Log z Hijacka:
Logfile of HijackThis v1.99.1
Scan saved at 23:28:50, on 2008-01-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bak\Launcher.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PAWE~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: launcher.lnk = C:\WINDOWS\system32\bak\Launcher.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip…{4F3CD39F-E78A-4019-8882-C82E4476EAF0}: NameServer = 192.168.0.1,212.77.102.200
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Log z Combofixa (robione przed hijackiem bo nie mogłem go wcześniej ściągnać przez tę lawinę okienek)
ComboFix 08-01-20.1 - Paweł 2008-01-21 22:14:15.9 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.306 [GMT 1:00]
Running from: C:\Documents and Settings\Paweł\Pulpit\SPYWARE Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.
2008-01-20 23:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-20 23:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-20 23:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-20 23:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-20 18:49 . 2008-01-20 18:49
2008-01-20 15:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-19 01:13 . 2008-01-21 22:11 25,984 --a------ C:\WINDOWS\system32\drivers\Kpr25.sys
2008-01-11 01:12 . 2008-01-11 01:12
2008-01-05 14:17 . 2008-01-06 16:30
2008-01-05 13:14 . 2008-01-05 13:14
2008-01-04 20:03 . 2008-01-04 20:03
2008-01-04 20:02 . 2008-01-04 20:03
2008-01-04 18:13 . 2008-01-04 18:13
2007-12-30 02:28 . 2007-12-30 02:28
2007-12-30 01:34 . 2008-01-19 02:16 250 --a------ C:\WINDOWS\gmer.ini
2007-12-30 00:53 . 2001-05-25 06:01 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-12-30 00:53 . 2007-12-29 20:40 8,940 --a------ C:\clean.bat
2007-12-30 00:53 . 2004-07-22 12:15 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-30 00:53 . 2007-10-11 08:55 347 --a------ C:\run2.reg
2007-12-29 23:30 . 2008-01-20 21:17 2,248 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-29 18:32 . 2007-12-29 18:32
2007-12-29 16:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-29 16:31 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-29 16:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-29 16:31 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-29 16:31 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-29 16:31 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-29 16:31 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-29 16:31 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-28 23:54 . 2007-12-28 23:54
2007-12-28 23:54 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-28 23:54 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-28 23:54 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-28 23:54 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-28 12:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 12:41 . 2007-12-29 17:59
2007-12-28 12:41 . 2007-12-28 12:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 21:13 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-21 20:45 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\WholeSecurity
2008-01-21 15:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-20 18:04 --------- d-----w C:\Program Files\Play
2008-01-20 17:49 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\Lavasoft
2008-01-19 00:13 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-16 18:41 --------- d-----w C:\Documents and Settings\Marta\Dane aplikacji\WholeSecurity
2008-01-11 18:42 --------- d-----w C:\Documents and Settings\Marta\Dane aplikacji\Lavasoft
2007-12-29 15:31 --------- d-----w C:\Program Files\Alwil Software
2007-12-28 12:43 --------- d-----w C:\Program Files\Google
2007-12-18 20:59 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-18 20:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-11-28 18:35 --------- d–h--r C:\Documents and Settings\Marta\Dane aplikacji\Chromeflower
2007-11-28 18:34 --------- d–h--r C:\Documents and Settings\Marta\Dane aplikacji\CrystalSpace
2007-11-28 18:34 --------- d-----w C:\Program Files\ICE-land
.
