[piratess]

hi, i have problem with some malvare. AcraVir is removing over and again this trojan.gamethief.Bhfk from my disk. Please help. This is log from ComboFix

ComboFix 09-07-31.01 - Piotr 2009-07-31 21:55.2.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1023.728 [GMT 2:00]Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning enabled* (Updated) {430EE792-8EF9-4D8A-B486-78BBF686F0E1}FW: ArcaFirewall 2008 *enabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Installer\ba456d.msic:\windows\system32\nmdfgds1.dll.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AVPSYS-------\Legacy_KAVSYS-------\Service_AVPsys(((((((((((((((((((((((((   Pliki utworzone od 2009-06-28 do 2009-07-31  ))))))))))))))))))))))))))))))).Nie utworzono żadnych nowych plików w tym okresie.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-17 06:24 . 2007-12-20 19:13	--------	d-----w-	c:\documents and settings\TATA\Dane aplikacji\skypePM2009-07-17 06:24 . 2007-11-25 14:33	--------	d-----w-	c:\documents and settings\TATA\Dane aplikacji\Skype2009-07-11 19:29 . 2008-05-22 08:28	19184	----a-w-	c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-29 06:56 . 2009-03-18 08:28	--------	d-----w-	c:\documents and settings\MAMA\Dane aplikacji\Ahead2009-06-26 10:13 . 2009-06-26 10:13	--------	d--h--r-	c:\documents and settings\ANIA\Dane aplikacji\Chromeflower2009-06-26 10:13 . 2009-06-26 10:13	--------	d--h--r-	c:\documents and settings\ANIA\Dane aplikacji\CrystalSpace2009-06-26 10:12 . 2009-06-26 10:12	--------	d-----w-	c:\program files\ICE-land2009-06-16 19:00 . 2007-11-26 11:08	19184	----a-w-	c:\documents and settings\MAMA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-23 09:44 . 2009-05-23 09:44	152576	----a-w-	c:\documents and settings\Piotr\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-07-27 10:19 . 2009-02-16 21:20	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 61440]"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-06-18 147456]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-03-12 77824]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2009-01-19 514568]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 348160]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2009-01-19 630784]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]c:\documents and settings\PP\Menu Start\Programy\Autostart\PowerReg Scheduler.exe [2008-3-18 256000][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VPN Client.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\VPN Client.lnkbackup=c:\windows\pss\VPN Client.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^Active SMART.lnk]path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\Active SMART.lnkbackup=c:\windows\pss\Active SMART.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^HDDlife.lnk]path=c:\documents and settings\Piotr\Menu Start\Programy\Autostart\HDDlife.lnkbackup=c:\windows\pss\HDDlife.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"HDDlife HDD Access service"=2 (0x2)"SolidWorks Licensing Service"=3 (0x3)"ose"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Tlen.pl\\tlen.exe"="c:\\Program Files\\BitLord\\BitLord.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 75856]R2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-05-14 158216]R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\taskscheduler.exe [2007-10-25 151552]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]R2 AVUpdate;ArcaBit Update Service;c:\progra~1\ArcaBit\ARCAUP~1\update.exe [2008-03-29 117256]R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336]R3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-12-10 37896]R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]R3 st3tgbus;st3tgbus;c:\windows\system32\drivers\st3tgbus.sys [2003-03-12 8640]R3 st3tiger;st3tiger;c:\windows\system32\drivers\st3tiger.sys [2003-03-12 99168]S2 ActiveSMART Service;ActiveSMART Service;c:\program files\ActiveSMART 2.62\ASmartService.exe --> c:\program files\ActiveSMART 2.62\ASmartService.exe [?]S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-01-30 241664]S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-ActiveSMART - c:\program files\ActiveSMART 2.62\\ActiveSMART.exe.------- Skan uzupełniający -------.uStart Page = about:blankIE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dllHandler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dllFF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\djz0fevz.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - WikipediaFF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\ArcaExt.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-07-31 22:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Cisco Systems\VPN Client\cvpnd.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wdfmgr.exec:\program files\ArcaBit\ArcaVir\NetMonSV.exe.**************************************************************************.Czas ukończenia: 2009-07-31 22:07 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-31 20:07Przed: 5 293 764 608 bajtów wolnychPo: 5 215 989 760 bajtów wolnych130	--- E O F ---	2008-10-16 15:29