witam. mam problem z plikiem services.exe, mój komputer po włączeniu pochodzi 10 minut i wyskakuje okienko z odliczaniem czasu restartu komputera. bardzo prosze o pomoc w tej sprawie, bo nie chciałbym narazie robić formata kompa.
Logfile of HijackThis v1.99.1 Scan saved at 10:44:54, on 2007-05-21 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\BearShare\BearShare.exe D:\Winamp\winampa.exe D:\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe D:\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.942\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:\WINDOWS\System32\localsplnet.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [bearShare] “D:\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] D:\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [Emurayden PSX Emulator] D:\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe O4 - HKLM…\Run: [zxcdiag] C:\WINDOWS\System32\zxcconf.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - AppInit_DLLs: confzxc.dll zxcstat.dll O20 - Winlogon Notify: zxcmgr - C:\WINDOWS\SYSTEM32\zxcmgr32.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Złączono Posta : 21.05.2007 (Pon) 14:42
bardzo proszę o pomoc bo mi bardzo zależy na jak najszybszej naprawie…
Gutek
(Gutek)
21 Maj 2007 14:03
#2
w trybie awaryjnym usuń wpisy HJT, a pliki ręcznie
Daj log z Combofix
zrobiłem jak mi kazano lecz nie mogłem usunąć pliku 020- winlogonNotify:" C:\Windows\System32\zxcmgr32.dll
a to log:
ComboFix 07-05.21.6.V - Running from: “D:” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ADMINI~1\Pulpit\internet.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-20 13:58 101,888 --a------ C:\WINDOWS\system32\services.exe 2007-05-20 13:56 2007-05-20 10:47 57,344 --ah----- C:\WINDOWS\system32\confzxc.dll 2007-05-20 10:47 49,152 --ah----- C:\WINDOWS\system32\zxcprf32.dll 2007-05-20 10:47 40,960 --ah----- C:\WINDOWS\system32\zxcperf.exe 2007-05-20 10:47 335,902 --ah----- C:\WINDOWS\system32\zxcmgr32.dll 2007-05-20 10:47 127,006 --ah----- C:\WINDOWS\system32\zxcstat.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-19 13:19:42 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-11 12:07:52 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-01 11:46:37 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-01 11:31:34 669 ----a-w C:\WINDOWS\eReg.dat 2007-03-25 11:38:47 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-25 11:38:46 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-02 15:47:51 737,280 ----a-w C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BearShare”=“D:\BearShare\BearShare.exe” [2006-07-26 14:48] “WinampAgent”=“D:\Winamp\winampa.exe” [2006-11-21 19:38] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “RemoteControl”=“D:\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 20:42] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 04:10] “Emurayden PSX Emulator”=“D:\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe” [2002-07-25 23:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 08:14] “Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2005-08-30 20:51] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-02-07 17:04] *Newly Created Service* -PROCEXP90 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070521-181310-486 O20 - Winlogon Notify: zxcmgr - C:\WINDOWS\SYSTEM32\zxcmgr32.dll ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zxcmgr] “Asynchronous”=dword:00000000 “DllName”=“zxcmgr32.dll” “Impersonate”=dword:00000000 “Startup”=“WlxStartup” “Shutdown”=“WlxShutdown” backup-20070521-180234-347 O20 - Winlogon Notify: zxcmgr - C:\WINDOWS\SYSTEM32\zxcmgr32.dll ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zxcmgr] “Asynchronous”=dword:00000000 “DllName”=“zxcmgr32.dll” “Impersonate”=dword:00000000 “Startup”=“WlxStartup” “Shutdown”=“WlxShutdown” backup-20070521-180229-907 O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070521-180228-843 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070521-180228-916 O4 - HKLM…\Run: [zxcdiag] C:\WINDOWS\System32\zxcconf.exe backup-20070521-180228-386 O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:\WINDOWS\System32\localsplnet.dll ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-21 18:16:25 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-21 18:17:05 C:\ComboFix-quarantined-files.txt … 2007-05-21 18:17 — E O F —
SDFix: Version 1.84 Run by Administrator - 2007-05-21 - 19:15:23,41 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found… Removing Temp Files… ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" Remaining Files: --------------- Checking For Files with Hidden Attributes: C:\WINDOWS\system32\confzxc.dll C:\WINDOWS\system32\zxcmgr32.dll C:\WINDOWS\system32\zxcprf32.dll C:\WINDOWS\system32\zxcstat.dll C:\WINDOWS\system32\zxcperf.exe C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL0005.tmp C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL0107.tmp C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL1235.tmp C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL1698.tmp C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL3664.tmp C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Word~WRL3679.tmp C:\Documents and Settings\Administrator\Pulpit~WRL2524.tmp C:\Documents and Settings\Administrator\Pulpit~WRL3835.tmp Finished
