[log] net sie przycina

[gus]

Ostatnio zmieniłem lokalnego providera netu na UPC. Od tamtej pory pomimo ze "bandwidth tests" pokazuja, że mam lepsze osiagi w sciaganiu to net dziala mi beznadziejnie. Call centre powiedzialo mi, ze moge miec problem z kompem.
Ogolnie to net momentami sie przycina, sciaganie przez torrenty nawala...

Kod: Zaznacz wszystko

ComboFix 08-07-21.2 - krzysiek 2009-02-12 15:33:15.13 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.535 [GMT 1:00]
Running from: D:\Programy\Problemy z kompem\Rejestr\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2009-01-12 to 2009-02-12  )))))))))))))))))))))))))))))))
.

2009-02-10 01:00 . 2009-02-10 01:00   <DIR>   d--------   C:\Program Files\Panda Security
2009-02-10 01:00 . 2008-06-19 16:24   28,544   --a------   C:\WINDOWS\system32\drivers\pavboot.sys
2009-02-02 21:01 . 2009-02-03 18:42   <DIR>   d--------   C:\Chłopaki z Sąsiedztwa
2009-02-01 19:42 . 2009-02-01 19:42   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\HipSoft
2009-01-29 01:10 . 2009-01-30 03:25   <DIR>   d--------   C:\Spanglish.DVDRip.XviD-DiAMOND
2009-01-26 00:50 . 2009-01-26 02:20   <DIR>   d--------   C:\Pride.And.Glory[2008]DvDrip-aXXo
2009-01-25 22:06 . 2009-01-25 23:51   <DIR>   d--------   C:\The.House.Bunny[2008]DvDrip-aXXo
2009-01-25 01:24 . 2009-01-25 03:06   <DIR>   d--------   C:\The.Dark.Knight[2008]DvDrip-aXXo
2009-01-24 21:31 . 2009-01-25 15:02   <DIR>   d--------   C:\Program Files\Winamp Remote
2009-01-15 11:13 . 2009-01-26 21:12   <DIR>   d--------   C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\FileZilla
2009-01-15 11:12 . 2009-01-15 11:12   <DIR>   d--------   C:\Program Files\FileZilla FTP Client
2009-01-15 03:01 . 2009-01-15 03:01   118   --a------   C:\WINDOWS\system32\MRT.INI
2009-01-14 10:01 . 2009-01-14 10:01   61,440   --a------   C:\WINDOWS\system32\TDSScfub.dll
2009-01-14 10:01 . 2009-01-14 10:01   35,840   --a------   C:\WINDOWS\system32\TDSSofxh.dll
2009-01-14 10:01 . 2009-01-14 10:01   31,232   --a------   C:\WINDOWS\system32\TDSSriqp.dll
2009-01-14 10:01 . 2009-01-14 10:01   29,696   --a------   C:\WINDOWS\system32\TDSSnrsr.dll
2009-01-14 10:01 . 2009-01-14 10:01   2,204   --a------   C:\WINDOWS\system32\TDSSfxmp.dll
2009-01-14 10:01 . 2009-01-14 10:01   441   --a------   C:\WINDOWS\system32\TDSSosvd.dat
2009-01-13 01:28 . 2009-01-13 01:28   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 14:29   ---------   d-----w   C:\Program Files\lg_fwupdate
2009-02-08 21:49   ---------   d-----w   C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\foobar2000
2009-02-08 17:22   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2009-01-29 08:44   ---------   d-----w   C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\MegauploadToolbar
2009-01-16 16:21   3,596,288   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2009-01-13 00:29   ---------   d-----w   C:\Program Files\ESET
2009-01-13 00:27   ---------   d-----w   C:\Program Files\SkanerOnline
2009-01-13 00:27   ---------   d-----w   C:\Program Files\Movie Label 2009
2009-01-13 00:26   ---------   d-----w   C:\Program Files\Antenna
2009-01-11 17:42   ---------   d-----w   C:\Program Files\DOSBox-0.72
2009-01-11 17:28   ---------   d-----w   C:\Program Files\NOS
2009-01-11 17:28   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\NOS
2008-12-19 09:41   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-12-19 09:41   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-12-19 05:25   634,024   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-12-19 05:24   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-12-12 12:39   ---------   d-----w   C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\SolidDocuments
2008-12-12 12:35   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\SolidDocuments
2008-12-11 10:57   333,952   ------w   C:\WINDOWS\system32\dllcache\srv.sys
2008-11-10 20:04   133,296   -c--a-w   C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-07-27 11:25   1,378   -c--a-w   C:\Program Files\uninstal.log
2008-06-15 19:33   32   -c--a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2001-08-13 13:51   1,396,337   ----a-w   C:\Program Files\Captura.exe
2002-01-02 00:48   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012002010220020103\index.dat
2008-11-09 09:04   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008110920081110\index.dat
.

