\backups.zip[b]Files with Hidden Attributes [/b]:Wed 30 Jan 2002		22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll"Wed 30 Jan 2002	   620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll"Mon 30 Jun 2008			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6fe03b128aa8af203bd6ff0d2171de4\BIT80.tmp"[b]Finished![/b]
CatchMe
komentarz
komentarz

Ładnie, teraz z ComboFix i HijackThis.

Mik99
komentarz
komentarz

ComboFix

ComboFix 08-07-01.5 - Levuss 2008-07-02 21:05:35.3 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.750 [GMT 2:00]Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\zlib.dll.(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  ))))))))))))))))))))))))))))))).2008-07-02 17:12 . 2008-07-02 17:12	<DIR>	d--------	C:\WINDOWS\ERUNT2008-07-02 17:10 . 2008-07-02 17:10	<DIR>	d--------	C:\lol2008-07-02 12:13 . 2008-07-02 12:13	<DIR>	d--------	C:\Documents and Settings\Levuss\Dane aplikacji\Publish Providers2008-07-02 12:13 . 2008-07-02 12:13	<DIR>	d--------	C:\Documents and Settings\Levuss\Dane aplikacji\NetMedia Providers2008-07-02 12:11 . 2008-07-02 12:11	<DIR>	d--------	C:\Program Files\Microsoft SQL Server2008-07-02 12:11 . 2008-07-02 12:11	<DIR>	d--------	C:\Documents and Settings\Levuss\Dane aplikacji\Sony2008-07-02 12:11 . 2008-07-02 12:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sony2008-07-02 12:11 . 1998-10-29 15:45	306,688	--a------	C:\WINDOWS\IsUninst.exe2008-07-02 12:11 . 2002-12-17 16:23	33,340	---------	C:\WINDOWS\system32\dbmsqlgc.dll2008-07-02 12:11 . 2002-10-20 14:05	24,576	---------	C:\WINDOWS\system32\dbmsgnet.dll2008-07-02 12:10 . 2008-07-02 12:10	<DIR>	d--------	C:\Program Files\Vstplugins2008-07-02 12:10 . 2008-07-02 12:10	<DIR>	d--------	C:\Program Files\Sony2008-07-02 12:09 . 2008-07-02 12:09	<DIR>	d--------	C:\Program Files\Sony Setup2008-07-01 13:22 . 2008-07-01 13:22	<DIR>	d--------	C:\Program Files\Lavasoft2008-07-01 13:22 . 2008-07-01 13:23	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-07-01 13:20 . 2008-07-01 13:20	<DIR>	d--------	C:\Documents and Settings\Levuss\DoctorWeb2008-06-30 18:44 . 2008-06-30 18:44	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit2008-06-30 18:37 . 2008-06-30 21:56	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit2008-06-30 18:29 . 2008-06-30 18:29	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit2008-06-30 18:28 . 2008-07-01 13:14	<DIR>	d--------	C:\Program Files\ArcaBit2008-06-30 18:27 . 2008-07-01 13:22	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-25 18:36 . 2008-06-25 18:36	<DIR>	d--------	C:\Program Files\MSXML 4.02008-06-24 13:02 . 2008-06-24 13:24	<DIR>	d--------	C:\Program Files\GoD2008-06-24 13:02 . 2008-06-24 13:02	<DIR>	d--------	C:\Downloaded2008-06-23 13:55 . 2008-07-02 10:05	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\Downloads2008-06-14 15:12 . 2008-06-14 15:12	35,440	--a------	C:\WINDOWS\system32\sschk.trb2008-06-14 14:08 . 2008-04-14 19:20	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\pl-pl2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\pl2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\system32\bits2008-06-14 14:04 . 2008-06-14 14:04	<DIR>	d--------	C:\WINDOWS\l2schemas2008-06-14 14:03 . 2008-06-14 14:03	<DIR>	d--------	C:\WINDOWS\ServicePackFiles2008-06-14 13:59 . 2008-06-14 13:59	<DIR>	d--------	C:\WINDOWS\EHome2008-06-14 13:36 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 13:30 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 13:27 . 2004-08-04 00:35	701,440	---------	C:\WINDOWS\system32\drivers\ati2mtag.sys2008-06-14 13:15 . 2008-06-14 13:15	<DIR>	d---s----	C:\Documents and Settings\Levuss\UserData2008-06-14 11:31 . 