Zwieszanie się internetu

hobb1t · 25 Listopad 2007 12:19

Witam!

Mam dziwny, nietypowy problem, gdyż niby wszystko w dziennym świetle wygląda okej, ale jednak coś ‘żyje’ niepokojącego w moim kompie. :mrgreen: Tak więc, konkretnie mój problem zaczyna się, gdy gram sobie w pewną gre Counter-Strike… Otóż wchodze sobie na serwer, pingi po 20-30… aż tu nagle zwiecha… i przez ok. 1 minutę, nie widzi mi żadnego serwera i internet jakby się rozłączał… (strony wtedy, też przestają działać), a mimo wszystko na modemie każda lampka się pali (internet - multimedia.pl). Podejrzewałem już wcześniej coś takiego, bo gdy np. ładowałem strony w przeglądarce (opera,IE) to też nie raz było tak, że strona przestawała się wczytywać i ładowanie było po 0kb/s ale przypuszczałem że to wina strony, ponieważ po minucie wszystko wracało do normy… Kompa skanowałem już, mks online, ad-aware, spybot search&destroy, czyściłem rejestr RegCleanerem, używałem ComboFixa, SmitfraudFix i nic… ciągle to samo :(…

Poniżej logi, jakby jeszcze jakieś logi były potrzebne to prosze pisać, bo nie wiem konkretnie z jakich programów mam dać logi. Narazie przedstawiam z :

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:09:32, on 2007-11-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe D:\Format\WKeyKill\WKeyKill.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Opera7\Opera.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe O4 - HKLM…\Run: [intelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Skrót do WKeyKill.lnk = D:\Format\WKeyKill\WKeyKill.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 2715 bytes

