Prosze o sprawdzenie i podpowiedź

ComboFix 08-03-14.4 - Adamigo 2008-03-16 16:44:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.652 [GMT 1:00]
Running from: C:\Documents and Settings\Adamigo\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 16:10 . 2008-03-16 16:20 <DIR> d-------- C:\Documents and Settings\Adamigo\Dane aplikacji\FileZilla
2008-03-16 16:01 . 2008-03-16 16:01 <DIR> d-------- C:\Documents and Settings\Adamigo\Dane aplikacji\ACD Systems
2008-03-16 16:00 . 2008-03-16 16:00 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-16 15:23 . 2008-03-16 15:23 <DIR> d---s---- C:\Documents and Settings\Adamigo\UserData
2008-03-16 15:22 . 2008-03-16 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-03-16 15:22 . 2008-03-16 16:00 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-03-16 15:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 15:20 . 2008-03-16 15:21 <DIR> d-------- C:\Program Files\Java
2008-03-16 15:17 . 2008-03-16 15:17 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-16 15:17 . 2008-03-16 15:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 15:10 . 2008-03-16 15:10 <DIR> d-------- C:\Documents and Settings\Adamigo\Dane aplikacji\Gadu-Gadu
2008-03-16 14:27 . 2008-03-16 14:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-16 14:26 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-16 14:26 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-16 14:26 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-16 14:26 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-16 14:26 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-16 14:26 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-16 14:26 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-16 14:26 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-16 14:26 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-16 14:20 . 2008-03-16 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-03-16 14:18 . 2008-03-16 14:19 <DIR> d-------- C:\WINDOWS\NV2241904.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 13:37 100,462 --sh--r C:\3o.exe
2008-03-16 13:27 --------- d-----w C:\Program Files\Common Files\Real
2008-03-16 13:18 --------- d-----w C:\Program Files\VisualTooltip
2008-03-16 13:18 --------- d-----w C:\Program Files\LClock
2008-03-16 12:49 --------- d-----w C:\Documents and Settings\Adamigo\Dane aplikacji\Stardock
2008-03-16 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-16 11:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-16 11:43 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-16 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 11:43 --------- d-----w C:\Program Files\TP-LINK
2008-03-16 11:39 --------- d-----w C:\Program Files\Analog Devices
2008-03-16 11:37 --------- d-----w C:\Program Files\Intel
2008-03-16 11:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-16 11:24 --------- d-----w C:\Program Files\Usługi online
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2007-05-10 15:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 16:12 364544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 05:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 05:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 05:22 86016]
"avast!"="D:\Awasta\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-16 14:27 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Gadu-Gadu\\gg.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9190b6-f34e-11dc-8708-0019e00fe4d7}]
\Shell\AutoRun\command - H:\3o.exe
\Shell\explore\Command - H:\3o.exe
\Shell\open\Command - H:\3o.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 16:44:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 16:45:11
ComboFix-quarantined-files.txt 2008-03-16 15:45:09

start>>uruchom>>wpisujesz "regedit">>odnajdujesz klucz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
i usuwasz go.