Prosze o sprawdzenie loga z ComboFix:
ComboFix 08-04-14.2 - Luka 2008-04-15 17:00:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.577 [GMT 2:00]
Running from: C:\Documents and Settings\Luka\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\000778C7
C:\Program Files\myglobalsearch\bar\Cache\00077AEA
C:\Program Files\myglobalsearch\bar\Cache\00077C23.bin
C:\Program Files\myglobalsearch\bar\Cache\00077E36.bin
C:\Program Files\myglobalsearch\bar\Cache\0007A2C5.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-12 12:22 . 2008-04-02 11:39 103,182 -r-hs---- C:\mvxm.cmd
2008-04-09 15:42 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-09 15:42 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-04 23:56 . 2008-04-04 23:56
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 15:00 --------- d-----w C:\Documents and Settings\Luka\Dane aplikacji\uTorrent
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-18 21:30 --------- d-----w C:\Program Files\Java
2008-02-22 21:24 --------- d-----w C:\Program Files\Opera
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2008-04-12 13:49 219952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Cmaudio”=“cmicnfg.cpl” []
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-07-16 11:20 35328]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 21:24 32768]
“AtiPTA”=“atiptaxx.exe” [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
“Creative Mouse Software”=“C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe” [2004-09-23 15:13 49152]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe”=
“E:\Half-Life 2\hl2.exe”=
“E:\Call of Duty 2\CoD2MP_s.exe”=
“C:\Program Files\mIRC\mirc.exe”=
“C:\Program Files\NAPI-PROJEKT\napisy.exe”=
“E:\Valve\Steam\Steam.exe”=
“E:\Valve\Steam\SteamApps\ukasz82\counter-strike\hl.exe”=
“E:\Valve\Steam\SteamApps\ukasz82\condition zero\hl.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“10044:TCP”= 10044:TCP:BitComet 10044 TCP
“10044:UDP”= 10044:UDP:BitComet 10044 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S1 atitray;atitray;C:\PROGRA~1\NGOATI~1.6\ATT\atitray.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1eb80646-04a9-11dd-9f46-0004757b83db}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{33d3d690-aa66-11db-a468-806d6172696f}]
\Shell\AutoRun\command - C:\mvxm.cmd
\Shell\explore\Command - C:\mvxm.cmd
\Shell\open\Command - C:\mvxm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f9ef8dc5-b643-11dc-9e4a-0004757b83db}]
\Shell\AutoRun\command - J:\mvxm.cmd
\Shell\explore\Command - J:\mvxm.cmd
\Shell\open\Command - J:\mvxm.cmd
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:01:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-15 17:02:01
ComboFix-quarantined-files.txt 2008-04-15 15:01:45
Pre-Run: 1,946,763,264 bajtów wolnych
Post-Run: 1,937,457,152 bajtów wolnych
Z gory dzieki za pomoc.