log Combo:
ComboFix 07-05.21.6.V - Running from: “D:” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-21 19:13 2007-05-21 18:17 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-20 13:58 101,888 --a------ C:\WINDOWS\system32\services.exe 2007-05-20 13:56 2007-05-20 10:47 57,344 --ah----- C:\WINDOWS\system32\confzxc.dll 2007-05-20 10:47 49,152 --ah----- C:\WINDOWS\system32\zxcprf32.dll 2007-05-20 10:47 40,960 --ah----- C:\WINDOWS\system32\zxcperf.exe 2007-05-20 10:47 335,902 --ah----- C:\WINDOWS\system32\zxcmgr32.dll 2007-05-20 10:47 127,006 --ah----- C:\WINDOWS\system32\zxcstat.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 17:10:44 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-11 12:07:52 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-01 11:46:37 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-01 11:31:34 669 ----a-w C:\WINDOWS\eReg.dat 2007-03-25 11:38:47 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-25 11:38:46 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-02 15:47:51 737,280 ----a-w C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BearShare”=“D:\BearShare\BearShare.exe” [2006-07-26 14:48] “WinampAgent”=“D:\Winamp\winampa.exe” [2006-11-21 19:38] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “RemoteControl”=“D:\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 20:42] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 04:10] “Emurayden PSX Emulator”=“D:\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe” [2002-07-25 23:21] “zxcdiag”=“C:\WINDOWS\System32\zxcconf.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 08:14] “Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2005-08-30 20:51] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-02-07 17:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zxcmgr] zxcmgr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”= confzxc.dll zxcstat.dll ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-21 19:27:29 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-21 19:28:39 C:\ComboFix-quarantined-files.txt … 2007-05-21 19:28 C:\ComboFix2.txt … 2007-05-21 18:17 — E O F —
Złączono Posta : 21.05.2007 (Pon) 19:49
coś czuje że ciężko będzie z rozwiązaniem tego problemu :?
Gutek
(Gutek)
21 Maj 2007 18:39
#6
Pobierz The Avenger . Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:
kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).
Gutek
(Gutek)
21 Maj 2007 19:30
#8
Daj log z Combo, ale już powino być Ok
log ComboFix
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hjqvttsh ******************* Script file located at: ??\C:\WINDOWS\auqlhyay.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\confzxc.dll deleted successfully. File C:\WINDOWS\system32\zxcprf32.dll deleted successfully. File C:\WINDOWS\system32\zxcperf.exe deleted successfully. File C:\WINDOWS\system32\zxcmgr32.dll deleted successfully. File C:\WINDOWS\system32\zxcstat.dll deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zxcmgr deleted successfully. Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zxcdiag deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|appinit_dlls deleted successfully. Completed script processing. ******************* Finished! Terminate.
Złączono Posta : 21.05.2007 (Pon) 22:02
No i widzę, że narazie jest OK… zobaczę co się będzie dalej działo, ale i tak bardzo dziękuje za pomoc… Gutek2222 jesteś WIELKI
Joan
(Joan Sunshine)
21 Maj 2007 20:32
#10
To jest raport z Avengera, wklej kontrolnie ComboFixa
A no tak. Przepraszam moje niedopatrzenie wkleiłem to co nie trzeba :lol: a to jest log z CoboFix:
ComboFix 07-05.21.6.V - Running from: “D:” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-21 21:25 2007-05-21 21:20 60,416 --a------ C:\WINDOWS\system32\drivers\hnstckjk.sys 2007-05-21 19:13 2007-05-21 18:17 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-20 13:58 101,888 --a------ C:\WINDOWS\system32\services.exe 2007-05-20 13:56 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 20:34:45 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-11 12:07:52 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-01 11:46:37 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-01 11:31:34 669 ----a-w C:\WINDOWS\eReg.dat 2007-03-25 11:38:47 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-25 11:38:46 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-02 15:47:51 737,280 ----a-w C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BearShare”=“D:\BearShare\BearShare.exe” [2006-07-26 14:48] “WinampAgent”=“D:\Winamp\winampa.exe” [2006-11-21 19:38] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “RemoteControl”=“D:\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 20:42] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 04:10] “Emurayden PSX Emulator”=“D:\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe” [2002-07-25 23:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 08:14] “Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2005-08-30 20:51] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-02-07 17:04] ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 12:59:53 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 13:00:32 C:\ComboFix-quarantined-files.txt … 2007-05-22 13:00 C:\ComboFix2.txt … 2007-05-21 21:32 C:\ComboFix3.txt … 2007-05-21 19:28 — E O F —