SDFix

System Report ************* Run on 2007-11-25 at 12:55 Microsoft Windows XP [Wersja 5.1.2600] Current user is an administrator Running Processes: \SystemRoot\System32\smss.exe [520] ??\C:\WINDOWS\system32\csrss.exe [592] ??\C:\WINDOWS\system32\winlogon.exe [616] C:\WINDOWS\system32\services.exe [660] C:\WINDOWS\system32\lsass.exe [672] C:\WINDOWS\system32\svchost.exe [852] C:\WINDOWS\System32\svchost.exe [936] C:\WINDOWS\System32\svchost.exe [1056] C:\WINDOWS\System32\svchost.exe [1068] C:\WINDOWS\Explorer.EXE [1420] C:\Program Files\Microsoft IntelliPoint\point32.exe [1516] D:\Format\WKeyKill\WKeyKill.exe [1560] C:\WINDOWS\System32\alg.exe [1680] C:\WINDOWS\System32\nvsvc32.exe [1724] C:\WINDOWS\System32\wdfmgr.exe [1824] C:\Program Files\Gadu-Gadu\gg.exe [1300] C:\Program Files\Winamp\winamp.exe [1276] C:\Program Files\Opera7\Opera.exe [148] Drivers: ADDRESS: IMAGE PATH: 804D0000: \WINDOWS\system32\ntoskrnl.exe 806B5000: \WINDOWS\system32\hal.dll F7C0E000: \WINDOWS\system32\KDCOM.DLL F7B1E000: \WINDOWS\system32\BOOTVID.dll F76C1000: ACPI.sys F7C10000: \WINDOWS\System32\DRIVERS\WMILIB.SYS F770E000: pci.sys F771E000: isapnp.sys F7CD6000: pciide.sys F798E000: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F772E000: MountMgr.sys F76A2000: ftdisk.sys F7C12000: dmload.sys F767E000: dmio.sys F7996000: PartMgr.sys F773E000: VolSnap.sys F7668000: atapi.sys F774E000: disk.sys F775E000: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F7656000: sr.sys F776E000: PxHelp20.sys F7642000: KSecDD.sys F75BF000: Ntfs.sys F7597000: NDIS.sys F7C14000: speedfan.sys F757D000: Mup.sys F7CD7000: giveio.sys F799E000: agp440.sys F77BE000: \SystemRoot\System32\DRIVERS\processr.sys F744F000: \SystemRoot\System32\DRIVERS\nv4_mini.sys F77FE000: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F79C6000: \SystemRoot\System32\DRIVERS\usbuhci.sys F7430000: \SystemRoot\System32\DRIVERS\USBPORT.SYS F780E000: \SystemRoot\System32\DRIVERS\serial.sys F7BAE000: \SystemRoot\System32\DRIVERS\serenum.sys F79CE000: \SystemRoot\System32\DRIVERS\fdc.sys F741D000: \SystemRoot\System32\DRIVERS\parport.sys F781E000: \SystemRoot\System32\DRIVERS\i8042prt.sys F79D6000: \SystemRoot\System32\DRIVERS\kbdclass.sys F782E000: \SystemRoot\System32\Drivers\Imapi.SYS F783E000: \SystemRoot\System32\DRIVERS\cdrom.sys F784E000: \SystemRoot\System32\DRIVERS\redbook.sys F73FD000: \SystemRoot\System32\DRIVERS\ks.sys F73DB000: \SystemRoot\system32\drivers\smwdm.sys F7392000: \SystemRoot\system32\drivers\SMSENS.SYS F7371000: \SystemRoot\system32\drivers\portcls.sys F785E000: \SystemRoot\system32\drivers\drmk.sys F7D4B000: \SystemRoot\system32\drivers\SENSUPGD.SYS F7D4C000: \SystemRoot\System32\DRIVERS\audstub.sys F786E000: \SystemRoot\System32\DRIVERS\rasl2tp.sys F7BBA000: \SystemRoot\System32\DRIVERS\ndistapi.sys F735B000: \SystemRoot\System32\DRIVERS\ndiswan.sys F787E000: \SystemRoot\System32\DRIVERS\raspppoe.sys F788E000: \SystemRoot\System32\DRIVERS\raspptp.sys F7BBE000: \SystemRoot\System32\DRIVERS\TDI.SYS F734A000: \SystemRoot\System32\DRIVERS\psched.sys F789E000: \SystemRoot\System32\DRIVERS\msgpc.sys F79E6000: \SystemRoot\System32\DRIVERS\ptilink.sys F79EE000: \SystemRoot\System32\DRIVERS\raspti.sys F727D000: \SystemRoot\System32\DRIVERS\rdpdr.sys F78AE000: \SystemRoot\System32\DRIVERS\termdd.sys F79F6000: \SystemRoot\System32\DRIVERS\mouclass.sys F7D51000: \SystemRoot\System32\DRIVERS\swenum.sys F725B000: \SystemRoot\System32\DRIVERS\update.sys F78BE000: \SystemRoot\System32\Drivers\NDProxy.SYS F78EE000: \SystemRoot\System32\DRIVERS\usbhub.sys F7C2A000: \SystemRoot\System32\DRIVERS\USBD.SYS F7BFA000: \SystemRoot\System32\DRIVERS\hidusb.sys F78FE000: \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F79FE000: \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F7C02000: \SystemRoot\System32\DRIVERS\NetMotCM.sys F7C06000: \SystemRoot\System32\DRIVERS\mouhid.sys F7A0E000: \SystemRoot\System32\DRIVERS\point32.sys F7C2E000: \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D69000: \SystemRoot\System32\Drivers\Null.SYS F7C30000: \SystemRoot\System32\Drivers\Beep.SYS F7A1E000: \SystemRoot\System32\drivers\vga.sys F7C32000: \SystemRoot\System32\Drivers\mnmdd.SYS F7C34000: \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A26000: \SystemRoot\System32\Drivers\Msfs.SYS F7A2E000: \SystemRoot\System32\Drivers\Npfs.SYS F754D000: \SystemRoot\System32\DRIVERS\rasacd.sys F791E000: \SystemRoot\System32\DRIVERS\ipsec.sys F218B000: \SystemRoot\System32\DRIVERS\tcpip.sys F2166000: \SystemRoot\System32\DRIVERS\netbt.sys F792E000: \SystemRoot\System32\DRIVERS\netbios.sys F213E000: \SystemRoot\System32\DRIVERS\rdbss.sys F20DA000: \SystemRoot\System32\DRIVERS\mrxsmb.sys F793E000: \SystemRoot\System32\Drivers\Fips.SYS F794E000: \SystemRoot\System32\DRIVERS\wanarp.sys F795E000: \SystemRoot\System32\Drivers\Cdfs.SYS F1FFC000: \SystemRoot\System32\Drivers\dump_atapi.sys F7C38000: \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000: ??