2008-06-14 11:31	<DIR>	d--------	C:\Program Files\RegVac Registry Cleaner2008-06-14 11:30 . 2008-06-14 15:12	585,296	--a------	C:\WINDOWS\system32\trupd.trb2008-06-14 11:26 . 2008-06-02 21:22	2,486,848	--a------	C:\WINDOWS\system32\rmt.trb2008-06-14 11:26 . 2008-05-25 18:06	983,616	--a------	C:\WINDOWS\system32\Rmvtrjan.trb2008-06-14 11:26 . 2008-06-14 15:12	878,672	--a------	C:\WINDOWS\system32\Trjscan.trb2008-06-14 11:25 . 2008-06-30 23:01	<DIR>	d--------	C:\Program Files\Trojan Remover2008-06-14 11:25 . 2008-06-14 11:25	<DIR>	d--------	C:\Documents and Settings\Levuss\Dane aplikacji\Simply Super Software2008-06-14 11:25 . 2003-02-02 19:06	153,088	--a------	C:\WINDOWS\system32\UNRAR3.dll2008-06-14 11:25 . 2002-03-06 00:00	75,264	--a------	C:\WINDOWS\system32\unacev2.dll2008-06-14 10:58 . 2008-06-14 11:31	<DIR>	d--------	C:\Program Files\RegVac2008-06-14 10:58 . 1999-07-17 02:21	4,608	--a------	C:\WINDOWS\system32\W95Inf32.DLL2008-06-14 10:58 . 1999-07-17 02:21	2,272	--a------	C:\WINDOWS\system32\W95Inf16.DLL2008-06-11 14:08 . 2002-07-08 00:14	1,294,336	--a------	C:\WINDOWS\system32\vorbis.acm2008-06-11 14:07 . 2008-06-11 14:07	<DIR>	d--------	C:\Program Files\Steinberg2008-06-11 14:06 . 2003-06-20 13:28	1,777,664	--a------	C:\WINDOWS\system32\gdiplus.dll.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-02 09:20	---------	d-----w	C:\Program Files\MoorHunt2008-07-01 11:14	---------	d-----w	C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit2008-06-27 19:30	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-25 07:35	---------	d-----w	C:\Program Files\English Translator 32008-06-23 11:54	2,560	----a-w	C:\WINDOWS\system32\bitcometres.dll2008-06-14 17:36	273,024	------w	C:\WINDOWS\system32\drivers\bthport.sys2008-06-10 13:18	---------	d-----w	C:\Program Files\ArcaMicroScan2008-06-01 20:52	---------	d-----w	C:\Program Files\VAG-COM2008-05-29 14:06	---------	d-----w	C:\Program Files\Spyware Doctor2008-05-26 10:00	---------	d-----w	C:\Program Files\Gadu-Gadu2008-05-25 09:31	---------	d-----w	C:\Documents and Settings\Levuss\Dane aplikacji\PC Tools2008-05-21 09:25	---------	d-----w	C:\Program Files\Panda Security2008-05-21 07:36	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-05-16 09:58	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe2008-05-11 12:58	17,608	----a-w	C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT2008-05-11 08:05	---------	d-----w	C:\Program Files\Trend Micro2008-05-10 16:21	---------	d-----w	C:\Program Files\C-Media 6501 Sound2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 05:12	1,291,776	----a-w	C:\WINDOWS\system32\quartz.dll2008-05-02 13:49	---------	d-----w	C:\Program Files\BitComet2008-04-21 11:09	98,304	----a-w	C:\WINDOWS\system32\CmdLineExt.dll2008-04-21 06:44	668,672	----a-w	C:\WINDOWS\system32\wininet.dll2008-04-14 20:51	11,264	----a-w	C:\WINDOWS\system32\spnpinst.exe2008-04-14 20:50	997,888	----a-w	C:\WINDOWS\system32\setupapi.dll2008-04-14 20:50	424,960	----a-w	C:\WINDOWS\system32\licdll.dll2008-04-14 17:46	1,804	----a-w	C:\WINDOWS\system32\dcache.bin2008-04-14 17:26	332,288	----a-w	C:\WINDOWS\system32\netsetup.exe2008-04-14 17:22	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll2008-04-14 17:22	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll2008-04-14 17:22	695,808	----a-w	C:\WINDOWS\system32\drmv2clt.dll2008-04-14 17:22	356,352	----a-w	C:\WINDOWS\system32\msscp.dll2008-04-14 17:22	299,520	----a-w	C:\WINDOWS\system32\drmclien.dll2008-04-14 17:22	259,072	----a-w	C:\WINDOWS\system32\msnetobj.dll2008-04-14 17:22	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll2008-04-14 17:20	