Domel17
(Malgoska1795 Oficial)
25 Lipiec 2007 18:27
#1
Dzisiaj zainstalowałem sobie Enemy Territory Chce wejść na swój ulubiony serwer i co ?? Po wejściu jestem może jakieś 30sek i jestem wyrzucany z powodu wysokiego pingu
Logfile of HijackThis v1.99.1 Scan saved at 20:20:32, on 2007-07-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 5955392843 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{A05F0B47-0C2E-4F05-829D-9F46DBB66957}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Domel17
(Malgoska1795 Oficial)
25 Lipiec 2007 18:42
#3
dzięki :mrgreen: A w czym innym może być problem ??
Domel17
(Malgoska1795 Oficial)
27 Lipiec 2007 15:11
#7
SDFix: Version 1.94 Run by none on 2007-07-27 at 17:02 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Shareaza\Shareaza.exe”=“C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza” “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" Remaining Files: --------------- Files with Hidden Attributes: C:\Program Files\Give4Free Plugin\ibho.dll C:\Program Files\Give4Free Plugin\ccapp.exe C:\Program Files\Give4Free Plugin\uninstall.exe C:\Program Files\Give4Free Plugin\updater.exe C:\Program Files\Give4Free Plugin\ustart.exe C:\Program Files\Give4Free Plugin~ccapp.exe C:\Program Files\Give4Free Plugin~ustart.exe C:\WINDOWS\system32\drivers\KS-959.sys Finished
EDIT: czyszczeni rejestru RegCleanerem wykonane
Gutek
(Gutek)
27 Lipiec 2007 20:00
#8
Do odszczału C:\Program Files\ Give4Free Plugin
Po tym nowy log z combo
Joan
(Joan Sunshine)
30 Lipiec 2007 08:23
#10
C:\DOCUME~1\ALLUSE~1\DANEAP~1\McNeel jeśli nie wiesz co to za folder - wylatuje
C:\WINDOWS\system32\eeefefcff4_r.dll, K:\AUTORUN.EXE > usun pliki
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
daj nowy log
Domel17
(Malgoska1795 Oficial)
30 Lipiec 2007 09:31
#11
Wyleciał
Tego pliku tu nie ma
Takiej ścieżki w ogóle nie posiadam
Zrobione
Nowy log z ComboFix:
“none” - 2007-07-30 11:12:30 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 ))))))))))))))))))))))))))))))) 2007-07-27 17:18 2007-07-27 17:15 23 --ahs---- C:\WINDOWS\system32\eeefefcff4_r.dll 2007-07-27 17:01 2007-07-26 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-15 15:39 2007-07-10 20:43 2007-07-01 21:47 2007-07-01 17:55 2007-06-13 12:30 2007-06-13 12:28 2007-06-13 12:27 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-06-13 12:27 2007-06-12 12:22 2007-06-12 12:22 2007-06-10 14:30 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-27 12:49:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-07-26 13:05:40 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-07-21 15:07:44 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-17 08:45:59 -------- d-----w C:\Program Files\Norton Internet Security 2007-07-16 10:13:24 -------- d-----w C:\Program Files\Norton SystemWorks 2007-07-16 10:03:55 -------- d-----w C:\Program Files\BitComet 2007-07-14 14:47:50 -------- d-----w C:\Program Files\Gadu-Gadu 2007-07-14 14:35:49 -------- d-----w C:\Program Files\Winamp 2007-07-11 10:48:39 87,536 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 10:48:39 495,654 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-09 13:07:54 -------- d-----w C:\DOCUME~1\none\DANEAP~1\Skype 2007-06-26 17:40:08 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-06-08 11:41:03 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-20 15:37:00 347,253 ----a-w C:\Program Files\Silent Runners.vbs 2006-05-06 16:52:10 7 ----a-w C:\DOCUME~1\none\DANEAP~1\bin.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-03-01 13:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-14 17:56] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-08 22:27:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoViewOnDrive”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Find Fast.lnk] backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Find Fast.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Uruchamianie pakietu Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Uruchamianie pakietu Office.lnk backup=C:\WINDOWS\pss\Uruchamianie pakietu Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^none^Menu Start^Programy^Autostart^Y’z ToolBar.lnk] backup=C:\WINDOWS\pss\Y’z ToolBar.lnkStartup path=C:\Documents and Settings\none\Menu Start\Programy\Autostart\Y’z ToolBar.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys R1 BIOS;BIOS;??\C:\WINDOWS\system32\drivers\BIOS.sys R1 NetBIOS;Interfejs NetBIOS;C:\WINDOWS\system32\DRIVERS\netbios.sys R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe R2 LmHosts;Pomoc TCP/IP NetBIOS;C:\WINDOWS\system32\svchost.exe -k LocalService R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys R3 EraserUtilRebootDrv;EraserUtilRebootDrv;??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys R3 mssmbios;Sterownik BIOS zarzĄdzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\mssmbios.sys R3 NPDriver;Norton UnErase Protection Driver;??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys R3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net \Framework\v3.0\WPF\PresentationFontCache.exe S3 idsvc;Windows CardSpace;“C:\WINDOWS\Microsoft.NET \Framework\v3.0\Windows Communication Foundation\infocard.exe” S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys S3 SDdriver;SDdriver;??\C:\WINDOWS\system32\Drivers\sddriver.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;“C:\WINDOWS\Microsoft.NET \Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe” *Newly Created Service* - COMHOST Contents of the ‘Scheduled Tasks’ folder 2007-07-15 13:10:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-27 18:01:25 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - none.job 2006-09-23 14:05:19 C:\WINDOWS\tasks\Norton AntiVirus - Uruchom szybkie skanowanie - none.job 2007-07-23 10:00:41 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job 2007-07-28 22:00:00 C:\WINDOWS\tasks\Symantec Drmc.job 2007-07-28 16:13:01 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job 2007-04-19 16:13:39 C:\WINDOWS\tasks\Uniblue SpyEraser.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-30 11:14:44 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hamachi] “ImagePath”=“system32\DRIVERS\hamachi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e] “ImagePath”="“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc] “ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ] “ServiceDll”="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidUsb] “ImagePath”=“system32\DRIVERS\hidusb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZid412] “ImagePath”=“system32\DRIVERS\HPZid412.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZipr12] “ImagePath”=“system32\DRIVERS\HPZipr12.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HPZius12] “ImagePath”=“system32\DRIVERS\HPZius12.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP] “ImagePath”=“System32\Drivers\HTTP.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter] “ServiceDll”="%SystemRoot%\System32\w3ssl.dll" Completion time: 2007-07-30 11:15:35 C:\ComboFix2.txt … 2007-07-28 10:12 C:\ComboFix3.txt … 2007-07-26 11:47 — E O F —