proszę o sprawdzenia loga - trojan C:\xo8wr9.exe

Kod:: omboFix 08-02-18.1 - Kasiula 2008-02-18 22:39:50.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.181 [GMT 1:00] Running from: C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))) . 2008-02-18 22:39 . 2008-02-18 22:41 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE 2008-02-18 22:30 . 2008-02-18 22:29 105,441 -r-hs---- C:\8ng8w.com 2008-01-30 09:01 . 2008-01-31 17:03 104,080 -r-hs---- C:\h.cmd 2008-01-29 10:39 . 2008-01-29 19:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-29 10:38 . 2008-01-29 10:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-29 09:48 . 2008-01-29 09:47 103,894 -r-hs---- C:\ylr.exe 2008-01-26 14:52 . 2008-01-26 14:52 31,296 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-01-23 17:49 . 2008-01-23 18:26 <DIR> d-------- C:\Program Files\Picasa2 2008-01-23 17:49 . 2008-01-23 17:49 <DIR> d-------- C:\Program Files\Google 2008-01-23 17:49 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 17:49 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-22 14:36 . 2008-01-23 16:03 105,199 -r-hs---- C:\xn1i9x.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 18:45 104,863 --sh--r C:\juok3st.bat 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 22:41 2113536] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2006-08-14 07:39 98304] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2006-08-14 07:41 114688] "Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2006-08-14 07:38 94208] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 10:37 110592] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 17:59] R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 19:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bc6de12-a1a3-11dc-a918-0019d28e4e1a}] \Shell\AutoRun\command - G:\h.cmd \Shell\explore\Command - G:\h.cmd \Shell\open\Command - G:\h.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90217344-8975-11dc-a8e3-0019d28e4e1a}] \Shell\AutoRun\command - G:\xo8wr9.exe \Shell\explore\Command - G:\xo8wr9.exe \Shell\open\Command - G:\xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ddf05b-c456-11dc-a940-0019d28e4e1a}] \Shell\AutoRun\command - G:\u.bat \Shell\explore\Command - G:\u.bat \Shell\open\Command - G:\u.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e991828e-8ad8-11dc-a8e6-0019d28e4e1a}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 22:41:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-18 22:41:38 ComboFix-quarantined-files.txt 2008-02-18 21:41:29 ComboFix2.txt 2008-02-18 21:36:40 . 2008-01-13 21:22:48 --- E O F ---

Wklej do Notatnika:

File::
C:\8ng8w.com
C:\h.cmd
C:\ylr.exe
C:\xn1i9x.com
C:\juok3st.bat
G:\u.bat

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ddf05b-c456-11dc-a940-0019d28e4e1a}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90217344-8975-11dc-a8e3-0019d28e4e1a}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bc6de12-a1a3-11dc-a918-0019d28e4e1a}]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.

Kod:: ComboFix 08-02-18.1 - Kasiula 2008-02-21 16:38:17.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.178 [GMT 1:00] Running from: C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))) . 2008-02-20 23:06 . 2008-02-20 23:06 <DIR> d-------- C:\Program Files\Dziobas Rar Player 2008-01-29 10:39 . 2008-01-29 19:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-29 10:38 . 2008-01-29 10:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-26 14:52 . 2008-01-26 14:52 31,296 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-01-23 17:49 . 2008-01-23 18:26 <DIR> d-------- C:\Program Files\Picasa2 2008-01-23 17:49 . 2008-01-23 17:49 <DIR> d-------- C:\Program Files\Google 2008-01-23 17:49 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 17:49 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 22:41 2113536] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2006-08-14 07:39 98304] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2006-08-14 07:41 114688] "Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2006-08-14 07:38 94208] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 10:37 110592] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 17:59] R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 19:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90217344-8975-11dc-a8e3-0019d28e4e1a}] \Shell\AutoRun\command - G:\xo8wr9.exe \Shell\explore\Command - G:\xo8wr9.exe \Shell\open\Command - G:\xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ddf05b-c456-11dc-a940-0019d28e4e1a}] \Shell\AutoRun\command - G:\u.bat \Shell\explore\Command - G:\u.bat \Shell\open\Command - G:\u.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e991828e-8ad8-11dc-a8e6-0019d28e4e1a}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 16:39:30 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-21 16:39:56 ComboFix-quarantined-files.txt 2008-02-21 15:39:48 ComboFix2.txt 2008-02-21 15:35:11 ComboFix3.txt 2008-02-18 21:41:39 ComboFix4.txt 2008-02-18 21:36:40 . 2008-02-19 09:49:13 --- E O F ---

Wg przypuszczeń rejestr nie jest wyczyszczony. Wklej do Notatnika:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ddf05b-c456-11dc-a940-0019d28e4e1a}\Shell\AutoRun\command]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90217344-8975-11dc-a8e3-0019d28e4e1a}\Shell\AutoRun\command]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc6de12-a1a3-11dc-a918-0019d28e4e1a}\Shell\AutoRun\command]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> plik uruchom

Pokaż po tym raz jeszcze log z Combofix.

Kod:: ComboFix 08-02-18.1 - Kasiula 2008-02-23 23:48:37.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.188 [GMT 1:00] Running from: C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe . ((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))) . 2008-02-22 10:13 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-02-20 23:06 . 2008-02-20 23:06 <DIR> d-------- C:\Program Files\Dziobas Rar Player 2008-01-29 10:39 . 2008-01-29 19:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-01-29 10:38 . 2008-01-29 10:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-26 14:52 . 2008-01-26 14:52 31,296 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-01-23 17:49 . 2008-01-23 18:26 <DIR> d-------- C:\Program Files\Picasa2 2008-01-23 17:49 . 2008-01-23 17:49 <DIR> d-------- C:\Program Files\Google 2008-01-23 17:49 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 17:49 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 09:14 --------- d-----w C:\Program Files\Winamp 2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-17 22:41 2113536] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2006-08-14 07:39 98304] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2006-08-14 07:41 114688] "Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2006-08-14 07:38 94208] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 10:37 110592] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 17:59] R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 19:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90217344-8975-11dc-a8e3-0019d28e4e1a}] \Shell\explore\Command - G:\xo8wr9.exe \Shell\open\Command - G:\xo8wr9.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ddf05b-c456-11dc-a940-0019d28e4e1a}] \Shell\explore\Command - G:\d6fagcs8.cmd \Shell\open\Command - G:\d6fagcs8.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e991828e-8ad8-11dc-a8e6-0019d28e4e1a}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-23 23:49:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-23 23:50:04 ComboFix-quarantined-files.txt 2008-02-23 22:49:57 ComboFix2.txt 2008-02-21 15:39:57 . 2008-02-19 09:49:13 --- E O F ---

Problem nadal występuje?

avast przy włączaniu kompa wykrywał mi amvo0.dll - po załączeniu Combofixa juz sie nie pojawił przeskanowałem avastem i nic nie wyskoczyło

proszę o sprawdzenia loga - trojan C:\xo8wr9.exe

Regulamin forum

proszę o sprawdzenia loga - trojan C:\xo8wr9.exe

drugi log wyglada tak

kolejny log -