Dziekuje serdecznie za odpowiedz, usunelam wszystko co znalazl Malwarebytes,
To log z Combofixa:
ComboFix 08-12-15.01 - Justynka 2008-12-15 19:03:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1983.1486 [GMT 0:00]
Uruchomiony z: c:\documents and settings\Justynka\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32_000006_.tmp.dll
c:\windows\system32\EhRsrtwa.ini
c:\windows\system32\EhRsrtwa.ini2
c:\windows\system32\sysyjreg.dll
c:\windows\system32\yegqgglo.dll
c:\windows\Tasks\hiifabbh.job
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 )))))))))))))))))))))))))))))))
.
2008-12-15 18:33 . 2008-12-15 18:33
2008-12-15 18:33 . 2008-12-15 18:33
2008-12-15 18:33 . 2008-12-15 18:33
2008-12-15 18:33 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 18:33 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 19:30 . 2008-12-14 19:30
2008-12-14 19:04 . 2008-12-14 19:04 0 --a------ c:\windows\nsreg.dat
2008-12-14 18:04 . 2008-12-14 18:04
2008-12-14 17:56 . 2008-12-14 17:56
2008-12-14 17:56 . 2008-12-14 17:56
2008-12-14 17:56 . 2008-05-07 13:20 71,592 --a------ c:\windows\system32\drivers\avfwot.sys
2008-12-14 17:56 . 2008-05-07 09:51 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2008-12-10 22:22 . 2008-12-10 22:22
2008-12-10 22:21 . 2008-12-10 22:21
2008-12-10 22:21 . 2008-12-10 22:21
2008-12-10 22:21 . 2008-12-10 22:21
2008-12-10 22:21 . 2008-12-10 22:21
2008-12-10 20:37 . 2008-12-10 22:22
2008-12-10 20:36 . 2008-12-10 22:22
2008-12-10 20:36 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-10 19:39 . 2008-12-10 22:12
2008-12-10 19:38 . 2008-12-10 22:21
2008-12-10 15:59 . 2008-12-10 22:12
2008-12-10 15:59 . 2008-12-10 15:59
2008-12-10 15:50 . 2008-12-10 15:50
2008-12-10 15:50 . 2008-12-10 15:50
2008-12-09 21:37 . 2008-12-09 21:37 2,985,894 --a------ c:\windows\system32\t.bmp
2008-12-08 16:26 . 2008-12-08 16:26 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-08 16:26 . 2008-12-08 16:26 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-06 19:00 . 2008-04-14 17:20 221,184 --a------ c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 19:00 --------- d-----w c:\documents and settings\Justynka\Dane aplikacji\uTorrent
2008-12-15 18:58 --------- d-----w c:\documents and settings\Justynka\Dane aplikacji\Skype
2008-12-15 16:10 --------- d-----w c:\documents and settings\Justynka\Dane aplikacji\skypePM
2008-12-13 10:52 --------- d-----w c:\documents and settings\Justynka\Dane aplikacji\Apple Computer
2008-12-10 22:22 --------- d-----w c:\program files\Apple Software Update
2008-12-10 22:21 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-10 22:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-10 20:37 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 15:58 --------- d-----w c:\program files\Sony Ericsson
2008-12-10 15:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2008-12-03 18:08 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 20:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla
2008-11-10 20:01 --------- d-----w c:\documents and settings\Justynka\Dane aplikacji\ipla
2008-10-25 07:54 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:29 --------- d-----w c:\program files\epson
2008-10-20 15:37 --------- d-----w c:\program files\Skype
2008-10-20 15:37 --------- d-----w c:\program files\Common Files\Skype
2008-10-20 15:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-19 17:59 --------- d-----w c:\program files\Usługi online
2008-10-13 15:08 315,392 ----a-w c:\windows\HideWin.exe
2008-08-01 18:15 70,312 ----a-w c:\documents and settings\Justynka\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-09-29 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ALi5289”=“c:\program files\ULI5289\ALi5289.exe” [2005-03-10 405504]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 32768]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-02-25 8491008]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-02-25 81920]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-10-25 136600]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 39792]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2008-11-04 413696]
“iTunesHelper”=“d:\program files\iTunes\iTunesHelper.exe” [2008-11-20 290088]
“avgnt”=“c:\program files\Avira\Avira Premium Security Suite\avgnt.exe” [2008-06-12 266497]
“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“c:\program files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 479232]