\C:\WINDOWS\system32\win32k.sys F7243000: ??\C:\WINDOWS\system32\watchdog.sys BFF80000: \SystemRoot\System32\drivers\dxg.sys F7DD8000: \SystemRoot\System32\drivers\dxgthk.sys BF9B8000: \SystemRoot\System32\nv4_disp.dll F1BBB000: \SystemRoot\System32\drivers\afd.sys F1CF3000: \SystemRoot\System32\DRIVERS\ndisuio.sys F1CD3000: \SystemRoot\system32\drivers\sysaudio.sys F19AB000: \SystemRoot\system32\drivers\wdmaud.sys F1740000: \SystemRoot\System32\DRIVERS\mrxdav.sys F7C82000: \SystemRoot\System32\Drivers\ParVdm.SYS F15D7000: \SystemRoot\System32\DRIVERS\srv.sys F14AC000: \SystemRoot\System32\DRIVERS\ipnat.sys F1577000: \SystemRoot\System32\drivers\ws2ifsl.sys F0D6E000: \SystemRoot\system32\drivers\kmixer.sys EF79D000: \SystemRoot\System32\DRIVERS\gmer.sys F1C3B000: ??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys 77F50000: \WINDOWS\system32\ntdll.dll Files Created/Modified - 60 Days : C:\ 2007-11-25 0:38:58 194 …SH. “C:\boot.ini” 2007-11-25 9:17:00 401 461 248 A.SH. “C:\hiberfil.sys” 2007-11-25 12:39:30 15 134 A… “C:\mksbasel.cpp.log” 2007-11-25 9:17:00 402 653 184 A.SH. “C:\pagefile.sys” 2007-11-24 17:40:44 117 640 A… “C:\test.htm” 2007-10-23 20:43:24 32 512 …H. “C:\TREEINFO.WC” C:\WINDOWS\ 2007-11-25 9:17:24 0 A… “C:\WINDOWS\0.log” 2007-11-25 9:17:04 2 048 A.S… “C:\WINDOWS\bootstat.dat” 2007-09-26 18:09:22 18 225 A… “C:\WINDOWS\comsetup.log” 2007-09-26 18:09:26 403 A… “C:\WINDOWS\DHCPUPG.LOG” 2007-09-26 18:09:22 19 044 A… “C:\WINDOWS\FaxSetup.log” 2007-11-25 12:16:22 250 A… “C:\WINDOWS\gmer.ini” 2007-09-26 18:09:22 55 796 A… “C:\WINDOWS\iis6.log” 2007-09-26 18:09:22 1 917 A… “C:\WINDOWS\imsins.log” 2007-09-26 18:09:22 1 404 A… “C:\WINDOWS\msgsocm.log” 2007-09-26 18:09:16 11 598 A… “C:\WINDOWS\msmqinst.log” 2007-11-07 14:46:48 49 A… “C:\WINDOWS\NeroDigital.ini” 2007-09-26 18:09:22 9 862 A… “C:\WINDOWS\ntdtcsetup.log” 2007-09-26 18:09:22 22 060 A… “C:\WINDOWS\ocgen.log” 2007-09-26 18:09:22 1 572 A… “C:\WINDOWS\ocmsn.log” 2007-11-20 19:23:02 54 156 A…H. “C:\WINDOWS\QTFont.qfn” 2007-11-25 1:16:56 179 527 A… “C:\WINDOWS\setupact.log” 2007-11-01 16:01:32 458 237 A… “C:\WINDOWS\setupapi.log” 2007-10-09 18:47:36 0 A… “C:\WINDOWS\setuperr.log” 2007-11-25 0:38:58 227 A… “C:\WINDOWS\system.ini” 2007-09-26 18:09:22 15 666 A… “C:\WINDOWS\tsoc.log” 2007-11-18 15:53:08 335 A… “C:\WINDOWS\wcx_ftp.ini” 2007-10-23 1:14:20 216 A… “C:\WINDOWS\wiadebug.log” 2007-10-22 22:10:54 50 A… “C:\WINDOWS\wiaservc.log” 2007-11-25 12:08:02 621 A… “C:\WINDOWS\win.ini” 2007-11-18 15:53:30 544 A… “C:\WINDOWS\wincmd.ini” 2007-09-26 18:12:48 980 A… “C:\WINDOWS\WINNT32.LOG” 2007-11-10 11:38:56 3 022 A… “C:\WINDOWS\wmsetup.log” 2007-09-26 18:12:46 35 714 A… “C:\WINDOWS\wsdu.log” 2007-11-25 9:17:16 0 A… “C:\WINDOWS\Debug\oakley.log” 2007-11-25 1:43:38 0 A… “C:\WINDOWS\Debug\oakley.log.sav” 2007-11-25 9:17:04 0 A… “C:\WINDOWS\Debug\PASSWD.LOG” 2007-09-26 18:09:18 48 488 A… “C:\WINDOWS\inf\accessor.PNF” 2007-09-26 18:09:16 10 124 A… “C:\WINDOWS\inf\au.PNF” 2007-09-26 18:09:18 17 588 A… “C:\WINDOWS\inf\communic.PNF” 2007-09-26 18:09:16 135 644 A… “C:\WINDOWS\inf\comnt5.PNF” 2007-09-26 18:09:16 10 240 A… “C:\WINDOWS\inf\dtcnt5.PNF” 2007-09-26 18:09:12 56 128 A… “C:\WINDOWS\inf\fxsocm.PNF” 2007-09-26 18:09:18 15 132 A… “C:\WINDOWS\inf\games.PNF” 2007-09-26 18:09:18 4 944 A… “C:\WINDOWS\inf\ieaccess.PNF” 2007-09-26 18:09:18 13 340 A… “C:\WINDOWS\inf\igames.PNF” 2007-09-26 18:09:14 978 020 A… “C:\WINDOWS\inf\iis.PNF” 2007-09-26 18:09:16 104 376 A… “C:\WINDOWS\inf\ims.PNF” 2007-09-26 18:09:16 13 808 A… “C:\WINDOWS\inf\msmqocm.PNF” 2007-09-26 18:09:18 16 704 A… “C:\WINDOWS\inf\msnmsn.PNF” 2007-09-26 18:09:18 12 272 A… “C:\WINDOWS\inf\multimed.PNF” 2007-09-26 18:09:18 6 272 A… “C:\WINDOWS\inf\netiprip.PNF” 2007-09-26 18:09:18 10 532 A… “C:\WINDOWS\inf\netlpd.PNF” 2007-09-26 18:09:12 15 912 A… “C:\WINDOWS\inf\netoc.PNF” 2007-09-26 18:09:18 20 228 A… “C:\WINDOWS\inf\netsnmp.PNF” 2007-09-26 18:09:18 10 692 A… “C:\WINDOWS\inf\nettpsmp.PNF” 2007-09-26 