Logi - Usuwanie trojana Worm.VBS.Solow.b

mam ogromny problem pod nazwa: Worm.VBS.Solow.b jak by ktos mogl mi pomoc bylabym ogromnie wdzieczna, poniewaz jestem straszna noga jezeli chodzi o wirusy itp. Z tego co wyczytalam tu na Forum trzeba wkleic loga z Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:36, on 2008-07-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Kaspersky\avp.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programy\Kaspersky\avp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\Magda\USTAWI~1\Temp\Katalog tymczasowy 6 dla HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "D:\Programy\Kaspersky\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-21-2000478354-484763869-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\Kaspersky\scieplugin.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B820A3F-9CD2-4E1C-89A9-F3D9DB8C4BA5}: NameServer = 217.144.192.2,217.144.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B820A3F-9CD2-4E1C-89A9-F3D9DB8C4BA5}: NameServer = 217.144.192.2,217.144.192.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B820A3F-9CD2-4E1C-89A9-F3D9DB8C4BA5}: NameServer = 217.144.192.2,217.144.192.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Programy\Kaspersky\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

--
End of file - 5200 bytes



Bardzo prosze o pomoc i z gory dziekuje

Wklej loga z ComboFix. Masz najprawdopodobniej infekcję z pendrive.

ComboFix 08-07-20.9 - Magda 2008-07-21 17:01:12.1 - NTFSx86
Running from: C:\Documents and Settings\Magda\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\MS32DLL.dll.vbs

