Logfile of HijackThis v1.99.1

Scan saved at 01:29:40, on 2008-06-29

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Cezary Molenda\Pulpit\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 2259275296

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Czy są jakieś problemy?

fix w hijackthis

Pokaż log z combofix

A co ten wpis oznacza? Co do problemów - to większych w tej chwili nie ma. Wczoraj wydawało mi się , że “coś” wyłącza Autoochronę antywirusową, a komputer za głośno pracuje i jest za bardzo obciążony.

Ten wpis oznacza brak pliku więc go można usunąć, daj loga z combofix, podaj temperatry kompa i podzespoły

Wklejam loga

ComboFix 08-06-20.4 - Cezary Molenda 2008-06-29 11:03:13.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.240 [GMT 2:00]

Running from: C:\Documents and Settings\Cezary Molenda\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))

.

2008-06-28 14:57 . 2008-06-28 14:57

2008-06-20 08:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-19 23:23 . 2008-06-19 23:23

2008-06-19 23:16 . 2008-06-19 23:16

2008-06-19 23:16 . 2008-06-19 23:16

2008-06-19 23:16 . 2008-06-19 23:16

2008-06-19 23:14 . 2008-06-19 23:14

2008-06-19 23:04 . 2008-06-19 23:04

2008-06-19 22:57 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-19 21:52 . 2008-06-25 23:07

2008-06-19 21:46 . 2008-06-19 21:47

2008-06-19 20:48 . 2008-06-22 15:40

2008-06-19 00:54 . 2005-04-20 13:32 2,916,352 --------- C:\WINDOWS\UNNMP.exe

2008-06-19 00:54 . 2006-03-22 13:55 47,867 --------- C:\WINDOWS\UNNMP.cfg

2008-06-19 00:52 . 2008-06-19 00:52

2008-06-19 00:52 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-06-19 00:51 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe

2008-06-19 00:51 . 2006-03-22 13:55 179,261 --------- C:\WINDOWS\UNNeroVision.cfg

2008-06-19 00:51 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-06-19 00:50 . 2008-06-19 00:50

2008-06-19 00:50 . 2008-06-19 00:54

2008-06-19 00:50 . 2008-06-19 00:50

2008-06-19 00:50 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-06-19 00:50 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-06-19 00:50 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-06-19 00:50 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-06-19 00:50 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-06-19 00:50 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-06-19 00:50 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-06-19 00:13 . 2008-06-19 00:13

2008-06-10 21:49 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:49 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 21:49 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-04 12:37 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-06-04 12:37 . 2003-09-18 14:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-06-04 12:37 . 2003-09-18 14:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-06-04 12:37 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-06-04 12:37 . 2004-01-14 05:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE

2008-06-04 12:36 . 2008-06-04 12:36 0 --a------ C:\WINDOWS\OpPrintServer.INI

2008-06-04 12:35 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-06-04 12:34 . 2008-06-29 10:41

2008-06-04 12:34 . 2004-04-23 09:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL

2008-06-04 12:34 . 2004-03-11 20:06 86,016 --------- C:\WINDOWS\system32\CNMCP6e.exe

2008-06-04 12:34 . 2004-03-11 20:06 86,016 -ra------ C:\WINDOWS\system32\cnmB.tmp

2008-06-04 12:34 . 2004-04-23 09:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL

2008-06-04 12:33 . 2008-06-04 12:33

2008-06-04 12:33 . 2008-06-06 20:30

2008-06-04 12:33 . 2008-06-04 12:37

2008-06-01 16:04 . 2008-06-01 16:04

2008-06-01 16:04 . 2008-06-29 10:04

2008-06-01 16:04 . 2008-06-29 11:11 6,772,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-01 16:04 . 2008-06-29 11:11 294,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-06-01 16:04 . 2008-06-01 16:14 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-06-01 16:04 . 2008-06-29 02:16 92,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-06-01 16:04 . 2008-06-01 16:14 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-06-01 16:04 . 2008-06-29 02:16 28,412 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-06-01 12:54 . 2008-06-01 12:54

2008-05-31 22:28 . 2008-06-12 23:23

2008-05-31 21:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-31 21:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-31 21:10 . 2008-05-31 21:57

