Logi - Antyvirus wykrył trojana

No cóż, pora na sprawdzenie komputera ponieważ niedawno wykryło mi trojana

Combo fix
ComboFix 09-02-08.02 - liczkowscy 2009-02-09 18:14:31.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.234 [GMT 1:00]
Uruchomiony z: e:\obrazki, instalki i inne\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\windows\ufdata2000.log

.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-09 do 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-09 15:43 . 2005-01-22 20:12 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2009-02-09 15:39 . 2009-02-09 15:39 <DIR> d-------- c:\program files\WinPcap
2009-02-01 00:38 . 2007-11-01 18:53 42,880 --a------ c:\windows\system32\drivers\vacs2xkd.sys
2009-02-01 00:38 . 2001-03-17 22:34 22,528 --a------ c:\windows\system32\WNASPI32.DLL
2009-02-01 00:38 . 2002-07-17 09:05 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-17 20:16 . 2009-01-17 20:18 <DIR> d-------- c:\documents and settings\liczkowscy\Dane aplikacji\Tibia
2009-01-17 11:56 . 2009-01-17 11:56 <DIR> d-------- c:\program files\SAGEM
2009-01-17 11:56 . 2005-11-04 16:55 126,976 --a------ c:\windows\system32\coclassfast.dll
2009-01-17 11:55 . 2009-01-17 11:55 <DIR> d-------- c:\documents and settings\liczkowscy\Dane aplikacji\InstallShield
2009-01-14 13:42 . 2009-01-14 15:06 <DIR> d-------- c:\documents and settings\liczkowscy\Dane aplikacji\Winamp
2009-01-10 21:17 . 2009-01-10 21:45 <DIR> d-------- c:\documents and settings\liczkowscy\Dane aplikacji\Any Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 16:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Soulseek
2009-02-09 15:54 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\AIMP
2009-01-17 10:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 23:10 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Apple Computer
2009-01-04 14:27 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Sony
2009-01-04 14:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony
2009-01-04 14:11 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-04 14:10 --------- d-----w c:\program files\Sony
2009-01-04 14:03 --------- d-----w c:\program files\Apple Software Update
2009-01-04 14:03 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple
2009-01-04 13:33 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Sony Corporation
2009-01-04 12:54 --------- d-----w c:\program files\MSXML 6.0
2009-01-03 19:57 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-14 11:19 --------- d-----w c:\program files\Ahead
2008-12-14 11:19 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Nokia
2008-12-14 11:19 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Hamachi
2008-12-14 11:19 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Azureus
2008-12-14 11:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-14 11:14 --------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\GlarySoft
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-10 17:35 21,840 ----a-w c:\windows\system32\SIntfNT.dll
2008-11-10 17:35 17,212 ----a-w c:\windows\system32\SIntf32.dll
2008-11-10 17:35 12,067 ----a-w c:\windows\system32\SIntf16.dll
2008-09-24 14:25 22,768 -c--a-w c:\documents and settings\liczkowscy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-28 22:35 0 -c--a-w c:\documents and settings\liczkowscy\tree.dat
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="e:\daemon tools lite\daemon.exe" [2008-07-24 490952]
"Xoxoxoxoxo"="c:\windows\system32\shutdown.exe" [2004-08-03 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="e:\eset smart security\egui.exe" [2007-11-14 1410304]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-03 208896]
"ContentTransferWMDetector.exe"="e:\content transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"ATIPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Gadu-Gadu\\gg.exe"=
"f:\\Program Files\\Soulseek\\slsk.exe"=
"f:\\CS 1.6\\hl.exe"=
"f:\\CS 1.6\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Media Manager for WALKMAN\\MediaManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1454:UDP"= 1454:UDP:Windows Media Format SDK (firefox.exe)
"1455:UDP"= 1455:UDP:Windows Media Format SDK (firefox.exe)
"22049:TCP"= 22049:TCP:BitComet 22049 TCP
"22049:UDP"= 22049:UDP:BitComet 22049 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 MFX;MFX; [x]
R2 ekrn;Eset Service;e:\eset smart security\ekrn.exe [2007-11-14 455936]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2009-02-01 42880]
S0 magicfl;magicfl; [x]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-02-01 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f09ec8a-5728-11dd-b61f-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3e25c4-6bb9-11dd-b654-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c639fbb4-8be9-11dd-b696-00e04c041f0b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-09 c:\windows\Tasks\GlaryInitialize.job
- e:\glary utilities\initialize.exe [2008-09-17 16:35]

2008-08-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- e:\spybot - search & destroy\SpybotSD.exe []
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7C9976F1-6276-43DF-91DF-5D0EE2F84A2B} = 10.13.0.1,10.13.0.2
FF - ProfilePath - c:\documents and settings\liczkowscy\Dane aplikacji\Mozilla\Firefox\Profiles\m5hp113t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\liczkowscy\Dane aplikacji\Mozilla\Firefox\Profiles\m5hp113t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImagine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 18:17:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


c:\windows\system32\drivers\MFX.sys 45824 bytes executable
C:\SYZ_DAT

skanowanie pomyślnie ukończone
ukryte pliki: 2

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ *P*Ě
]
"DisplayName"="??e"
"DeviceDesc"="??e"
"ProviderName"=""
"MFG"="urrentControlSet\\Services\\ati2mtag\\Device0"
"ReinstallString"=""
"DeviceInstanceIds"=multi:"`\00"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-02-09 18:20:33
ComboFix-quarantined-files.txt 2009-02-09 17:19:58
ComboFix2.txt 2008-08-13 19:14:17

Przed: 395 804 672 bajtów wolnych
Po: 613,711,872 bajtów wolnych

Current=7 Default=7 Failed=6 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
172 --- E O F --- 2009-01-14 23:47:27

Log czysty.