Przestało działać połączenie z internetem

[czare]

Na skanowanym komputerze przestało działać połączenie z internetem.

Podaję loga z Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:58, on 2009-07-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Czarek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PDFCreatorClient] ; C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] ; "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] ; "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] ; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD LT 2002 Plk\SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002 Plk\AcPreview.ocx
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Usługa F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9ad2a19c31cbe) (gupdate1c9ad2a19c31cbe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe

--
End of file - 9226 bytes

i log z ComboFix:

ComboFix 09-07-19.04 - Czarek 2009-07-20 19:05.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1535.1101 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Czarek\Pulpit\ComboFix.exe
AV: F-Secure Client Security 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-20 do 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 06:48 . 2009-07-20 06:48 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-07-05 13:26 . 2009-07-05 20:02 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\F-Secure
2009-07-05 13:24 . 2009-07-05 13:24 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\F-Secure
2009-07-05 13:24 . 2008-10-09 10:18 79872 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-07-05 13:23 . 2009-07-05 13:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F-Secure
2009-07-05 13:19 . 2009-07-05 13:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\fssg
2009-07-05 13:18 . 2009-07-05 13:24 -------- d-----w- c:\program files\F-Secure
2009-07-04 21:37 . 2009-07-04 21:37 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-04 21:36 . 2009-07-04 21:37 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-06-30 14:25 . 2009-06-30 14:40 -------- d-----w- c:\documents and settings\Czarek\Ustawienia lokalne\Dane aplikacji\Temp
2009-06-26 17:34 . 2008-03-25 03:47 200704 ----a-r- c:\windows\system32\fdco1.dll
2009-06-26 17:34 . 2008-03-25 03:48 54400 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-26 17:34 . 2008-03-12 04:14 3948 ----a-r- c:\windows\system32\drivers\nvphy.bin
2009-06-26 17:34 . 2008-03-14 02:47 442368 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-26 17:34 . 2008-03-25 03:46 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-06-26 17:34 . 2008-03-14 02:47 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-26 17:34 . 2008-03-25 03:48 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-26 17:34 . 2008-03-25 03:47 953088 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-26 17:34 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-06-26 17:23 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2009-06-26 17:22 . 2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
2009-06-26 17:22 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe
2009-06-26 17:22 . 2008-07-15 05:47 1196032 ------r- c:\windows\RtlUpd.exe
2009-06-26 17:22 . 2008-06-19 08:27 9715200 ------r- c:\windows\RTLCPL.exe
2009-06-26 17:22 . 2008-07-24 10:02 4749824 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-06-26 17:22 . 2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
2009-06-26 17:22 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-06-26 17:22 . 2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
2009-06-26 17:22 . 2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
2009-06-26 17:22 . 2009-06-26 17:22 -------- d-----w- c:\program files\Realtek
2009-06-26 17:21 . 2009-06-26 17:21 319488 ----a-w- c:\windows\HideWin.exe
2009-06-26 17:21 . 2008-07-15 05:58 524288 ------r- c:\windows\RtlExUpd.dll
2009-06-23 22:10 . 2009-06-23 23:30 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\BitTorrent
2009-06-23 22:09 . 2009-06-23 22:09 -------- d-----w- c:\documents and settings\Czarek\Ustawienia lokalne\Dane aplikacji\DNA
2009-06-23 22:09 . 2009-06-26 17:29 -------- d-----w- c:\program files\DNA
2009-06-23 22:09 . 2009-06-26 17:29 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\DNA
2009-06-23 22:09 . 2009-06-23 22:32 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 13:24 . 2006-03-02 12:00 471324 ----a-w- c:\windows\system32\perfh015.dat
2009-07-05 13:24 . 2006-03-02 12:00 84630 ----a-w- c:\windows\system32\perfc015.dat
2009-07-05 13:21 . 2007-04-05 13:48 -------- d-----w- c:\program files\ESET
2009-07-04 21:54 . 2007-02-07 09:01 -------- d-----w- c:\program files\Winamp
2009-07-04 07:32 . 2008-05-03 18:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-04 07:31 . 2008-02-13 19:12 -------- d-----w- c:\program files\Lavasoft
2009-07-04 07:31 . 2006-11-28 09:59 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\Lavasoft
2009-07-04 06:41 . 2009-03-17 09:53 117760 ----a-w- c:\documents and settings\Czarek\Dane aplikacji\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 22:40 . 2007-03-23 08:45 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\Skype
2009-06-30 14:41 . 2006-10-28 15:07 -------- d-----w- c:\program files\Google
2009-06-26 17:22 . 2006-10-10 18:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\program files\Winamp Toolbar
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-06-13 07:45 . 2009-04-17 15:16 -------- d-----w- c:\program files\MF8-2009
2009-05-27 17:27 . 2006-10-11 18:25 -------- d-----w- c:\program files\AutoCAD LT 2002 Plk
2009-05-22 08:15 . 2009-05-22 08:15 -------- d-----w- c:\program files\Athenasoft
2009-05-07 15:44 . 2006-03-02 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:47 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-12-19 14:59 . 2008-12-19 14:59 98916 ----a-w- c:\program files\mtransfer.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-07-20_16.52.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 16:56 . 2009-07-20 16:56 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-23 321344]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-31 136600]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"PDFCreatorClient"="c:\program files\JawsSystems\Jaws PDF Creator\PDFClient.exe" [2003-12-09 315392]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-17 11:06 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Metacafe.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Czarek^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Czarek\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-07-05 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-07-05 66720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R2 Kmm4xNT;Kmm4xNT;c:\windows\system32\drivers\KMM4XNT.SYS [2009-05-22 95484]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-07-05 76896]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2006-03-02 14336]
S2 gupdate1c9ad2a19c31cbe;Google Update Service (gupdate1c9ad2a19c31cbe);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-07-05 55904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-07-05 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-07-05 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu 'Zaplanowane zadania'