2008-05-31 21:09 . 2008-06-29 11:11

2008-05-31 21:09 . 2008-06-29 11:11

2008-05-31 21:09 . 2008-05-31 21:09

2008-05-31 21:09 . 2008-05-31 21:09

2008-05-31 21:09 . 2008-05-31 02:53

2008-05-31 21:09 . 2008-05-31 02:53

2008-05-31 21:09 . 2008-05-31 21:56

2008-05-31 21:09 . 2008-05-31 21:56

2008-05-31 21:09 . 2008-05-31 21:45

2008-05-31 21:09 . 2008-05-31 21:45

2008-05-31 21:09 . 2008-05-31 04:45

2008-05-31 21:09 . 2008-05-31 04:45

2008-05-31 21:09 . 2008-05-31 21:54

2008-05-31 21:09 . 2008-05-31 21:54

2008-05-31 21:09 . 2008-06-23 14:12

2008-05-31 18:53 . 2008-05-31 18:53

2008-05-31 18:33 . 2008-05-31 18:33

2008-05-31 18:33 . 2008-05-31 18:33

2008-05-31 18:19 . 2007-05-12 09:24 77,824 --a------ C:\WINDOWS\system32\DriveInfo.dll

2008-05-31 18:18 . 2008-06-20 09:10

2008-05-31 18:18 . 2007-05-12 09:24 32,768 --a------ C:\WINDOWS\system32\chipxum.dll

2008-05-31 17:37 . 2008-05-31 17:37

2008-05-31 16:47 . 2008-06-20 08:30

2008-05-31 16:47 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-31 16:45 . 2008-05-31 16:45

2008-05-31 16:45 . 2008-05-31 16:46

2008-05-31 16:42 . 2008-05-31 16:42

2008-05-31 16:38 . 2008-05-31 17:43

2008-05-31 16:37 . 2008-05-31 16:37

2008-05-31 16:36 . 2008-05-31 16:36

2008-05-31 16:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-05-31 16:27 . 2008-05-31 16:28

2008-05-31 14:17 . 2008-05-31 14:17

2008-05-31 14:11 . 2008-05-31 14:11

2008-05-31 14:11 . 2005-03-04 05:10 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys

2008-05-31 14:04 . 2005-04-26 05:22 60,928 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-05-31 14:03 . 2008-05-31 14:04

2008-05-31 06:27 . 2008-06-29 02:11

2008-05-31 05:42 . 2008-05-31 13:09

2008-05-31 05:42 . 2008-05-31 05:42

2008-05-31 05:35 . 2008-05-31 05:35

2008-05-31 05:17 . 2008-06-12 22:05

2008-05-31 05:06 . 2008-06-20 08:49

2008-05-31 05:06 . 2008-05-31 05:06

2008-05-31 03:14 . 2008-05-31 03:14

2008-05-31 03:09 . 2007-08-10 20:53 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-31 03:05 . 2008-06-29 11:11

2008-05-31 03:05 . 2008-06-10 21:07

2008-05-31 03:05 . 2008-05-31 02:53

2008-05-31 03:05 . 2008-06-29 10:45

2008-05-31 03:05 . 2008-06-20 20:47

2008-05-31 03:05 . 2008-05-31 04:45

2008-05-31 03:05 . 2008-06-20 08:14

2008-05-31 03:05 . 2008-06-28 20:13

2008-05-31 03:00 . 2008-05-31 03:00

2008-05-31 03:00 . 2008-06-29 11:11

2008-05-31 03:00 . 2008-05-31 03:00

2008-05-31 03:00 . 2008-05-31 03:00

2008-05-31 03:00 . 2008-06-29 11:11

2008-05-31 03:00 . 2008-05-31 03:00

2008-05-31 03:00 . 2008-06-19 23:23

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-01 14:14 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-05-31 12:17 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-31 12:11 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-31 02:45 --------- d-----w C:\Program Files\Realtek Sound Manager

2008-05-31 02:45 --------- d-----w C:\Program Files\Realtek AC97

2008-05-31 02:45 --------- d-----w C:\Program Files\AvRack

2008-05-31 00:57 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-31 00:55 --------- d-----w C:\Program Files\Usługi online

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 16:22 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 15:43 7630848]

“nwiz”=“nwiz.exe” [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-08-11 15:43 86016]

“SoundMan”=“SOUNDMAN.EXE” [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“RaidTool”=C:\Program Files\VIA\RAID\raid_tool.exe

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

“Easy-PrintToolBox”=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe”=

“C:\WINDOWS\system32\sessmgr.exe”=

“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 11:11:26

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-29 11:12:50

ComboFix-quarantined-files.txt 2008-06-29 09:12:43

Pre-Run: 25,639,043,072 bajtów wolnych

Post-Run: 25,611,182,080 bajtów wolnych

244 — E O F — 2008-06-19 18:24:02

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!