999,936	----a-w	C:\WINDOWS\system32\syssetup.dll2008-04-14 17:19	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll2008-04-14 17:18	5,632	----a-w	C:\WINDOWS\system32\wmi.dll2008-04-14 17:18	1,449,472	----a-w	C:\WINDOWS\system32\winntbbu.dll2008-04-14 17:17	57,375	----a-w	C:\WINDOWS\system32\odbcji32.dll2008-04-14 17:13	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll2008-04-14 17:12	3,584	----a-w	C:\WINDOWS\system32\msafd.dll2008-04-14 17:06	3,584	----a-w	C:\WINDOWS\system32\icmp.dll2008-04-14 17:05	9,344	----a-w	C:\WINDOWS\system32\framebuf.dll2008-04-14 17:03	3,072	----a-w	C:\WINDOWS\system32\dpnlobby.dll2008-04-14 17:03	3,072	----a-w	C:\WINDOWS\system32\dpnaddr.dll2008-04-14 17:01	16,896	----a-w	C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 17:00	285,696	----a-w	C:\WINDOWS\system32\atmfd.dll2008-04-14 16:29	2,146,816	----a-w	C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 16:29	2,025,472	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 16:25	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll2008-04-14 16:22	89,600	------w	C:\WINDOWS\system32\msxml6r.dll2008-04-14 16:20	80,896	------w	C:\WINDOWS\system32\msshavmsg.dll2008-04-14 16:15	49,664	----a-w	C:\WINDOWS\system32\inetres.dll2008-04-14 16:15	2,977,792	----a-w	C:\WINDOWS\system32\wmploc.dll2008-04-14 16:13	563,200	----a-w	C:\WINDOWS\system32\shdoclc.dll2008-04-14 16:09	190,976	----a-w	C:\WINDOWS\system32\wmerror.dll2008-04-14 16:07	10,240	----a-w	C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 16:05	67,584	----a-w	C:\WINDOWS\system32\browselc.dll2008-04-14 16:05	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys2008-04-14 16:02	57,344	----a-w	C:\WINDOWS\system32\mshtmler.dll2008-04-14 15:59	8,192	----a-w	C:\WINDOWS\system32\asferror.dll2008-04-14 15:59	103,936	----a-w	C:\WINDOWS\system32\dpcdll.dll2008-04-13 18:44	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys2008-04-13 18:40	427,008	----a-w	C:\WINDOWS\system32\xpob2res.dll2008-04-13 18:37	2,953,216	----a-w	C:\WINDOWS\system32\xpsp2res.dll2008-04-13 18:35	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll2008-04-13 18:35	194,560	----a-w	C:\WINDOWS\system32\xpsp1res.dll2008-04-13 18:31	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll2008-04-13 18:30	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll2008-04-13 17:37	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll2008-04-13 17:37	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll2008-04-13 17:21	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll2008-04-13 16:48	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll2008-04-13 16:45	216,064	----a-w	C:\WINDOWS\system32\moricons.dll2008-04-13 16:23	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll2008-04-13 15:39	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll.(((((((((((((((((((((((((((((   snapshot@2008-07-01_13.03.50,78   ))))))))))))))))))))))))))))))))))))))))).+ 2008-07-02 10:11:04	245,760	----a-w	C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.30000__3cda94b1926e6fbc\log4net.dll+ 2008-07-02 10:11:00	65,536	----a-w	C:\WINDOWS\assembly\GAC_MSIL\NullableTypes\1.2.2336.27002__3cda94b1926e6fbc\NullableTypes.dll+ 2008-07-02 10:11:02	8,192	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_de_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:02	7,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_es_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:02	8,192	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_fr_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:02	7,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_it_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	