“nwiz”=“nwiz.exe” [2008-02-25 c:\windows\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2008-04-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=wroigq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” -osboot
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
“SoundMan”=SOUNDMAN.EXE
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“d:\Program Files\Gadu-Gadu\gg.exe”=
“c:\WINDOWS\system32\dpvsetup.exe”=
“d:\Program Files\eMule\emule.exe”=
“d:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Microsoft ActiveSync\astu.exe”=
“c:\Program Files\Microsoft ActiveSync\rapimgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“d:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“31769:TCP”= 31769:TCP:eMule TCP
“58217:UDP”= 58217:UDP:eMule UDP
“17049:TCP”= 17049:TCP:BitComet 17049 TCP
“17049:UDP”= 17049:UDP:BitComet 17049 UDP
“8001:TCP”= 8001:TCP:BitComet 8001 TCP
“8001:UDP”= 8001:UDP:BitComet 8001 UDP
R0 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2006-07-28 51840]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 78416]
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-12-14 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;“c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe” [2008-12-14 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;“c:\program files\Avira\Avira Premium Security Suite\avmailc.exe” [2008-12-14 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;“c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE” [2008-12-14 258305]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-07 20560]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;“c:\program files\Avira\Avira Premium Security Suite\avesvc.exe” [2008-12-14 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-12-14 71464]
R3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\DRIVERS\snct511.sys [2008-10-14 229376]
S0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys []
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\DRIVERS\BLKWGDv7.sys [2008-09-16 303616]
S3 SetupNTGLM7X;SetupNTGLM7X;??\E:\NTGLM7X.sys []
S3 SjyPkt;SjyPkt;??\c:\windows\System32\Drivers\SjyPkt.sys []
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys [2008-03-17 408064]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0e114c52-8362-11dd-bc73-000fea2f0b3e}]
\Shell\AutoRun\command - P:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0f2c6bac-ffce-11dc-bb15-001cdf7865fd}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0f2c6baf-ffce-11dc-bb15-001cdf7865fd}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3a98ecd8-a6fb-11dc-b9be-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3a98ecd9-a6fb-11dc-b9be-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{76fc5f78-a676-11dc-b9bb-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{76fc5f7b-a676-11dc-b9bb-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{88305a6a-a6f3-11dc-b9bd-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d2a-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d2b-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d35-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d36-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d38-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bff54d39-a707-11dc-b9bf-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f44d9fda-ac13-11dc-b9e1-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f44d9fdb-ac13-11dc-b9e1-000fea2f0b3e}]
\Shell\AutoRun\command - N:\AutoRun.exe
.
Zawartość folderu ‘Zaplanowane zadania’
2008-12-15 c:\windows\Tasks\AF8AF0AA9199624A.job
- c:\docume~1\justynka\daneap~1\chinit~1\SizeDrvAmen.exe []
2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
BHO-{7DDDF9EE-E7F6-42CC-AF5F-3405AC8B77E0} - c:\windows\system32\awtrsRhE.dll
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: &Search
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Justynka\Dane aplikacji\Mozilla\Firefox\Profiles\ecvzzn1w.default\
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 19:08:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avsda.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-15 19:10:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-12-15 19:10:32
Przed: 4 315 357 184 bajtów wolnych
Po: 4,311,748,608 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /FASTDETECT /NOEXECUTE=OPTIN
246 — E O F — 2008-12-12 16:02:04