onlybarca
(Onlybarca)
14 Kwiecień 2007 08:27
#1
Od pewnego czasu komp resetuje mi sie sam w trakcie pracy. Nastepuje to nawet wtedy kiedy nie jest wlaczona zadna aplikacja. Mam równiez problem z ikonami, poniewaz kiedy komp sie zresetuje ikony na pulpicie nie mają nazw. Nazwy znikaja, kiedy klikne na jakas ikone ona tylko sie zaznacza, nawet prawy przycisk myszki jedynie zaznacza ikony. Dopiero po restarcie wszystko wraca do normy.
Ukazuje sie taki bląd:
Skanowalem juz kompa Mks_Vir, Ad- Aware, Spyware… Niestety nic nie pomaga :? Prosze o sprawdzenie loga Hijack:
Logfile of HijackThis v1.99.1 Scan saved at 09:22:47, on 2007-04-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\LClock\lclock.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Documents and Settings\user\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: AnonProxyBar - {0520255B-04B4-427A-9D3F-67435F6C93D9} - C:\PROGRA~1\ANONPR~1\ANONYM~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Generic Host Process8 System Backup] scvhost8.exe O4 - HKLM…\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O10 - Broken Internet access because of LSP provider ‘prxernsp.dll’ missing O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband O15 - Trusted Zone: http://www.starbet.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_30.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl … signed.cab O17 - HKLM\System\CCS\Services\Tcpip…{611D2B0D-238C-4187-A485-7119E53A1261}: NameServer = 212.139.132.4 212.139.132.5 O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Mks - (no file) O23 - Service: MkS_Scan - Mks - (no file) O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Dzięki wielkie za pomoc
Gutek
(Gutek)
14 Kwiecień 2007 08:53
#2
uusń wpisy HJT a plik ręcznie
odinstalowałeś MKS po skanowaniu? Jak tak to Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz
MkS_Vir Monitor + MkS_Scan - Mks
Daj log z Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik prxernsp.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish
onlybarca
(Onlybarca)
14 Kwiecień 2007 11:17
#3
Gdzie moge znalezc te pliki zeby je usunac? Sorry ale jestem poczatkujacy w tych sprawach
adam9870
(adam9870)
14 Kwiecień 2007 11:46
#4
Masz jedynie znaleźć i usunąć plik scvhost8.exe . Plik ten powinien znajdować się w katalogu C:\WINDOWS\system32 lub C:\WINDOWS
Plik może być ukryty dlatego na czas usunięcia radziłbym włączyć pokazywanie ukrytych plików i folderów:
Wejdź do mojego komputera
u góry wybierz Narzędzia , a następnie Opcje folderów…
w okienku, które się otworzy przejdź na zakładkę Widok
w części Ukryte pliki i foldery zaznacz opcję P okaż ukryte pliki i foldery
kliknij Zastosuj i OK
Jeśli pliku do usunięcia nie znajdziesz, to tylko usuń wskazane wpisy poprzez HijackThis.
onlybarca
(Onlybarca)
14 Kwiecień 2007 12:09
#5
Nie udało mi sie ręcznie usunac tego pliku (nie moge go znalezc), oto nowy log z ComboFix:
“user” - 07-04-14 12:56:41 Dodatek Service Pack 2 ComboFix 07-04-05.Rev3 - Running from: “C:\Program Files\Mozilla Firefox” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\winsysupd51.dat C:\DOCUME~1\user\DANEAP~1\Microsoft\classes.dat C:\WINDOWS\system32\packet.dll C:\Program Files\Common Files\download\mc-110-12-0000228.exe C:\Program Files\outlook\p.zip C:\DOCUME~1\LOCALS~1\DANEAP~1\netmon\domains.txt C:\DOCUME~1\LOCALS~1\DANEAP~1\netmon\log.txt C:\DOCUME~1\user\Pulpit.\internet explorer.lnk C:\install.log C:\Program Files\Common Files\download C:\Program Files\outlook C:\WINDOWS\system32\components C:\DOCUME~1\LOCALS~1\DANEAP~1\netmon ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR ((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 )))))))))))))))))))))))))))))))))) 2007-04-14 12:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-04-14 12:45 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-04-14 12:45 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-14 12:45 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-04-14 12:45 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-04-14 12:45 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-14 12:45 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-04-14 12:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-04-14 12:26 2007-04-14 12:25 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-04-14 12:25 2007-04-14 12:11 2007-04-14 11:29 2007-04-14 11:29 2007-04-14 11:20 2007-04-14 11:19 2007-04-13 20:10 53,248 --a------ C:\WINDOWS\system32\PrxerNsp.dll 2007-04-13 20:10 53,248 --a------ C:\WINDOWS\system32\PrxerDrv.dll 2007-04-13 20:10 2007-04-13 20:07 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-04-13 20:07 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll 2007-04-13 20:07 2,801,756 --a------ C:\WINDOWS\system32\libmmd.dll 2007-04-13 20:07 1,053,184 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-04-12 12:31 9,437,184 --a------ C:\DOCUME~1\user\ntuser.dat 2007-04-12 12:31 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat 2007-04-11 09:21 2007-04-05 19:56 2007-04-05 19:56 2007-04-04 18:48 77,160 --a------ C:\DSETUP.dll 2007-04-04 18:48 503,144 --a------ C:\DXSETUP.exe 2007-04-04 18:48 1,673,576 --a------ C:\dsetup32.dll 2007-04-02 20:45 2007-04-02 20:36 2007-04-02 20:36 2007-03-29 15:56 2007-03-28 06:01 188,416 --a------ C:\WINDOWS\system32\SimplyPostCodeLookup.dll 2007-03-28 06:01 2007-03-21 18:15 2007-03-15 19:40 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-03-15 19:40 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-03-15 19:40 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-03-15 19:40 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-03-15 19:40 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-03-15 19:40 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-03-15 19:40 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-03-15 19:40 127,065 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-03-15 19:40 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-03-15 19:40 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-03-15 19:40 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-03-15 19:40 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-14 11:44 -------- d-------- C:\DOCUME~1\user\DANEAP~1\scansoft 2007-04-14 11:37 -------- d-------- C:\Program Files\movie maker 2007-04-14 11:01 -------- d-------- C:\Program Files\Common Files\real 2007-04-14 11:00 -------- d-------- C:\DOCUME~1\user\DANEAP~1\real 2007-04-14 10:53 -------- d-------- C:\DOCUME~1\user\DANEAP~1\skype 2007-04-13 22:31 114 --a------ C:\DOCUME~1\user\DANEAP~1\current.prx 2007-04-13 20:07 1060864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-04-11 09:23 -------- d-------- C:\Program Files\samsung 2007-04-11 09:21 -------- d–h----- C:\Program Files\installshield installation information 2007-04-09 09:29 -------- d-------- C:\Program Files\gadu-gadu 2007-04-08 14:45 -------- d-------- C:\Program Files\ganymede 2007-04-05 19:56 16065 --a------ C:\WINDOWS\mozver.dat 2007-04-04 18:53 81768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-04-03 09:19 -------- d-------- C:\Program Files\skaneronline 2007-03-27 16:41 -------- d-------- C:\Program Files\microsoft activesync 2007-03-25 09:42 76448 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-25 09:42 452888 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-15 18:04 -------- d-------- C:\Program Files\quicksnooker 2007-03-05 12:42 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-03-04 21:24 -------- d-------- C:\Program Files\ganymedenet 2007-02-20 15:38 207360 --a------ C:\WINDOWS\system32\igloader.dll 2007-02-20 15:34 164352 --a------ C:\npigl.dll 2007-02-15 22:53 -------- d-------- C:\Program Files\ginsoccer 2007-02-15 22:53 -------- d-------- C:\Program Files\common 2007-02-14 15:43 -------- d-------- C:\Program Files\ginbillard 2007-02-14 15:42 -------- d-------- C:\Program Files\temp 2007-01-22 13:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-19 10:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “LClock”=“C:\Program Files\LClock\lclock.exe” “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “FLMK08KB”=“C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled] “ControlCenter2.0”=“C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun” “IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” “PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” “SetDefPrt”=“C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Srv32 spool service] “Adware.Srv32”="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^ADILOOK English on drive C.LNK] “backup”=“C:\WINDOWS\pss\ADILOOK English on drive C.LNKStartup” “location”=“Startup” “item”=“ADILOOK English on drive C” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ashDisp” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drummer] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Drummer” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScanner] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Mks_mail” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NEWDOT~2” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“odk_mcd” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“vsnpstd2” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “avast! Web Scanner”=dword:00000003 “avast! Mail Scanner”=dword:00000003 “avast! Antivirus”=dword:00000002 “aswUpdSv”=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “appinit_dlls”=“wbsys.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “0aMCPClient”="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Generic Host Process8 System Backup”=“scvhost8.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoBandCustomize”=dword:00000000 “NoLowDiskSpaceChecks”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{3c7c3e1c-e151-11db-8faa-4d6564696130}] Shell\AutoRun\command E:\InstallTomTomHOME.exe Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-14 12:58:53 C:\ComboFix-quarantined-files.txt … 07-04-14 12:58