45,056	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_ja-JP_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_ja_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	7,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_ko_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	7,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_nl_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	7,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_pt-PT_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	6,144	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_zh-CHS_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:03	6,144	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared.resources\2.2.2473.15730_zh-CHT_3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.resources.dll+ 2008-07-02 10:11:02	327,680	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.clrshared\2.2.2473.15730__3cda94b1926e6fbc\Sony.MediaSoftware.clrshared.dll+ 2008-07-02 10:11:01	282,624	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.MediaMgr.resources\2.2.2473.15737_de_3cda94b1926e6fbc\Sony.MediaSoftware.MediaMgr.resources.dll+ 2008-07-02 10:11:02	266,240	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.MediaMgr.resources\2.2.2473.15737_fr_3cda94b1926e6fbc\Sony.MediaSoftware.MediaMgr.resources.dll+ 2008-07-02 10:11:02	307,200	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.MediaMgr.resources\2.2.2473.15737_ja-JP_3cda94b1926e6fbc\Sony.MediaSoftware.MediaMgr.resources.dll+ 2008-07-02 10:11:02	24,576	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.MediaMgr.resources\2.2.2473.15737_ja_3cda94b1926e6fbc\Sony.MediaSoftware.MediaMgr.resources.dll+ 2008-07-02 10:11:01	2,142,208	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Sony.MediaSoftware.MediaMgr\2.2.2473.15737__3cda94b1926e6fbc\Sony.MediaSoftware.MediaMgr.dll+ 2008-07-02 10:11:03	282,624	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Core\4.102.0.62__632609b4d040f6b4\Syncfusion.Core.dll+ 2008-07-02 10:11:03	16,384	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Grid.Base\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Grid.Base.dll+ 2008-07-02 10:11:03	1,527,808	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Grid.Windows\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Grid.Windows.dll+ 2008-07-02 10:11:03	1,208,320	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Shared.Base\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Shared.Base.dll+ 2008-07-02 10:11:04	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Shared.Windows\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Shared.Windows.dll+ 2008-07-02 10:11:04	16,384	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Tools.Base\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Tools.Base.dll+ 2008-07-02 10:11:04	2,293,760	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Syncfusion.Tools.Windows\4.102.0.1002__3cda94b1926e6fbc\Syncfusion.Tools.Windows.dll- 2008-07-01 10:09:50	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-07-02 18:59:53	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-07-01 01:23:42	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE+ 2008-07-02 15:12:59	4,759,552	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT+ 2008-07-02 15:12:59	565,248	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat+ 2008-07-01 01:23:42	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE+ 2008-07-02 15:12:48	4,759,552	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT+ 2008-07-02 15:12:49	565,248	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat+ 2006-09-28 