qNick

Done... Dzieki wielkie. Pozdrawiam.

Dzięki @XAD_ vundofix już nic nie znalazł, nowy log: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 08-05-15.3 - qNick 2008-05-16 7:12:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1661 [GMT -7:00] Running from: C:\Documents and Settings\qNick\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 07:08 . 2008-05-16 07:08 <DIR> d-------- C:\VundoFix Backups 2008-05-16 07:04 . 2008-05-16 07:04 <DIR> d-------- C:\_OTMoveIt 2008-05-15 23:06 . 2008-05-15 23:06 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-15 21:49 . 2008-05-16 06:55 414 ---hs---- C:\WINDOWS\system32\ipoxbupi.ini 2008-05-15 19:53 . 2008-05-15 19:53 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-15 18:02 . 2008-05-15 18:02 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\GARMIN 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Garmin 2008-05-15 16:50 . 2008-05-15 18:01 <DIR> d-------- C:\Garmin 2008-05-15 15:55 . 2008-05-15 15:57 <DIR> d-------- C:\Program Files\Microsoft Bootvis 2008-05-15 15:53 . 2008-05-15 15:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-15 15:52 . 2008-05-15 15:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-15 15:52 . 2008-05-15 15:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-15 15:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-15 15:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-15 15:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-15 15:39 . 2008-05-15 15:39 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\skypePM 2008-05-15 15:39 . 2008-05-15 15:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick\Gadu-Gadu 2008-05-15 15:38 . 2008-05-15 15:40 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-15 15:37 . 2008-05-15 15:37 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-15 15:35 . 2008-05-15 15:35 <DIR> dr-h----- C:\MSOCache 2008-05-15 15:35 . 2008-05-15 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-15 15:31 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2008-05-15 15:25 . 2008-05-15 15:25 152 --a------ C:\WINDOWS\CoolPlay.ini 2008-05-15 15:18 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-05-15 15:18 . 1999-10-10 10:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-05-15 15:14 . 2008-05-15 23:10 55,384 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 23:10 55,384 --a------ C:\WINDOWS\system32\BMXState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 15:14 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-05-15 15:14 . 2008-05-15 23:10 788 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:13 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\Creative 2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-05-15 15:13 . 2008-05-15 15:13 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-05-15 15:13 . 2008-05-15 15:13 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-05-15 15:13 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll 2008-05-15 15:13 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Creative 2008-05-15 15:06 . 2008-05-15 15:06 <DIR> d-------- C:\WINDOWS\system32\ENU 2008-05-15 15:06 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-15 15:04 . 2008-05-15 15:06 <DIR> d-------- C:\Program Files\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-15 15:04 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-05-15 15:03 . 2008-05-15 15:03 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Logitech 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Logitech 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-15 15:02 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-05-15 15:02 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-05-15 15:02 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-05-15 15:02 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-05-15 15:02 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-05-15 14:34 . 2008-05-15 14:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\SUPERAntiSpyware.com 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:52 . 2008-05-15 13:58 <DIR> d-------- C:\Program Files\PowerISO 2008-05-15 13:24 . 2008-05-15 13:24 <DIR> d--hs---- C:\Documents and Settings\qNick\UserData 2008-05-15 13:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-15 13:24 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-15 13:24 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-15 13:21 . 2008-05-15 13:21 <DIR> d-------- C:\Program Files\uTorrent 2008-05-15 13:21 . 2008-05-15 21:17 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\uTorrent 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Program Files\ESET 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-15 13:16 . 2008-05-15 15:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\Program Files\Realtek 2008-05-15 13:10 . 2008-05-15 15:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-15 13:10 . 2007-10-23 18:51 103,296 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys 2008-05-15 13:09 . 2008-05-15 13:09 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\InstallShield 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-15 13:04 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-15 13:04 . 2008-05-16 07:12 61,440 --ah----- C:\Documents and Settings\qNick\ntuser.dat.LOG 2008-05-15 13:04 . 2008-05-16 06:56 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG 2008-05-15 13:01 . 2008-05-16 06:56 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG 2008-05-15 13:00 . 2008-05-15 13:34 <DIR> d-------- C:\WINDOWS\system32\dllcache 2008-05-15 13:00 . 2008-05-15 15:53 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM 2008-05-04 16:00 . 2008-04-30 23:06 990,208 --a------ C:\WINDOWS\system32\syssetup.dll 2008-05-04 16:00 . 2007-09-29 23:03 308,248 --a------ C:\WINDOWS\system32\drivers\iaStor.sys 2008-04-30 23:06 . 2008-04-30 23:06 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-30 23:06 . 2008-04-30 23:06 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll 2008-04-30 22:29 . 2008-04-30 22:29 343 --a------ C:\WINDOWS\system32\prodspec.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin 2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 07:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys 2008-04-14 07:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-14 07:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 07:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 07:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys 2008-04-14 07:06 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys 2008-04-14 07:06 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 07:06 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 07:06 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 07:06 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:06 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 07:04 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys 2008-04-14 07:03 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 07:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys 2008-04-14 07:02 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys 2008-04-14 07:02 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys 2008-04-14 07:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys 2008-04-14 07:02 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys 2008-04-14 07:02 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2008-04-14 07:01 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys 2008-04-14 07:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-14 07:01 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 07:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-14 06:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 06:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-14 06:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-14 06:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-15_21.49.52.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-16 04:49:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-16 13:55:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712] "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-15 15:02:55 789008] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\SETUP.EXE \Shell\configure\command - H:\SETUP.EXE \Shell\install\command - H:\SETUP.EXE *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 07:12:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-16 7:13:06 ComboFix-quarantined-files.txt 2008-05-16 14:13:05 ComboFix2.txt 2008-05-16 04:50:03 Pre-Run: 45,970,264,064 bytes free Post-Run: 45,979,000,832 bytes free 273