18:09:18 4 004 A… “C:\WINDOWS\inf\netupnp.PNF” 2007-09-26 18:09:18 21 744 A… “C:\WINDOWS\inf\optional.PNF” 2007-09-26 18:09:18 12 368 A… “C:\WINDOWS\inf\pinball.PNF” 2007-09-26 18:09:18 3 988 A… “C:\WINDOWS\inf\rootau.PNF” 2007-09-26 18:09:16 41 556 A… “C:\WINDOWS\inf\setupqry.PNF” 2007-09-26 18:09:12 6 532 A… “C:\WINDOWS\inf\SYSOC.PNF” 2007-09-26 18:09:16 123 296 A… “C:\WINDOWS\inf\tsoc.PNF” 2007-09-26 18:09:12 14 024 A… “C:\WINDOWS\inf\wbemoc.PNF” 2007-09-26 18:09:18 6 960 A… “C:\WINDOWS\inf\wbemsnmp.PNF” 2007-09-26 18:09:18 16 584 A… “C:\WINDOWS\inf\wordpad.PNF” 2007-11-12 12:44:46 2 321 408 A… “C:\WINDOWS\Installer\1ef8eae.msi” 2007-10-28 13:42:00 40 128 A… “C:\WINDOWS\system32\perfc009.dat” 2007-10-28 13:42:00 49 712 A… “C:\WINDOWS\system32\perfc015.dat” 2007-10-28 13:42:00 311 740 A… “C:\WINDOWS\system32\perfh009.dat” 2007-10-28 13:42:00 355 830 A… “C:\WINDOWS\system32\perfh015.dat” 2007-10-28 13:42:00 763 990 A… “C:\WINDOWS\system32\PerfStringBackup.INI” 2007-11-25 1:16:14 1 720 A… “C:\WINDOWS\system32\tmp.reg” 2007-11-25 1:16:14 0 A… “C:\WINDOWS\system32\tmp.txt” 2007-11-24 8:41:14 2 184 A… “C:\WINDOWS\system32\wpa.dbl” 2007-10-03 23:36:46 25 600 A… “C:\WINDOWS\system32\WS2Fix.exe” 2007-11-25 12:51:04 0 A… “C:\WINDOWS\temp\scs61F.tmp” 2007-10-08 7:52:38 308 572 A… “C:\WINDOWS\Debug\UserMode\userenv.bak” 2007-11-25 12:46:16 223 000 A… “C:\WINDOWS\Debug\UserMode\userenv.log” 2007-10-09 18:40:36 376 832 A… “C:\WINDOWS\erdnt\subs\default” 2007-10-09 18:40:36 673 A… “C:\WINDOWS\erdnt\subs\ERDNT.CON” 2007-10-09 18:40:36 460 A… “C:\WINDOWS\erdnt\subs\ERDNT.INF” 2007-10-09 18:40:36 24 576 A… “C:\WINDOWS\erdnt\subs\SAM” 2007-10-09 18:40:34 36 864 A… “C:\WINDOWS\erdnt\subs\SECURITY” 2007-10-09 18:40:36 15 646 720 A… “C:\WINDOWS\erdnt\subs\software” 2007-10-09 18:40:36 15 646 720 A… “C:\WINDOWS\erdnt\subs\software.bak” 2007-10-09 18:40:44 1 024 A…H. “C:\WINDOWS\erdnt\subs\software.LOG” 2007-10-09 18:40:36 3 563 520 A… “C:\WINDOWS\erdnt\subs\system” 2007-10-09 18:40:36 3 563 520 A… “C:\WINDOWS\erdnt\subs\system.bak” 2007-10-09 18:40:42 1 024 A…H. “C:\WINDOWS\erdnt\subs\system.LOG” 2007-11-20 15:55:18 518 A… “C:\WINDOWS\security\logs\scecomp.old” 2007-09-26 18:12:46 66 487 A… “C:\WINDOWS\setup.pss\setupupd\3229025.cab” 2007-09-26 18:12:28 99 A… “C:\WINDOWS\setup.pss\setupupd\guidrvs.inf” 2007-09-26 18:12:40 15 915 A… “C:\WINDOWS\setup.pss\setupupd\updates.cab” 2007-09-26 18:12:36 7 363 A… “C:\WINDOWS\setup.pss\setupupd\upginfs.cab” 2007-09-26 18:12:42 18 523 A… “C:\WINDOWS\setup.pss\setupupd\winnt32.cab” 2007-11-25 1:13:04 3 670 016 A… “C:\WINDOWS\erdnt\subs\F3M\system” 2007-09-26 18:12:16 104 A… “C:\WINDOWS\setup.pss\setupupd\temp\90724_0x00000415.as” 2007-09-26 18:12:18 104 A… “C:\WINDOWS\setup.pss\setupupd\temp\91017_0x00000415.as” 2007-09-26 18:12:20 17 A… “C:\WINDOWS\setup.pss\setupupd\temp\catalog.ini” 2007-09-26 18:12:12 7 690 A… “C:\WINDOWS\setup.pss\setupupd\temp\ident.cab” 2007-09-26 18:12:14 40 586 A… “C:\WINDOWS\setup.pss\setupupd\temp\wsdueng.cab” 2007-11-18 23:14:50 2 440 A… “C:\WINDOWS\srchasst\mui\0415\lclmm.xml” 2007-11-25 1:16:12 27 A… “C:\WINDOWS\system32\drivers\etc\hosts” C:\Program Files\ 2007-11-22 20:55:42 8 784 A… “C:\Program Files\BearShare\BearShare.dat” 2007-11-25 1:18:40 2 A… “C:\Program Files\HLSW\filter.dat” 2007-11-25 1:18:40 225 A… “C:\Program Files\HLSW\ipspace.dat” 2007-11-12 23:13:28 1 949 696 A… “C:\Program Files\mIRC\mirc.exe” 2007-11-25 12:08:02 1 212 A…R “C:\Program Files\Opera7\OUsr600.dat” 2007-11-25 12:09:30 3 282 684 A… “C:\Program Files\SkanerOnline\mksbase1.dat” 2007-11-25 12:11:36 5 845 780 A… “C:\Program Files\SkanerOnline\mksbase4.dat” 2007-11-25 12:12:58 3 404 812 A… “C:\Program Files\SkanerOnline\mksbasee.dat” 2007-11-25 12:15:46 3 581 212 A… “C:\Program Files\SkanerOnline\mksbasef.dat” 2007-11-25 12:15:46 3 876 A… “C:\Program Files\SkanerOnline\mksbaseg.dat” 2007-11-25 12:17:08 3 308 004 A… “C:\Program Files\SkanerOnline\mksbaseh.dat” 2007-11-25 12:18:18 3 224 420 A… “C:\Program Files\SkanerOnline\mksbasem.dat” 2007-11-25 12:20:36 2 979 092 A… “C:\Program Files\SkanerOnline\mksbasen.dat” 2007-11-19 9:26:06 168 A… “C:\Program Files\BearShare\db\gwebcache.dat” 2007-11-25 12:08:10 218 A… “C:\Program Files\Opera7\Cache4\opr10R6O.htm” 2007-11-25 12:08:10 3 270 A… “C:\Program Files\Opera7\Cache4\opr10R6P.htm” 2007-11-25 12:08:10 372 A… “C:\Program Files\Opera7\Cache4\opr10R6Q.htm” 2007-11-25 12:08:20 269 A… “C:\Program Files\Opera7\Cache4\opr10R6R.htm” 