I have a problem with virtumonde and virtumonde.prx. Spybot detects 2 virtumonde and 5 virtumonde.prx and remove them but i next 20 minutes or more i cant use google or some other sites. Once again spybot detect virtumonde and virtumonde.prx and remove them but problem occur constantly.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:42, on 2008-09-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\English Translator 3\ET.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [28c7b93a] rundll32.exe "C:\WINDOWS\system32\cetqunag.dll",b
O4 - HKLM\..\Run: [BM2bf48aa6] Rundll32.exe "C:\WINDOWS\system32\ofeymdqo.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1691] command /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3150] cmd /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB5293] command /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8144] cmd /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 6549 bytes

ComboFix 08-08-31.01 - SNC 2008-09-01 20:29:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.620 [GMT 2:00]
Running from: C:\Documents and Settings\SNC\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\bin.clearspring.com
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\interclick.com
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\interclick.com\ud.sol
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\test.txt
C:\WINDOWS\BM2bf48aa6.txt
C:\WINDOWS\BM2bf48aa6.xml
C:\WINDOWS\system32\aeijppsn.ini
C:\WINDOWS\system32\arkovmeb.dll
C:\WINDOWS\system32\bemvokra.ini
C:\WINDOWS\system32\bilcbqbw.exe
C:\WINDOWS\system32\bnwqhiyy.ini
C:\WINDOWS\system32\byXPHaAr.dll
C:\WINDOWS\system32\ccpfeclb.ini
C:\WINDOWS\system32\cetqunag.dll
C:\WINDOWS\system32\egsusffo.exe
C:\WINDOWS\system32\eicjadxm.ini
C:\WINDOWS\system32\fkkmemwl.exe
C:\WINDOWS\system32\ganuqtec.ini
C:\WINDOWS\system32\ggdpgdps.ini
C:\WINDOWS\system32\iyxdprgl.ini
C:\WINDOWS\system32\kchhluth.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\nsppjiea.dll
C:\WINDOWS\system32\oouqvxpj.ini
C:\WINDOWS\system32\oxdbkxpw.ini
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\rAaHPXyb.ini
C:\WINDOWS\system32\rAaHPXyb.ini2
C:\WINDOWS\system32\rmaexaep.ini
C:\WINDOWS\system32\vtnmugql.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 18:35 . 2008-09-01 18:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-31 21:35 . 2008-08-31 21:42 <DIR> d-------- C:\Program Files\Phun
2008-08-31 21:02 . 2008-08-31 21:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-31 16:27 . 2006-10-14 05:09 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-08-31 16:27 . 2008-08-31 16:27 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-26 18:40 . 2008-08-27 15:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-26 16:39 . 2008-09-01 14:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Program Files\AVG
2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-08-26 16:39 . 2008-08-30 14:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 16:39 . 2008-08-26 16:39 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 16:39 . 2008-08-26 16:39 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-23 17:23 . 2008-08-31 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-08-23 15:02 . 2008-08-23 15:02 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\Program Files\Microids
2008-08-22 23:43 . 2008-08-22 23:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-16 13:28 . 2008-08-16 13:28 <DIR> d-------- C:\Program Files\xp-AntiSpy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 18:19 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\Azureus
2008-09-01 18:18 --------- d-----w C:\Program Files\English Translator 3
2008-08-28 23:53 --------- d-----w C:\Program Files\eMule
2008-08-23 15:23 --------- d-----w C:\Program Files\Lavasoft
2008-08-23 15:23 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\Lavasoft
2008-08-23 15:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-23 13:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-23 11:40 --------- d-----w C:\Program Files\iPlus
2008-08-23 11:40 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\iPlus
2008-08-21 19:27 --------- d-----w C:\Program Files\FlashGet
2008-08-20 12:44 --------- d-----w C:\Program Files\Opera
2008-08-18 01:08 --------- d-----w C:\Program Files\Fraps
2008-08-17 23:51 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-17 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 11:30 --------- d-----w C:\Program Files\Azureus
2008-08-16 11:28 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-22 21:47 --------- d-----w C:\Program Files\SpeedFan
2008-07-22 11:19 --------- d-----w C:\Program Files\Miranda IM
2008-07-11 19:53 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\OpenOffice.org2
2008-07-11 19:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-09 18:52 49,720 ----a-w C:\Documents and Settings\SNC\Dane aplikacji\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2008-08-16 13:28 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\dllcache\tcpip.sys
2008-08-16 13:28 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 23:44 1033728 8adb319f83f32495b27b79b3cf391e0d C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 13:27 7286784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
--a------ 2008-05-30 14:26 409600 C:\Program Files\iPlus\iPlusChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-08-19 05:07 737369 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 10:00 81920 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 14:00]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 14:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 14:00]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 16:39]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
R3 GTEDGWModem;Option NV GTEDGWModem;C:\WINDOWS\system32\DRIVERS\GTEDG.sys [2006-02-24 15:55]
R3 OptionWWSC;GT EDGE SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys [2006-02-24 15:55]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 11:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 11:26]
S1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 20:33]
S3 GTEDGWWNIC;Option NV GTEDGWWNIC;C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys [2006-02-24 15:55]
S3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 09:50]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 09:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04e02a12-a682-11dc-9780-0018f33c6e03}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-28c7b93a - C:\WINDOWS\system32\cetqunag.dll
HKLM-Run-BM2bf48aa6 - C:\WINDOWS\system32\ofeymdqo.dll
Notify-vtUlLFwX - vtUlLFwX.dll
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe
MSConfigStartUp-EdHTML - C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\SNC\Dane aplikacji\Mozilla\Firefox\Profiles\7pmdrgiu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 20:38:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-01 20:44:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 18:43:48

Pre-Run: 2,636,247,040 bajtów wolnych
Post-Run: 3,030,466,560 bajt˘w wolnych

232
------------------------------------
;)
Do NOT run 'FIXES' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806)
File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)