Dzięki bardzo że zechciałeś mi pomóc zgodnie z tym co napisałeś utworzyłam logi za pomocą obydwu programów trochę to trwało bo tak jak mówiłam nie znam sie na komputerach aż tak dokładnie poniżej podaje wygenerowane logi
za pomocą HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:03, on 2008-10-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\karolcia\USTAWI~1\Temp\zauninst.exe
C:\DOCUME~1\karolcia\USTAWI~1\Temp\GLB19.tmp
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\karolcia\USTAWI~1\Temp\Rar$EX08.640\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.polbank24.pl/netbanking/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
i programu ComboFix:
ComboFix 08-10-15.06 - karolcia 2008-10-16 11:47:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1907 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\karolcia\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\karolcia\Pulpit\Nowy folder (2)\drivers\Vista32bit\Desktop_.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-16 do 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 18:53 . 2008-10-16 11:19
2008-10-15 18:53 . 2008-10-16 11:17
2008-10-15 08:51 . 2008-08-14 15:46 2,181,632 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 08:51 . 2008-08-14 15:46 2,137,600 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:51 . 2008-08-14 15:46 2,059,008 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:51 . 2008-08-14 15:46 2,017,280 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-12 23:36 . 2008-10-12 23:36
2008-10-12 18:57 . 2008-10-12 18:57
2008-10-12 18:57 . 2008-10-12 18:57
2008-10-12 18:57 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-12 18:56 . 2008-10-12 18:57
2008-10-12 18:56 . 2008-10-12 18:56
2008-10-11 23:47 . 2008-10-11 23:47
2008-10-11 23:47 . 2008-10-12 00:59
2008-10-11 23:47 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-10-10 20:33 . 2008-10-10 20:33 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-10-10 20:04 . 2008-10-10 20:05
2008-10-10 20:00 . 2008-10-10 20:00
2008-09-28 20:30 . 2008-09-28 20:30 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-09-28 00:23 . 2008-09-28 00:23
2008-09-28 00:22 . 2008-09-28 00:22
2008-09-28 00:20 . 2008-09-28 00:21
2008-09-27 23:27 . 2008-09-27 23:28
2008-09-27 23:22 . 2008-09-27 23:23
2008-09-27 23:21 . 2008-09-27 23:21
2008-09-27 23:19 . 2008-09-27 23:20
2008-09-26 21:11 . 2008-09-26 21:11
2008-09-26 18:27 . 2008-09-26 18:27
2008-09-26 18:27 . 2008-09-26 18:27
2008-09-26 18:27 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-26 18:27 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-23 10:17 . 2008-09-23 10:23
2008-09-23 10:17 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-23 10:17 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-23 10:15 . 2008-10-15 10:34
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 09:40 --------- d-----w C:\Documents and Settings\karolcia\Dane aplikacji\Skype
2008-10-16 08:26 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-16 08:22 --------- d-----w C:\Documents and Settings\karolcia\Dane aplikacji\skypePM
2008-10-15 15:20 3,135,766 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-13 22:03 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-10-12 18:34 3,290,624 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-09-26 19:06 --------- d-----w C:\Program Files\ATI Technologies
2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-03 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-20 05:38 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,137,600 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-06-03 21718312]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-08-21 443968]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2003-10-30 192512]
“amd_dc_opt”=“C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe” [2006-11-17 77824]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-09-08 266497]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2008-03-13 919016]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-07-16 61440]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“AtiPTA”=“atiptaxx.exe” [2006-02-22 C:\WINDOWS\system32\atiptaxx.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2008-05-16 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-06-13 92280]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R1 FSLX;FSLX;C:\WINDOWS\system32\drivers\fslx.sys [2006-05-17 166400]
R2 LANPkt;Realtek LANPkt Protocol Driver;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2006-03-07 8960]
S3 atikmdag;atikmdag;C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2008-01-10 3483648]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2006-03-07 16384]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\karolcia\Dane aplikacji\Mozilla\Firefox\Profiles\6m4gjhqc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.pl
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 11:49:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-16 11:51:49
ComboFix-quarantined-files.txt 2008-10-16 09:51:47
Przed: 108 123 119 616 bajtów wolnych
Po: 107,293,204,480 bajtów wolnych
158 — E O F — 2008-10-15 08:34:57
Co dalej powinnam z tym zrobić jesli możesz powiedz mi to jakimś prostym językiem krok po kroku jak powinnam postępować i jakiego programu dalej używać z góry dziekuję za wyrozumiałość i cierpliwość i czekam na jakąś odpowieź
Jescze raz dziekuję