log z HJT

[pikahuj]

z tym plikiem reg. nie bardzo wiem o co chodzi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:10, on 2008-04-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AusLogics BoostSpeed\boostspeed.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BoostSpeed] "C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05C7AA0A-12AB-4D37-A21D-D67B534D5CEC}: NameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9E402F6-A5F1-457B-BE10-A8FC530690B3}: NameServer = 212.85.112.32,193.110.121.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{05C7AA0A-12AB-4D37-A21D-D67B534D5CEC}: NameServer = 208.67.222.222 208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--
End of file - 5155 bytes

[huber2t]

Log jest czysty

Napisz nam jaki masz problem

Podaj log z Combofix

[pikahuj]

symptomy są dość dziwne,mianowicie co jakiś czas znika panel nvidii , a okna ekplorera robią się czarne

ComboFix 08-04-20.5 - Administrator 2008-04-22 18:10:21.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1801 [GMT 2:00]
Running from: I:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-20 21:59 . 2008-04-20 21:59 <DIR> d-------- C:\Documents and Settings\aga\Dane aplikacji\AdobeUM
2008-04-20 19:05 . 2008-04-20 19:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\WINNT\system32\xircom
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-20 18:31 . 2008-04-20 18:31 <DIR> d-------- C:\WINNT\ERUNT
2008-04-20 18:31 . 2008-04-22 13:22 <DIR> d-------- C:\SDFix
2008-04-20 18:30 . 2008-04-22 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Ustawienia lokalne
2008-04-20 18:30 . 2008-03-06 18:05 <DIR> d-------- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Ulubione
2008-04-20 18:30 . 2008-03-06 17:10 <DIR> d--h----- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Szablony
2008-04-20 18:30 . 2008-04-22 13:47 <DIR> d-------- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Pulpit
2008-04-20 18:30 . 2008-03-06 18:05 <DIR> d-------- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Moje dokumenty
2008-04-20 18:30 . 2008-03-06 18:05 <DIR> dr------- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Menu Start
2008-04-20 18:30 . 2008-03-06 18:05 <DIR> dr-h----- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\Dane aplikacji
2008-04-20 18:30 . 2008-04-20 18:30 <DIR> d-------- C:\Documents and Settings\Administrator.AGA-F066DB82FE3
2008-04-20 18:30 . 2008-04-22 18:11 208,896 --ah----- C:\Documents and Settings\Administrator.AGA-F066DB82FE3\NTUSER.dat.LOG
2008-04-19 23:53 . 2008-04-19 23:53 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-04-19 23:51 . 2008-04-19 23:55 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-04-19 23:51 . 2008-04-19 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-04-19 23:51 . 2008-04-20 00:03 <DIR> d-------- C:\Documents and Settings\aga\Dane aplikacji\Autodesk
2008-04-19 23:48 . 2008-04-19 23:54 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-19 23:48 . 2008-04-19 23:48 <DIR> d-------- C:\Program Files\Autodesk
2008-04-12 22:19 . 2008-04-12 22:19 <DIR> d-------- C:\WINNT\Ubisoft
2008-04-09 10:19 . 2008-04-17 16:00 96,645 --a------ C:\WINNT\system32\drivers\klin.dat
2008-04-09 10:19 . 2008-04-17 16:00 87,941 --a------ C:\WINNT\system32\drivers\klick.dat
2008-04-09 10:18 . 2008-04-09 10:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-06 17:03 . 2008-04-06 17:03 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2008-04-04 23:31 . 2008-04-04 23:31 41,296 --a------ C:\WINNT\system32\xfcodec.dll
2008-04-04 13:04 . 2008-04-04 14:05 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-04-03 18:52 . 2008-04-03 18:52 1 --a------ C:\Documents and Settings\aga\SI.bin
2008-04-03 18:48 . 2008-04-03 18:48 98,304 --a------ C:\WINNT\system32\CmdLineExt.dll
2008-04-03 18:47 . 2008-04-03 18:47 <DIR> d-------- C:\WINNT\system32\ageia
2008-04-03 18:47 . 2008-04-03 18:47 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-03 16:09 . 2008-04-03 16:09 55 --a------ C:\WINNT\wininit.ini
2008-04-02 16:36 . 2008-04-02 16:36 <DIR> d-------- C:\WINNT\SWAT 4
2008-04-02 15:52 . 1997-08-26 12:06 315,904 --a------ C:\WINNT\IsUninst.exe
2008-04-02 09:38 . 2008-04-02 09:38 <DIR> d-------- C:\Documents and Settings\aga\Dane aplikacji\gtk-2.0
2008-04-02 09:37 . 2008-04-02 09:37 <DIR> d-------- C:\Documents and Settings\aga\.thumbnails
2008-04-02 09:35 . 2008-04-02 09:43 <DIR> d-------- C:\Documents and Settings\aga\.gimp-2.4
2008-04-01 21:29 . 2008-04-07 18:50 <DIR> d-------- C:\Program Files\Bonjour
2008-04-01 21:21 . 2008-04-01 21:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-29 22:12 . 2008-03-29 22:12 <DIR> d-------- C:\Program Files\Samsung
2008-03-29 22:12 . 1998-07-09 20:41 217,088 --a------ C:\WINNT\system32\skjpeg40.dll
2008-03-29 22:12 . 1998-03-04 11:40 83,968 --a------ C:\WINNT\system32\Skbase40.dll
2008-03-29 22:12 . 2005-12-14 16:11 61,440 --a------ C:\WINNT\system32\xvid.ax
2008-03-29 22:12 . 2004-03-09 10:39 8,704 --a------ C:\WINNT\system32\vidccleaner.exe
2008-03-28 14:31 . 2000-10-25 18:09 139,264 --a------ C:\WINNT\system32\fsgscom.dll
