logi.rar

Infekcia. Bardzo prosze o sprawdzenie loga

Witam jest to moj pierwszy post na tym forum i od razu z pro¶ba. Zrobilem skan kaspersky online i wykryl 5 wirusów a także zainfekowane pliki. Bardzo proszę o pomoc jak sie tego skutecznie pozbyć- zał±czam log z Hijackthis i combofix. Z góry dziękuję za pomoc

  • logi.rar
    • ComboFix.txt
    • hijackthis.log


Download file - link to post

logi.rar > ComboFix.txt

ComboFix 08-02-11.2 - Administrator 2008-02-11 17:34:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.423 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 18:22 . 2008-02-10 18:22 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Application Data\???????sAppData
2008-02-08 18:17 . 2008-02-08 18:17 & lt; DIR & gt; d-------- C:\Program Files\Winamp Remote
2008-02-08 18:17 . 2008-02-08 18:17 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-02-08 18:06 . 2008-02-08 18:06 & lt; DIR & gt; d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 18:06 . 2008-02-08 18:06 & lt; DIR & gt; d-------- C:\WINDOWS\LastGood.Tmp
2008-02-08 18:06 . 2008-02-08 18:06 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-04 20:21 . 2008-02-04 21:55 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-02-03 14:31 . 2008-02-03 14:31 391 --a------ C:\WINDOWS\COVERE~1.INI
2008-02-03 00:41 . 2008-02-03 00:41 & lt; DIR & gt; d-------- C:\Program Files\Common Files\LightScribe
2008-02-03 00:16 . 2008-02-03 00:16 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-27 18:04 . 2008-01-27 18:04 & lt; DIR & gt; d-------- C:\Program Files\Nero
2008-01-27 17:40 . 2008-02-07 19:57 & lt; DIR & gt; d-------- C:\Program Files\AskTBar
2008-01-20 20:53 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-20 20:53 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-20 20:53 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-13 22:09 . 2008-01-13 22:09 & lt; DIR & gt; d-------- C:\Program Files\Common Files\PCSuite
2008-01-13 22:09 . 2008-01-13 22:09 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Nokia
2008-01-13 22:09 . 2008-01-14 17:24 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-01-13 22:07 . 2008-01-13 22:07 & lt; DIR & gt; d-------- C:\Program Files\PC Connectivity Solution
2008-01-13 22:07 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-13 22:07 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-13 22:07 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-13 22:05 . 2008-01-13 22:05 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-13 21:50 . 2008-01-13 21:54 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Phone Browser

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 17:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-10 18:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\???????sAppData
2008-02-08 18:17 --------- d-----w C:\Program Files\Winamp
2008-02-08 17:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-07 22:13 --------- d-----w C:\Program Files\SkanerOnline
2008-02-04 20:18 --------- d-----w C:\Program Files\Monkey's Audio
2008-01-28 17:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-01-27 18:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-27 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-27 17:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-20 20:53 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-20 10:32 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 22:09 --------- d-----w C:\Program Files\Nokia
2008-01-13 22:09 --------- d-----w C:\Program Files\DIFX
2008-01-13 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-09 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-09 19:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-01-06 18:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\foobar2000
2008-01-04 08:16 --------- d-----w C:\Program Files\uTorrent
2008-01-03 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NeroDigital™
2007-12-31 14:02 --------- d-----w C:\Program Files\Real
2007-12-31 14:02 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-31 14:02 --------- d-----w C:\Program Files\Common Files\Real
2007-12-26 03:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-25 16:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-12-13 17:42 --------- d-----w C:\Program Files\BearShare
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} " = " C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe " [2007-03-12 13:49 153136]
" Gadu-Gadu " = " C:\Program Files\Gadu-Gadu\gg.exe " [2006-01-31 12:25 2408448]
" PcSync " = " C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe " [2007-11-07 17:35 1294336]
" Skype " = " C:\Program Files\Skype\Phone\Skype.exe " [2006-08-14 16:39 20066856]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-10 12:00 15360]
" Orb " = " C:\Program Files\Winamp Remote\bin\OrbTray.exe " [2008-01-07 20:02 495616]
" PC Suite Tray " = " C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe " [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ehTray " = " C:\WINDOWS\ehome\ehtray.exe " [2005-08-05 11:56 64512]
" SoundMan " = " SOUNDMAN.EXE " [2004-12-22 09:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
" avast! " = " C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe " [2007-12-04 13:00 79224]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe " [2007-09-25 00:11 132496]
" DAEMON Tools-1033 " = " C:\Program Files\D-Tools\daemon.exe " [2004-08-22 17:05 81920]
" NBKeyScan " = " C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe " [ ]
" TkBellExe " = " C:\Program Files\Common Files\Real\Update_OB\realsched.exe " [2007-12-31 14:02 185896]
" BearShare " = " C:\Program Files\BearShare\BearShare.exe " [ ]
" NeroFilterCheck " = " C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe " [2007-03-09 18:53 153136]
" WinampAgent " = " C:\Program Files\Winamp\winampa.exe " [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-10 12:00 15360]
" Nokia.PCSync " = " C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe " [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" InstallVisualStyle " = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
" InstallTheme " = C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e36fa469-11d8-11dc-b5ca-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 17:37:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
- & gt; C:\Program Files\Gadu-Gadu\ggwhook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-02-11 17:36:40 - machine was rebooted
.
2008-02-09 19:00:35 --- E O F ---

  Search 5 million + Products