Witam. Ostatnio złapałem trojana vundo + pewnie jakieś dodatki (popup'y, blokada automatic update, wolne otwieranie stron). Troche z tym walczyłem nawet z dobrym efektem ale dla pewności proszę o sprawdzenie co jeszcze jest nie tak: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijackthis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:29 PM, on 5/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\qNick\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [24f2973e] rundll32.exe "C:\WINDOWS\system32\ipubxopi.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210883055062 O17 - HKLM\System\CCS\Services\Tcpip\..\{A08C7FF7-8F14-47E1-BEF7-7621C84AC1AB}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- End of file - 4765 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix" ComboFix 08-05-15.2 - qNick 2008-05-15 21:47:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1661 [GMT -7:00] Running from: C:\Documents and Settings\qNick\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\edyvpkvx.ini C:\WINDOWS\system32\hgjmlUvw.ini C:\WINDOWS\system32\hgjmlUvw.ini2 C:\WINDOWS\system32\ipoxbupi.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\PWyIlUtv.ini C:\WINDOWS\system32\PWyIlUtv.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-05-15 21:49 . 2008-05-15 21:49 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-15 21:17 . 2008-05-15 21:17 116,736 --a------ C:\WINDOWS\system32\ipubxopi.dll 2008-05-15 21:11 . 2008-05-15 21:11 95,232 --------- C:\WINDOWS\version.exe 2008-05-15 19:53 . 2008-05-15 19:53 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-15 18:02 . 2008-05-15 18:02 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\GARMIN 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Garmin 2008-05-15 16:50 . 2008-05-15 18:01 <DIR> d-------- C:\Garmin 2008-05-15 15:55 . 2008-05-15 15:57 <DIR> d-------- C:\Program Files\Microsoft Bootvis 2008-05-15 15:53 . 2008-05-15 15:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-15 15:52 . 2008-05-15 15:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-15 15:52 . 2008-05-15 15:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-15 15:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-15 15:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-15 15:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-15 15:39 . 2008-05-15 15:39 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\skypePM 2008-05-15 15:39 . 2008-05-15 15:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick\Gadu-Gadu 2008-05-15 15:38 . 2008-05-15 15:40 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Skype 2008-05-15 15:38 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-15 15:37 . 2008-05-15 15:37 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-15 15:35 . 2008-05-15 15:35 <DIR> dr-h----- C:\MSOCache 2008-05-15 15:35 . 2008-05-15 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-15 15:31 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE 2008-05-15 15:25 . 2008-05-15 15:25 152 --a------ C:\WINDOWS\CoolPlay.ini 2008-05-15 15:18 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-05-15 15:18 . 1999-10-10 10:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-05-15 15:14 . 2008-05-15 21:48 55,384 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 21:48 55,384 --a------ C:\WINDOWS\system32\BMXState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:14 . 2008-05-15 15:14 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-05-15 15:14 . 2008-05-15 21:48 788 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000006-00001102-00000005-00211102}.rfx 2008-05-15 15:13 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\Creative 2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-05-15 15:13 . 2008-05-15 15:13 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-05-15 15:13 . 2008-05-15 15:13 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-05-15 15:13 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll 2008-05-15 15:13 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Creative 2008-05-15 15:06 . 2008-05-15 15:06 <DIR> d-------- C:\WINDOWS\system32\ENU 2008-05-15 15:06 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-15 15:04 . 2008-05-15 15:06 <DIR> d-------- C:\Program Files\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Intel 2008-05-15 15:04 . 2008-05-15 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-15 15:04 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-05-15 15:03 . 2008-05-15 15:03 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\Logitech 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-05-15 15:03 . 2008-05-15 15:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Logitech 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-05-15 15:02 . 2008-05-15 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-05-15 15:02 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-05-15 15:02 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-05-15 15:02 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-05-15 15:02 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-05-15 15:02 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll 2008-05-15 14:34 . 2008-05-15 14:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\SUPERAntiSpyware.com 2008-05-15 14:34 . 2008-05-15 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:52 . 2008-05-15 13:58 <DIR> d-------- C:\Program Files\PowerISO 2008-05-15 13:24 . 2008-05-15 13:24 <DIR> d--hs---- C:\Documents and Settings\qNick\UserData 2008-05-15 13:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-15 13:24 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-15 13:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-15 13:24 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-15 13:21 . 2008-05-15 13:21 <DIR> d-------- C:\Program Files\uTorrent 2008-05-15 13:21 . 