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-21 16:07 . 2008-07-21 16:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-21 15:51 . 2008-07-21 15:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-20 15:01 . 2008-07-20 15:01 <DIR> d-------- C:\Program Files\DIFX
2008-07-20 15:01 . 2008-07-20 15:01 <DIR> d-------- C:\dell
2008-07-20 14:59 . 2008-07-21 15:48 169 --a------ C:\WINDOWS\RtlRack.ini
2008-07-20 14:57 . 2008-07-20 14:57 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-07-20 14:57 . 2008-07-20 14:57 <DIR> d-------- C:\Program Files\AvRack
2008-07-20 14:57 . 2008-07-20 14:46 404,736 --------- C:\WINDOWS\system32\drivers\alcxsens.sys
2008-07-20 14:57 . 2008-07-20 14:20 164 --------- C:\WINDOWS\avrack.ini
2008-07-20 14:36 . 2008-07-20 14:36 <DIR> d-------- C:\Documents and Settings\Magda\Dane aplikacji\InstallShield
2008-07-20 14:36 . 2006-07-01 23:32 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-20 14:34 . 2008-07-20 14:35 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-20 14:34 . 2008-07-20 14:34 <DIR> d--h----- C:\Documents and Settings\Magda\InstallAnywhere
2008-07-20 14:32 . 2008-07-20 14:33 <DIR> d-------- C:\Program Files\Gigabyte
2008-07-20 14:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-20 14:27 . 2008-07-20 14:27 <DIR> d-------- C:\Program Files\Audio Manager 3
2008-07-20 14:10 . 2008-07-20 14:49 10,435,072 --------- C:\WINDOWS\system32\alsndmgr.cpl
2008-07-20 14:10 . 2008-07-20 14:01 9,409,536 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-07-20 14:10 . 2008-07-20 14:46 462,684 --------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-07-20 14:10 . 2008-07-20 14:54 208,896 --------- C:\WINDOWS\alcupd.exe
2008-07-20 14:10 . 2008-07-20 14:01 156,672 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-07-20 14:10 . 2008-07-20 14:32 141,016 --------- C:\WINDOWS\system32\alsndmgr.wav
2008-07-20 14:10 . 2008-07-20 14:54 139,264 --------- C:\WINDOWS\alcrmv.exe
2008-07-20 14:10 . 2008-07-20 14:20 57,344 --------- C:\WINDOWS\soundman.exe
2008-07-20 14:10 . 2008-07-20 14:00 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-07-20 13:58 . 2008-07-20 14:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-20 13:58 . 2008-07-20 13:58 <DIR> d-------- C:\Program Files\AMD
2008-07-20 13:03 . 2008-07-21 15:54 <DIR> d-------- C:\SDFix
2008-07-20 12:40 . 2008-07-21 17:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-07-20 12:40 . 2008-07-18 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-07-20 12:40 . 2008-07-18 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-07-20 12:40 . 2008-07-18 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-07-20 12:40 . 2008-07-18 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-07-20 12:40 . 2008-07-18 22:16 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-20 12:40 . 2008-07-18 22:16 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-07-20 12:40 . 2008-07-20 12:40 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-20 12:34 . 2008-07-20 12:36 295 --a------ C:\WINDOWS\WINCMD.INI
2008-07-20 11:49 . 2008-07-20 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-07-20 11:49 . 2008-07-21 17:02 3,318,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-20 11:49 . 2008-07-21 17:02 68,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-20 11:49 . 2008-07-21 16:58 49,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-20 11:49 . 2008-07-21 16:58 9,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-19 21:03 . 2008-07-19 21:03 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-19 20:39 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-07-19 20:39 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-07-19 20:38 . 2008-07-19 20:38 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-19 20:38 . 2008-07-19 20:38 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-19 20:38 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-07-19 20:38 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-07-19 20:38 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-07-19 20:38 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-07-19 20:38 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-07-19 20:38 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-19 20:38 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-18 23:33 . 2008-07-18 17:45 <DIR> d-------- C:\Documents and Settings\Magda\Gadu-Gadu
2008-07-18 23:33 . 2008-07-18 23:33 <DIR> d-------- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu
2008-07-18 21:59 . 2008-07-18 22:03 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-18 21:45 . 2008-07-18 21:50 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-18 21:43 . 2008-01-10 04:35 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-18 21:43 . 2008-01-10 04:35 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-18 21:43 . 2008-01-10 04:35 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-18 21:43 . 2008-01-10 05:07 368,640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-18 21:43 . 2008-01-10 04:58 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-07-18 21:43 . 2008-01-07 16:43 165,782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-18 21:43 . 2007-11-20 10:23 11,874 -ra------ C:\WINDOWS\atiogl.xml
2008-07-18 21:43 . 2007-08-31 16:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-07-18 21:43 . 2008-07-18 21:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-18 21:31 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-18 21:30 . 2008-07-18 21:30 <DIR> d-------- C:\Program Files\MSBuild
2008-07-18 21:30 . 2008-07-18 21:30 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-18 21:29 . 2008-07-18 21:29 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-18 21:28 . 2008-07-18 21:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-18 21:27 . 2008-07-18 21:29 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-18 21:27 . 2008-07-18 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-07-18 21:26 . 2008-07-18 21:26 <DIR> dr-h----- C:\MSOCache
2008-07-18 21:02 . 2008-07-18 21:02 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-07-18 21:02 . 2008-07-18 21:02 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-18 21:02 . 2008-07-18 21:02 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-18 21:00 . 2008-07-20 15:01 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 18:49 . 2001-02-05 11:16 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2008-07-18 18:48 . 2008-07-18 18:49 <DIR> d-------- C:\Program Files\Brother
2008-07-18 18:48 . 2008-07-18 18:48 <DIR> d-------- C:\Brother
2008-07-18 18:48 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2008-07-18 18:48 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
2008-07-18 18:48 . 2002-10-31 01:09 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-07-18 18:48 . 2003-07-03 01:08 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2008-07-18 18:48 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-07-18 18:47 . 2008-07-18 18:47 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-18 18:47 . 2008-07-18 18:47 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-18 18:47 . 2008-07-18 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
2008-07-18 18:47 . 2008-07-18 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-07-18 18:47 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-07-18 18:46 . 2008-07-18 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Brother
2008-07-18 18:43 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-18 18:43 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-18 18:43 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-18 18:43 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-18 18:38 . 2008-07-18 18:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-18 18:35 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-07-18 18:35 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-07-18 18:32 . 2008-07-18 18:32 766 --a------ C:\WINDOWS\system\actualspy.lnk
2008-07-18 18:31 . 2008-07-18 18:31 <DIR> d-------- C:\Program Files\GSpot
2008-07-18 18:31 . 2008-07-18 18:31 <DIR> d-------- C:\Program Files\DivX
2008-07-18 18:30 . 2008-07-18 18:30 <DIR> d-------- C:\Program Files\XviD
2008-07-18 18:30 . 2008-07-18 18:30 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-18 18:30 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-07-18 18:26 . 2005-09-14 21:17 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 18:17 . 2008-07-18 18:17 <DIR> d-------- C:\Program Files\Opera
2008-07-18 15:56 . 2008-01-04 08:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:06 --------- d-----w C:\Documents and Settings\Magda\Dane aplikacji\ATI
2008-07-18 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-07-18 18:59 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-18 18:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 18:26 --------- d-----w C:\Program Files\Usługi online
2008-07-18 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-05-05 11:10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"WinampAgent"="D:\Programy\Winamp\winampa.exe" [2005-11-15 21:31 33792]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"kav"="D:\Programy\Kaspersky\avp.exe" [2006-03-24 19:09 139367]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-05-05 11:10 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-07-18 18:49:05 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Programy\\Kaspersky\\avp.exe"=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{1B820A3F-9CD2-4E1C-89A9-F3D9DB8C4BA5}: NameServer = 217.144.192.2,217.144.192.33

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 17:02:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-21 17:03:02
ComboFix-quarantined-files.txt 2008-07-21 15:02:59

Pre-Run: 15,099,817,984 bajtów wolnych
Post-Run: 15,122,194,432 bajtów wolnych

189 --- E O F --- 2008-07-21 14:07:52

Wklej do notatnika :

D:\autorun.inf

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom.

Ciekawe, że nie widać kluczy infekcji typu mountpoints2

Na wszelki wypadek wklej loga z DSS i Silent Runners obydwa programy na tej stronie : http://forum.idg.pl/bezpieczenstwo_kompute...ia-t118804.html