2008-03-27 14:00 . 2008-04-21 18:40 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-26 14:23 . 2008-03-28 19:31 38 --a------ C:\WINNT\avisplitter.INI
2008-03-25 00:50 . 2008-03-25 00:50 766 --a------ C:\WINNT\system32\lanico.ico
2008-03-25 00:50 . 2008-03-25 00:50 0 --a------ C:\WINNT\system32\lanconfig.ini
2008-03-24 20:51 . 2008-03-24 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-03-24 12:21 . 2008-03-24 12:36 <DIR> d-------- C:\Program Files\Auslogics
2008-03-24 12:21 . 2008-03-24 12:35 <DIR> d-------- C:\Documents and Settings\aga\Dane aplikacji\Auslogics
2008-03-23 23:22 . 2008-03-23 23:22 <DIR> d-------- C:\Program Files\pbupdater
2008-03-23 23:15 . 2008-03-23 23:15 <DIR> d-------- C:\Program Files\America's Army
2008-03-23 23:00 . 2008-03-23 23:00 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-03-23 13:02 . 2008-04-02 18:36 <DIR> d-------- C:\Program Files\cFosSpeed
2008-03-22 14:24 . 2008-03-22 14:24 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2008-03-22 14:24 . 2002-02-18 19:40 6,200 --a------ C:\WINNT\system32\INT13EXT.VXD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 16:08 205,280 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2008-04-22 16:08 14,857,504 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2008-04-22 16:08 113,588 --sha-w C:\WINNT\system32\drivers\fidbox2.idx
2008-04-22 16:08 1,155,616 --sha-w C:\WINNT\system32\drivers\fidbox2.dat
2008-04-22 16:05 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-22 15:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-22 14:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-22 13:58 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\Xfire
2008-04-22 13:16 66,872 ----a-w C:\WINNT\system32\PnkBstrA.exe
2008-04-20 22:09 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2008-04-20 22:09 107,832 ----a-w C:\WINNT\system32\PnkBstrB.exe
2008-04-20 17:42 --------- d-----w C:\Program Files\Xfire
2008-04-09 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 12:10 --------- d-----w C:\Program Files\Opera
2008-04-01 19:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-01 19:15 --------- d-----w C:\Program Files\CCleaner
2008-04-01 15:36 --------- d-----w C:\Program Files\FlashGet
2008-03-29 20:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-23 13:14 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-23 13:09 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 14:09 409,600 ----a-w C:\WINNT\system32\wrap_oal.dll
2008-03-22 14:09 114,688 ----a-w C:\WINNT\system32\OpenAL32.dll
2008-03-21 19:12 --------- d-----w C:\Program Files\KeePass Password Safe
2008-03-19 17:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\VMware
2008-03-19 17:34 --------- d-----w C:\Program Files\RDPSoftware
2008-03-19 17:27 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\VMware
2008-03-19 16:34 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\VMware
2008-03-18 18:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
2008-03-18 17:58 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-17 16:35 --------- d-----w C:\Program Files\VID_0E8F&PID_0003
2008-03-13 19:42 163,644 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2008-03-13 11:05 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-03-13 11:01 --------- d-----w C:\Program Files\RivaTuner v2.07
2008-03-11 10:52 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\Ahead
2008-03-11 10:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-11 10:50 --------- d-----w C:\Program Files\Nero
2008-03-11 09:38 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\Thunderbird
2008-03-10 10:14 --------- d-----w C:\Program Files\Futuremark
2008-03-09 15:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-03-09 15:01 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
2008-03-09 14:22 --------- d-----w C:\Program Files\AusLogics BoostSpeed
2008-03-09 11:41 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-09 11:33 685,816 ----a-w C:\WINNT\system32\drivers\sptd.sys
2008-03-09 10:23 360,448 ----a-w C:\WINNT\system32\drivers\tcpip.sys
2008-03-09 09:19 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\Talkback
2008-03-07 20:49 --------- d-----w C:\Program Files\SysTool
2008-03-07 20:04 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-03-07 19:47 22,328 ----a-w C:\Documents and Settings\aga\Dane aplikacji\PnkBstrK.sys
2008-03-07 19:19 --------- d-----w C:\Program Files\PowerISO
2008-03-07 19:13 --------- d-----w C:\Program Files\BitComet
2008-03-06 21:25 --------- d-----w C:\Program Files\AMD
2008-03-06 18:08 --------- d-----w C:\Documents and Settings\aga\Dane aplikacji\Media Player Classic
2008-03-06 15:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-03-06 15:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-06 15:33 21,419 ----a-w C:\WINNT\system32\drivers\AegisP.sys
2008-03-06 15:33 --------- d-----w C:\Program Files\RALINK
2008-03-06 15:30 --------- d-----w C:\Program Files\Creative
2008-03-06 15:12 --------- d-----w C:\Program Files\Usługi online
2008-02-08 16:37 219,664 ----a-w C:\WINNT\system32\klogon.dll
.