------- Sigcheck -------

2007-10-30 17:53  360832  64798ecfa43d78c7178375fcdd16d8c8   C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2007-10-16 00:19  360576  0fb6743e937c7bb248b2530a5a77abc6   C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20  361344  93ea8d04ec73a85db02eb8805988f733   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:20  360064  90caff4b094573449a0872a0f919b178   C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:51  361600  9425b72f40257b45d45d24773273dad0   C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2009-01-13_16.37.14.70   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 19:49:06   124,928   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 19:49:06   347,136   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 19:49:06   214,528   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 19:49:06   132,608   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 19:49:06   63,488   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 12:46:08   70,656   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 19:49:06   153,088   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 19:49:07   230,400   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 06:33:26   161,792   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 19:49:07   380,928   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 19:49:08   388,608   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 19:49:12   6,068,224   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 19:49:12   44,544   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 19:49:13   267,776   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 12:46:08   13,824   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 06:34:58   633,632   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 19:49:14   27,648   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 19:49:15   459,264   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 19:49:15   52,224   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:28:15   3,594,752   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 19:49:23   477,696   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 19:49:23   193,024   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 19:49:24   671,232   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 19:49:24   102,912   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 19:49:24   44,544   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 03:28:40   216,288   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50   386,784   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 19:49:24   105,984   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 19:49:25   1,163,264   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 19:49:26   233,472   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 19:49:27   827,904   -c----w   C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll
- 2000-08-31 07:00:00   29,696   ----a-w   C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00   28,672   ----a-w   C:\WINDOWS\NIRCMD.exe
- 2008-10-16 19:49:06   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
+ 2008-12-20 23:48:45   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
- 2008-11-26 17:21:30   1,236,208   ----a-w   C:\WINDOWS\system32\aswBoot.exe
+ 2009-02-05 21:11:35   1,256,296   ----a-w   C:\WINDOWS\system32\aswBoot.exe
- 2008-11-26 17:15:10   97,480   ----a-w   C:\WINDOWS\system32\AvastSS.scr
+ 2009-02-05 21:04:45   97,480   ----a-w   C:\WINDOWS\system32\AvastSS.scr
- 2009-01-13 15:18:01   16,384   -csha-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-14 09:01:47   16,384   -csha-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2009-01-13 15:18:01   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-01-14 09:01:47   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-01-13 15:18:01   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 09:01:47   32,768   -csha-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-16 19:49:06   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-12-20 23:48:45   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-10-16 19:49:06   347,136   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:48:45   347,136   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-10-16 19:49:06   214,528   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:48:45   214,528   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-10-16 19:49:06   132,608   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-12-20 23:48:45   132,608   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-10-16 19:49:06   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-12-20 23:48:45   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-10-16 19:49:06   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:48:45   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-10-16 19:49:07   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:48:46   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-10-16 19:49:07   380,928   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:48:46   380,928   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-10-16 19:49:08   388,608   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:48:46   388,608   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-10-16 19:49:12   6,068,224   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-12-20 23:48:48   6,068,736   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-10-16 19:49:12   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-12-20 23:48:48   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-10-16 19:49:13   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-12-20 23:48:48   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-10-16 19:49:14   27,648   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:48:49   27,648   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-10-16 19:49:15   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:48:49   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-10-16 19:49:15   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:48:49   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-10-16 19:49:23   477,696   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:48:52   477,696   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-10-16 19:49:23   193,024   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-12-20 23:48:52   193,024   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-10-16 19:49:24   671,232   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-12-20 23:48:53   671,232   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-10-16 19:49:24   102,912   ------w   C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-12-20 23:48:53   102,912   ------w   C:\WINDOWS\system32\dllcache\occache.dll
- 2008-10-16 19:49:24   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:48:53   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-10-16 19:49:24   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
