r e k l a m a
Zaloguj się, aby obserwować  
Obserwujący 0
Domel17

Skaczący ping

Dzisiaj zainstalowałem sobie Enemy Territory :) Chce wejść na swój ulubiony serwer i co ?? Po wejściu jestem może jakieś 30sek i jestem wyrzucany z powodu wysokiego pingu !! Jak wejdę wynosi ok. 62. Dodatkowo net zacząl mulić :( Może coś jest w kompie?? pomóżcie :(

Logfile of HijackThis v1.99.1

Scan saved at 20:20:32, on 2007-07-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: DSLMON.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5955392843

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A05F0B47-0C2E-4F05-829D-9F46DBB66957}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
r e k l a m a
"none" - 2007-07-26 11:44:49 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\components

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

2007-07-26 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 15:39

2007-07-13 15:56

2007-07-10 20:43

2007-07-03 18:37

2007-07-01 21:47

2007-07-01 17:55

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 15:07:44 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-19 11:59:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-17 08:45:59 -------- d-----w C:\Program Files\Norton Internet Security

2007-07-16 10:13:24 -------- d-----w C:\Program Files\Norton SystemWorks

2007-07-16 10:03:55 -------- d-----w C:\Program Files\BitComet

2007-07-14 14:47:50 -------- d-----w C:\Program Files\Gadu-Gadu

2007-07-14 14:35:49 -------- d-----w C:\Program Files\Winamp

2007-07-13 14:28:10 -------- d-----w C:\Program Files\DkZ Studio

2007-07-11 10:48:39 87,536 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-11 10:48:39 495,654 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-07-09 13:07:54 -------- d-----w C:\DOCUME~1\none\DANEAP~1\Skype

2007-06-26 17:40:08 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-06-13 10:30:57 -------- d-----w C:\Program Files\MSBuild

2007-06-13 10:27:39 -------- d-----w C:\Program Files\Reference Assemblies

2007-06-12 10:22:57 -------- d-----w C:\Program Files\Skype

2007-06-12 10:22:53 -------- d-----w C:\Program Files\Common Files\Skype

2007-06-10 12:30:20 -------- d-----w C:\Program Files\VID_0E8F&PID_0003

2007-06-08 11:41:03 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe

2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-20 15:37:00 347,253 ----a-w C:\Program Files\Silent Runners.vbs

2006-05-06 16:52:10 7 ----a-w C:\DOCUME~1\none\DANEAP~1\bin.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 13:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 17:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-08 22:27:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk]

backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Find Fast.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Uruchamianie pakietu Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Uruchamianie pakietu Office.lnk

backup=C:\WINDOWS\pss\Uruchamianie pakietu Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^none^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]

backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

path=C:\Documents and Settings\none\Menu Start\Programy\Autostart\Y'z ToolBar.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys

R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys

R1 NetBIOS;Interfejs NetBIOS;C:\WINDOWS\system32\DRIVERS\netbios.sys

R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys

R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

R2 LmHosts;Pomoc TCP/IP NetBIOS;C:\WINDOWS\system32\svchost.exe -k LocalService

R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys

R3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

R3 mssmbios;Sterownik BIOS zarzĄdzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\mssmbios.sys

R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys

R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys

R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys

R3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys

S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys

S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys

S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys

S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys

S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys

S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

AutoRun\command- L:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05e4a4f5-7891-11da-becb-806d6172696f}]

AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7728868-9840-11db-abd1-4d6564696130}]

AutoRun\command- J:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa39fe0f-9a46-11da-a993-00142aa87581}]

AutoRun\command- K:\AUTORUN.EXE

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder

2007-07-15 13:10:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-20 18:36:31 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - none.job

2006-09-23 14:05:19 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom szybkie skanowanie - none.job

2007-07-23 10:00:41 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

2007-07-15 22:00:00 C:\WINDOWS\tasks\Symantec Drmc.job

2007-07-18 16:13:00 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

2007-04-19 16:13:39 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 11:46:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hamachi]

"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ]

"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZid412]

"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZipr12]

"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZius12]

"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

Completion time: 2007-07-26 11:47:46

--- E O F ---

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Pobierz program SDFix


 • [*:3eqnu40n]Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)
  [*:3eqnu40n]Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
  [*:3eqnu40n]Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
  [*:3eqnu40n]Wciśnij Y nastąpi proces usuwania.
  [*:3eqnu40n]Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
  [*:3eqnu40n]Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
  [*:3eqnu40n]Pokaż Report.txt znajdujący się w folderze SDFix.