2007-11-25 12:08:20 3 406 A… “C:\Program Files\Opera7\Cache4\opr10R6T.htm” 2007-11-25 12:08:30 13 577 A… “C:\Program Files\Opera7\Cache4\opr10R6V.htm” 2007-11-25 12:08:40 144 A… “C:\Program Files\Opera7\Cache4\opr10R6X.htm” 2007-11-25 12:08:52 13 403 A… “C:\Program Files\Opera7\Cache4\opr10R71.tmp” 2007-11-25 12:09:02 8 882 A… “C:\Program Files\Opera7\Cache4\opr10R83.htm” 2007-11-25 12:09:24 22 071 A… “C:\Program Files\Opera7\Cache4\opr10R84.htm” 2007-11-25 12:10:42 15 353 A… “C:\Program Files\Opera7\Cache4\opr10R85.htm” 2007-11-25 12:11:52 14 968 A… “C:\Program Files\Opera7\Cache4\opr10R95.htm” 2007-11-25 12:12:52 1 287 A… “C:\Program Files\Opera7\Cache4\opr10R9D.htm” 2007-11-25 12:16:22 15 712 A… “C:\Program Files\Opera7\Cache4\opr10R9G.htm” 2007-11-25 12:16:22 250 A… “C:\Program Files\Opera7\Cache4\opr10R9H.tmp” 2007-11-25 12:16:32 13 119 A… “C:\Program Files\Opera7\Cache4\opr10RA5.htm” 2007-11-25 12:17:52 146 A… “C:\Program Files\Opera7\Cache4\opr10RAE.tmp” 2007-11-25 12:18:02 21 335 A… “C:\Program Files\Opera7\Cache4\opr10RAX.htm” 2007-11-25 12:19:52 15 725 A… “C:\Program Files\Opera7\Cache4\opr10RB1.htm” 2007-11-25 12:20:00 3 285 A… “C:\Program Files\Opera7\Cache4\opr10RB2.htm” 2007-11-25 12:20:02 15 811 A… “C:\Program Files\Opera7\Cache4\opr10RB3.htm” 2007-11-25 12:20:42 11 594 A… “C:\Program Files\Opera7\Cache4\opr10RB4.htm” 2007-11-25 12:21:06 224 A… “C:\Program Files\Opera7\Cache4\opr10RB5.tmp” 2007-11-25 12:21:12 14 488 A… “C:\Program Files\Opera7\Cache4\opr10RBA.htm” 2007-11-25 12:21:48 214 A… “C:\Program Files\Opera7\Cache4\opr10RBD.tmp” 2007-11-25 12:21:52 53 311 A… “C:\Program Files\Opera7\Cache4\opr10RBI.htm” 2007-11-25 12:25:14 140 A… “C:\Program Files\Opera7\Cache4\opr10RBL.tmp” 2007-11-25 12:25:40 148 A… “C:\Program Files\Opera7\Cache4\opr10RBZ.tmp” 2007-11-25 12:25:42 12 210 A… “C:\Program Files\Opera7\Cache4\opr10RC4.htm” 2007-11-25 12:26:22 140 A… “C:\Program Files\Opera7\Cache4\opr10RC5.tmp” 2007-11-25 12:34:08 146 A… “C:\Program Files\Opera7\Cache4\opr10RC6.tmp” 2007-11-25 12:34:24 146 A… “C:\Program Files\Opera7\Cache4\opr10RCF.tmp” 2007-11-25 12:34:28 146 A… “C:\Program Files\Opera7\Cache4\opr10RCU.tmp” 2007-11-25 12:35:44 20 A… “C:\Program Files\Opera7\Cache4\opr10REB.tmp” 2007-11-25 12:39:44 154 A… “C:\Program Files\Opera7\Cache4\opr10REU.tmp” 2007-11-25 12:39:46 5 413 A… “C:\Program Files\Opera7\Cache4\opr10REV.htm” 2007-11-25 12:39:48 178 A… “C:\Program Files\Opera7\Cache4\opr10REZ.tmp” 2007-11-25 12:39:56 8 799 A… “C:\Program Files\Opera7\Cache4\opr10RF2.htm” 2007-11-25 12:40:10 126 A… “C:\Program Files\Opera7\Cache4\opr10RF3.tmp” 2007-11-25 12:40:16 7 406 A… “C:\Program Files\Opera7\Cache4\opr10RF5.htm” 2007-11-25 12:40:54 126 A… “C:\Program Files\Opera7\Cache4\opr10RF7.tmp” 2007-11-25 12:40:56 4 812 A… “C:\Program Files\Opera7\Cache4\opr10RF9.htm” 2007-11-25 12:41:22 70 A… “C:\Program Files\Opera7\Cache4\opr10RFC.tmp” 2007-11-25 12:41:36 11 832 A… “C:\Program Files\Opera7\Cache4\opr10RI5.htm” 2007-11-25 12:42:00 84 A… “C:\Program Files\Opera7\Cache4\opr10RID.tmp” 2007-11-25 12:42:08 186 A… “C:\Program Files\Opera7\Cache4\opr10RIY.tmp” 2007-11-25 12:42:20 248 A… “C:\Program Files\Opera7\Cache4\opr10RJ0.tmp” 2007-11-25 12:42:40 168 A… “C:\Program Files\Opera7\Cache4\opr10RJ7.tmp” 2007-11-25 12:42:46 248 A… “C:\Program Files\Opera7\Cache4\opr10RJ8.tmp” 2007-11-25 12:42:50 214 A… “C:\Program Files\Opera7\Cache4\opr10RJD.tmp” 2007-11-25 12:42:50 4 515 A… “C:\Program Files\Opera7\Cache4\opr10RJF.htm” 2007-11-25 12:42:56 122 A… “C:\Program Files\Opera7\Cache4\opr10RJI.tmp” 2007-11-25 12:42:56 4 742 A… “C:\Program Files\Opera7\Cache4\opr10RJL.htm” 2007-11-25 12:43:08 340 A… “C:\Program Files\Opera7\Cache4\opr10RJN.htm” 2007-11-25 12:43:08 196 A… “C:\Program Files\Opera7\Cache4\opr10RJO.tmp” 2007-11-25 12:43:14 138 A… “C:\Program Files\Opera7\Cache4\opr10RJQ.tmp” 2007-11-25 12:43:16 240 A… “C:\Program Files\Opera7\Cache4\opr10RJY.htm” 2007-11-25 12:43:16 8 162 A… “C:\Program Files\Opera7\Cache4\opr10RK2.htm” 2007-11-25 12:43:16 11 845 A… “C:\Program Files\Opera7\Cache4\opr10RK3.htm” 2007-11-25 12:43:16 1 066 A… “C:\Program Files\Opera7\Cache4\opr10RK4.htm” 2007-11-25 12:43:16 3 888 A… “C:\Program Files\Opera7\Cache4\opr10RK8.htm” 2007-11-25 12:43:22 70 A… “C:\Program Files\Opera7\Cache4\opr10RKE.tmp” 2007-11-25 12:43:26 18 A… “C:\Program Files\Opera7\Cache4\opr10RKF.htm” 2007-11-25 12:43:26 18 A… “C:\Program Files\Opera7\Cache4\opr10RKH.htm” 2007-11-25 12:43:26 202 