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 09:14]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 09:14]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Subskrybuj w MoneyRss
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2002 Plk\InstFred.ocx
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://megapanel.gem.pl/WebInstaller.dll
DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD LT 2002 Plk\InstBanr.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 19:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(716)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(1684)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\f-secure\scanner-interface\fsgkiapi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-07-20 19:11
ComboFix-quarantined-files.txt 2009-07-20 17:10
ComboFix2.txt 2009-07-20 16:54

Przed: 27 115 634 688 bajtów wolnych
Po: 27 076 276 224 bajtów wolnych

234 --- E O F --- 2009-07-20 16:58

[AJAN]

przeskanuj komputer Dr.Web Cure It!
gdy będą wirusy pokaż raport (po zakończeniu skanowania Plik Zapisz listę raportu)

pobierz MalwareByte's
Klikasz "Skanuj" Wybierasz dyski i skanujesz jak jakieś będą to Usuń i pokaż raport

[czare]

Log z Dr.Web"

uninstall.exe.vir C:\Qoobox\Quarantine\C\Program Files\Give4Free Plugin Adware.SearchTwo Niewyleczalny.Usunięty.
A0043334.exe/data002\32788R22FWJFW\C.bat C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP256\A0043334.exe/data002 Prawdopodobnie BATCH.Virus
A0043334.exe/data002\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP256\A0043334.exe/data002 Program.PsExec.171
data002 C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP256 Archiwum zawierające zainfekowane obiekty
A0043334.exe C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP256 Kontener zawiera zainfekowane obiekty Przeniesiony.
A0043350.bat C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP256 Prawdopodobnie BATCH.Virus Niewyleczalny.Usunięty.
A0044151.exe C:\System Volume Information\_restore{3CB98C31-AA87-4CA4-A1B4-18659AB32D78}\RP262 Adware.SearchTwo Niewyleczalny.Usunięty.

I log z Malwarebytes:

Malwarebytes' Anti-Malware 1.39
Wersja bazy definicji: 2421
Windows 5.1.2600 Dodatek Service Pack 2

2009-07-21 14:36:19
mbam-log-2009-07-21 (14-36-19).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|)
Przeskanowane obiekty: 223047
Upłynęło: 1 hour(s), 16 minute(s), 2 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)

[AJAN]

przeskanuj jeszcze raz combofix i daj loga

[czare]

