Ostatnio miałem problem z jakimś trojanem. Zeskanowałem kompa avastem, no i go usunął, ale okazało się, że nie moge wejść z mojego komputera na wybraną partycję. Troche poczytałem w necie i uporałem sie z tym problemem programem Disinfector. Niestety teraz jak wkładam pendriva to się pyta o program jakim mam go otworzyć, właczam Disinfectora i moge wejść. Problem pojawia sie znowu gdy go wyciagne i ponownie włoże. Dołaczam logi HJT i comboscan.
Logfile of HijackThis v1.99.1
Scan saved at 23:15:22, on 2008-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\svchost.exe
C:\Documents and Settings\Paweł.DOM\Pulpit\MOJE\Walka\HTJ,SR,CS,SFF,FWO\comboscan.exe
C:\DOCUME~1\PAWE~1.DOM\Pulpit\MOJE\Walka\PAWE~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
ComboScan v20070306.20 run by Paweł on 2008-03-29 at 23:15:21
Computer is in Normal Mode.
– HijackThis (run as Paweł.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:15:22, on 2008-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\svchost.exe
C:\Documents and Settings\Paweł.DOM\Pulpit\MOJE\Walka\HTJ,SR,CS,SFF,FWO\comboscan.exe
C:\DOCUME~1\PAWE~1.DOM\Pulpit\MOJE\Walka\PAWE~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
– Files created between 2008-02-29 and 2008-03-29 -----------------------------
2008-03-29 23:10:58 46080 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-03-20 14:07:56 0 d-------- C:\Program Files\BearShare Applications
2008-03-03 17:47:06 0 d-------- C:\Program Files\Canon
2008-03-03 17:41:18 0 d-------- C:\Program Files\Common Files\Canon
2008-03-03 17:27:13 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-03 17:27:11 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-03 17:27:10 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-01 18:32:05 0 d-------- C:\Program Files\Kangurek Kao - Tajemnica wulkanu
– Find3M Report ---------------------------------------------------------------
2008-03-29 22:47:31 479962 --a------ C:\WINDOWS\system32\perfh015.dat
2008-03-29 22:47:31 87142 --a------ C:\WINDOWS\system32\perfc015.dat
2008-03-20 19:38:21 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\BearShare
2008-03-14 11:47:28 0 d-------- C:\Program Files\Astonsoft
2008-03-14 11:43:17 0 d-------- C:\Program Files\Ahead
2008-03-08 22:22:31 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\ZoomBrowser EX
2008-03-08 22:21:05 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\CameraWindowDC
2008-03-08 22:19:28 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\CANON INC
2008-03-08 01:36:48 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-08 01:34:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-08 01:12:36 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Adobe
2008-03-03 17:45:47 0 d–h----- C:\Program Files\InstallShield Installation Information
2008-03-03 17:45:24 0 d-------- C:\Program Files\QuickTime
2008-02-23 00:32:41 0 d-------- C:\Program Files\FM Modifier 2.2
2008-02-04 23:47:03 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Azureus
2008-01-30 23:18:40 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Talkback
– Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background"
“LogitechSoftwareUpdate”="“C:\Program Files\Logitech\Video\ManifestEngine.exe” boot"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup”
“WinampAgent”="“C:\Program Files\Winamp\winampa.exe”"
“QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
“Installed”=“1”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
“Installed”=“1”
“NoChange”=“1”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
“Installed”=“1”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ADVCHK”
“hkey”=“HKLM”
“command”=“C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ccApp”
“hkey”=“HKLM”
“command”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ctfmon”
“hkey”=“HKCU”
“command”=“C:\WINDOWS\System32\ctfmon.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“hpotdd01”
“hkey”=“HKLM”
“command”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“gg”
“hkey”=“HKCU”
“command”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GaduGadu]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“GaduGadu”
“hkey”=“HKLM”
“command”=“c:\windows\GaduGadu.scr”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“GoogleDesktop”
“hkey”=“HKLM”
“command”="“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“HPWuSchd”
“hkey”=“HKLM”
“command”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“hpztsb08”
“hkey”=“HKLM”
“command”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“KazaaLite”
“hkey”=“HKLM”
“command”="“C:\Program Files\Kazaa Lite K++\kpp.exe” “C:\Program Files\Kazaa Lite K++\KazaaLite.kpp” /SYSTRAY"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ManifestEngine”
“hkey”=“HKCU”
“command”="“C:\Program Files\Logitech\Video\ManifestEngine.exe” boot"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ISStart”
“hkey”=“HKLM”
“command”=“C:\Program Files\Logitech\Video\ISStart.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“LogiTray”
“hkey”=“HKLM”
“command”=“C:\Program Files\Logitech\Video\LogiTray.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“LVCOMSX”
“hkey”=“HKLM”
“command”=“C:\WINDOWS\System32\LVCOMSX.EXE”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“MMTray”
“hkey”=“HKLM”
“command”=“MMTray.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“msmsgs”
“hkey”=“HKCU”
“command”="“C:\Program Files\Messenger\msmsgs.exe” /background"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“NeroCheck”
“hkey”=“HKLM”
“command”=“C:\WINDOWS\system32\NeroCheck.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“NeroCheck”
“hkey”=“HKLM”
“command”=“C:\WINDOWS\system32\NeroCheck.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“NvCpl”
“hkey”=“HKLM”
“command”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“NVMCTRAY”
“hkey”=“HKCU”
“command”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“qttask”
“hkey”=“HKLM”
“command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime"
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“jusched”
“hkey”=“HKLM”
“command”=“C:\Program Files\Java\j2re1.5.0\bin\jusched.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“GoogleToolbarNotifier”
“hkey”=“HKCU”
“command”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“Amoumain”
“hkey”=“HKLM”
“command”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Automation]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“hkey”=“HKLM”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpy]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“XoftSpy”
“hkey”=“HKLM”
“inimapping”=“0”
“command”=“C:\Program Files\XoftSpy\XoftSpy.exe -s”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
“item”=“ypager”
“hkey”=“HKCU”
“command”=“C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet”
“inimapping”=“0”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“XCOMM”=dword:00000002
“VSSERV”=dword:00000002
“bdss”=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“appinit_dlls”=“sockspy.dll”
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE”
“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE”
“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e06d297c-9cdd-11db-9484-00508d5380f4}]
Shell\AutoRun\command cayfq2.cmd
Shell\explore\Command cayfq2.cmd
Shell\open\Command cayfq2.cmd
– End of ComboScan: finished at 2008-03-29 at 23:15:43 ------------------------