A… “C:\Program Files\Opera7\Cache4\opr10RKM.htm” 2007-11-25 12:43:32 96 A… “C:\Program Files\Opera7\Cache4\opr10RKQ.tmp” 2007-11-25 12:43:38 118 A… “C:\Program Files\Opera7\Cache4\opr10RL7.tmp” 2007-11-25 12:43:38 118 A… “C:\Program Files\Opera7\Cache4\opr10RL8.tmp” 2007-11-25 12:43:42 84 A… “C:\Program Files\Opera7\Cache4\opr10RLA.tmp” 2007-11-25 12:43:46 13 521 A… “C:\Program Files\Opera7\Cache4\opr10RLB.htm” 2007-11-25 12:43:46 18 A… “C:\Program Files\Opera7\Cache4\opr10RLH.htm” 2007-11-25 12:43:46 21 758 A… “C:\Program Files\Opera7\Cache4\opr10RLN.htm” 2007-11-25 12:43:46 1 937 A… “C:\Program Files\Opera7\Cache4\opr10RM4.htm” 2007-11-25 12:43:46 178 A… “C:\Program Files\Opera7\Cache4\opr10RM9.tmp” 2007-11-25 12:43:48 178 A… “C:\Program Files\Opera7\Cache4\opr10RMA.tmp” 2007-11-25 12:45:34 146 A… “C:\Program Files\Opera7\Cache4\opr10RNI.tmp” 2007-11-25 12:45:34 146 A… “C:\Program Files\Opera7\Cache4\opr10RNJ.tmp” 2007-11-25 12:46:36 146 A… “C:\Program Files\Opera7\Cache4\opr10RNV.tmp” 2007-11-25 12:46:36 146 A… “C:\Program Files\Opera7\Cache4\opr10RNW.tmp” 2007-11-25 12:47:30 146 A… “C:\Program Files\Opera7\Cache4\opr10RO2.tmp” 2007-11-25 12:47:30 146 A… “C:\Program Files\Opera7\Cache4\opr10RO3.tmp” 2007-11-25 12:47:34 96 A… “C:\Program Files\Opera7\Cache4\opr10RO5.tmp” 2007-11-25 12:47:34 96 A… “C:\Program Files\Opera7\Cache4\opr10RO6.tmp” 2007-11-25 12:47:34 96 A… “C:\Program Files\Opera7\Cache4\opr10RO7.tmp” 2007-11-25 12:47:36 21 734 A… “C:\Program Files\Opera7\Cache4\opr10ROL.htm” 2007-11-25 12:47:36 210 A… “C:\Program Files\Opera7\Cache4\opr10ROM.htm” 2007-11-25 12:47:36 190 A… “C:\Program Files\Opera7\Cache4\opr10ROU.htm” 2007-11-25 12:48:22 124 A… “C:\Program Files\Opera7\Cache4\opr10RP2.tmp” 2007-11-25 12:48:26 150 A… “C:\Program Files\Opera7\Cache4\opr10RP4.tmp” 2007-11-25 12:48:28 6 065 A… “C:\Program Files\Opera7\Cache4\opr10RP6.htm” 2007-11-25 12:49:04 124 A… “C:\Program Files\Opera7\Cache4\opr10RPB.tmp” 2007-11-25 12:49:36 146 A… “C:\Program Files\Opera7\Cache4\opr10RPC.tmp” 2007-11-25 12:49:38 9 427 A… “C:\Program Files\Opera7\Cache4\opr10RPI.htm” 2007-11-25 12:50:04 164 A… “C:\Program Files\Opera7\Cache4\opr10RPK.tmp” 2007-11-25 12:50:08 12 003 A… “C:\Program Files\Opera7\Cache4\opr10RPS.htm” 2007-11-25 12:51:48 5 280 A… “C:\Program Files\Opera7\Cache4\opr10RQB.htm” 2007-11-25 12:11:52 4 430 A… “C:\Program Files\Opera7\Cache4\opr10R97.html” 2007-11-25 12:43:56 4 042 A… “C:\Program Files\Opera7\Cache4\opr10RMI.html” 2007-11-25 12:00:20 0 A… “C:\Program Files\Opera7\Mail\msgidcache.dat” 2007-11-25 12:49:16 76 786 A… “C:\Program Files\Opera7\profile\cookies4.dat” 2007-11-25 12:24:54 339 A… “C:\Program Files\Opera7\profile\download.dat” 2007-11-25 12:51:42 54 029 A… “C:\Program Files\Opera7\profile\global.dat” 2007-11-25 12:00:22 1 024 A… “C:\Program Files\Opera7\profile\oprand.dat” 2007-11-25 12:49:16 4 679 877 A… “C:\Program Files\Opera7\profile\vlink4.dat” 2007-11-25 12:43:06 28 057 A… “C:\Program Files\Opera7\profile\wand.dat” 2007-11-18 23:14:48 167 997 A… “C:\Program Files\Common Files\Real\Codecs\amrn.dll” 2007-11-18 23:14:48 73 789 A… “C:\Program Files\Common Files\Real\Codecs\amrw.dll” 2007-11-18 23:14:48 73 784 A… “C:\Program Files\Common Files\Real\Codecs\qclp.dll” 2007-11-18 23:14:48 45 125 A… “C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll” 2007-11-18 23:14:48 36 921 A… “C:\Program Files\Common Files\Real\Plugins\amrff.dll” 2007-11-18 23:14:48 110 656 A… “C:\Program Files\Common Files\Real\Plugins\h263render.dll” 2007-11-25 12:03:08 728 A… “C:\Program Files\Winamp\Plugins\ml\main.dat” 2007-11-25 12:03:08 533 204 A… “C:\Program Files\Winamp\Plugins\ml\recent.dat” Files with hidden attributes: Sat 10 Nov 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Catchme: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 12:52:04 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … C:\Program Files\Opera7\Cache4\opr10RDQ.gif 313 bytes C:\Program Files\Opera7\Cache4\opr10REB.tmp 20 bytes C:\Program Files\Opera7\Cache4\opr10RK3.htm 11845 bytes C:\Program Files\Opera7\Cache4\opr10RPD.swf 20930 bytes C:\Program Files\Opera7\Cache4\opr10RPL.gif 172 bytes C:\Program Files\Opera7\Cache4\opr10RPR.gif 10732 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 6 Program Folders: C:\Program Files\ AC3Filter ACD Systems Adobe Ahead Analog Devices Atomic Clock Sync BearShare BitTornado Common Files DivX ffdshow FlashGet Gadu-Gadu GIMP-2.0 GoldWave Hamachi HLSW InstallShield