11:04:40	655,360	----a-w	C:\WINDOWS\system32\CDDBControl.dll+ 2006-09-28 11:04:40	98,304	----a-w	C:\WINDOWS\system32\CddbLangDE.dll+ 2006-09-28 11:04:40	98,304	----a-w	C:\WINDOWS\system32\CddbLangES.dll+ 2006-09-28 11:04:40	98,304	----a-w	C:\WINDOWS\system32\CddbLangFR.dll+ 2006-09-28 11:04:40	102,400	----a-w	C:\WINDOWS\system32\CddbLangIT.dll+ 2006-09-28 11:04:40	77,824	----a-w	C:\WINDOWS\system32\CddbLangJA.dll+ 2006-09-28 11:04:40	98,304	----a-w	C:\WINDOWS\system32\CddbLangNL.dll+ 2006-09-28 11:04:40	765,952	----a-w	C:\WINDOWS\system32\CDDBUI.dll+ 2002-12-17 15:23:52	29,244	------w	C:\WINDOWS\system32\DBmsLPCn.dll+ 2008-04-29 09:19:50	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys+ 2008-04-29 09:19:54	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys+ 2008-04-29 09:20:00	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys+ 2006-09-28 11:05:32	344,064	----a-w	C:\WINDOWS\system32\msvcr70.dll- 2008-07-01 10:14:06	62,422	----a-w	C:\WINDOWS\system32\perfc009.dat+ 2008-07-02 19:04:14	70,106	----a-w	C:\WINDOWS\system32\perfc009.dat- 2008-07-01 10:14:06	79,606	----a-w	C:\WINDOWS\system32\perfc015.dat+ 2008-07-02 19:04:14	87,290	----a-w	C:\WINDOWS\system32\perfc015.dat- 2008-07-01 10:14:06	400,760	----a-w	C:\WINDOWS\system32\perfh009.dat+ 2008-07-02 19:04:14	418,590	----a-w	C:\WINDOWS\system32\perfh009.dat- 2008-07-01 10:14:06	457,574	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2008-07-02 19:04:14	475,404	----a-w	C:\WINDOWS\system32\perfh015.dat- 2006-06-20 08:56:42	225,280	----a-w	C:\WINDOWS\system32\rewire.dll+ 2006-09-28 11:04:30	233,472	----a-w	C:\WINDOWS\system32\ReWire.dll.-- Snapshot reset to current date --.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon StartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGSHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMamHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\TacticalOps\\System\\TacticalOps.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\BitComet\\BitComet.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe"="D:\\Pes6\\PES6.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\system32\\mmc.exe"="D:\\PES 2008\\PES2008.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"10932:TCP"= 10932:TCP:BitComet 10932 TCP"10932:UDP"= 10932:UDP:BitComet 10932 UDP"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d31e894-0654-11dd-a985-00138fb95f4a}]\Shell\AutoRun\command - H:\EXPLORER.EXE\Shell\explore\Command - H:\EXPLORER.EXE\Shell\open\Command - H:\EXPLORER.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2aa723aa-f7e7-11dc-a916-00138fb95f4a}]\Shell\AutoRun\command - EXPLORER.EXE\Shell\explore\Command - EXPLORER.EXE\Shell\open\Command - EXPLORER.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03e22a0-fe53-11dc-a949-00138fb95f4a}]\Shell\AutoRun\command - H:\EXPLORER.EXE\Shell\explore\Command - H:\EXPLORER.EXE\Shell\open\Command - H:\EXPLORER.EXE.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-C6501Sound - c6501.cpl**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 21:06:47Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-02 21:07:52ComboFix-quarantined-files.txt  2008-07-02 19:07:39ComboFix2.txt  2008-07-01 11:04:05Pre-Run: 1,569,116,160 bajtów wolnychPost-Run: 1,565,077,504 bajtów wolnych292	--- E O F ---	2008-06-25 16:36:32Hijack
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:12:00, on 2008-07-02Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://arcaonline.arcabit.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 4863 bytes

//logi wstawiamy w tagi code a nie quote!

//vocativus

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.