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

SDFix: Version 1.94

Run by none on 2007-07-27 at 17:02

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:

---------------

Files with Hidden Attributes:

C:\Program Files\Give4Free Plugin\ibho.dll

C:\Program Files\Give4Free Plugin\ccapp.exe

C:\Program Files\Give4Free Plugin\uninstall.exe

C:\Program Files\Give4Free Plugin\updater.exe

C:\Program Files\Give4Free Plugin\ustart.exe

C:\Program Files\Give4Free Plugin\~ccapp.exe

C:\Program Files\Give4Free Plugin\~ustart.exe

C:\WINDOWS\system32\drivers\KS-959.sys

Finished

EDIT: czyszczeni rejestru RegCleanerem wykonane :)

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Do odszczału C:\Program Files\Give4Free Plugin

Po tym nowy log z combo

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
Do odszczału C:\Program Files\Give4Free Plugin

ZROBIONE !!

"none" - 2007-07-28 10:09:33 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

2007-07-27 17:18

2007-07-27 17:15 23 --ahs---- C:\WINDOWS\system32\eeefefcff4_r.dll

2007-07-27 17:01

2007-07-26 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 15:39

2007-07-10 20:43

2007-07-03 18:37

2007-07-01 21:47

2007-07-01 17:55

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 12:49:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-26 13:05:40 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-07-21 15:07:44 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-17 08:45:59 -------- d-----w C:\Program Files\Norton Internet Security

2007-07-16 10:13:24 -------- d-----w C:\Program Files\Norton SystemWorks

2007-07-16 10:03:55 -------- d-----w C:\Program Files\BitComet

2007-07-14 14:47:50 -------- d-----w C:\Program Files\Gadu-Gadu

2007-07-14 14:35:49 -------- d-----w C:\Program Files\Winamp

2007-07-11 10:48:39 87,536 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-11 10:48:39 495,654 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-07-09 13:07:54 -------- d-----w C:\DOCUME~1\none\DANEAP~1\Skype

2007-06-26 17:40:08 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-06-13 10:30:57 -------- d-----w C:\Program Files\MSBuild

2007-06-13 10:27:39 -------- d-----w C:\Program Files\Reference Assemblies

2007-06-12 10:22:57 -------- d-----w C:\Program Files\Skype

2007-06-12 10:22:53 -------- d-----w C:\Program Files\Common Files\Skype

2007-06-10 12:30:20 -------- d-----w C:\Program Files\VID_0E8F&PID_0003

2007-06-08 11:41:03 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe

2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-20 15:37:00 347,253 ----a-w C:\Program Files\Silent Runners.vbs

2006-05-06 16:52:10 7 ----a-w C:\DOCUME~1\none\DANEAP~1\bin.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 13:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 17:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-08 22:27:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk]

backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Find Fast.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Uruchamianie pakietu Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Uruchamianie pakietu Office.lnk

backup=C:\WINDOWS\pss\Uruchamianie pakietu Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^none^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]

backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

path=C:\Documents and Settings\none\Menu Start\Programy\Autostart\Y'z ToolBar.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys

R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys

R1 NetBIOS;Interfejs NetBIOS;C:\WINDOWS\system32\DRIVERS\netbios.sys

R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys

R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

R2 LmHosts;Pomoc TCP/IP NetBIOS;C:\WINDOWS\system32\svchost.exe -k LocalService

R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys

R3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

R3 mssmbios;Sterownik BIOS zarzĄdzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\mssmbios.sys

R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys

R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys

R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys

R3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys

S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys

S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys

S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys

S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys

S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys

S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

AutoRun\command- L:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05e4a4f5-7891-11da-becb-806d6172696f}]

AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7728868-9840-11db-abd1-4d6564696130}]

AutoRun\command- J:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa39fe0f-9a46-11da-a993-00142aa87581}]

AutoRun\command- K:\AUTORUN.EXE

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder

2007-07-15 13:10:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-27 18:01:25 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - none.job

2006-09-23 14:05:19 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom szybkie skanowanie - none.job

2007-07-23 10:00:41 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

2007-07-15 22:00:00 C:\WINDOWS\tasks\Symantec Drmc.job

2007-07-18 16:13:00 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

2007-04-19 16:13:39 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-28 10:11:54

