qNick
-
Liczba zawartości
22 -
Rejestracja
-
Ostatnia wizyta
qNick's Achievements
Newbie (1/14)
0
Reputacja
-
Done... Dzieki wielkie. Pozdrawiam.
-
Dzięki @XAD_ vundofix już nic nie znalazł, nowy log: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 08-05-15.3 - qNick 2008-05-16 7:12:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1661 [GMT -7:00] Running from: C:\Documents and Settings\qNick\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 07:08 . 2008-05-16 07:08 <DIR> d-------- C:\VundoFix Backups 2008-05-16 07:04 . 2008-05-16 07:04 <DIR> d-------- C:\_OTMoveIt 2008-05-15 23:06 . 2008-05-15 23:06 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-15 21:49 . 2008-05-16 06:55 414 ---hs---- C:\WINDOWS\system32\ipoxbupi.ini 2008-05-15 19:53 . 2008-05-15 19:53 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-15 18:02 . 2008-05-15 18:02 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\GARMIN 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Garmin 2008-05-15 16:50 . 2008-05-15 18:01 <DIR> d-------- C:\Garmin 2008-05-15 15:55 . 2008-05-15 15:57 <DIR> d-------- C:\Program Files\Microsoft Bootvis 2008-05-15 15:53 . 2008-05-15 15:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-15 15:52 . 2008-05-15 15:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-15 15:52 . 2008-05-15 15:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-15 15:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-15 15:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-15 15:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-15 15:39 . 2008-05-15 15:39 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\skypePM 2008-05-15 15:39 . 2008-05-15 15:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick\Gadu-Gadu 2008-05-15 15:38 . 2008-05-15 15:40 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-15 15:37 . 2008-05-15 15:37 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-15 15:35 . 2008-05-15 15:35 <DIR> dr-h----- C:\MSOCache 2008-05-15 15:35 . 2008-05-15 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-15 15:31 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2008-05-15 15:25 . 2008-05-15 15:25 152 --a------ C:\WINDOWS\CoolPlay.ini 2008-05-15 15:18 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-05-15 15:18 . 1999-10-10 10:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-05-15 15:14 . 2008-05-15 23:10 55,384 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 23:10 55,384 --a------ C:\WINDOWS\system32\BMXState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 15:14 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-05-15 15:14 . 2008-05-15 23:10 788 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:13 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\Creative 2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-05-15 15:13 . 2008-05-15 15:13 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-05-15 15:13 . 2008-05-15 15:13 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-05-15 15:13 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll 2008-05-15 15:13 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Creative 2008-05-15 15:06 . 2008-05-15 15:06 <DIR> d-------- C:\WINDOWS\system32\ENU 2008-05-15 15:06 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-15 15:04 . 2008-05-15 15:06 <DIR> d-------- C:\Program Files\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-15 15:04 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-05-15 15:03 . 2008-05-15 15:03 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Logitech 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Logitech 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-15 15:02 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-05-15 15:02 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-05-15 15:02 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-05-15 15:02 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-05-15 15:02 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-05-15 14:34 . 2008-05-15 14:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\SUPERAntiSpyware.com 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:52 . 2008-05-15 13:58 <DIR> d-------- C:\Program Files\PowerISO 2008-05-15 13:24 . 2008-05-15 13:24 <DIR> d--hs---- C:\Documents and Settings\qNick\UserData 2008-05-15 13:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-15 13:24 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-15 13:24 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-15 13:21 . 2008-05-15 13:21 <DIR> d-------- C:\Program Files\uTorrent 2008-05-15 13:21 . 2008-05-15 21:17 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\uTorrent 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Program Files\ESET 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-15 13:16 . 2008-05-15 15:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\Program Files\Realtek 2008-05-15 13:10 . 2008-05-15 15:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-15 13:10 . 2007-10-23 18:51 103,296 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys 2008-05-15 13:09 . 2008-05-15 13:09 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\InstallShield 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-15 13:04 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-15 13:04 . 2008-05-16 07:12 61,440 --ah----- C:\Documents and Settings\qNick\ntuser.dat.LOG 2008-05-15 13:04 . 2008-05-16 06:56 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG 2008-05-15 13:01 . 2008-05-16 06:56 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG 2008-05-15 13:00 . 2008-05-15 13:34 <DIR> d-------- C:\WINDOWS\system32\dllcache 2008-05-15 13:00 . 2008-05-15 15:53 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM 2008-05-04 16:00 . 2008-04-30 23:06 990,208 --a------ C:\WINDOWS\system32\syssetup.dll 2008-05-04 16:00 . 2007-09-29 23:03 308,248 --a------ C:\WINDOWS\system32\drivers\iaStor.sys 2008-04-30 23:06 . 2008-04-30 23:06 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-30 23:06 . 2008-04-30 23:06 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll 2008-04-30 22:29 . 2008-04-30 22:29 343 --a------ C:\WINDOWS\system32\prodspec.