2008-05-15 21:17 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\uTorrent 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Program Files\ESET 2008-05-15 13:19 . 2008-05-15 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-15 13:16 . 2008-05-15 15:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-05-15 13:10 . 2008-05-15 13:10 <DIR> d-------- C:\Program Files\Realtek 2008-05-15 13:10 . 2008-05-15 15:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-15 13:10 . 2007-10-23 18:51 103,296 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys 2008-05-15 13:09 . 2008-05-15 13:09 <DIR> d-------- C:\Documents and Settings\qNick\Application Data\InstallShield 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-15 13:04 . 2008-05-15 15:38 <DIR> d-------- C:\Documents and Settings\qNick 2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-15 13:04 . 2008-05-15 21:49 86,016 --ah----- C:\Documents and Settings\qNick\ntuser.dat.LOG 2008-05-15 13:04 . 2008-05-15 21:49 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG 2008-05-15 13:01 . 2008-05-15 21:49 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG 2008-05-15 13:00 . 2008-05-15 13:34 <DIR> d-------- C:\WINDOWS\system32\dllcache 2008-05-15 13:00 . 2008-05-15 15:53 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM 2008-05-04 16:00 . 2008-04-30 23:06 990,208 --a------ C:\WINDOWS\system32\syssetup.dll 2008-05-04 16:00 . 2007-09-29 23:03 308,248 --a------ C:\WINDOWS\system32\drivers\iaStor.sys 2008-04-30 23:06 . 2008-04-30 23:06 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-30 23:06 . 2008-04-30 23:06 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll 2008-04-30 22:29 . 2008-04-30 22:29 343 --a------ C:\WINDOWS\system32\prodspec.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 14:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp 2008-04-14 14:34 16,535 ----a-r C:\WINDOWS\SET8.tmp 2008-04-14 14:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp 2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 12:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll 2008-04-14 12:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll 2008-04-14 12:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll 2008-04-14 12:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll 2008-04-14 12:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll 2008-04-14 12:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll 2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys 2008-04-14 07:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-14 07:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 07:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 07:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys 2008-04-14 07:06 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys 2008-04-14 07:06 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 07:06 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 07:06 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 07:06 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:06 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 07:04 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys 2008-04-14 07:03 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 07:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys 2008-04-14 07:02 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys 2008-04-14 07:02 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys 2008-04-14 07:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys 2008-04-14 07:02 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys 2008-04-14 07:02 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2008-04-14 07:01 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys 2008-04-14 07:01 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 05:09 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-04-14 05:09 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys 2008-04-14 05:06 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-04-14 00:10 96,512 ----a-w C:\WINDOWS\system32\drivers\atapi.sys 2008-04-14 00:10 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 00:10 24,960 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys 2008-02-21 03:59 11,776 ----a-w C:\WINDOWS\INRES.DLL 2008-02-21 03:58 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL 2008-02-21 03:58 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712] "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "24f2973e"="C:\WINDOWS\system32\ipubxopi.dll" [2008-05-15 21:17 116736] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-15 15:02:55 789008] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\SETUP.EXE \Shell\configure\command - H:\SETUP.EXE \Shell\install\command - H:\SETUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 21:49:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\CTxfispi.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe . ************************************************************************** . Completion time: 2008-05-15 21:50:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-16 04:50:00 Pre-Run: 45,518,159,872 bytes free Post-Run: 45,900,177,408 bytes free 286 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 57, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."] "IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "24f2973e" = "rundll32.exe "C:\WINDOWS\system32\ipubxopi.dll",b" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] <<!>> LBTWlgn\DLLName = "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll" ["Logitech, Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "qNick" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"] ---------- (launch time: 2008-05-15 22:17:22) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 2 seconds. ---------- (total run time: 14 seconds) Pozdrawiam

