As the title says i have a very serious problem with this Trojan... It slows dramaticly my operating system wich is Windows XPSP3. First i wanted to rinstal system but i've chosen another option, in my case i think best because i need my PC running everyday and its necessary. Would be great if I can find some good solution for this problem: Win32/Rootkit.Agent.ODG trojan

oh and 1 more this ESET discovers this Trojan but it says that's Unable to clean/repair

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:04, on 2009-08-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATKKBService.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\HiJackThis.exe
C:\Program Files\Java\jre6\bin\java.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10601 bytes

Hi Xadam

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aktualizacja dla systemu Windows XP (KB898461)
Aktualizacja dla systemu Windows XP (KB951072-v2)
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB961503)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
Apple Mobile Device Support
Apple Software Update
Archiwizator WinRAR
ASUS Enhanced Display Driver
Asystent rejestracji usługi Windows Live
Attansic Giga Ethernet Utility
Brother MFL-Pro Suite
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Camera Driver
Choice Guard
Connect
Dev-C++ 5 beta 9 release (4.9.9.2)
DVD Solution
Google Earth
Google Update Helper
Guitar Hero World Tour
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
InCD
iTunes
Java(TM) 6 Update 14
JMB36X Raid Configurer
K-Lite Codec Pack 4.1.7 (Full)
kuler
Labtec WebCam
Left 4 Dead
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 — pakiet języka polskiego
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Polish Language Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Motorola Driver Installation 3.4.0
Motorola Phone Tools
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Multimedia Launcher
Narzędzie do przekazywania usługi Windows Live
Nero 9
neroxml
Nowe Gadu-Gadu
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0
PaperPort
PDF Settings CS4
Photoshop Camera Raw
Podstawowe programy Windows Live
Podstawowe programy Windows Live
Poprawka dla programu Windows Media Player 11 (KB939683)
Poprawka dla systemu Windows XP (KB952287)
PowerDVD
PowerProducer
QuickTime
Real Alternative 1.9.0 Lite
Realtek High Definition Audio Driver
Registry Repair Pro
SAGEM F@st 800-840
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Skype™ 3.8
Solid State ION Internet Explorer Plugin
Sony Vegas Pro 8.0
Suite Shared Configuration CS4
Sword of The New World
TeamSpeak 2 RC2
Tibia
Tibia MULTI-ip changer
TibiaCam TV Lite 2.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Ventrilo
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Communication Foundation
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PLK)
Windows Workflow Foundation
Windows Workflow Foundation PL Language Pack
XML Paper Specification Shared Components Language Pack 1.0

It appears that your ESET Smart Security isn't legit and you will have to uninstall it.

After that, please install one free antivirus from below and post back a fresh HijackThis log, please.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Instaled:
1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.

here's fresh log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:33, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\RedCloud\Menu Start\Programy\Autostart\Lavasoft Ad-Aware Updater.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
D:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10499 bytes

Please download regsearch.zip (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) and save it to your desktop.
Right click on regsearch.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Once done, check (tick) the Show extracted files box and click Finish.
Double click on regsearch.exe to run it.
Copy and paste fystemroot under Enter search strings (case independent) and click OK... (boxed up in red in the screenshot below).

http://xs224.xs.to/xs224/08073/regsearch184.png

Click OK.
When done, RegSearch.txt will open. Please post the contents of this file in your next reply. This file can also be found on your desktop or wherever regsearch is extracted to.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 2009-08-09 13:11:48 for strings:
; 'fystemroot'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

; End Of The Log...

Download ERUNT from Derfisch (http://www.derfisch.de/lars/erunt-setup.exe) or MVPS (http://dundats.mvps.org/Files/erunt-setup.exe) and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT (http://www.silentrunners.org/sr_eruntuse.html) to back up your registry. Skip Step 19 for now.

-open registry : start -> run -> type regedit and hit enter
- Go to the top (left column) and do a search for %fystemroot% , via ctrl +f

On the open folder in the left panel : rightclick it -> select Permissions and set permissions (total control) for you (administrator) then apply and double click on the key (ImagePath), replace %fystemroot% with %SystemRoot%

Do so for every value it finds! (Use F3 to find next).

