prośba o sprawdzenie loga z combofixa

[zogert]

Witam. mam problem z komputerem. W chwili podłączenia go do sieci łapie ostrą zamułkę i przestają działać niektóre programy. Zanim jeszcze podepnę kabel sieciowy to w urzyciu pliku stron mam ciągle ok 300/400mb. Proszę o pomoc

oto log z combofixa:

ComboFix 08-05-07.1 - zogert 2008-05-08 13:14:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1549 [GMT 2:00]
Running from: D:\Nowy folder (3)\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-06 19:08 . 2008-05-06 19:08 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-06 19:07 . 2008-05-06 19:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-06 19:07 . 2007-06-24 13:18 250,880 --a------ C:\WINDOWS\system32\hpzc35hg.dll
2008-05-06 19:06 . 2008-05-06 19:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-06 19:06 . 2008-05-06 19:06 1,984 --a------ C:\WINDOWS\sounder.his
2008-05-06 19:05 . 2008-05-06 19:06 824 --a------ C:\WINDOWS\hpntwksetup.ini
2008-05-06 19:03 . 2008-05-06 19:08 <DIR> d-------- C:\Documents and Settings\zogert\Dane aplikacji\HP
2008-04-22 10:58 . 2007-03-08 01:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-04-22 10:58 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-22 10:58 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-22 10:57 . 2008-04-22 11:03 <DIR> d-------- C:\Program Files\Winamp
2008-04-22 10:57 . 2008-04-22 10:57 <DIR> d-------- C:\Program Files\PDFCreator
2008-04-22 10:57 . 2008-04-22 11:06 <DIR> d-------- C:\Documents and Settings\zogert\Dane aplikacji\Winamp
2008-04-22 10:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 11:02 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\OpenOfficeT72
2008-04-22 09:17 --------- d-----w C:\Program Files\Java
2008-04-07 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 15:15 --------- d-----w C:\Program Files\Contex
2008-04-07 15:02 --------- d-----w C:\Program Files\Common Files\ctx
2008-04-07 14:51 5,542 ----a-w C:\ctx.reg
2008-04-07 14:51 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\InstallShield
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:03 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-19 07:46 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\Gadu-Gadu
2008-03-19 07:45 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-19 06:28 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\AdobeUM
2008-03-18 18:03 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\MfcEmbed
2008-03-18 17:33 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-18 17:18 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\Contex
2008-03-18 16:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-18 16:58 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\Minolta
2008-03-18 16:57 --------- d-----w C:\Program Files\KONICA MINOLTA
2008-03-18 16:53 --------- d-----w C:\Program Files\OpenOfficeT7 2.3.1
2008-03-18 16:53 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 16:49 --------- d-----w C:\Program Files\Ahead
2008-03-18 16:48 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-18 16:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-18 16:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-18 16:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Contex
2008-03-18 16:44 --------- d-----w C:\Program Files\Alwil Software
2008-03-18 16:44 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\Corel
2008-03-18 16:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 16:15 --------- d-----w C:\Documents and Settings\zogert\Dane aplikacji\InsERT GT
2008-03-18 16:13 --------- d-----w C:\Program Files\Common Files\InsERT
2008-03-18 16:12 --------- d-----w C:\Program Files\InsERT
2008-03-18 16:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-03-18 16:03 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-18 16:02 --------- d-----w C:\Program Files\Corel
2008-03-18 15:43 --------- d-----w C:\Program Files\RW-240
2008-03-18 15:38 --------- d-----w C:\Program Files\GIGABYTE
2008-03-18 15:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-18 15:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 15:31 606,848 ----a-w C:\WINDOWS\flashax.exe
2008-03-18 15:31 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-03-18 15:31 --------- d-----w C:\Program Files\AMD
2008-03-18 15:30 --------- d-----w C:\Program Files\Realtek AC97
2008-03-18 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-18 14:25 --------- d-----w C:\Program Files\Usługi online
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsSetupTwo"="E:\Drivers\Chipset\WINXP_2K\SetupDriver.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 09:55 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 10:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe" [2004-06-23 01:20 733184]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ezWTools"="ezWTools /install /bus /nologo" []
"ezConfig"="ezConfig.exe" [2007-04-26 06:35 360448 C:\WINDOWS\system32\ezConfig.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"PUStarter"="C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2007-05-31 16:15 81920]
"RunPUTasktray"="C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" [2007-05-31 16:19 68608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\zogert\Menu Start\Programy\Autostart\
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\zogert\Dane aplikacji\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2008-03-18 17:38:52 40960]
OpenOfficeT7 2.3.1.lnk - C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe [2007-12-08 02:06:24 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
WIDEsystem.lnk - C:\Program Files\Contex\WIDEsystem\WS.exe [2008-03-18 18:36:33 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RW-240\\RW-240\\RW-240 PLOTBASE\\Program\\ADCAPServer.exe"=
"C:\\Program Files\\RW-240\\RW-240\\RW-240 PLOTBASE\\Program\\PBDBru.exe"=
"C:\\Program Files\\Contex\\WIDEsystem\\wsss.exe"=
"C:\\Program Files\\KONICA MINOLTA\\PSC2\\BinBasic\\MPSCFTPS.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Printer Utility\\HPPU.exe"=

