Problem z koniem trojanskim, Win32:Nimosw [Trj]

ponczek · 6 Luty 2008 21:49

Proszę o sprawdzenie logow.

Mam avasta 4.7 i przy skanowaniu komputera wykrył mi tego wlasnie wirusa. Nie da sie go usunac ani poddac kwarantannie (Wyswietla się ze jest za jest za malo miejsca na dysku, co jest nieprawda). Werja VPS: 080206-0

Wklejam logi z Hijackthis i ComboFix

Logfile of HijackThis v1.99.1

Scan saved at 22:34:18, on 2008-02-06

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Piotras\AppData\Local\Temp\Rar$EX06.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM…\Run: [MSConfig] “C:\Windows\System32\msconfig.exe” /auto

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [Camera Assistant Software] “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe”

O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

_________________________________________________________________________________________________________________________

ComboFix 08-02.05.3 - Piotras 2008-02-06 22:38:45.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.1190 [GMT 1:00]

Running from: C:\Users\Piotras\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

2008-02-06 12:14 . 2008-02-06 12:14

2008-02-06 12:13 . 2008-02-06 12:14

2008-02-06 12:13 . 2008-02-06 12:13

2008-02-06 12:11 . 2008-02-06 12:13

2008-02-06 12:11 . 2008-02-06 12:12

2008-02-06 12:08 . 2008-02-06 12:08

2008-01-24 20:13 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr

2008-01-24 20:13 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys

2008-01-24 20:13 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys

2008-01-24 20:12 . 2008-01-24 20:12

2008-01-24 20:12 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe

2008-01-24 20:12 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx

2008-01-24 20:12 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys

2008-01-21 23:06 . 2008-01-21 23:06

2008-01-20 22:33 . 2008-01-20 22:33 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-20 22:33 . 2008-01-20 22:33 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-20 22:33 . 2008-01-20 22:33 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-20 22:33 . 2008-01-20 22:33 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-20 22:33 . 2008-01-20 22:33 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-20 22:32 . 2008-01-20 22:32 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\Windows\System32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 14:44 --------- d-----w C:\Program Files\Google

2008-01-29 23:37 --------- d-----w C:\Users\Piotras\AppData\Roaming\Skype

2008-01-22 14:32 --------- d-----w C:\ProgramData\McAfee

2008-01-20 21:34 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-20 20:32 --------- d-----w C:\Program Files\Picasa2

2008-01-18 11:21 --------- d-----w C:\Program Files\orf-ski

2008-01-18 11:15 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-01-18 10:36 --------- d-----w C:\Program Files\Microsoft Games

2007-12-22 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-22 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-22 02:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-22 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-22 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-22 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-22 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-22 02:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-22 02:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-22 02:02 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-22 02:02 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-22 02:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-22 02:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-10 17:30 --------- d-----w C:\Program Files\Alcohol Soft

2007-12-10 17:27 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2006-11-02 13:35 125440]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-06 14:38 2119104]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-20 22:32 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSConfig”=“C:\Windows\System32\msconfig.exe” [2006-11-02 10:45 222208]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-08-22 20:11 1006264]

“TPwrMain”=“C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE” [2007-03-29 18:39 411192]

“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-08-15 23:31 102400]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 20:35 90112]

“SmoothView”=“C:\Program Files\Toshiba\SmoothView\SmoothView.exe” [2007-06-16 05:01 448080]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-08-10 03:26 4702208 C:\Windows\RtHDVCpl.exe]

“NeroFilterCheck”=“C:\Windows\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“NDSTray.exe”=“NDSTray.exe” []

“HSON”=“C:\Program Files\TOSHIBA\TBS\HSON.exe” [2006-12-08 00:49 55416]

“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2007-08-22 21:03 1862144]

“Camera Assistant Software”=“C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” [2007-05-22 18:50 413696]

“00TCrdMain”=“C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe” [2007-05-23 00:32 538744]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-01-10 15:27 385024]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-01-15 03:22 267048]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-10-23 22:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2007-11-06 14:38 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

–a------ 2007-11-07 17:05 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 19:23]

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-08-01 22:37]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]

R2 pinger;pinger;C:\Toshiba\IVP\ISM\pinger.exe [2007-01-26 01:47]

R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-01 22:39]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 05:55]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 02:03]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 07:36]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 07:11]

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 21:42]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 19:50]

R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 18:19]

S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-24 00:32]

S3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 15:51]

S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 23:32]

S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 23:31]

S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2007-01-03 09:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{479e55d2-a745-11dc-ac28-000feaa252c8}]

\shell\AutoRun\command - E:\autorun.exe

\shell\directx\command - E:\DirectX9\dxsetup.exe

\shell\setup\command - E:\setup.exe

.

Contents of the ‘Scheduled Tasks’ folder

“2008-02-06 18:20:25 C:\Windows\Tasks\User_Feed_Synchronization-{3EBFCB01-A571-46D9-ACEE-6F24D718D976}.job”

C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-06 22:41:13

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-06 22:42:21

.

2008-01-20 21:33:45 — E O F —

Leon1 · 7 Luty 2008 14:38

Logi wyglądają na czyste

Przeskanuj system tym http://www.kaspersky.pl/virusscanner.html

jakoś nie wierzę w avasta

Gutek · 7 Luty 2008 21:19

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350