Witam

Mam antywirus Avast Home Edition. Wcześniej miałem Nortona 2005 który wirusa nie widział. Dokonując zmiany oprogramowania wyłączyłem internet aby uniknąć infekcji więc myślę źe mam to paskudztwo od dłuźszego czasu naet o tym nie wiedząc

Oto log z Avasta

2005–11–06 10:42:04 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\ANTK15.DLL" file.
2005–11–06 10:42:04 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–06 10:42:04 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDF15.DLL" file.
2005–11–06 10:42:58 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\ANTK15.DLL" file.
2005–11–06 10:50:32 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–06 10:51:41 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–06 10:51:53 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDF15.DLL" file.
2005–11–06 11:10:30 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–06 11:16:31 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\ANTK15.DLL" file.
2005–11–06 11:39:40 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\system32\setast15.cpl" file.
2005–11–06 21:44:40 SYSTEM 1456 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\System Volume Information\_restore{9BFED560–FE7D–4CF2–92E0–F3FBC796DCF9}\RP419\A0257658.dll" file.
2005–11–07 09:09:25 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 09:11:12 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 09:11:12 SYSTEM 292 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
2005–11–07 09:11:17 SYSTEM 292 An error has occured while attempting to update. Please check the logs.
2005–11–07 09:12:10 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 09:12:20 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 09:12:26 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\ANTK15.DLL" file.
2005–11–07 09:12:31 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 09:43:18 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 09:45:13 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 09:45:54 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 10:15:12 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 10:17:22 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 10:18:02 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 10:46:55 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 10:49:48 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 10:49:54 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 11:19:04 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 11:22:14 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 11:23:03 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 11:54:22 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 11:55:04 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdf15.dll" file.
2005–11–07 11:57:40 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\antk15.dll" file.
2005–11–07 12:16:38 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\System Volume Information\_restore{9BFED560–FE7D–4CF2–92E0–F3FBC796DCF9}\RP419\A0257659.dll" file.
2005–11–07 12:26:29 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 12:58:19 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 13:17:36 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 13:41:40 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\System Volume Information\_restore{9BFED560–FE7D–4CF2–92E0–F3FBC796DCF9}\RP419\A0257660.dll" file.
2005–11–07 14:55:39 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\windows\system32\hdp15.dll" file.
2005–11–07 14:56:03 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 14:59:10 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 15:00:32 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\HDP15.DLL" file.
2005–11–07 20:30:11 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\System Volume Information\_restore{9BFED560–FE7D–4CF2–92E0–F3FBC796DCF9}\RP419\A0257988.dll" file.
2005–11–07 23:19:51 SYSTEM 292 Sign of "Win32:Trojan–gen. {Other}" has been found in "C:\System Volume Information\_restore{9BFED560–FE7D–4CF2–92E0–F3FBC796DCF9}\RP419\A0257989.dll" file.

I log z HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 21:12:00, on 2005–11–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\twain_32\A4S2_32\Watch.exe
C:\MSCAN\Msoffice\panel.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Gajos\Pulpit\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: ohb – {285B5CCD–C3F0–4EB6–9632–7D0A3C3AF824} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 – HKCU\..\Run: [Microsoft Update Time] wuam.exe
O4 – HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\GG\Gadu–Gadu\gg.exe" /tray
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Startup: Spolszczenie – Auto Update.lnk = C:\Program Files\ICQLite\icq_4.14_build_1839_pl.exe
O4 – Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2_32\Watch.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:\ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–111191113457} – file://c:\ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–511111113457} – file://c:\x.cab
O16 – DPF: {11111111–1111–1111–1111–511111113458} – file://c:\x.cab
O16 – DPF: {11111111–1111–1111–1111–511111193457} – file://c:\x.cab
O16 – DPF: {11111111–1111–1111–1111–511111193458} – file://c:\x.cab
O16 – DPF: {23232323–2323–2323–2323–232323231122} – file://c:\x.cab
O16 – DPF: {53B8B406–42E4–4DD3–96E7–9DEC8CEB3DD8} (ICQVideoControl Class) – http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100943759156
O16 – DPF: {B1953AD6–C50E–11D3–B020–00A0C9251384} (O2C–Player (ELECO Software GmbH)) – http://www.o2c.de/download/O2CPlayer_147.cab
O16 – DPF: {DE910060–8EFB–44B9–B492–75180696643F} – http://www.hotsearchbar.com/toolbar30/hsrb.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O18 – Protocol: textwareilluminatorbase – {CE5CD329–1650–414A–8DB0–4CBF72FAED87} – C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: GhostStartService – Symantec Corporation – C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\smc.exe