problem z trojan-gen

[Laufif]

Prosze wielce o pomoc. Avast wykryl mi wirusa trojan-gen. Lecze ten wirus sie jakos przenosi, co go skasuje to po nastepnym uruchomieniu jest gdzie indziej. Pomórzcie please

mój log

Logfile of HijackThis v1.99.1
Scan saved at 02:19:14, on 2008-01-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/Explorer.EXE
f:/Avast4/aswUpdSv.exe
f:/Avast4/ashServ.exe
C:/WINDOWS/SOUNDMAN.EXE
C:/Program Files/MagicRotation/MagicPvt.exe
C:/Program Files/Java/jre1.6.0_03/bin/jusched.exe
C:/WINDOWS/system32/RUNDLL32.EXE
F:/Microsoft Office/Office12/GrooveMonitor.exe
F:/Avast4/ashDisp.exe
F:/DAEMON Tools/daemon.exe
F:/Gadu-Gadu/gg.exe
C:/WINDOWS/system32/ctfmon.exe
F:/DAEMON Tools Pro/DTProAgent.exe
C:/Program Files/Winamp Remote/bin/OrbTray.exe
F:/Nokia/Nokia PC Suite 6/PCSuite.exe
C:/Program Files/SEC/MagicTune3.6/MagicTune.exe
C:/Program Files/Winamp Remote/bin/Orb.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/system32/nvsvc32.exe
f:/Alcohol Soft/Alcohol 120/StarWind/StarWindServiceAE.exe
C:/WINDOWS/system32/svchost.exe
f:/Avast4/ashMaiSv.exe
f:/Avast4/ashWebSv.exe
C:/Program Files/PC Connectivity Solution/ServiceLayer.exe
C:/Program Files/PC Connectivity Solution/Transports/NclUSBSrv.exe
C:/Program Files/PC Connectivity Solution/Transports/NclRSSrv.exe
C:/WINDOWS/System32/svchost.exe
D:/hijackthis/HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.google.pl/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU/Software/Microsoft/Internet Connection Wizard,ShellNext = http://www.znak.pl/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:/MICROS~1/Office12/GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:/Program Files/Java/jre1.6.0_03/bin/ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:/Program Files/Alcohol Toolbar/v3.2.0.0/Alcohol_Toolbar.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:/Program Files/Helper/superfindout.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:/Program Files/Alcohol Toolbar/v3.2.0.0/Alcohol_Toolbar.dll
O4 - HKLM/../Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM/../Run: [MagicRotation] C:/Program Files/MagicRotation/MagicPvt.exe
O4 - HKLM/../Run: [SunJavaUpdateSched] "C:/Program Files/Java/jre1.6.0_03/bin/jusched.exe"
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/system32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/system32/NvMcTray.dll,NvTaskbarInit
O4 - HKLM/../Run: [GrooveMonitor] "F:/Microsoft Office/Office12/GrooveMonitor.exe"
O4 - HKLM/../Run: [WinampAgent] f:/Winamp/winampa.exe
O4 - HKLM/../Run: [License] locker.exe
O4 - HKLM/../Run: [avast!] f:/Avast4/ashDisp.exe
O4 - HKLM/../Run: [KernelFaultCheck] %systemroot%/system32/dumprep 0 -k
O4 - HKCU/../Run: [DAEMON Tools] "F:/DAEMON Tools/daemon.exe" -lang 1045
O4 - HKCU/../Run: [Gadu-Gadu] "F:/Gadu-Gadu/gg.exe" /tray
O4 - HKCU/../Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:/Program Files/Common Files/Ahead/Lib/NMBgMonitor.exe"
O4 - HKCU/../Run: [ctfmon.exe] C:/WINDOWS/system32/ctfmon.exe
O4 - HKCU/../Run: [DAEMON Tools Pro Agent] "F:/DAEMON Tools Pro/DTProAgent.exe"
O4 - HKCU/../Run: [Orb] "C:/Program Files/Winamp Remote/bin/OrbTray.exe" /background
O4 - HKCU/../Run: [PC Suite Tray] "F:/Nokia/Nokia PC Suite 6/PCSuite.exe" -onlytray
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = D:/Heroes of Might and Magic V Collector Edition/registration/RegistrationReminder.exe
O4 - Startup: Registration The Settlers II - Dziesięciolecie.LNK = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:/Adobe/Reader 8.0/Reader/reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:/Adobe/Reader 8.0/Reader/AdobeCollabSync.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:/MICROS~1/Office12/EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_03/bin/ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_03/bin/ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:/MICROS~1/Office12/ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:/MICROS~1/Office12/ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:/MICROS~1/Office12/REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%/Network Diagnostic/xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%/Network Diagnostic/xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:/MICROS~1/Office12/GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:/Program Files/Common Files/Microsoft Shared/Help/hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:/PROGRA~1/COMMON~1/MICROS~1/OFFICE12/MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:/WINDOWS/system32/WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:/Avast4/aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - f:/Avast4/ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - f:/Avast4/ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - f:/Avast4/ashWebSv.exe" /service (file missing)
O23 - Service: FCI - Unknown owner - C:/WINDOWS/system32/svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:/Program Files/Common Files/InstallShield/Driver/11/Intel 32/IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/system32/nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:/Program Files/Spyware Doctor/svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:/Program Files/Spyware Doctor/swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:/Program Files/PC Connectivity Solution/ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:/Alcohol Soft/Alcohol 120/StarWind/StarWindServiceAE.exe

