Net od jakiegos czasu strasznie zwolnił

Dla specjalistów Sieci komputerowe
#1

witam mam problem z netem od jakiegos czasy strasznie zwolnił pobieram z predokoscia 10 kb /s a zazwyczaj bylu 50/40 około w grze mam straszne laggi moze mi ktos powiedziec co zrobic co moze byc przyczyna tego, moze jakis dobry program do oczyszczenia systemu ?

#2

Czyszczenie systemu:

Poczytaj: Optymalizacja XP

Jak nic nie pomoże, to daj log z HiJackThis - może masz jakieś śmieci.

#3

nic dalej to samo, a jak włacze Ad-Aware SE Personal to net przyspiesza a potem znowu spada

oto logi z HiJackThis i combofix

Logfile of HijackThis v1.99.1

Scan saved at 09:42:38, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\ehome\ehtray.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

D:\Program Files\Eset\nod32kui.exe

D:\Program Files\Windows Defender\MSASCui.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\WINDOWS\eHome\ehRecvr.exe

D:\WINDOWS\eHome\ehSched.exe

D:\Program Files\Eset\nod32krn.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\dllhost.exe

D:\WINDOWS\eHome\ehmsas.exe

D:\Documents and Settings\Maciek Dabrowski\Desktop\cmtu10017\cmtutool.exe

D:\Documents and Settings\Maciek Dabrowski\Desktop\cmtu10017\cmtutool.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

D:\DOCUME~1\MACIEK~1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM…\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe

O4 - HKLM…\Run: [ATICCC] “D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Windows Defender] “D:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 9113839359

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://player.virtools.com/downloads/pl … taller.exe

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ … taller.exe

O17 - HKLM\System\CCS\Services\Tcpip…{96399477-0ACC-4A41-B13C-8F9954F54F8C}: NameServer = 192.168.48.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Instinct Drivers Auto Removal (pr2ae5eb) (pr2ae5eb) - Noviy Disk - D:\WINDOWS\system32\pr2ae5eb.exe

O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Combofix

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))

.

2008-01-02 23:50 . 2008-01-03 00:16

2008-01-02 23:50 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll

2008-01-02 23:50 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll

2008-01-02 23:50 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll

2008-01-02 23:50 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll

2008-01-02 23:48 . 2008-01-02 23:50

2008-01-02 22:04 . 2004-01-08 02:43 253,952 --a------ D:\WINDOWS\system32\histogram.ocx

2008-01-02 22:04 . 2004-01-09 11:54 188,416 --a------ D:\WINDOWS\system32\actsplash.ocx

2008-01-02 22:04 . 2000-07-15 00:00 118,784 --a------ D:\WINDOWS\system32\MSSTDFMT.DLL

2008-01-02 21:09 . 2008-01-02 21:09

2008-01-02 20:25 . 2008-01-02 20:25

2008-01-02 20:13 . 2008-01-02 20:13

2008-01-02 12:02 . 2008-01-02 12:02

2008-01-02 12:02 . 2008-01-02 12:02

2008-01-01 23:33 . 2008-01-01 23:33

2008-01-01 23:01 . 2008-01-01 23:01 244 --ah----- D:\sqmnoopt01.sqm

2008-01-01 23:01 . 2008-01-01 23:01 232 --ah----- D:\sqmdata01.sqm

2008-01-01 22:55 . 2008-01-01 22:58 3,507,513 --a------ D:\craig_david_-_hot_stuff.mp3

2007-12-31 21:51 . 2007-12-31 21:51

2007-12-31 14:22 . 2007-12-31 14:21 737,280 --a------ D:\WINDOWS\iun6002.exe

2007-12-30 20:00 . 2007-12-30 20:00 568,554 --a------ D:\to_teraz_lece_ekspresem.jpg

2007-12-29 16:12 . 2007-12-29 16:12

2007-12-27 13:29 . 2007-12-27 13:29 332 --a------ D:\WINDOWS\desctemp.dat

2007-12-20 18:15 . 2007-12-20 18:15 1,198,557 --a------ D:\WINDOWS\system32\Object Browser For Trainz ScreenSaver.scr

2007-12-16 14:50 . 2007-12-16 14:50

2007-12-16 14:47 . 2007-12-22 19:09

2007-12-16 14:46 . 2007-12-16 14:47

2007-12-14 23:22 . 2007-12-14 23:28

2007-12-13 17:14 . 2007-12-05 14:17 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe

2007-12-13 17:12 . 2007-12-13 17:12 10 --a------ D:\WINDOWS\WININIT.INI

2007-12-13 16:43 . 2007-12-13 16:53

2007-12-13 16:42 . 2008-01-01 19:53

2007-12-13 16:42 . 2006-04-20 12:51 359,808 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.flg