+ 2008-12-20 23:48:53   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
- 2008-10-16 19:49:25   1,163,264   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-12-20 23:48:54   1,163,264   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-10-16 19:49:26   233,472   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-12-20 23:48:54   233,472   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-10-16 19:49:27   827,904   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-12-20 23:48:54   827,904   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-11-26 17:15:35   26,944   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2009-02-05 21:05:11   26,944   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-11-26 17:17:25   20,560   ----a-w   C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2009-02-05 21:07:12   20,560   ----a-w   C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-11-26 17:18:25   93,296   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
+ 2009-02-05 21:08:19   93,296   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
- 2008-11-26 17:18:18   94,032   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2009-02-05 21:08:10   94,032   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-11-26 17:16:29   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2009-02-05 21:06:10   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-11-26 17:17:36   111,184   ----a-w   C:\WINDOWS\system32\drivers\aswSP.sys
+ 2009-02-05 21:07:23   114,768   ----a-w   C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-11-26 17:16:38   50,864   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2009-02-05 21:06:20   51,376   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-09-08 10:41:42   333,824   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
+ 2008-12-11 10:57:09   333,952   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
- 2008-10-16 19:49:06   347,136   ----a-w   C:\WINDOWS\system32\dxtmsft.dll
+ 2008-12-20 23:48:45   347,136   ----a-w   C:\WINDOWS\system32\dxtmsft.dll
- 2008-10-16 19:49:06   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
+ 2008-12-20 23:48:45   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
- 2008-10-16 19:49:06   132,608   ----a-w   C:\WINDOWS\system32\extmgr.dll
+ 2008-12-20 23:48:45   132,608   ----a-w   C:\WINDOWS\system32\extmgr.dll
- 2008-10-16 19:49:06   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
+ 2008-12-20 23:48:45   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
- 2008-10-16 12:46:08   70,656   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
+ 2008-12-19 09:41:51   70,656   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
- 2008-10-16 19:49:06   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
+ 2008-12-20 23:48:45   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
- 2008-10-16 19:49:07   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
+ 2008-12-20 23:48:46   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
- 2008-10-15 06:33:26   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
+ 2008-12-19 05:24:02   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
- 2008-10-16 19:49:07   380,928   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
+ 2008-12-20 23:48:46   380,928   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
- 2008-10-16 19:49:08   388,608   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
+ 2008-12-20 23:48:46   388,608   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
- 2008-10-16 19:49:12   6,068,224   ----a-w   C:\WINDOWS\system32\ieframe.dll
+ 2008-12-20 23:48:48   6,068,736   ----a-w   C:\WINDOWS\system32\ieframe.dll
- 2008-10-16 19:49:12   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
+ 2008-12-20 23:48:48   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
- 2008-10-16 19:49:13   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
+ 2008-12-20 23:48:48   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
- 2008-10-16 12:46:08   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
+ 2008-12-19 09:41:52   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
- 2008-10-16 19:49:14   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
+ 2008-12-20 23:48:49   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
- 2008-12-09 23:24:37   17,593,280   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2009-02-03 23:21:12   21,244,864   ----a-w   C:\WINDOWS\system32\MRT.exe
- 2008-10-16 19:49:15   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
+ 2008-12-20 23:48:49   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
- 2008-10-16 19:49:15   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-12-20 23:48:49   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
- 2008-12-13 06:28:15   3,594,752   ----a-w   C:\WINDOWS\system32\mshtml.dll
+ 2009-01-16 16:21:42   3,596,288   ----a-w   C:\WINDOWS\system32\mshtml.dll
- 2008-10-16 19:49:23   477,696   ----a-w   C:\WINDOWS\system32\mshtmled.dll
+ 2008-12-20 23:48:52   477,696   ----a-w   C:\WINDOWS\system32\mshtmled.dll
- 2008-10-16 19:49:23   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
+ 2008-12-20 23:48:52   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
- 2008-10-16 19:49:24   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
+ 2008-12-20 23:48:53   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
- 2008-10-16 19:49:24   102,912   ----a-w   C:\WINDOWS\system32\occache.dll
+ 2008-12-20 23:48:53   102,912   ----a-w   C:\WINDOWS\system32\occache.dll
- 2008-10-16 19:49:24   44,544   ----a-w   C:\WINDOWS\system32\pngfilt.dll
+ 2008-12-20 23:48:53   44,544   ----a-w   C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:40:46   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
+ 2008-07-09 07:57:12   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
- 2008-10-16 19:49:24   105,984   ----a-w   C:\WINDOWS\system32\url.dll
+ 2008-12-20 23:48:53   105,984   ----a-w   C:\WINDOWS\system32\url.dll
- 2008-10-16 19:49:25   1,163,264   ----a-w   C:\WINDOWS\system32\urlmon.dll
+ 2008-12-20 23:48:54   1,163,264   ----a-w   C:\WINDOWS\system32\urlmon.dll
- 2008-10-16 19:49:26   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
+ 2008-12-20 23:48:54   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
- 2008-10-16 19:49:27   827,904   ----a-w   C:\WINDOWS\system32\wininet.dll
+ 2008-12-20 23:48:54   827,904   ----a-w   C:\WINDOWS\system32\wininet.dll
+ 2009-02-12 09:56:03   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:21 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 11:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 18:21 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 03:28 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 16:38 583048]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11 229376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 19:20 16844800 C:\WINDOWS\RTHDCPL.EXE]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:21 15360]