[jeff]

umiesc log w TAGI, tu masz opis
http://www.forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[Laufif]

Logfile of HijackThis v1.99.1
Scan saved at 11:13:35, on 2008-01-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
f:\Avast4\aswUpdSv.exe
f:\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Microsoft Office\Office12\GrooveMonitor.exe
F:\Avast4\ashDisp.exe
F:\DAEMON Tools\daemon.exe
F:\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
F:\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
F:\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
F:\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SEC\MagicTune3.6\MagicTune.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
f:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
f:\Avast4\ashMaiSv.exe
f:\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.znak.pl/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] f:\Winamp\winampa.exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [avast!] f:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = D:\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
O4 - Startup: Registration The Settlers II - Dziesięciolecie.LNK = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - f:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - f:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - f:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

[Dzi@dek]

Daj jeszcze log z
http://www.programosy.pl/program,combofix.html

[Laufif]

ComboFix 08-01-15.4 - Właściciel 2008-01-15 14:04:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1618 [GMT 1:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 51712 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\Helper\superfindout.dll
C:\WINDOWS\system32\drivers\KEK36.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\ff_liba52.dll
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FCI
-------\LEGACY_KEK36
-------\FCI
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 14:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:57 . 2008-01-13 10:57 1 --a------ C:\WINDOWS\system32\SI.bin
2008-01-09 01:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-09 01:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-09 01:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-09 01:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-09 01:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-09 01:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-09 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-09 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-05 20:50 . 2008-01-05 20:50 29 --a------ C:\WINDOWS\system32\urpqdpra.tmp
2008-01-05 01:26 . 2008-01-05 01:26 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-01-05 01:24 . 2008-01-05 01:24 2 --a------ C:\203180202
2008-01-05 01:23 . 2008-01-05 01:23 58,368 --a------ C:\ysxl.exe
2008-01-05 01:23 . 2008-01-05 01:23 51,712 --a------ C:\ienudwqs.exe
2008-01-05 01:23 . 2008-01-05 01:23 94 --a------ C:\4063235.bat
2008-01-04 13:21 . 2008-01-04 13:21 474 --a------ C:\WINDOWS\otstuk.tmp
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-27 21:29 . 2007-12-28 00:11 29 --a------ C:\WINDOWS\wordpad.ini
2007-12-24 20:34 . 1998-05-29 09:51 274,432 --a------ C:\WINDOWS\system32\VCT32150.dll
2007-12-24 20:34 . 1997-09-03 16:58 195,584 --a------ C:\WINDOWS\system32\MVoice.vxp
2007-12-21 18:49 . 2008-01-15 01:14 <DIR> d-------- C:\Program Files\Winamp Remote
2007-12-21 18:49 . 2007-12-22 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-21 18:45 . 2007-12-21 18:46 <DIR> d-------- C:\Program Files\Winamp
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 18:57 . 2007-12-25 18:54 <DIR> d-------- C:\Program Files\Dealio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 13:03 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-13 19:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2007-12-13 19:08 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-13 19:08 --------- d-----w C:\Program Files\DIFX
2007-12-13 19:08 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-13 19:08 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-13 19:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2007-12-12 09:46 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-09 22:41 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2828.exe
2007-12-09 22:41 --------- d-----w C:\Program Files\Alcohol Toolbar
2007-11-26 11:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-24 22:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-11-24 22:03 --------- d-----w C:\Program Files\MSBuild
2007-11-24 22:03 --------- d-----w C:\Program Files\Microsoft Works
2007-11-24 22:01 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-24 21:58 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-24 16:28 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-23 15:32 --------- d-----w C:\Program Files\Real Alternative
2007-11-23 15:32 --------- d-----w C:\Program Files\QuickTime Alternative
2007-11-23 15:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-22 01:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-11-22 00:50 304 ----a-w C:\Documents and Settings\All Users\dtpro.dat
2007-11-22 00:13 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-22 00:13 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-17 16:52 --------- d-----w C:\Program Files\Trend Micro
2007-11-10 17:06 680 ----a-w C:\Program Files\mpc2.reg
2007-11-10 17:06 596 ----a-w C:\Program Files\mpc1.reg
2007-11-10 17:06 388 ----a-w C:\Program Files\mpc4.reg
2007-11-10 17:06 31,830 ----a-w C:\Program Files\ffdsvsetts.reg
2007-11-10 17:06 3,476 ----a-w C:\Program Files\mpc7.reg
2007-11-10 17:06 3,026 ----a-w C:\Program Files\mpc3.reg
2007-11-10 17:06 18,156 ----a-w C:\Program Files\mpc6.reg
2007-11-10 17:06 16,294 ----a-w C:\Program Files\mpc5.reg
2007-11-10 17:06 13,768 ----a-w C:\Program Files\ffdssetts.reg
2007-11-10 17:06 10,168 ----a-w C:\Program Files\ffdsasetts.reg
2007-11-05 00:58 4,688 ----a-w C:\Program Files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"Gadu-Gadu"="F:\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"DAEMON Tools Pro Agent"="F:\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 02:02 471040]
"PC Suite Tray"="F:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 16:23 1089536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"GrooveMonitor"="F:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"WinampAgent"="f:\Winamp\winampa.exe" [ ]
"License"="locker.exe" []
"avast!"="f:\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="F:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - F:\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - F:\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6\GammaTray.exe [2007-08-24 19:38:18]
MagicTune 3.6.lnk - C:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe [2007-08-24 19:38:33]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-08-24 19:28:40]