Installation Information Intel Internet Explorer Jasc Software Inc Java Lavasoft MarBit Messenger microsoft frontpage Microsoft IntelliPoint Microsoft IntelliPoint 5.0 Microsoft Office mIRC Movie Maker MSN Gaming Zone MultiTool07 NetLimiter NetMeeting Opera7 Outlook Express QuickTime Real RegCleaner SkanerOnline Sony Ericsson SpeedFan Spybot - Search & Destroy Trend Micro Uninstall Information Usugi online VentriloMIX WapSter Winamp Windows Media Player Windows NT WindowsUpdate WinRAR xerox Xilisoft xp-AntiSpy XviD C:\Program Files\Common Files\ Adobe Ahead Designer GTK InstallShield Java Microsoft Shared MSSoap NSV ODBC Real Services SpeechEngines System Teleca Shared Wise Installation Wizard xing shared Add/Remove Programs: EA SPORTS online 2007 AC3Filter (remove only) ACDSee Adobe Shockwave Player ALLPlayer V2.4 WapSter AQQ Atomic Clock Sync BearShare BitTornado 0.3.17 DivX Codec ffdshow FlashGet(JetCar) Gadu-Gadu 7.0 GoldWave v5.10 Hamachi 0.9.9.9 HijackThis 2.0.2 HLSW v1.0.0.43 Icy Tower v1.3.1 Mega Football Patch 2005 mIRC MultiTool07 Nero OEM NetLimiter 1.30 (remove only) NVIDIA Windows 2000/XP Display Drivers Opera RealPlayer Adobe Flash Player 9 ActiveX Skaner on-line mks_vir SpeedFan (remove only) Spybot - Search & Destroy 1.4 Steam Counter-Strike Total Commander (Remove or Repair) VentriloMIX Winamp (remove only) Windows Media Format Runtime The GIMP 2.2.7 GTK+ 2.6.10-20050823 runtime environment Archiwizator WinRAR Xilisoft 3GP Video Converter xp-AntiSpy 3.94-2 XviD MPEG-4 Codec Microsoft Office 2000 SR-1 Professional J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 FIFA 07 QuickTime Java 2 Runtime Environment, SE v1.4.2_01 Ad-Aware SE Personal Jasc Paint Shop Pro 8 Microsoft Office PowerPoint Viewer 2003 Apple Software Update Adobe Reader 6.0 CE Sony Ericsson PC Suite Microsoft IntelliPoint 5.0 FIFA 2005 SoundMAX Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “DrvListnr”=“C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe” “IntelliPoint”="“C:\Program Files\Microsoft IntelliPoint\point32.exe”" “NvCplDaemon”=“RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” “nwiz”=“nwiz.exe /install” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” Bot Check: SERVICE_NAME: sharedaccess DISPLAY_NAME : Internet Connection Sharing START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Aktualizacje automatyczne START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : Us START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] “EnableDCOM”=“Y” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] “restrictanonymous”=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] “AUOptions”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “FirewallDisableNotify”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] “WaitToKillServiceTimeout”=“2000” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “SFCDisable”=dword:00000000 “Shell”=“Explorer.exe” “Userinit”=“C:\WINDOWS\system32\userinit.exe,” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] “TransportBindName”="\Device\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\GTK\2.0\bin windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip DEFAULT_CA_NR REG_SZ CA6 LANG REG_SZ pl SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Non-Default IFEO Debugger: Non-Default Installed Components: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{acc563bc-4266-43f0-b6ed-9d38c4202c7e} REG_SZ Dostęp do programu Internet Explorer StubPath REG_EXPAND_SZ rundll32 iesetup.dll,IEAccessUserInst Version REG_SZ 6,0,2600,0000 Non-Default Safeboot Minimal: File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @=""%1" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @=""%1" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @=""%1" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @=""%1" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @=“C:\WINDOWS\System32\mshta.exe “%1” %*” [HKEY_CLASSES_ROOT\http\shell\open\command] @="“C:\Program Files\Internet Explorer\IEXPLORE.EXE” “%1"” [HKEY_CLASSES_ROOT\https\shell\open\command] @="“C:\Program Files\Opera7\Opera.exe”" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="“C:\Program Files\Internet Explorer\IEXPLORE.EXE” “%1"” [HKEY_CLASSES_ROOT\regedit\shell\open\command] @=“regedit.exe %1” [HKEY_CLASSES_ROOT\regfile\shell\open\command] @=“regedit.exe “%1"” [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @=”"%1" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished!