------- Sigcheck -------

2008-03-09 12:23 360448 65c34c093e839505636954ead50fa315 C:\WINNT\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 02:44 395776 C:\WINNT\system32\cmd.exe]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 02:33 44544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINNT\system32\P17.DLL]
"UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 02:00 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 02:44 395776 C:\WINNT\system32\cmd.exe]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 02:33 44544]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-06 17:33:07 675840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\Polish\\setup.exe"=
"C:\\WINNT\\system32\\PnkBstrA.exe"=
"C:\\WINNT\\system32\\PnkBstrB.exe"=
"D:\\cod4\\iw3mp.exe"=
"D:\\cris\\Bin32\\Crysis.exe"=
"D:\\cris\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22266:TCP"= 22266:TCP:BitComet 22266 TCP
"22266:UDP"= 22266:UDP:BitComet 22266 UDP

S1 SysTool;SysTool Overclocking Utility;C:\WINNT\system32\DRIVERS\SysTool.sys [2006-11-10 15:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Everest Ultimate Edition 2007 v4.20.1227\kerneld.wnt [2007-12-14 03:09]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:11:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\D:\Everest Ultimate Edition 2007 v4.20.1227\kerneld.wnt"
.
Completion time: 2008-04-22 18:11:32
ComboFix-quarantined-files.txt 2008-04-22 16:11:25
ComboFix2.txt 2008-04-22 11:49:17

Pre-Run: 17,247,678,464 bajtów wolnych
Post-Run: 17,239,126,016 bajtów wolnych

203

[huber2t]

Log jest czysty

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum