dc37
(Dc3)
21 Październik 2007 15:55
#1
Witam serdecznie.
Avast wykrył wirusa Solow-D, wirus został usunięty.
Bardzo proszę o sprawdzenie loga czy nie zostawił po sobie bałaganu.
Z góry dziękuję i pozdrawiam.
Log z HiJacka:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:46, on 2007-10-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe D:\Programy\Avast4\aswUpdSv.exe D:\Programy\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programy\Avast4\ashMaiSv.exe D:\Programy\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Ahead\InCD\InCD.exe D:\Programy\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe D:\Programy\Avast4\ashDisp.exe D:\programy\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe D:\Programy\ZoneAlarm\zlclient.exe C:\PROGRA~1\Plustek\Software\MrPhoto3\Smart Start UP\PnPDetect.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Plustek\OpticFilm 7200i\QuickScan.exe C:\Program Files\RALINK\Common\RaUI.exe D:\Programy\OpenOffice.org 2.2\program\soffice.exe D:\Programy\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\foobar2000\foobar2000.exe C:\WINDOWS\system32\WISPTIS.EXE D:\Programy\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Programy\Avast4\ashSimpl.exe D:\Programy\Avast4\ashLogV.exe D:\Programy\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=3 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] D:\Programy\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe” O4 - HKLM…\Run: [avast!] D:\Programy\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “D:\programy\qttask.exe” -atboottime O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [ZoneAlarm Client] “D:\Programy\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [smart Start UP] C:\PROGRA~1\Plustek\Software\MrPhoto3\Smart Start UP\PnPDetect.exe /Automation O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: OpenOffice.org 2.2.lnk = D:\Programy\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: QuickScan (OpticFilm 7200i).lnk = C:\Program Files\Plustek\OpticFilm 7200i\QuickScan.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 7923 bytes
jessica
(jessica)
22 Październik 2007 08:19
#2
Oczywiście ślady jeszcze są.
Wklej do Notatnika :
File::
C:\WINDOWS\pagefile.sys.vbs
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSRegInfo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6d3310a-0950-11dc-b6d4-000fea35420a}]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Sprawdź te pliki na – http://virusscan.jotti.org/
Opis, jak korzystać z JOTTI – http://otfans.pl/forums/showthread.php?tid=552
albo na http://www.virustotal.com/en/indexf.html .
(korzysta się podobnie jak z JOTTI).
Ten “MidrvA21.dll” prawdopodobnie będzie dobry, od Plusteka.
Daj log z ComboFixa i napisz o wyniku.
jessi
dc37
(Dc3)
23 Październik 2007 16:09
#3
Pliki sprawdziłem na stronie http://virusscan.jotti.org/ nic nie zostało wykryte.
Oto log Combofixa:
ComboFix 07-10-20.6 - oem 2007-10-23 18:02:31.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.94 [GMT 2:00] Running from: C:\Documents and Settings\oem\Pulpit\Nowy folder\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-21 17:40 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 17:25 2007-10-07 00:41 2007-10-06 20:48 2007-10-06 20:48 2007-10-06 07:42 2007-10-06 07:41 2007-10-06 07:38 2007-10-06 07:37 2007-10-06 07:37 2007-10-06 07:36 2007-10-06 07:34 2007-10-06 07:34 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-10-06 07:34 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2007-10-06 07:34 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-10-06 07:33 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll 2007-10-06 07:33 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll 2007-10-06 07:33 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll 2007-10-06 07:33 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll 2007-10-06 07:33 294,912 -ra------ C:\WINDOWS\system32\hpovst10.dll 2007-10-06 07:33 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll 2007-10-06 07:33 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll 2007-10-06 07:32 2007-10-06 07:31 2007-10-06 07:28 141,264 --a------ C:\WINDOWS\hpoins12.dat 2007-10-06 07:28 1,470 --------- C:\WINDOWS\hpomdl12.dat 2007-10-06 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-10-06 07:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-10-01 21:41 2007-10-01 21:37 2007-10-01 21:37 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-10-01 21:37 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-10-01 21:37 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2007-10-01 21:37 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2007-10-01 21:28 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-10-01 21:28 87,040 --a–c— C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2007-10-01 21:28 45,056 -ra------ C:\WINDOWS\system32\MidrvA21.dll 2007-10-01 21:22 49,152 -r------- C:\WINDOWS\AutoSet.dll 2007-10-01 21:20 2007-10-01 21:20 385,100 --------- C:\WINDOWS\system32\MSVCRTD.DLL 2007-10-01 21:18 2007-10-01 21:18 2007-10-01 21:13 2007-10-01 21:12 2007-09-25 21:26 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2007-09-25 21:26 290,918 --a------ C:\WINDOWS\system32\Install7x.dll 2007-09-25 21:26 255,232 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2007-09-25 21:26 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.SYS 2007-09-25 21:26 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-09-25 21:26 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin 2007-09-25 21:25 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 16:01 --------- d-----w C:\Documents and Settings\oem\Dane aplikacji\foobar2000 2007-10-23 14:49 --------- d-----w C:\Documents and Settings\oem\Dane aplikacji\OpenOffice.org2 2007-10-21 16:31 --------- d-----w C:\Program Files\a-squared Free 2007-10-18 20:21 --------- d-----w C:\Documents and Settings\oem\Dane aplikacji\Skype 2007-10-01 19:22 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-21 17:06 --------- d-----w C:\Program Files\Java 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-31 14:54 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-08-31 14:54 --------- d-----w C:\Program Files\Autodesk Volo View 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-06-16 16:02:10 23 --sha-w C:\WINDOWS\system32\dfbd_r.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 C:\WINDOWS\SOUNDMAN.EXE] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 22:05] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-05-04 01:33] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-06-10 16:20] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “RemoteControl”=“D:\Programy\PowerDVD\PDVDServ.exe” [2004-11-02 21:24] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-12-10 02:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-09-21 19:06] “avast!”=“D:\Programy\Avast4\ashDisp.exe” [2007-09-06 12:06] “QuickTime Task”=“D:\programy\qttask.exe” [2005-12-18 15:06] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2006-03-16 01:07] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] “ZoneAlarm Client”=“D:\Programy\ZoneAlarm\zlclient.exe” [2007-03-09 01:02] “Smart Start UP”=“C:\PROGRA~1\Plustek\Software\MrPhoto3\Smart Start UP\PnPDetect.exe” [2003-01-21 14:25] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-12-10 21:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “Creative Detector”=“C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” [2004-12-02 18:23] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-03 17:11] C:\Documents and Settings\oem\Menu Start\Programy\Autostart\ OpenOffice.org 2.2.lnk - D:\Programy\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 01:33:42] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10] QuickScan (OpticFilm 7200i).lnk - C:\Program Files\Plustek\OpticFilm 7200i\QuickScan.exe [2007-10-01 21:12:53] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-09-25 21:26:43] R1 eusk2par;EUTRON SmartKey Parallel Driver;??\C:\WINDOWS\system32\Drivers\eusk2par.sys S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc . Contents of the ‘Scheduled Tasks’ folder “2007-10-17 06:12:10 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job” - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 18:04:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 18:05:03 C:\ComboFix2.txt … 2007-10-22 20:37 C:\ComboFix3.txt … 2007-10-21 17:44 . — E O F —