ComboFix

ComboFix 07-08-09.3 - “Administrator” 2007-11-25 13:14:37.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.148 [GMT 1:00] ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) 2007-11-25 12:53 2007-11-25 01:15 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-25 01:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-25 01:15 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-25 01:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-25 01:15 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-12 23:13 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-11-25 12:43 --------- d-------- C:\Program Files\Opera7 2007-11-25 01:18 --------- d-------- C:\Program Files\HLSW 2007-11-25 01:16 1720 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-07 10:02 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1.BitTornado 2007-10-28 13:41 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-10-28 13:41 355830 --a------ C:\WINDOWS\system32\perfh015.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DrvListnr”=“C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe” [] “IntelliPoint”=“C:\Program Files\Microsoft IntelliPoint\point32.exe” [2003-05-15 16:41] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-07-16 12:16 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ Skr˘t do WKeyKill.lnk - D:\Format\WKeyKill\WKeyKill.exe [2005-07-06 19:05:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “d:\steam\steam.exe” -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R0 speedfan;speedfan;C:\WINDOWS\System32\speedfan.sys R3 ndiscm;Motorola SurfBoard USB Cable Modem Windows 2000 Driver;C:\WINDOWS\System32\DRIVERS\NetMotCM.sys R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\System32\DRIVERS\point32.sys S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys Contents of the ‘Scheduled Tasks’ folder 2007-04-13 17:57:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 13:15:50 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-11-25 13:17:09 — E O F —

Pozdrawiam.

sandall · 25 Listopad 2007 13:25

tez mialem kiedys taki problem, i okazalo sie ze kabel mialem uszkodzony od karty sieciowej, wymienilem i jest cacy.

hobb1t · 25 Listopad 2007 13:30

hmm… tylko problem w tym, że mam internet, pod usb usb, a nie sieciówke… no ale może spróbować pod inny port podłączyć? Możliwe jest to, że po prostu windows wyłącza np. port bo jest jakaś przyczyna czy? hmm… nie rozumiem…

sandall · 25 Listopad 2007 15:43

moze byc tez kabel uszkodzony telefoniczy, masz neo czy co?

Gutek · 25 Listopad 2007 16:10

Logi czyste

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580