Reboot.

Post back a fresh HijackThis log, please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:57, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\TEMP\cvieeruruy.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\TEMP\cvieeruruy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\RedCloud\Menu Start\Programy\Autostart\Lavasoft Ad-Aware Updater.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
D:\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10151 bytes

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:09, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9745 bytes














ComboFix 09-08-08.04 - RedCloud 2009-08-09 16:16.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.692 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
[i] ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1601991441-287435753-2479082871-1000
c:\windows\Installer\34b2e.msp
c:\windows\system32\AVSredirect.dll
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security\System Security
c:\windows\system32\drivers\kungsfxugkinet.sys
c:\windows\system32\drivers\SKYNETibapipyl.sys
c:\windows\system32\drivers\vsfocerdwxsnqm.sys
c:\windows\system32\kungsfewmexptj.dll
c:\windows\system32\kungsfkvscpxyx.dat
c:\windows\system32\kungsfmyliqukl.dat
c:\windows\system32\kungsfudjbpfmy.dll
c:\windows\system32\SKYNETqecxncbd.dll
c:\windows\system32\vsfocellptbqlf.dll
c:\windows\system32\vsfoceotpeuops.dat
c:\windows\system32\vsfoceptusaejk.dat
c:\windows\system32\vsfocepvarpodv.dll
c:\windows\TEMP\cvieeruruy.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfigswkwnv
-------\Legacy_kungsfigswkwnv
-------\Service_SKYNETdmduyxcd
-------\Legacy_SKYNETdmduyxcd
-------\Service_vsfocerdodjitu
-------\Legacy_vsfocerdodjitu
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_.esettrialresetalerterAlerter
-------\Service_.esettrialresetalerterAlerter


((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Avira
2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684
2009-08-01 17:31 . 2009-08-01 17:35 -------- d-----w- c:\program files\BitComet
2009-08-01 17:23 . 2009-08-01 17:23 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 15:13 . 2003-01-30 06:48 143360 ----a-w- c:\windows\autoclk.exe
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-15 13:24 . 2009-06-15 13:23 403456 ----a-w- c:\windows\system32\kdfinj.tmp
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

c:\docume~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"14076:TCP"= 14076:TCP:BitComet 14076 TCP
"14076:UDP"= 14076:UDP:BitComet 14076 UDP
"53:UDP"= 53:UDP:Promo

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
S1 58ee5dc9;58ee5dc9;c:\windows\system32\drivers\58ee5dc9.sys [2009-07-24 0]
S2 .esettrialresetalerter;Eset Trial Reset .EsetTrialResetAlerter;c:\windows\TEMP\ylqppofahn.exe service --> c:\windows\TEMP\ylqppofahn.exe service [?]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-MSxmlHpr - c:\windows\system32\msxm192z.dll


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-09 16:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-09 14:31
ComboFix2.txt 2008-10-15 17:29

Przed: 2*556*166*144 bajtów wolnych
Po: 14*741*114*880 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

311 --- E O F --- 2009-06-21 07:45

Do you recognize this folder?

c:\documents and settings\LocalService\Ulubione

Yes "Ulubione" means "Favourites" in Polish :P

Thanks for information :)


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


File::
c:\windows\system32\kdfinj.tmp
c:\windows\autoclk.exe

DirLook::
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

Folder::
c:\program files\BitComet
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares

Driver::
.esettrialresetalerter
58ee5dc9

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14076:TCP"=-
"14076:UDP"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:58, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9321 bytes











ComboFix 09-08-09.03 - RedCloud 2009-08-09 21:41.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.582 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\RedCloud\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\autoclk.exe"
"c:\windows\system32\kdfinj.tmp"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\default.m3u
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\DHTnodes.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\FailedSNodes.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareH.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareL.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\SNodes.dat
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\windows\autoclk.exe
c:\windows\system32\kdfinj.tmp