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin 2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 07:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys 2008-04-14 07:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-14 07:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 07:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 07:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys 2008-04-14 07:06 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys 2008-04-14 07:06 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 07:06 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 07:06 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 07:06 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:06 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 07:04 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys 2008-04-14 07:03 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 07:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys 2008-04-14 07:02 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys 2008-04-14 07:02 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys 2008-04-14 07:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys 2008-04-14 07:02 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys 2008-04-14 07:02 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2008-04-14 07:01 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys 2008-04-14 07:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 07:01 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 07:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 06:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 06:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 06:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 06:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-15_21.49.52.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-16 04:49:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-16 13:55:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712] "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-15 15:02:55 789008] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\SETUP.EXE \Shell\configure\command - H:\SETUP.EXE \Shell\install\command - H:\SETUP.EXE *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 07:12:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-16 7:13:06 ComboFix-quarantined-files.txt 2008-05-16 14:13:05 ComboFix2.txt 2008-05-16 04:50:03 Pre-Run: 45,970,264,064 bytes free Post-Run: 45,979,000,832 bytes free 273
-
Witam. Ostatnio złapałem trojana vundo + pewnie jakieś dodatki (popup'y, blokada automatic update, wolne otwieranie stron). Troche z tym walczyłem nawet z dobrym efektem ale dla pewności proszę o sprawdzenie co jeszcze jest nie tak: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijackthis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:29 PM, on 5/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\qNick\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [24f2973e] rundll32.exe "C:\WINDOWS\system32\ipubxopi.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210883055062 O17 - HKLM\System\CCS\Services\Tcpip\..\{A08C7FF7-8F14-47E1-BEF7-7621C84AC1AB}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- End of file - 4765 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix" ComboFix 08-05-15.2 - qNick 2008-05-15 21:47:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1661 [GMT -7:00] Running from: C:\Documents and Settings\qNick\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\edyvpkvx.ini C:\WINDOWS\system32\hgjmlUvw.ini C:\WINDOWS\system32\hgjmlUvw.ini2 C:\WINDOWS\system32\ipoxbupi.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\PWyIlUtv.ini C:\WINDOWS\system32\PWyIlUtv.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-15 21:17 . 2008-05-15 21:17 116,736 --a------ C:\WINDOWS\system32\ipubxopi.dll 2008-05-15 21:11 . 2008-05-15 21:11 95,232 --------- C:\WINDOWS\version.exe 2008-05-15 19:53 . 2008-05-15 19:53 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-15 18:02 . 2008-05-15 18:02 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\GARMIN 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Garmin 2008-05-15 16:50 . 2008-05-15 18:01 <DIR> d-------- C:\Garmin 2008-05-15 15:55 . 2008-05-15 15:57 <DIR> d-------- C:\Program Files\Microsoft Bootvis 2008-05-15 15:53 . 2008-05-15 15:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-15 15:52 . 2008-05-15 15:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-15 15:52 . 2008-05-15 15:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-15 15:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-15 15:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-15 15:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-15 15:39 . 2008-05-15 15:39 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\skypePM 2008-05-15 15:39 . 2008-05-15 15:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick\Gadu-Gadu 2008-05-15 15:38 . 2008-05-15 15:40 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-15 15:37 . 2008-05-15 15:37 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-15 15:35 . 2008-05-15 15:35 <DIR> dr-h----- C:\MSOCache 2008-05-15 15:35 . 2008-05-15 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-15 15:31 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2008-05-15 15:25 . 2008-05-15 15:25 152 --a------ C:\WINDOWS\CoolPlay.ini 2008-05-15 15:18 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-05-15 15:18 . 1999-10-10 10:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-05-15 15:14 . 2008-05-15 21:48 55,384 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 21:48 55,384 --a------ C:\WINDOWS\system32\BMXState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 15:14 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-05-15 15:14 . 2008-05-15 21:48 788 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:13 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\Creative 2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-05-15 15:13 . 2008-05-15 15:13 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-05-15 15:13 . 2008-05-15 15:13 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-05-15 15:13 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll 2008-05-15 15:13 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Creative 2008-05-15 15:06 . 2008-05-15 15:06 <DIR> d-------- C:\WINDOWS\system32\ENU 2008-05-15 15:06 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-15 15:04 . 2008-05-15 15:06 <DIR> d-------- C:\Program Files\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-15 15:04 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-05-15 15:03 . 2008-05-15 15:03 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Logitech 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Logitech 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-15 15:02 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-05-15 15:02 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-05-15 15:02 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-05-15 15:02 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-05-15 15:02 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-05-15 14:34 . 2008-05-15 14:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\SUPERAntiSpyware.com 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:52 . 2008-05-15 13:58 <DIR> d-------- C:\Program Files\PowerISO 2008-05-15 13:24 . 