C:\Documents and Settings\krzysiek.PRIVATE-28C405B\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-03-13 08:34 81920 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-06-23 17:26 3706368 C:\Program Files\ASUS\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23042:TCP"= 23042:TCP:BitComet 23042 TCP
"23042:UDP"= 23042:UDP:BitComet 23042 UDP
"24284:TCP"= 24284:TCP:BitComet 24284 TCP
"24284:UDP"= 24284:UDP:BitComet 24284 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 16:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 22:07]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 22:07]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-13 13:54]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 11:01]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 19:45]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 19:45]
.
Contents of the 'Scheduled Tasks' folder
"2008-12-29 07:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-Internet Settings,ProxyServer = socks=
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 15:33:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-12 15:36:12
ComboFix-quarantined-files.txt  2009-02-12 14:36:00

Pre-Run: 1,376,845,824 bajtów wolnych
Post-Run: 1,444,904,960 bajtów wolnych

372   --- E O F ---   2009-02-11 21:05:44


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39, on 2009-02-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8354 bytes


[wojtas]

skasuj tego combofixa co masz:

sciagnij:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ale nie odpalaj...
Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\TDSScfub.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSSriqp.dll
C:\WINDOWS\system32\TDSSnrsr.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSosvd.dat

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[gus]

Kod: Zaznacz wszystko

ComboFix 09-02-12.03 - krzysiek 2009-02-12 22:09:19.14 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1023.516 [GMT 1:00]
Uruchomiony z: c:\documents and settings\krzysiek.PRIVATE-28C405B\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\krzysiek.PRIVATE-28C405B\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


(((((((((((((((((((((((((   Pliki utworzone od 2009-01-12 do 2009-02-12  )))))))))))))))))))))))))))))))
.