Przeglądałem trochę zagraniczne fora np Tutaj piszą że niestety zmiana napięcia poprzez volage table editor niestety nie działa i max co można wycisnąć z biosu to 1.1 V. U mnie jak na razie na nowych ustawieniach karta chodzi stabilnie...pewnie efekt placebo :lol2: . Możesz się tym pobawić na każdej karcie ja mam msi, ale nie wiem czy to ma sens.

Witam Do czego służy opcja voltage table editor w nibitor ? Bawiąc się tą opcją ustawiłem wartość 1.15 V w entry 4 i następnie w zakładce voltages mogłem ustawić tą wartość w exact mode. Z ciekawości wgrałem tak zmodowany bios, wcześniej karta działała stabilnie na taktach 725/1782 1.1V (wiem padaka straszna) teraz na 740/1836 jest stabilnie. Czy ktoś obeznany w temacie może wyjaśnić tą opcje ? Nie mam miernika więc nie mogę sprawdzić czy faktycznie napięcie wzrosło. Zakres w voltage table editor jest aż do 1.57 V. Ja nie ustawiłem na razie więcej bo sekcja zasilania parzy i muszę kupić radiatorki.

@Komornick jaka płyta, może abit? Podkręć PCI tak koło 104 MHz paru osobom w tym i mnie to pomogło. Pozdrawiam. sorry nie doczytałem masz msi ale spróbuj może coś to da.

Wielkie dzięki dla użytkowników @Symbian i @Marrrcin. Moja karta msi ze dwa razy w tygodniu lubiła wywalic BS lub PS na default w 2D. Po podkęceniu PCI na 104 Mhz ten problem ustąpił (abit AB9 Pro). Wynika z tego, że często za niestabilność tych kart odpowiadają płyty. W 3D po podkęceniu na 725/1800/1000 działa stabilnie. Pozdrawiam.

A na jakich sterownikach ? U mnie jest ciekawie bo w crysisie spoko, a 2 razy zwiecha w 2D. Teraz testuje 174.20 i jak na razie ok.

Vista czy XP ? Skąd zassać te stery 171.23 bo najnowsze beta na oficjalnej stronie to 169.28

Witam Czy zdarzały się wam dziwne zwiechy na tej karcie, różowy ekran i pomaga tylko reset. Mi zdarzyło się to już dwa razy i to na 2D. Karta nie kręcona, XP stery 169.21. Nie wiem czy to wina karty czy sterowników ?

Dzięki romek-o, chyba wezmę tego procka i zobacze. Ciężko coś znaleźć w necie na ten temat.

Napisałem email do firmy Acer ale niestety na razie bez odpowiedzi. Problem w tym że muszę się zdeklarować na zakup tego procka w ciągu 2 dni. Przejrzałem forum i na laptopach firmy Asus na 910 gml wystarczy zmiana zworki na 533 ale jak jest z acer'em ? Proszę o sugestie czy warto zaryzykować. Cena tego procka to około 50 $ więc mogę zaryzykować bo nie wiele stracę przy sprzedaży. Pozdrawiam.

Z tego co znalazłem w sieci chipset Intel® 910GML obsługuje ten procesor. Problem tylko w tym pracuje on na fsb 533. Sprawa jest dość pilna więc bardzo proszę zorientowanych o pomoc. Pozdrawiam

Czy laptop Acer Aspire 3620 obsłuży procesor Pentium M 760 2.0GHz / 533 / Dothan / L2 2M Specyfikacja: Intel® Celeron® M processor 370/380/390 (1 MB L2 cache, 1.50/1.60/1.70 GHz, 400 MHz FSB) or higher • Intel® Pentium® M processor 725 (2 MB L2 cache, 1.60 GHz, 400 MHz FSB) or higher • Mobile Intel® 910GML Express chipset i czy będzie to odczuwalny wzrost wydajności w porównaniu do celerona 1.6 Ghz ? Pozdrawiam.