R0 diskpws;Disk power system;C:\WINDOWS\system32\drivers\diskpws.sys [2007-05-29 08:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSSQL$INSERTGT;MSSQL$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe [2002-12-17 17:26]
R3 D2;D2 driver;C:\WINDOWS\system32\Drivers\D2.sys [2004-06-01 14:30]
R3 scsiscan;Sterownik skanera SCSI;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 21:53]
S3 SQLAgent$INSERTGT;SQLAgent$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE [2002-12-17 17:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 13:15:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 13:15:31
ComboFix-quarantined-files.txt 2008-05-08 11:15:28
ComboFix2.txt 2008-05-08 11:08:31
ComboFix3.txt 2008-05-08 11:06:36

Pre-Run: 35,144,753,152 bajtów wolnych
Post-Run: 35,137,343,488 bajtów wolnych

146 --- E O F --- 2008-05-06 17:16:29

[huber2t]

W logu nic nie widzę
Pokaz log z hijackthis

[zogert]

podaję loda z HJTInstall



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:49, on 2008-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RW-240\RW-240\RW-240 PLOTCLIENT-Web\Apache\Apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe
C:\Program Files\RW-240\RW-240\RW-240 PLOTCLIENT-Web\Apache\Apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ezConfig.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Contex\WIDEsystem\WS.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.exe
C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xeroserwis.eu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AsSetupTwo] "E:\Drivers\Chipset\WINXP_2K\SetupDriver.exe" -two
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052208 serial=DR12WRX-0555719-TZG lang=PL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ezWTools] ezWTools /install /bus /nologo
O4 - HKLM\..\Run: [ezConfig] ezConfig.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
O4 - HKLM\..\Run: [RunPUTasktray] "C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WIDEsystem.lnk = C:\Program Files\Contex\WIDEsystem\WS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hp.com (HKLM)
O18 - Protocol: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
O18 - Protocol: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O18 - Protocol: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O18 - Protocol: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\RW-240\RW-240\RW-240 PLOTCLIENT-Web\Apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7356 bytes

[huber2t]

fix w hijackthis

O4 - HKLM\..\Run: [ezWTools] ezWTools /install /bus /nologo
O4 - HKLM\..\Run: [ezConfig] ezConfig.exe

Pokaż nowy log z combofix

[zogert]

Trochę mnie niebyło i nie miałem dostępu do kompa. ten wpis na którego kazałeś zrobić fiksa to program zarządzający kartą "Goliath" www.goliath.pl służącą do przywracania systemu i ochrony dysku przed różnym robactwem. Ale jak widać nie pomogła. Zrobiłem mimo to tego fiksa ale nic nie pomogło. Sytuacja którą opisuję nie dzieje się po raz pierwszy i za każdym razem kończyła się formatem. Już mnie to męczy i postanowiłem znależć przyczynę i zdusić problem w zarodku. jeżeli znasz jeszcze jakieś metody na znalezienie syfa to bardzo proszę o pomoc.

[huber2t]

Prosiłem cię o log z ComboFix