2008-05-15 13:24 <DIR> d--hs---- C:\Documents and Settings\qNick\UserData 2008-05-15 13:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-15 13:24 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-15 13:24 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-15 13:21 . 2008-05-15 13:21 <DIR> d-------- C:\Program Files\uTorrent 2008-05-15 13:21 . 2008-05-15 21:17 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\uTorrent 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Program Files\ESET 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-15 13:16 . 2008-05-15 15:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\Program Files\Realtek 2008-05-15 13:10 . 2008-05-15 15:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-15 13:10 . 2007-10-23 18:51 103,296 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys 2008-05-15 13:09 . 2008-05-15 13:09 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\InstallShield 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-15 13:04 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-15 13:04 . 2008-05-15 21:49 86,016 --ah----- C:\Documents and Settings\qNick\ntuser.dat.LOG 2008-05-15 13:04 . 2008-05-15 21:49 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG 2008-05-15 13:01 . 2008-05-15 21:49 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG 2008-05-15 13:00 . 2008-05-15 13:34 <DIR> d-------- C:\WINDOWS\system32\dllcache 2008-05-15 13:00 . 2008-05-15 15:53 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM 2008-05-04 16:00 . 2008-04-30 23:06 990,208 --a------ C:\WINDOWS\system32\syssetup.dll 2008-05-04 16:00 . 2007-09-29 23:03 308,248 --a------ C:\WINDOWS\system32\drivers\iaStor.sys 2008-04-30 23:06 . 2008-04-30 23:06 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-30 23:06 . 2008-04-30 23:06 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll 2008-04-30 22:29 . 2008-04-30 22:29 343 --a------ C:\WINDOWS\system32\prodspec.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 14:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp 2008-04-14 14:34 16,535 ----a-r C:\WINDOWS\SET8.tmp 2008-04-14 14:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp 2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 12:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll 2008-04-14 12:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll 2008-04-14 12:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll 2008-04-14 12:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll 2008-04-14 12:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll 2008-04-14 12:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll 2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys 2008-04-14 07:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-14 07:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 07:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 07:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys 2008-04-14 07:06 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys 2008-04-14 07:06 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 07:06 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 07:06 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 07:06 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:06 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 07:04 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys 2008-04-14 07:03 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 07:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys 2008-04-14 07:02 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys 2008-04-14 07:02 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys 2008-04-14 07:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys 2008-04-14 07:02 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys 2008-04-14 07:02 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2008-04-14 07:01 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys 2008-04-14 07:01 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 05:09 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-04-14 05:09 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys 2008-04-14 05:06 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-04-14 00:10 96,512 ----a-w C:\WINDOWS\system32\drivers\atapi.sys 2008-04-14 00:10 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 00:10 24,960 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys 2008-02-21 03:59 11,776 ----a-w C:\WINDOWS\INRES.DLL 2008-02-21 03:58 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL 2008-02-21 03:58 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712] "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "24f2973e"="C:\WINDOWS\system32\ipubxopi.dll" [2008-05-15 21:17 116736] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-15 15:02:55 789008] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\SETUP.EXE \Shell\configure\command - H:\SETUP.EXE \Shell\install\command - H:\SETUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 21:49:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\CTxfispi.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe . ************************************************************************** . Completion time: 2008-05-15 21:50:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-16 04:50:00 Pre-Run: 45,518,159,872 bytes free Post-Run: 45,900,177,408 bytes free 286 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 57, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."] "IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "24f2973e" = "rundll32.exe "C:\WINDOWS\system32\ipubxopi.dll",b" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] <<!>> LBTWlgn\DLLName = "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll" ["Logitech, Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "qNick" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"] ---------- (launch time: 2008-05-15 22:17:22) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 2 seconds. ---------- (total run time: 14 seconds) Pozdrawiam
-
Przeglądałem trochę zagraniczne fora np Tutaj piszą że niestety zmiana napięcia poprzez volage table editor niestety nie działa i max co można wycisnąć z biosu to 1.1 V. U mnie jak na razie na nowych ustawieniach karta chodzi stabilnie...pewnie efekt placebo :lol2: . Możesz się tym pobawić na każdej karcie ja mam msi, ale nie wiem czy to ma sens.
-
Witam Do czego służy opcja voltage table editor w nibitor ? Bawiąc się tą opcją ustawiłem wartość 1.15 V w entry 4 i następnie w zakładce voltages mogłem ustawić tą wartość w exact mode. Z ciekawości wgrałem tak zmodowany bios, wcześniej karta działała stabilnie na taktach 725/1782 1.1V (wiem padaka straszna) teraz na 740/1836 jest stabilnie. Czy ktoś obeznany w temacie może wyjaśnić tą opcje ? Nie mam miernika więc nie mogę sprawdzić czy faktycznie napięcie wzrosło. Zakres w voltage table editor jest aż do 1.57 V. Ja nie ustawiłem na razie więcej bo sekcja zasilania parzy i muszę kupić radiatorki.