2007-12-13 16:00 . 2008-01-02 20:54

2007-12-13 15:59 . 2007-12-13 16:00

2007-12-11 20:33 . 2007-12-11 20:33

2007-12-10 09:14 . 2007-12-10 09:14 0 --a------ D:\WINDOWS\ativpsrm.bin

2007-12-09 22:50 . 2006-03-21 04:23 23,040 --------- D:\WINDOWS\kb913800.exe

2007-12-09 22:18 . 2007-12-09 22:18

2007-12-09 22:06 . 2008-01-02 21:09

2007-12-09 22:05 . 2007-12-09 22:05

2007-12-09 22:04 . 2007-12-09 22:04

2007-12-09 22:04 . 2007-12-09 22:04

2007-12-09 22:04 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll

2007-12-09 22:00 . 2006-01-11 01:48 46,592 --------- D:\WINDOWS\system32\drivers\irbus.sys

2007-12-09 22:00 . 2006-01-11 01:48 19,200 --------- D:\WINDOWS\system32\drivers\hidir.sys

2007-12-09 21:40 . 2006-11-13 07:02 288,768 --------- D:\WINDOWS\system32\rhttpaa.dll

2007-12-09 21:40 . 2006-11-13 07:02 116,736 --------- D:\WINDOWS\system32\aaclient.dll

2007-12-09 21:40 . 2006-11-13 07:02 36,352 --------- D:\WINDOWS\system32\tsgqec.dll

2007-12-08 12:15 . 2007-12-08 12:15

2007-12-08 12:14 . 2007-12-08 12:14

2007-12-08 12:14 . 2007-02-22 10:15 137,216 --a------ D:\WINDOWS\system32\drivers\nmwcd.sys

2007-12-08 12:14 . 2007-02-22 10:15 65,536 --a------ D:\WINDOWS\system32\nmwcdcocls.dll

2007-12-08 12:14 . 2007-02-22 10:15 12,288 --a------ D:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-12-08 12:14 . 2007-02-22 10:15 12,288 --a------ D:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-12-08 12:14 . 2007-02-22 10:15 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdc.sys

2007-12-07 21:17 . 2007-12-07 21:17

2007-12-07 20:35 . 2008-01-03 09:11

2007-12-07 16:45 . 2007-12-07 16:45

2007-12-07 12:02 . 2007-12-07 12:02 65,024 --a------ D:\WINDOWS\system32\drivers\kvpndrv.sys

2007-12-07 00:14 . 2008-01-01 23:38

2007-12-06 23:35 . 2007-12-06 23:35

2007-12-05 18:19 . 2007-12-05 18:19

2007-12-04 23:09 . 2007-12-16 14:50 85 --a------ D:\WINDOWS\win.ini

2007-12-04 23:08 . 2005-11-30 21:20 2,314,332 --a------ D:\WINDOWS\system32\LIBMMD.DLL

2007-12-04 23:08 . 2000-05-21 22:00 647,872 --a------ D:\WINDOWS\system32\mscomct2.ocx

2007-12-04 23:08 . 2000-05-22 16:58 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx

2007-12-04 23:08 . 2000-05-22 15:58 115,920 --a------ D:\WINDOWS\system32\msinet.ocx

2007-12-04 20:00 . 2007-12-04 20:00

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-03 08:24 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-03 08:24 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe

2008-01-03 08:17 --------- d-----w D:\Program Files\English Translator 3

2008-01-02 19:39 12,432 ----a-w D:\WINDOWS\system32\drivers\kwflower.log

2008-01-02 19:35 5,202 ----a-w D:\WINDOWS\system32\drivers\kwfupper.log

2008-01-01 23:31 --------- d-----w D:\Program Files\WarRock

2008-01-01 22:34 --------- d–h--w D:\Program Files\InstallShield Installation Information

2007-12-31 20:41 --------- d-----w D:\Program Files\NAPI-PROJEKT

2007-12-29 10:47 --------- d-----w D:\Program Files\Common Files\Symantec Shared

2007-12-28 14:00 --------- d-----w D:\Program Files\Norton Security Scan

2007-12-26 11:18 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Skype

2007-12-23 08:00 --------- d-----w D:\Program Files\Xfire

2007-12-22 20:14 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Xfire

2007-12-22 18:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-18 08:04 --------- d-----w D:\Program Files\Auran

2007-12-13 16:35 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\ATI

2007-12-13 15:18 --------- d—a-w D:\Documents and Settings\All Users\Application Data\TEMP

2007-12-11 11:16 --------- d-----w D:\Program Files\Winamp

2007-12-08 11:16 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Nokia

2007-12-08 11:15 --------- d-----w D:\Program Files\Common Files\Nokia

2007-12-08 11:14 --------- d-----w D:\Program Files\Nokia

2007-12-08 11:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations

2007-12-08 10:47 --------- d-----w D:\Program Files\Lonely Cat Games

2007-12-05 19:38 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\gtk-2.0

2007-12-05 05:26 2,782,208 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys

2007-12-05 03:05 368,640 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll

2007-12-05 03:04 269,312 ----a-w D:\WINDOWS\system32\ati2dvag.dll

2007-12-05 02:56 147,456 ----a-w D:\WINDOWS\system32\atipdlxx.dll

2007-12-05 02:55 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll

2007-12-05 02:55 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe

2007-12-05 02:55 122,880 ----a-w D:\WINDOWS\system32\Oemdspif.dll

2007-12-05 02:55 122,880 ----a-w D:\WINDOWS\system32\ati2evxx.dll

2007-12-05 02:54 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll

2007-12-05 02:53 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL

2007-12-05 02:53 495,616 ----a-w D:\WINDOWS\system32\ati2evxx.exe

2007-12-05 02:48 9,535,488 ----a-w D:\WINDOWS\system32\atioglx2.dll

2007-12-05 02:44 3,175,584 ----a-w D:\WINDOWS\system32\ati3duag.dll

2007-12-05 02:33 1,640,192 ----a-w D:\WINDOWS\system32\ativvaxx.dll

2007-12-05 02:19 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll

2007-12-05 02:19 385,024 ----a-w D:\WINDOWS\system32\atikvmag.dll

2007-12-05 02:17 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll

2007-12-05 02:16 49,152 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll

2007-12-05 02:14 180,224 ----a-w D:\WINDOWS\system32\atiok3x2.dll

2007-12-05 02:11 499,712 ----a-w D:\WINDOWS\system32\ati2cqag.dll

2007-12-02 08:22 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Grisoft

2007-12-01 15:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\MailFrontier

2007-12-01 15:09 512,096 ----a-w D:\WINDOWS\system32\drivers\amon.sys

2007-12-01 15:09 298,104 ----a-w D:\WINDOWS\system32\imon.dll

2007-12-01 15:09 15,424 ----a-w D:\WINDOWS\system32\drivers\nod32drv.sys

2007-12-01 14:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2007-11-29 22:24 --------- d-----w D:\Program Files\Firefly Studios

2007-11-27 21:32 --------- d-----w D:\Program Files\ATI Technologies

2007-11-24 20:06 --------- d-----w D:\Program Files\eMule

2007-11-22 10:58 --------- d-----w D:\Program Files\Ares

2007-11-21 21:36 --------- d-----w D:\Program Files\MoorHunt

2007-11-20 10:59 --------- d-----w D:\Program Files\WinUHA

2007-11-19 21:05 --------- d-----w D:\Program Files\HyperSnap 6

2007-11-18 20:21 --------- d-----w D:\Program Files\Auto Send Message

2007-11-18 16:50 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\PC Suite

2007-11-18 07:46 --------- d-----w D:\Program Files\Counter-Strike

2007-11-16 16:47 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe

2007-11-16 16:33 22,328 ----a-w D:\Documents and Settings\Maciek Dabrowski\Application Data\PnkBstrK.sys

2007-11-16 15:10 --------- d-----w D:\Program Files\Activision

2007-11-15 18:06 --------- d-----w D:\Program Files\The Witcher

2007-11-13 18:28 --------- d-----w D:\Program Files\Sony Ericsson

2007-11-13 17:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth

2007-11-13 17:07 --------- d-----w D:\Program Files\IVT Corporation

2007-11-13 17:00 --------- d-----w D:\Program Files\EA GAMES

2007-11-13 16:59 --------- d-----w D:\Program Files\USB all-in-one game controller

2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys

2007-11-12 19:20 --------- d-----w D:\Program Files\Red Orchestra

2007-11-11 09:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Downloaded Installations

2007-11-11 09:09 --------- d-----w D:\Program Files\DIFX

2007-11-11 09:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nokia

2007-11-10 09:58 --------- d-----w D:\Program Files\Gothic III

2007-11-09 15:10 86,016 ----a-w D:\WINDOWS\system32\OpenAL32.dll

2007-11-09 15:10 413,696 ----a-w D:\WINDOWS\system32\wrap_oal.dll

2007-11-09 15:04 --------- d-----w D:\Program Files\Bohemia Interactive

2007-11-08 11:16 --------- d-----w D:\Program Files\MC2

2007-11-06 08:20 831,048 ----a-w D:\WINDOWS\system32\WudfUpdate_01005.dll

2007-11-04 11:27 --------- d-----w D:\Program Files\Image-Line

2007-10-29 22:35 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll

2007-10-29 14:17 23,786,395 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_29_15_15_48_full.dmp.zip