log z ComboFix

ComboFix 09-07-21.05 - Czarek 2009-07-22 19:02.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1535.1059 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Czarek\Pulpit\ComboFix.exe
AV: F-Secure Client Security 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 15:05 . 2009-07-22 15:05 -------- d-----w- c:\windows\LastGood
2009-07-22 10:05 . 2009-07-22 10:05 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-21 22:18 . 2009-07-21 22:18 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2009-07-21 11:15 . 2009-07-21 11:15 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\Malwarebytes
2009-07-21 11:15 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 11:15 . 2009-07-21 11:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-21 11:15 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 11:15 . 2009-07-21 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 06:48 . 2009-07-20 06:48 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-07-05 13:26 . 2009-07-05 20:02 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\F-Secure
2009-07-05 13:24 . 2009-07-05 13:24 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\F-Secure
2009-07-05 13:24 . 2008-10-09 10:18 79872 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-07-05 13:23 . 2009-07-05 13:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F-Secure
2009-07-05 13:19 . 2009-07-05 13:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\fssg
2009-07-05 13:18 . 2009-07-22 15:04 -------- d-----w- c:\program files\F-Secure
2009-07-04 21:37 . 2009-07-04 21:37 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-04 21:36 . 2009-07-04 21:37 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-06-30 14:25 . 2009-06-30 14:40 -------- d-----w- c:\documents and settings\Czarek\Ustawienia lokalne\Dane aplikacji\Temp
2009-06-26 17:34 . 2008-03-25 03:47 200704 ----a-r- c:\windows\system32\fdco1.dll
2009-06-26 17:34 . 2008-03-25 03:48 54400 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-26 17:34 . 2008-03-12 04:14 3948 ----a-r- c:\windows\system32\drivers\nvphy.bin
2009-06-26 17:34 . 2008-03-14 02:47 442368 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-26 17:34 . 2008-03-25 03:46 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-06-26 17:34 . 2008-03-14 02:47 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-26 17:34 . 2008-03-25 03:48 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-26 17:34 . 2008-03-25 03:47 953088 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-26 17:34 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-06-26 17:23 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2009-06-26 17:22 . 2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
2009-06-26 17:22 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe
2009-06-26 17:22 . 2008-07-15 05:47 1196032 ------r- c:\windows\RtlUpd.exe
2009-06-26 17:22 . 2008-06-19 08:27 9715200 ------r- c:\windows\RTLCPL.exe
2009-06-26 17:22 . 2008-07-24 10:02 4749824 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-06-26 17:22 . 2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
2009-06-26 17:22 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-06-26 17:22 . 2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
2009-06-26 17:22 . 2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
2009-06-26 17:22 . 2009-06-26 17:22 -------- d-----w- c:\program files\Realtek
2009-06-26 17:21 . 2009-06-26 17:21 319488 ----a-w- c:\windows\HideWin.exe
2009-06-26 17:21 . 2008-07-15 05:58 524288 ------r- c:\windows\RtlExUpd.dll
2009-06-23 22:10 . 2009-06-23 23:30 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\BitTorrent
2009-06-23 22:09 . 2009-06-23 22:09 -------- d-----w- c:\documents and settings\Czarek\Ustawienia lokalne\Dane aplikacji\DNA
2009-06-23 22:09 . 2009-06-26 17:29 -------- d-----w- c:\program files\DNA
2009-06-23 22:09 . 2009-06-26 17:29 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\DNA
2009-06-23 22:09 . 2009-06-23 22:32 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 13:24 . 2006-03-02 12:00 471324 ----a-w- c:\windows\system32\perfh015.dat
2009-07-05 13:24 . 2006-03-02 12:00 84630 ----a-w- c:\windows\system32\perfc015.dat
2009-07-05 13:21 . 2007-04-05 13:48 -------- d-----w- c:\program files\ESET
2009-07-04 21:54 . 2007-02-07 09:01 -------- d-----w- c:\program files\Winamp
2009-07-04 07:32 . 2008-05-03 18:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-04 07:31 . 2008-02-13 19:12 -------- d-----w- c:\program files\Lavasoft
2009-07-04 07:31 . 2006-11-28 09:59 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\Lavasoft
2009-07-04 06:41 . 2009-03-17 09:53 117760 ----a-w- c:\documents and settings\Czarek\Dane aplikacji\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 22:40 . 2007-03-23 08:45 -------- d-----w- c:\documents and settings\Czarek\Dane aplikacji\Skype
2009-06-30 14:41 . 2006-10-28 15:07 -------- d-----w- c:\program files\Google
2009-06-26 17:22 . 2006-10-10 18:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\program files\Winamp Toolbar
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2009-06-13 07:45 . 2009-04-17 15:16 -------- d-----w- c:\program files\MF8-2009
2009-05-27 17:27 . 2006-10-11 18:25 -------- d-----w- c:\program files\AutoCAD LT 2002 Plk
2009-05-07 15:44 . 2006-03-02 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:47 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-12-19 14:59 . 2008-12-19 14:59 98916 ----a-w- c:\program files\mtransfer.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-07-20_16.52.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 15:02 . 2009-07-22 15:02 16384 c:\windows\temp\Perflib_Perfdata_330.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-23 321344]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-31 136600]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"PDFCreatorClient"="c:\program files\JawsSystems\Jaws PDF Creator\PDFClient.exe" [2003-12-09 315392]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-17 11:06 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Metacafe.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Czarek^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Czarek\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-07-22 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-07-05 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-07-05 66720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R2 Kmm4xNT;Kmm4xNT;c:\windows\system32\drivers\KMM4XNT.SYS [2009-05-22 95484]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-07-05 99960]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2006-03-02 14336]
S2 gupdate1c9ad2a19c31cbe;Google Update Service (gupdate1c9ad2a19c31cbe);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-07-05 55904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-07-05 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-07-05 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu 'Zaplanowane zadania'

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 09:14]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 09:14]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Subskrybuj w MoneyRss
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: {CB6FCBAF-3ACF-412D-B18C-8F1F8381C8BD} = 192.168.1.1,80.244.128.1
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2002 Plk\InstFred.ocx
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://megapanel.gem.pl/WebInstaller.dll
DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD LT 2002 Plk\InstBanr.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 19:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1935655697-776561741-682003330-1004\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(752)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(176)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\f-secure\scanner-interface\fsgkiapi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-07-22 19:07
ComboFix-quarantined-files.txt 2009-07-22 17:06
ComboFix2.txt 2009-07-20 16:54

Przed: 26 802 380 800 bajtów wolnych
Po: 26 806 784 000 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

249 --- E O F --- 2009-07-22 11:49