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_.esettrialresetalerter
-------\Service_.esettrialresetalerter
-------\Service_58ee5dc9


((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\13351564
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\14524684
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\13351564 ----

2009-08-07 12:12 . 2009-08-07 12:12 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564\13351564

---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\14524684 ----

2009-08-03 19:14 . 2009-08-03 19:23 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684\14524684

---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\3B4E ----

2009-08-01 17:04 . 2009-02-17 16:14 2329 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E\{E782462C-E137-43C1-87CD-DF83E712A87F}.swf

---- Directory of c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr ----

2009-08-05 09:54 . 2009-08-05 10:07 725 ----a-w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr\Guitar Hero World Tour\AspyrConfig.xml


------- Sigcheck -------

[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_14.25.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 19:47 . 2009-08-09 19:47 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2009-08-09 19:46 . 2009-08-09 19:46 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-09 19:45 . 2009-08-09 19:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-09 19:46 . 2009-08-09 19:46 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-09 19:46 . 2009-08-09 19:46 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:46 7221248 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"53:UDP"= 53:UDP:Promo

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003Core.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003UA.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 20:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-autoclk - autoclk.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 21:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-09 21:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-09 19:53
ComboFix2.txt 2009-08-09 14:31
ComboFix3.txt 2008-10-15 17:29

Przed: 14*832*869*376 bajtów wolnych
Po: 14*786*691*072 bajtów wolnych

319 --- E O F --- 2009-06-21 07:45

Do you recognize these folders?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

Yes but i have no idea for what are those 2 files

Which files you mean here?

These two:
13351564
14524684

They are folders and not files.

So you don't recognize bolded folders?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

I recognize, just i have no idea what are those 13351564 and 14524684

Do you mean these?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684\14524684

yes these

So have you then created these folders?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

no, I didn't create them

I see.

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

c:\windows\system32\sfcfiles.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

No Viruses found it's clear

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


Folder::
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

ComboFix 09-08-10.01 - RedCloud 2009-08-10 21:44.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.597 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\RedCloud\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_14.25.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 10:58 . 2009-08-10 10:58 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
- 2008-09-11 17:20 . 2009-03-11 06:38 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-10 11:01 . 2009-08-10 11:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-10 10:55 . 2009-08-10 10:55 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-08-09 19:46 . 2009-08-09 19:46 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-09 19:45 . 2009-08-09 19:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-08-09 19:46 . 2009-08-09 19:46 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-09 19:46 . 2009-08-09 19:46 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-09 19:45 . 2009-08-09 19:46 7221248 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"53:UDP"= 53:UDP:Promo

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
R3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;\??\c:\documents and settings\RedCloud\sterownik.sys --> c:\documents and settings\RedCloud\sterownik.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003Core.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003UA.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 20:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {AE728A47-FAAC-4FC9-8C70-C05DBB07F867} = 213.241.79.37 83.238.255.76
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
Czas ukończenia: 2009-08-10 21:52
ComboFix-quarantined-files.txt 2009-08-10 19:52
ComboFix2.txt 2009-08-09 19:53
ComboFix3.txt 2009-08-09 14:31
ComboFix4.txt 2008-10-15 17:29

Przed: 14*685*093*888 bajtów wolnych
Po: 14*656*057*344 bajtów wolnych

286 --- E O F --- 2009-06-21 07:45

Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=5cdb74d7f379d74fb0cc0d87ca05764f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-11 04:52:21
# local_time=2009-08-11 06:52:21 )
# country="Poland"
# lang=9
# osver=5.1.2600 NT Dodatek Service Pack 3
# compatibility_mode=1797 21 100 100 249515781250
# scanned=186244
# found=1
# cleaned=0
# scan_time=16670
D:\Nero 9\Nero-9.0.9.4b_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I

OK, that is fine.

Still some issues left?

Nope, everything seems to be good now :)
Thank you very much for your help. If i'll get next issue, i will know where to head for help.

Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)

Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.