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-11-14 02:26]
S3 lac97inf;lac97inf;C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\lac97inf.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 14:11:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 14:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 13:14:40
.
2008-01-09 12:29:29 --- E O F ---

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\urpqdpra.tmp
C:\203180202
C:\ysxl.exe
C:\ienudwqs.exe
C:\4063235.bat
C:\WINDOWS\otstuk.tmp
C:\WINDOWS\uid.tmp
C:\WINDOWS\wordpad.ini
C:\WINDOWS\wl.exe
C:\WINDOWS\WinLockDll.dll
C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\lac97inf.sys

Folder::
C:\Program Files\Dealio

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"License"=-

Driver::
lac97inf

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania

znasz te pliki:

C:\Program Files\mpc2.reg
C:\Program Files\mpc1.reg
C:\Program Files\mpc4.reg
C:\Program Files\ffdsvsetts.reg
C:\Program Files\mpc7.reg
C:\Program Files\mpc3.reg
C:\Program Files\mpc6.reg
C:\Program Files\mpc5.reg
C:\Program Files\ffdssetts.reg
C:\Program Files\ffdsasetts.reg

??

Potem nowy log z hijacka oraz combofixa

[Laufif]

Szczerze mówiac to chyba juz nawet nie musze tego robic bo po zrobieniu tego drugiego loga komputer tak jakby mi sie naprawił. Nie wyskakuje mi juz za każdym razem informacja avasta o wirusie i zaczął mi z powrotem działać internet Dzieki wielkie za pomoc

[Dzi@dek]

Szczerze mówiac to chyba juz nawet nie musze tego robic

Musisz.

[Laufif]

ComboFix 08-01-15.4 - Właściciel 2008-01-16 2:36:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1569 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\203180202
C:\4063235.bat
C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\lac97inf.sys
C:\ienudwqs.exe
C:\WINDOWS\otstuk.tmp
C:\WINDOWS\system32\urpqdpra.tmp
C:\WINDOWS\uid.tmp
C:\WINDOWS\WinLockDll.dll
C:\WINDOWS\wl.exe
C:\WINDOWS\wordpad.ini
C:\ysxl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\203180202
C:\4063235.bat
C:\ienudwqs.exe
C:\Program Files\Dealio
C:\WINDOWS\otstuk.tmp
C:\WINDOWS\system32\urpqdpra.tmp
C:\WINDOWS\uid.tmp
C:\WINDOWS\WinLockDll.dll
C:\WINDOWS\wl.exe
C:\WINDOWS\wordpad.ini
C:\ysxl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LAC97INF
-------\lac97inf


