Spowalniajacy internet - ktory znika

esper · 3 Listopad 2007 07:46

a wiec witam wszystkich

moj problem wyglada tak ze w sieci domowej po wlaczeniu komputera jedynie przez kilka chwil net ~chodzi, a pozniej juz jedynie strona orange.pl wchodzi a to jedynie sam czysty tekst bez grafiki

mam dobrego laptopa, na innych komputerach w sieci net smiga, sprawdzalem po wifi i lanie ten sam efekt, dns wszyscy mamy przyznawane przez router, filtrowanie po mac’u, na stale mam avasta i adaware

a oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:51, on 2007-10-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\system32\spools.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

H:\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://travian.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM…\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [Windows Service Agent] spools.exe

O4 - HKLM…\RunServices: [Windows Service Agent] spools.exe

O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [kindbore] C:\DOCUME~1\Esper\APPLIC~1\INTRAS~1\PlatformProgram.exe

O4 - HKCU…\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount

O4 - HKCU…\Run: [Windows Service Agent] spools.exe

O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://s1.travian.interia.pl

O15 - Trusted Zone: http://s8.travian.interia.pl

O15 - Trusted Zone: http://travian.interia.pl

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 1904403984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

–

End of file - 6576 bytes

dozamet1988 · 3 Listopad 2007 08:34

skanowales jakims skenerem online?polecam mks.zmien antywira bo to lipa.przegladarke polecam firefox.pozdro

arekmalek · 3 Listopad 2007 16:01

Zafixuj wpisy. Pliki zaznaczone na czarno wywal w awaryjnym.

Daj log z combofix

esper · 3 Listopad 2007 18:35

w koncu jak nalezy:

ComboFix 07-11-01.1 - Administrator 2007-11-03 20:16:53.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.828 [GMT 1:00]

Running from: H:\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-03 19:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-03 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-03 19:25

2007-10-30 17:48

2007-10-30 17:37

2007-10-30 17:33

2007-10-27 15:24

2007-10-27 15:18

2007-10-21 21:56

2007-10-21 13:29 122,884 --a------ C:\WINDOWS\UnGins.exe

2007-10-21 11:54

2007-10-19 13:11

2007-10-19 13:10

2007-10-18 16:11

2007-10-18 16:10

2007-10-18 06:49 1 --a------ C:\WINDOWS\system32\SI.bin

2007-10-17 15:44

2007-10-17 15:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll

2007-10-17 15:44 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll

2007-10-17 15:44 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-10-17 15:44 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll

2007-10-17 15:44 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL

2007-10-15 03:59

2007-10-13 02:38

2007-10-13 02:24 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-13 02:24 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-13 02:24 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-13 02:23 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-13 02:23 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-10-13 02:23 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-13 02:23 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-13 02:23 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-12 17:50

2007-10-11 06:37

2007-10-11 06:36

2007-10-11 06:24

2007-10-11 06:23

2007-10-11 06:22

2007-10-11 06:11

2007-10-11 06:11 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-11 06:11 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-11 06:11 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-11 06:11 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-11 06:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-11 06:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-11 06:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-11 05:55

2007-10-11 05:54

2007-10-11 05:51

2007-10-11 05:50

2007-10-10 06:14

2007-10-10 06:14 545 --a------ C:\WINDOWS\UC.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\RAR.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\LHA.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\ARJ.PIF

2007-10-10 04:40

2007-10-10 04:36 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-10-10 04:32