2007-10-27 16:40 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll

2007-10-27 08:35 72,748 ----a-w D:\WINDOWS\unins000.exe

2007-10-24 00:47 96,760 ----a-w D:\WINDOWS\system32\dfshim.dll

2007-10-24 00:47 84,480 ----a-w D:\WINDOWS\system32\mscories.dll

2007-10-24 00:47 282,112 ----a-w D:\WINDOWS\system32\mscoree.dll

2007-10-24 00:47 158,720 ----a-w D:\WINDOWS\system32\mscorier.dll

2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll

2007-10-21 08:52 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll

2007-10-21 08:47 674,600 ----a-w D:\WINDOWS\system32\pbsvc.exe

2007-10-19 20:32 53,855,419 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_31_full.dmp.zip

2007-10-19 20:32 53,851,687 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_45_full.dmp.zip

2007-10-19 20:30 53,855,073 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_18_full.dmp.zip

2007-10-09 21:26 648,568 ----a-w D:\WINDOWS\system32\SpoonUninstall.exe

2007-10-09 12:03 779,800 ----a-w D:\WINDOWS\system32\PresentationNative_v0300.dll

2007-10-09 12:03 73,752 ----a-w D:\WINDOWS\system32\dxva2.dll

2007-10-09 12:03 493,080 ----a-w D:\WINDOWS\system32\evr.dll

2007-10-09 12:03 350,744 ----a-w D:\WINDOWS\system32\PresentationHost.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\PROGRA~1\GADU-G~1\gg.exe” [2007-07-09 08:39 2119104]

“ctfmon.exe”=“D:\WINDOWS\system32\ctfmon.exe” [2006-03-15 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray”=“D:\WINDOWS\ehome\ehtray.exe” [2005-08-05 13:56 64512]

“ATICCC”=“D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12 90112]

“SoundMan”=“SOUNDMAN.EXE” [2006-03-01 09:22 577536 D:\WINDOWS\soundman.exe]

“SunJavaUpdateSched”=“D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11 132496]

“nod32kui”=“D:\Program Files\Eset\nod32kui.exe” [2007-12-01 16:09 949376]

“Windows Defender”=“D:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20 866584]

“Adobe Reader Speed Launcher”=“D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“D:\WINDOWS\system32\CTFMON.EXE” [2006-03-15 13:00 15360]

“Nokia.PCSync”=“D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”= D:\WINDOWS\Resources\Themes\Royale.theme

“SynchronousMachineGroupPolicy”= 0 (0x0)

“SynchronousUserGroupPolicy”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST – pasek zadań.lnk]

backup=D:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\IVT BlueSoleil\BlueSoleil.lnk

backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Maciek Dabrowski^Start Menu^Programs^Startup^GM_DevUpdate.lnk]

backup=D:\WINDOWS\pss\GM_DevUpdate.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 --a------ D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“usnjsvc”=3 (0x3)

“Ati HotKey Poller”=2 (0x2)

R0 pe3ae5eb;Instinct Environment Driver (pe3ae5eb);D:\WINDOWS\system32\drivers\pe3ae5eb.sys [2007-07-18 11:06]

R0 ps6ae5eb;Instinct Synchronization Driver (ps6ae5eb);D:\WINDOWS\system32\drivers\ps6ae5eb.sys [2007-07-18 11:06]

R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]

R0 VirtualK;VirtaulK;D:\WINDOWS\system32\drivers\VirtualK.sys [2003-11-27 18:48]

R0 xfilt;VIA SATA IDE Hot-plug Driver;D:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;D:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24]

R3 skbusenum;SKBus Enumerator;D:\WINDOWS\system32\DRIVERS\skbusenum.sys [2004-12-16 11:20]

S2 pr2ae5eb;Instinct Drivers Auto Removal (pr2ae5eb);D:\WINDOWS\system32\pr2ae5eb.exe svc []

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;D:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-03-31 19:03]

S3 kvpndev;Kerio VPN adapter;D:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 12:02]

S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;D:\WINDOWS\system32\DRIVERS\kwflower.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]

.

Contents of the ‘Scheduled Tasks’ folder

“2008-01-03 08:34:40 D:\WINDOWS\Tasks\MP Scheduled Scan.job”

  • D:\Program Files\Windows Defender\MpCmdRun.exe

“2007-12-28 15:24:16 D:\WINDOWS\Tasks\Norton Security Scan.job”

  • D:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-03 09:49:49

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> D:\Program Files\Eset\pr_imon.dll

.

Completion time: 2008-01-03 9:50:16

D:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 08:50:13

D:\qoobox\ComboFix2.txt 2008-01-01 19:31:31

D:\qoobox\ComboFix3.txt 2007-12-01 19:10:52

D:\qoobox\ComboFix4.txt 2007-12-01 19:02:37

D:\qoobox\ComboFix5.txt 2007-11-29 19:13:25

.

2007-12-29 08:38:54 — E O F —