ComboFix.txt

pomocy trojan onlinegames caz

jak go usunac


ComboFix 08-02-12.3 - Administrator 2008-02-12 15:25:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1575 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix(3).exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-11 23:51 . 2008-02-11 23:51 & lt; DIR & gt; d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-02-11 23:47 . 2008-02-11 23:47 & lt; DIR & gt; d-------- C:\Program Files\Adobe
2008-02-11 23:46 . 2008-02-11 23:46 & lt; DIR & gt; d-------- C:\WINDOWS\Cache
2008-02-11 23:29 . 2008-02-11 23:29 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-11 19:57 . 2008-02-11 19:57 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:58 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-02-12 13:57 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-12 13:55 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-11 22:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-02-11 16:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-11 16:10 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-02-11 16:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-11 16:10 --------- d-----w C:\Program Files\Common Files
2008-02-11 16:10 --------- d-----w C:\Program Files\Alwil Software
2008-02-11 16:10 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\TuneUp Software
2008-02-11 16:10 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-02-11 16:04 --------- d-----w C:\Program Files\MarBit
2008-02-11 16:03 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-11 16:02 --------- d-----w C:\Program Files\totalcmd
2008-02-11 16:02 --------- d-----w C:\Program Files\Nero
2008-02-11 16:01 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-11 16:01 --------- d-----w C:\Program Files\AVS4YOU
2008-02-11 15:59 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-11 15:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 15:59 --------- d-----w C:\Program Files\SAGEM
2008-02-11 15:58 --------- d-----w C:\Program Files\Winamp
2008-02-11 15:58 --------- d-----w C:\Program Files\Skype
2008-02-11 15:58 --------- d-----w C:\Program Files\Google
2008-02-11 15:58 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-11 15:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-11 15:57 --------- d-----w C:\Program Files\WinZip
2008-02-11 15:57 --------- d-----w C:\Program Files\WinRAR
2008-02-11 15:57 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-11 15:47 --------- d-----w C:\Program Files\Realtek
2008-02-11 15:46 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-02-11 15:46 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-02-11 15:45 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-11 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 15:43 --------- d-----w C:\Program Files\Intel
2008-02-11 15:42 --------- d-----w C:\Program Files\Yahoo!
2008-02-11 15:39 --------- d-----w C:\Program Files\Common Files\Microsoft Shared
2008-02-11 15:38 --------- d--h--w C:\Program Files\Uninstall Information
2008-02-11 15:33 0 --sha-r C:\MSDOS.SYS
2008-02-11 15:33 0 --sha-r C:\IO.SYS
2008-02-11 15:33 0 ----a-w C:\CONFIG.SYS
2008-02-11 15:33 0 ----a-w C:\AUTOEXEC.BAT
2008-02-11 15:33 --------- d-----w C:\Program Files\xerox
2008-02-11 15:33 --------- d-----w C:\Program Files\Windows Media Player
2008-02-11 15:33 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-11 15:32 8,738 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2008-02-11 15:32 --------- d-----w C:\Program Files\Us?ugi online
2008-02-11 15:32 --------- d-----w C:\Program Files\Internet Explorer
2008-02-11 15:31 --------- d-----w C:\Program Files\Outlook Express
2008-02-11 15:31 --------- d-----w C:\Program Files\NetMeeting
2008-02-11 15:31 --------- d-----w C:\Program Files\Common Files\Services
2008-02-11 15:30 --------- d-----w C:\Program Files\ComPlus Applications
2008-02-11 15:30 --------- d-----w C:\Program Files\Common Files\System
2008-02-09 21:53 105,168 --sh--r C:\d6fagcs8.cmd
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 23:44 15360]
" Gadu-Gadu " = " C:\Program Files\Gadu-Gadu\gg.exe " [2007-11-14 11:54 2131392]
" Skype " = " C:\Program Files\Skype\Phone\Skype.exe " [2007-12-07 15:08 21686568]
" swg " = " C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe " [2008-02-11 16:58 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" RTHDCPL " = " RTHDCPL.EXE " [2007-09-19 11:14 16844800 C:\WINDOWS\RTHDCPL.exe]
" JMB36X IDE Setup " = " C:\WINDOWS\RaidTool\xInsIDE.exe " [2007-03-20 07:36 36864]
" 36X Raid Configurer " = " C:\WINDOWS\system32\xRaidSetup.exe " [2007-08-29 09:55 1966080]
" NvCplDaemon " = " C:\WINDOWS\system32\NvCpl.dll " [2007-05-10 23:03 8429568]
" nwiz " = " nwiz.exe " [2007-05-10 23:03 1626112 C:\WINDOWS\system32\nwiz.exe]
" NvMediaCenter " = " C:\WINDOWS\system32\NvMcTray.dll " [2007-05-10 23:03 81920]
" avast! " = " C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe " [2007-12-04 14:00 79224]
" WinampAgent " = " C:\Program Files\Winamp\winampa.exe " [2008-01-15 23:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-11 16:59:48 1205840]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:44]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-11 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
" 2008-02-11 16:10:10 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.


Download file - link to post