((((((((((((((((((((((((((((( snapshot@2008-01-20_15.14.05,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 01:29:04 4,952,064 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-20 15:00:56 4,952,064 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-19 01:29:04 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2008-01-20 15:00:56 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2005-05-26 03:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-12-30 01:27:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-21 21:13:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-20 14:11:32 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2008-01-21 21:14:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2007-12-30 01:27:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-01-21 21:13:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2007-12-30 01:27:32 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 21:13:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2005-05-26 03:16:24 75,544 -c–a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 18:19:20 92,504 -c–a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2005-05-26 03:16:34 125,208 -c–a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:16 53,080 -c–a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2005-05-26 03:16:30 1,343,768 -c–a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
-
2007-07-30 18:19:42 1,712,984 -c–a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
-
2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
-
2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2005-11-25 15:48:28 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2005-05-26 03:16:34 466,200 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-26 03:16:34 125,208 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-26 03:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-26 03:16:34 128,280 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-26 03:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-26 03:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2005-05-26 03:16:30 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
– Snapshot reset to current date –
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 28,672 2001-11-29 00:00:00 C:\Program Files\Creative\SBAudigy\Program\bak\ADGJDet.exe
----a-w 28,672 2001-12-20 00:00:00 C:\Program Files\Creative\Splash Screen\bak\CTEaxSpl.EXE
----a-w 521,720 2007-02-21 09:36:52 C:\Program Files\eBay\eBay Toolbar2\bak\eBayTBDaemon.exe
----a-w 1,716,224 2007-01-16 08:41:24 C:\Program Files\Gadu-Gadu\bak\gg.exe
----a-w 1,716,224 2007-01-30 14:58:28 C:\Program Files\Gadu-Gadu\gg.exe
----a-w 90,112 2000-05-11 00:00:00 C:\WINDOWS\bak\UpdReg.EXE
----a-w 40,448 1998-09-24 15:07:08 C:\WINDOWS\system32\bak\launcher.dll
----a-w 40,448 1998-09-24 15:07:08 C:\WINDOWS\system32\launcher.dll
----a-w 184,320 1998-10-23 15:51:42 C:\WINDOWS\system32\bak\Launcher.exe
----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 15:58 1716224]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-08-02 09:52 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 14:16 5058560]
“nwiz”=“nwiz.exe” [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
“WINDVDPatch”=“CTHELPER.EXE” [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
“Jet Detection”=“C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” []
“CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” []
“eBayToolbar”=“C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe” []
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-10-24 13:51 185632]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]
“SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24 1065800]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2002-09-20 18:05 13312]
C:\Documents and Settings\Marta\Menu Start\Programy\Autostart\
launcher.lnk - C:\WINDOWS\system32\bak\Launcher.exe [2007-02-09 01:42:50 184320]
C:\Documents and Settings\Pawe\Menu Start\Programy\Autostart\
launcher.lnk - C:\WINDOWS\system32\bak\Launcher.exe [2007-02-09 01:42:50 184320]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kpr25.sys]
@=“Driver”
R0 Kpr25;Kpr25;C:\WINDOWS\System32\Drivers\Kpr25.sys [2008-01-21 22:11]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:16:06
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s???wH ?w???w*??w4???U??w4???D8?s4???97???H?s???3:?w???T?w?U?w???x?`???C@???s???s???x97?d??sx97??C@?x???sx???;?w???@
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-21 22:17:12
ComboFix-quarantined-files.txt 2008-01-21 21:16:58
ComboFix2.txt 2008-01-20 20:22:00
ComboFix3.txt 2008-01-20 15:17:31
ComboFix4.txt 2008-01-20 14:14:53
ComboFix5.txt 2007-12-30 01:57:37
.
2008-01-20 22:47:51 — E O F —
Log z HaxFixa (też wcześniej)
HAXFIX logfile - by Marckie
version 4.63.1
2008-01-21 22:20:28,87
— Checking for Haxdoor —
checking for a3d files
a3d files not found
checking for matching notify keys
no matching notify keys found
checking for matching services
no matching services found
checking for matching safeboot services
no matching safeboot services found
checking for other Haxdoor-files
no other Haxdoor-files found
— Checking for Goldun —
checking for SSODL keys
no ssodl keys found
checking for notify keys
no notify keys found
checking for services
no services found
checking for other Goldun-files
no other Goldun-files found
checking iexplore.exe
iexplore.exe is not infected
— Catchme logfile - thank you Gmer —
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:20:28
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden services system hive …
scanning hidden registry entries …
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
“Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,…
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
— Analysing Catchme logfile —
no matching regkeys found
Finished!
Na dodatek AdAwareSE pokazał wirusa typu backdoor agent.
No i co z tego wszystkiego wynika…?
Cieakwe że jak wstrzymałem ochrone dostępową Avasta to lawina okienek ustała, jednak strasznie muliło sieć.
Teraz po skanowaniu AdAwareSe i HAxem i Combo i ostatnio Hijackthisem narazienic sie nie dzieje… ale komp jest zmulony. Pewnei wkrótce ta lawina okienek znów się pojawi tak jak to bywało wcześniej.
PS Moderator powiedział że źle zrobiłem tytuł. Sorki, nie chciałem mieszac… Ale jak mam to naprawić…? Jak zmienic ten tytuł.
Panowie… pomocy…