Sorry namieszałem nie jestem specjalistą w tej dziedzinie więc wybaczcie. Riva pokazuje prędkość wentylatora 880 RPM karta na default. Po odpaleniu gry temperatura wzrasta z ok 44 do 62. Co ciekawe karta się grzeje a wykres riva tuner pokazuje predkość około 830 RPM :) chore. Czyli dynamiczne skalowanie działa ale nie w tą stronę co trzeba :). W zakładce fan rivy gdy przełącze na direct contol mam 25%, od 50% fan staje się słyszalny. Dla zainteresowanych tym chłodzeniem dodam że buda dobrze wentylowana antec 180, 2x120 z tyłu i 1x120 z przodu, wentylatory oryginalne czyli nie jakieś super ciche, więc trzeba wziąć poprawkę na na fan'a karty. Może ktoś wytłumaczyć to dziwne zachowanie ?. Stery 169.21 XP 32. Feniks007 mieszkam w stanach więc koszt $219.99+$15.95 tax +$5.84 przesyłka -20$ mail in rabate. Czyli tutaj około $221. Coraz bardziej zaczynam być niezadowolony z tej karty właśnie zaliczyłem 2 zwieche w tym tygodniu na stock, może to przez stery, jakoś extremalnie jej nie kręciłem żeby coś padło. Pozdrawiam

Nie wiem czy dobrze sie wyraziłem. Z tego co pokazuje Riva Tuner wiatrak nie zmienia dynamicznie prędkości przynajmniej do tych 64 stopni, bo oczywiście mogę go podkęcić na większą prędkość.

Jakiś tydzień temu kupiłem to "cudo" własnie w tej firmie. Cena była atrakcyjna. Chłodzenie naprawdę bardzo fajne fan na 100% ale niesłyszalny. Przy 750/1836/2000 64 stopnie w Crysis więc chyba niezle. Teraz wady, shadery powyżej 1836 sieją artami w Crysis (te prostokąciki) przy 1836 wszytko smiga git. Rdzeń przy 750 bez problemu przechodzi 3dmark 06 ale w grach się wysypuje po ok 30 min teraz testuje 745, pamięci nie katowałem więcej niż 1000. Zwiększenie napięcia w biosie nic nie dało, karta fabrycznie kręcona więc pewnie ma 1,1. Przy ustawieniach 745/1836/2000 na c2d E6600 3.4 GHz ponad 13000 w 3dmark 06. Pozdrawiam

Henryk Kwinto dzięki, niestety nie mieszkam w Polsce a to chyba polski patent, poza tym temp rdzenia procesora może być dużo wyższa niż radiatora.

Witam ! Oryginalny wentylator w Scythe Ninja ma stałą prędkość obrotową. Szukam zamiennika 120mm , który pozwoli na dynamiczną zmianę prędkości, w zależności od temperatury procka, zależało by mi również aby max prędkość nie była niższa niż 2000. Szukałem w sklepach ale nic ciekawego nie znalazłem (regulacja albo za pomocą zewnętrznego kontrolera, albo trzy stałe prędkości przełączane lub ostatecznie stała prędkość). Może moglibyście coś polecić ? Pozdrawiam.

Miałem podobny problem. Sprawdź czy gra odpali w windows mode. Jeśli tak to wejdź do... Control Panel/Program and Features po lewej stronie masz opcję Turn Windows Features on or off i odznacz opcję Tablet PC Optional Components (sorki że po angielsku ale nie mam polskiej visty). Następnie zrestartuj komputer. U mnie to pomogło, używam tablet wacom graphire 4 i to on chyba sprawia problemy.

W Biosie mam ustawione: ACPI Suspend Type..............S3 (Suspend-To-Ram)

Witam ! Posiadam następujący zestaw: Core 2 Duo E6600 Abit ab9 pro (najnowszy Bios) A-DATA 2GB (2 x 1GB) DDR2 800 (PC2 6400) Model ADQVE1A16K EVGA GeForce 8800GTS 320MB 2 x Seagate Barracuda 320 Gb ST3320620AS (Raid 0) Creative X-FI Platinium Antec SmartPower 2.0 SP-500 ATX12V 500W Przy próbie uśpienia systemu (suspend-to-ram ) monitor gaśnie, dyski przestają pracować, jednak nie następuje odcięcie napięcia (dioda nadal świeci, wiatraczki się obracają). Komputer mogę wyłączyć jedynie przez chwilowe naciśnięcie power. Co ciekawe czasem udaje się poprawnie uśpić system ale bardzo rzadko. Dzieje się to zarówno na XP jak i Viście. Zwykłe zamykanie systemu działa bezproblemowo. Jak myślicie czy to wina płyty ? Będę wdzięczny za pomoc. Pozdrawiam.