((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 14:14 . <DIR> C:\Documents and Settings\W-aťciciel\Ustawienia lokalne
2008-01-15 14:14 . <DIR> C:\Documents and Settings\W-aťciciel\Ustawienia lokalne
2008-01-15 14:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:57 . 2008-01-13 10:57 1 --a------ C:\WINDOWS\system32\SI.bin
2008-01-09 01:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-09 01:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-09 01:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-09 01:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-09 01:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-09 01:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-09 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-09 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-05 01:26 . 2008-01-05 01:26 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2007-12-24 20:34 . 1998-05-29 09:51 274,432 --a------ C:\WINDOWS\system32\VCT32150.dll
2007-12-24 20:34 . 1997-09-03 16:58 195,584 --a------ C:\WINDOWS\system32\MVoice.vxp
2007-12-21 18:49 . 2008-01-15 01:14 <DIR> d-------- C:\Program Files\Winamp Remote
2007-12-21 18:49 . 2007-12-22 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-21 18:45 . 2007-12-21 18:46 <DIR> d-------- C:\Program Files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 13:03 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-05 00:23 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-13 19:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2007-12-13 19:08 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-13 19:08 --------- d-----w C:\Program Files\DIFX
2007-12-13 19:08 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-13 19:08 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-13 19:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2007-12-12 09:46 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-09 22:41 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2828.exe
2007-12-09 22:41 --------- d-----w C:\Program Files\Alcohol Toolbar
2007-11-27 00:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-26 11:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-24 22:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-11-24 22:03 --------- d-----w C:\Program Files\MSBuild
2007-11-24 22:03 --------- d-----w C:\Program Files\Microsoft Works
2007-11-24 22:01 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-24 21:58 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-24 16:28 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-23 15:32 --------- d-----w C:\Program Files\Real Alternative
2007-11-23 15:32 --------- d-----w C:\Program Files\QuickTime Alternative
2007-11-23 15:11 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2007-11-23 15:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-11-22 01:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-11-22 00:50 304 ----a-w C:\Documents and Settings\All Users\dtpro.dat
2007-11-22 00:13 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-22 00:13 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-17 16:52 --------- d-----w C:\Program Files\Trend Micro
2007-11-10 17:06 680 ----a-w C:\Program Files\mpc2.reg
2007-11-10 17:06 596 ----a-w C:\Program Files\mpc1.reg
2007-11-10 17:06 388 ----a-w C:\Program Files\mpc4.reg
2007-11-10 17:06 31,830 ----a-w C:\Program Files\ffdsvsetts.reg
2007-11-10 17:06 3,476 ----a-w C:\Program Files\mpc7.reg
2007-11-10 17:06 3,026 ----a-w C:\Program Files\mpc3.reg
2007-11-10 17:06 18,156 ----a-w C:\Program Files\mpc6.reg
2007-11-10 17:06 16,294 ----a-w C:\Program Files\mpc5.reg
2007-11-10 17:06 13,768 ----a-w C:\Program Files\ffdssetts.reg
2007-11-10 17:06 10,168 ----a-w C:\Program Files\ffdsasetts.reg
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 08:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-11-05 00:58 4,688 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-15_14.14.19.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 13:04:10 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 01:36:27 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 13:04:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 01:36:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 13:04:10 5,402,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 01:36:27 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 13:04:10 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 01:36:27 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 13:04:11 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 01:36:27 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 13:04:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 01:36:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 01:41:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"Gadu-Gadu"="F:\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"DAEMON Tools Pro Agent"="F:\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 02:02 471040]
"PC Suite Tray"="F:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 16:23 1089536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"GrooveMonitor"="F:\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"WinampAgent"="f:\Winamp\winampa.exe" [ ]
"avast!"="f:\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="F:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - F:\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - F:\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.6\GammaTray.exe [2007-08-24 19:38:18]
MagicTune 3.6.lnk - C:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe [2007-08-24 19:38:33]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-08-24 19:28:40]

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-11-14 02:26]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 02:42:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 2:46:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 01:46:01
ComboFix2.txt 2008-01-15 13:14:50
.
2008-01-09 12:29:29 --- E O F ---











Logfile of HijackThis v1.99.1
Scan saved at 02:48:53, on 2008-01-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
f:\Avast4\aswUpdSv.exe
f:\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
f:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
f:\Avast4\ashMaiSv.exe
f:\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Microsoft Office\Office12\GrooveMonitor.exe
F:\Avast4\ashDisp.exe
F:\DAEMON Tools\daemon.exe
F:\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
F:\DAEMON Tools Pro\DTProAgent.exe
F:\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SEC\MagicTune3.6\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SEC\MagicTune3.6\MagicTune.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.znak.pl/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] f:\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] f:\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = D:\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
O4 - Startup: Registration The Settlers II - Dziesięciolecie.LNK = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - f:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - f:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - f:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - f:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


a co do tamtych plików to szczerze mówiąc raczej ich nie kojarze

[Dzi@dek]

Teraz OK

[Laufif]

Ogromne dzięki za pomoc