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hamachi]

"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ]

"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZid412]

"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZipr12]

"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZius12]

"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

Completion time: 2007-07-28 10:12:41

C:\ComboFix2.txt ... 2007-07-26 11:47

--- E O F ---

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
r e k l a m a

C:\DOCUME~1\ALLUSE~1\DANEAP~1\McNeel jeśli nie wiesz co to za folder - wylatuje

C:\WINDOWS\system32\eeefefcff4_r.dll, K:\AUTORUN.EXE > usun pliki

Otwórz notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :)

daj nowy log

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
C:\DOCUME~1\ALLUSE~1\DANEAP~1\McNeel jeśli nie wiesz co to za folder - wylatuje

Wyleciał !!

C:\WINDOWS\system32\eeefefcff4_r.dll

Tego pliku tu nie ma :(

K:\AUTORUN.EXE > usun pliki

Takiej ścieżki w ogóle nie posiadam !!

Otwórz notatnik i wklej w nim to:

Cytat:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Zrobione !!

Nowy log z ComboFix:

"none" - 2007-07-30 11:12:30 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))

2007-07-27 17:18

2007-07-27 17:15 23 --ahs---- C:\WINDOWS\system32\eeefefcff4_r.dll

2007-07-27 17:01

2007-07-26 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 15:39

2007-07-10 20:43

2007-07-01 21:47

2007-07-01 17:55

2007-06-13 12:30

2007-06-13 12:28

2007-06-13 12:27 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-06-13 12:27

2007-06-12 12:22

2007-06-12 12:22

2007-06-10 14:30

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 12:49:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-26 13:05:40 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-07-21 15:07:44 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-17 08:45:59 -------- d-----w C:\Program Files\Norton Internet Security

2007-07-16 10:13:24 -------- d-----w C:\Program Files\Norton SystemWorks

2007-07-16 10:03:55 -------- d-----w C:\Program Files\BitComet

2007-07-14 14:47:50 -------- d-----w C:\Program Files\Gadu-Gadu

2007-07-14 14:35:49 -------- d-----w C:\Program Files\Winamp

2007-07-11 10:48:39 87,536 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-07-11 10:48:39 495,654 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-07-09 13:07:54 -------- d-----w C:\DOCUME~1\none\DANEAP~1\Skype

2007-06-26 17:40:08 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-06-08 11:41:03 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe

2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-20 15:37:00 347,253 ----a-w C:\Program Files\Silent Runners.vbs

2006-05-06 16:52:10 7 ----a-w C:\DOCUME~1\none\DANEAP~1\bin.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 13:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 17:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-08 22:27:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk]

backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Find Fast.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Uruchamianie pakietu Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Uruchamianie pakietu Office.lnk

backup=C:\WINDOWS\pss\Uruchamianie pakietu Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^none^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]

backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

path=C:\Documents and Settings\none\Menu Start\Programy\Autostart\Y'z ToolBar.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys

R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys

R1 NetBIOS;Interfejs NetBIOS;C:\WINDOWS\system32\DRIVERS\netbios.sys

R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys

R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

R2 LmHosts;Pomoc TCP/IP NetBIOS;C:\WINDOWS\system32\svchost.exe -k LocalService

R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys

R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys

R3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

R3 mssmbios;Sterownik BIOS zarzĄdzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\mssmbios.sys

R3 NPDriver;Norton UnErase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys

R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys

R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys

R3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys

S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys

S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys

S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys

S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys

S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys

S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder

2007-07-15 13:10:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-27 18:01:25 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - none.job

2006-09-23 14:05:19 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom szybkie skanowanie - none.job

2007-07-23 10:00:41 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

2007-07-28 22:00:00 C:\WINDOWS\tasks\Symantec Drmc.job

2007-07-28 16:13:01 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

2007-04-19 16:13:39 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-30 11:14:44

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hamachi]

"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e ]

"ImagePath"=""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZid412]

"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZipr12]

"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZius12]

"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

Completion time: 2007-07-30 11:15:35

C:\ComboFix2.txt ... 2007-07-28 10:12

C:\ComboFix3.txt ... 2007-07-26 11:47

--- E O F ---

:(

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Zaloguj się, aby skomentować

Będziesz mógł dodać komentarz po zalogowaniu sięZaloguj się
Zaloguj się, aby obserwować  
Obserwujący 0