-
@Komornick jaka płyta, może abit? Podkręć PCI tak koło 104 MHz paru osobom w tym i mnie to pomogło. Pozdrawiam. sorry nie doczytałem masz msi ale spróbuj może coś to da.
-
Wielkie dzięki dla użytkowników @Symbian i @Marrrcin. Moja karta msi ze dwa razy w tygodniu lubiła wywalic BS lub PS na default w 2D. Po podkęceniu PCI na 104 Mhz ten problem ustąpił (abit AB9 Pro). Wynika z tego, że często za niestabilność tych kart odpowiadają płyty. W 3D po podkęceniu na 725/1800/1000 działa stabilnie. Pozdrawiam.
-
A na jakich sterownikach ? U mnie jest ciekawie bo w crysisie spoko, a 2 razy zwiecha w 2D. Teraz testuje 174.20 i jak na razie ok.
-
Vista czy XP ? Skąd zassać te stery 171.23 bo najnowsze beta na oficjalnej stronie to 169.28
-
Witam Czy zdarzały się wam dziwne zwiechy na tej karcie, różowy ekran i pomaga tylko reset. Mi zdarzyło się to już dwa razy i to na 2D. Karta nie kręcona, XP stery 169.21. Nie wiem czy to wina karty czy sterowników ?
-
Acer Aspire 3620 Upgrade Procesora
qNick odpowiedział qNick → na temat → Laptopy (notebooki) i urządzenia przenośne
Dzięki romek-o, chyba wezmę tego procka i zobacze. Ciężko coś znaleźć w necie na ten temat. -
Acer Aspire 3620 Upgrade Procesora
qNick odpowiedział qNick → na temat → Laptopy (notebooki) i urządzenia przenośne
Napisałem email do firmy Acer ale niestety na razie bez odpowiedzi. Problem w tym że muszę się zdeklarować na zakup tego procka w ciągu 2 dni. Przejrzałem forum i na laptopach firmy Asus na 910 gml wystarczy zmiana zworki na 533 ale jak jest z acer'em ? Proszę o sugestie czy warto zaryzykować. Cena tego procka to około 50 $ więc mogę zaryzykować bo nie wiele stracę przy sprzedaży. Pozdrawiam. -
Acer Aspire 3620 Upgrade Procesora
qNick odpowiedział qNick → na temat → Laptopy (notebooki) i urządzenia przenośne
Z tego co znalazłem w sieci chipset Intel® 910GML obsługuje ten procesor. Problem tylko w tym pracuje on na fsb 533. Sprawa jest dość pilna więc bardzo proszę zorientowanych o pomoc. Pozdrawiam -
Czy laptop Acer Aspire 3620 obsłuży procesor Pentium M 760 2.0GHz / 533 / Dothan / L2 2M Specyfikacja: Intel® Celeron® M processor 370/380/390 (1 MB L2 cache, 1.50/1.60/1.70 GHz, 400 MHz FSB) or higher • Intel® Pentium® M processor 725 (2 MB L2 cache, 1.60 GHz, 400 MHz FSB) or higher • Mobile Intel® 910GML Express chipset i czy będzie to odczuwalny wzrost wydajności w porównaniu do celerona 1.6 Ghz ? Pozdrawiam.
-
Sorry namieszałem nie jestem specjalistą w tej dziedzinie więc wybaczcie. Riva pokazuje prędkość wentylatora 880 RPM karta na default. Po odpaleniu gry temperatura wzrasta z ok 44 do 62. Co ciekawe karta się grzeje a wykres riva tuner pokazuje predkość około 830 RPM :) chore. Czyli dynamiczne skalowanie działa ale nie w tą stronę co trzeba :). W zakładce fan rivy gdy przełącze na direct contol mam 25%, od 50% fan staje się słyszalny. Dla zainteresowanych tym chłodzeniem dodam że buda dobrze wentylowana antec 180, 2x120 z tyłu i 1x120 z przodu, wentylatory oryginalne czyli nie jakieś super ciche, więc trzeba wziąć poprawkę na na fan'a karty. Może ktoś wytłumaczyć to dziwne zachowanie ?. Stery 169.21 XP 32. Feniks007 mieszkam w stanach więc koszt $219.99+$15.95 tax +$5.84 przesyłka -20$ mail in rabate. Czyli tutaj około $221. Coraz bardziej zaczynam być niezadowolony z tej karty właśnie zaliczyłem 2 zwieche w tym tygodniu na stock, może to przez stery, jakoś extremalnie jej nie kręciłem żeby coś padło. Pozdrawiam