2009-02-10 01:00 . 2009-02-10 01:00   <DIR>   d--------   c:\program files\Panda Security
2009-02-10 01:00 . 2008-06-19 16:24   28,544   --a------   c:\windows\system32\drivers\pavboot.sys
2009-02-02 21:01 . 2009-02-03 18:42   <DIR>   d--------   C:\Chłopaki z Sąsiedztwa
2009-02-01 19:42 . 2009-02-01 19:42   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HipSoft
2009-01-29 01:10 . 2009-01-30 03:25   <DIR>   d--------   C:\Spanglish.DVDRip.XviD-DiAMOND
2009-01-26 00:50 . 2009-01-26 02:20   <DIR>   d--------   C:\Pride.And.Glory[2008]DvDrip-aXXo
2009-01-25 22:06 . 2009-01-25 23:51   <DIR>   d--------   C:\The.House.Bunny[2008]DvDrip-aXXo
2009-01-25 01:24 . 2009-01-25 03:06   <DIR>   d--------   C:\The.Dark.Knight[2008]DvDrip-aXXo
2009-01-24 21:31 . 2009-01-25 15:02   <DIR>   d--------   c:\program files\Winamp Remote
2009-01-15 11:13 . 2009-01-26 21:12   <DIR>   d--------   c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\FileZilla
2009-01-15 11:12 . 2009-01-15 11:12   <DIR>   d--------   c:\program files\FileZilla FTP Client
2009-01-15 03:01 . 2009-01-15 03:01   118   --a------   c:\windows\system32\MRT.INI
2009-01-13 01:28 . 2009-01-13 01:28   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 21:13   ---------   d-----w   c:\program files\lg_fwupdate
2009-02-08 21:49   ---------   d-----w   c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\foobar2000
2009-02-08 17:22   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-29 08:44   ---------   d-----w   c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\MegauploadToolbar
2009-01-13 00:29   ---------   d-----w   c:\program files\ESET
2009-01-13 00:27   ---------   d-----w   c:\program files\SkanerOnline
2009-01-13 00:27   ---------   d-----w   c:\program files\Movie Label 2009
2009-01-13 00:26   ---------   d-----w   c:\program files\Antenna
2009-01-11 17:42   ---------   d-----w   c:\program files\DOSBox-0.72
2009-01-11 17:28   ---------   d-----w   c:\program files\NOS
2009-01-11 17:28   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\NOS
2008-12-12 12:39   ---------   d-----w   c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\SolidDocuments
2008-12-12 12:35   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\SolidDocuments
2008-11-10 20:04   133,296   -c--a-w   c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-07-27 11:25   1,378   -c--a-w   c:\program files\uninstal.log
2008-06-15 19:33   32   -c--a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2001-08-13 13:51   1,396,337   ----a-w   c:\program files\Captura.exe
2002-01-02 00:48   32,768   -csha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012002010220020103\index.dat
2008-11-09 09:04   32,768   -csha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008110920081110\index.dat
.

------- Sigcheck -------

2007-10-30 17:53  360832  64798ecfa43d78c7178375fcdd16d8c8   c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59  361600  ad978a1b783b5719720cff204b666c8e   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:44  360960  744e57c99232201ae98c49168b918f48   c:\windows\$NtServicePackUninstall$\tcpip.sys
2007-10-16 00:19  360576  0fb6743e937c7bb248b2530a5a77abc6   c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:20  360064  90caff4b094573449a0872a0f919b178   c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20  361344  accf5a9a1ffaa490f33dba1c632b95e1   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51  361600  9425b72f40257b45d45d24773273dad0   c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51  361600  9425b72f40257b45d45d24773273dad0   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2009-02-12_15.35.39.60   )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00   28,672   ----a-w   c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00   29,696   ----a-w   c:\windows\NIRCMD.exe
+ 2009-02-12 21:12:44   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_5d0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 c:\windows\RTHDCPL.EXE]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\krzysiek.PRIVATE-28C405B\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk
backup=c:\windows\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-03-13 08:34 81920 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-06-23 17:26 3706368 c:\program files\ASUS\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 10:22 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23042:TCP"= 23042:TCP:BitComet 23042 TCP
"23042:UDP"= 23042:UDP:BitComet 23042 UDP
"24284:TCP"= 24284:TCP:BitComet 24284 TCP
"24284:UDP"= 24284:UDP:BitComet 24284 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-10 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-13 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-13 20560]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-06-03 198336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-11 33752]
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\krzysiek.PRIVATE-28C405B\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]jnjom52.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 22:12:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1659004503-682003330-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\d*& ]
@Class="Shell"
"a"="d:\\Firma\\Suplementy\\Spedycja\\Inspekcja\\Nowy folder\\7511 Precision Iso-Pro Low Carb Vanilla Drink Mix Powder.d…"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-2000478354-1659004503-682003330-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d*& ]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2000478354-1659004503-682003330-1003_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d*& \OpenWithList]
@Class="Shell"
"a"="PDFCreator.exe"
"MRUList"="a"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-12 22:15:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-12 21:15:12
ComboFix2.txt  2009-02-12 14:36:14

Przed: 1,376,407,552 bajtów wolnych
Po: 1,387,352,064 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
243   --- E O F ---   2009-02-11 21:05:44


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.