2007-10-10 01:10

2007-10-10 01:08

2007-10-10 01:07

2007-10-10 01:07 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll

2007-10-10 01:07 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll

2007-10-10 01:07 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE

2007-10-10 01:04

2007-10-09 06:48

2007-10-09 06:46

2007-10-09 06:45

2007-10-09 06:39

2007-10-09 06:18

2007-10-09 06:16 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys

2007-10-09 06:06

2007-10-09 06:03

2007-10-09 06:02 1,156 --a------ C:\WINDOWS\mozver.dat

2007-10-09 05:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-09 05:36

2007-10-09 05:36 14,464 --------- C:\WINDOWS\system32\drivers\fanio.sys

2007-10-09 05:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-10-09 05:32

2007-10-09 05:18

2007-10-09 04:48

2007-10-09 04:47

2007-10-09 04:30

2007-10-09 04:29

2007-10-09 04:25 6,400 --------- C:\WINDOWS\system32\drivers\splitter.sys

2007-10-09 04:25 6,400 -----c— C:\WINDOWS\system32\dllcache\splitter.sys

2007-10-09 04:23

2007-10-09 04:23 1,156,648 --------- C:\WINDOWS\system32\drivers\sthda.sys

2007-10-09 04:23 208,896 --a------ C:\WINDOWS\system32\stacapi.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 16:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2007-10-30 16:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2007-10-04 20:34 --------- d-----w C:\Program Files\microsoft frontpage

2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-14 01:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-08-14 01:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2007-08-14 01:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2007-08-14 01:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2007-08-14 01:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2007-08-14 01:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2007-08-14 01:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2007-08-14 01:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2007-08-14 01:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-03_19.31.10,64 )))))))))))))))))))))))))))))))))))))))))

.

2007-11-03 18:24:36 70,066 ----a-w C:\WINDOWS\system32\perfc009.dat

2007-11-03 19:03:36 70,066 ----a-w C:\WINDOWS\system32\perfc009.dat

2007-11-03 18:24:36 435,920 ----a-w C:\WINDOWS\system32\perfh009.dat

2007-11-03 19:03:36 435,920 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [2007-03-17 02:10]

“SigmatelSysTrayApp”=“stsystra.exe” [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 20:35]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11]

“MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2004-08-04 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 11:00]

C:\Documents and Settings\Esper\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-18 06:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service Agent]

S1 fanio;FanIO driver;??\C:\WINDOWS\system32\drivers\fanio.sys

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-03 20:17:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-03 20:18:09

C:\ComboFix2.txt … 2007-11-03 20:06

C:\ComboFix3.txt … 2007-11-03 19:42

.

— E O F —

jessica · 5 Listopad 2007 08:35

>>Hijack>>scan(Do a system scan only)>>zaznacz (V) >> Fix checked.

Chyba sam ściągnąłeś sobie te szkodliwe kodeki,+ “LOP”

Wklej do Notatnika :

Folder::

C:\Program Files\Intra Sign Bird

C:\Program Files\DivoCodec

C:\Program Files\3wPlayer

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird

C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

esper · 5 Listopad 2007 19:13

tamta operacja z tym spools.exe pomogla tylko ze

tylko ze przy okazji usunalem/ odznaczylem cos podobnie brzmiacego odpowiedzialnego za drukarke.

ktos wie jak to naprawic?

jessica · 5 Listopad 2007 19:18

Jeśli nie miałeś wyłączonego “Przywracania Systemu”, to przywróć do daty z września.

jessi

Gutek · 5 Listopad 2007 22:35

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

esper · 6 Listopad 2007 18:59

jessi o ten log chodzi?

a jak inaczej moge naprawic ten numer z drukarka?

ComboFix 07-11-01.1 - Esper 2007-11-06 19:56:34.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.500 [GMT 1:00]

Running from: H:\ComboFix.exe

Command switches used :: H:\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird\0

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird\wwmxgwfs.exe

C:\Program Files\3wPlayer

C:\Program Files\DivoCodec

C:\Program Files\DivoCodec\unins000.dat

C:\Program Files\DivoCodec\unins000.exe

C:\Program Files\DivoCodec\WakeSplitter.ax

C:\Program Files\Intra Sign Bird

.

((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))

.

2007-11-06 19:44 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe

2007-11-06 19:44 57,856 --a–c— C:\WINDOWS\system32\dllcache\spoolsv.exe

2007-11-04 21:30

2007-11-04 21:29

2007-11-03 20:42

2007-11-03 20:26